[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fHeRDfGo8r2-qQfMArvGxAQ8hpMJ4OQ9yP5ZQGmB3Mm4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":70,"crawl_stats":37,"alternatives":78,"analysis":179,"fingerprints":287},"wp-test-email","WP Test Email","1.1.7","Boopathi Rajan","https:\u002F\u002Fprofiles.wordpress.org\u002Fboopathi0001\u002F","\u003Cp>Do you want to test whether the WordPress installation is sending mail or not? WP Test Email helps you to do that.\u003Cbr \u002F>\nIt allows you to send a simple test email to an email address of your choice and logs all outgoing emails.\u003C\u002Fp>\n\u003Cp>Note: The email logs are retained for a maximum of 30 days. Older logs are automatically removed to keep the log table manageable.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F99LFut4PPVU?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>Kindly let us know your feedback or comments to add more features to this plugin.\u003C\u002Fp>\n","WP Test Email is allows you to test if your WordPress installation is sending mail or not.",20000,248440,94,15,"2024-07-31T06:18:00.000Z","6.6.5","4.3","5.2.4",[20,21,22,23],"check-mail","emal-log","mail-tester","test-email","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-test-email.1.1.7.zip",63,3,1,"2026-01-15 00:00:00","2026-03-15T15:16:48.613Z",[32,46,60],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":37},"CVE-2025-69102","test-email-reflected-cross-site-scripting","Test Email \u003C= 1.1.7 - Reflected Cross-Site Scripting","The Test Email plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=1.1.7","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-01-19 15:55:44",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc664b4e5-8f9f-4cbd-86a6-74901fa47223?source=api-prod",{"id":47,"url_slug":48,"title":49,"description":50,"plugin_slug":4,"theme_slug":37,"affected_versions":51,"patched_in_version":52,"severity":53,"cvss_score":54,"cvss_vector":55,"vuln_type":42,"published_date":56,"updated_date":57,"references":58,"days_to_patch":28},"CVE-2025-2325","wp-test-email-unauthenticated-stored-cross-site-scripting","WP Test Email \u003C= 1.1.8 - Unauthenticated Stored Cross-Site Scripting","The WP Test Email plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Email Logs in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=1.1.8","1.1.9","high",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2025-03-14 00:00:00","2025-03-15 06:40:02",[59],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7a0a9ff8-ed93-4de9-ba49-730b2253c6a4?source=api-prod",{"id":61,"url_slug":62,"title":63,"description":64,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":65,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":66,"updated_date":67,"references":68,"days_to_patch":28},"CVE-2024-8664","wp-test-email-reflected-cross-site-scripting","WP Test Email \u003C= 1.1.7 - Reflected Cross-Site Scripting","The WP Test Email plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","1.1.8","2024-09-12 18:16:04","2024-09-13 06:47:28",[69],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F70c1ee04-cfb1-4819-95ab-497e814da16f?source=api-prod",{"slug":71,"display_name":7,"profile_url":8,"plugin_count":72,"total_installs":73,"avg_security_score":74,"avg_patch_time_days":75,"trust_score":76,"computed_at":77},"boopathi0001",13,44130,87,419,70,"2026-04-04T07:01:30.804Z",[79,103,127,147,161],{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":89,"num_ratings":90,"last_updated":91,"tested_up_to":92,"requires_at_least":93,"requires_php":94,"tags":95,"homepage":24,"download_link":101,"security_score":89,"vuln_count":102,"unpatched_count":102,"last_vuln_date":37,"fetched_at":30},"automatic-email-testing-for-wp","Automatic Email Testing for WP","1.4.9","WebBuddy","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebsprout\u002F","\u003Cp>Automatic Email Testing for WP is an efficient solution to help you automatically check whether your website’s email sending is working as expected every single day.\u003C\u002Fp>\n\u003Cp>Email sending is one of the most fundamental functionalities of your website. When your website is unable to send out emails, contact form enquiries fail to reach you, order emails fail to reach your customers, and the list just goes on.\u003C\u002Fp>\n\u003Cp>By using Automatic Email Testing for WP plugin on your website, you will have a smart system that helps you to test your website email server automatically every day, so you can have the assurance that your website’s email sending functionality is working well, day in and out!\u003C\u002Fp>\n\u003Cp>The setup process is incredibly quick and simple. All you need is to enter your email address (one-time) and you’re good to go!\u003C\u002Fp>\n\u003Cp>The plugin will send the first test email to you immediately once your email address has been saved. Subsequently, it will automatically run tests on your website email server and you should receive a simple email testing report every 24 hours (approx.) if your website email server is working normally.\u003C\u002Fp>\n\u003Cp>In the event that you do not receive the daily email testing report on any given day, it means that your website email server is down and you may refer to the plugin settings page for a quick guide on how to troubleshoot the issue.\u003C\u002Fp>\n\u003Ch4>FREE VERSION FEATURES INCLUDE:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Automated daily checks on your website email server\u003C\u002Fli>\n\u003Cli>Simple email testing report sent to you daily (if email server is working normally only)\u003C\u002Fli>\n\u003Cli>Email test record log (for past 3 days)\u003C\u002Fli>\n\u003Cli>Ultra-lightweight plugin (will not slow down your website)\u003C\u002Fli>\n\u003Cli>Step by step troubleshooting guide available for reference if you do not receive the email testing report\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you have any feedback or suggestions to add more features to this plugin, we welcome you to get in touch with us 🙂\u003C\u002Fp>\n\u003Cp>Note: This plugin will test whether the email is sent successfully but it does not guarantee the deliverability of emails.\u003C\u002Fp>\n\u003Ch4>PRO VERSION\u003C\u002Fh4>\n\u003Cp>If you want to be automatically notified even when your email server fails, check out our \u003Ca href=\"https:\u002F\u002Fpayhip.com\u002Fb\u002FL4KeS\" rel=\"nofollow ugc\">PRO version here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>PRO VERSION FEATURES INCLUDE:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Automated daily checks on your website email server\u003C\u002Fli>\n\u003Cli>Simple email testing report sent to you daily (you will be notified even when your email server fails!)\u003C\u002Fli>\n\u003Cli>Email test record log (for past 10 days)\u003C\u002Fli>\n\u003Cli>Ultra-lightweight plugin (will not slow down your website)\u003C\u002Fli>\n\u003C\u002Ful>\n","[UPDATED!] Automatic Email Testing for WP plugin allows you to set up a system inside wordpress to test your email server every day.",300,5879,100,5,"2025-04-19T02:22:00.000Z","6.8.5","5.3","7.1",[96,97,98,99,100],"automatic-check-email","email-tester","test-email-automatically","test-wordpress-email","wp-mail","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fautomatic-email-testing-for-wp.1.4.9.zip",0,{"slug":104,"name":105,"version":106,"author":104,"author_profile":107,"description":108,"short_description":109,"active_installs":110,"downloaded":111,"rating":112,"num_ratings":113,"last_updated":114,"tested_up_to":115,"requires_at_least":116,"requires_php":117,"tags":118,"homepage":123,"download_link":124,"security_score":125,"vuln_count":28,"unpatched_count":102,"last_vuln_date":126,"fetched_at":30},"zerobounce","ZeroBounce Email Verification & Validation","1.1.3","https:\u002F\u002Fprofiles.wordpress.org\u002Fzerobounce\u002F","\u003Cp>Need an email validation tool to block invalid and high-risk emails on your WordPress website?\u003C\u002Fp>\n\u003Cp>The ZeroBounce email verification plugin assists users by validating email addresses entered into your registration forms, comments sections, eCommerce shops, and more. Install the plugin, connect your API key, and select the forms you want to monitor with email validation.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Automated real-time email validation\u003C\u002Fstrong> – Automatically prevent selected email types from creating accounts, leaving comments, or signing up\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detect more than 30+ email address types\u003C\u002Fstrong> – Including invalid, abuse, disposable, spam trap, toxic domains, catch-all, and more\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Choose what to accept\u003C\u002Fstrong> – Create your own rules for email validation and disallow emails based on status\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email verification for 9 form types\u003C\u002Fstrong> – Easily select which forms you want to protect with email validation\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Fast manual email validation\u003C\u002Fstrong> – Verify any email address in the tools section using our interactive form\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email validation API logs\u003C\u002Fstrong> – Keep track of monthly email verifications, including status, sub-status, IP, date, and credits used\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Benefits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Keep your email list clean & accurate\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reduce your email bounce rate\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Boost your inbox placement\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Protect your email sender reputation\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Improve email deliverability\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Eliminate fraudulent, untrustworthy shoppers\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Block spammers and spoofers\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Keep your comments section clean\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Supported Forms\u002FPlugins\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Contact Form 7\u003C\u002Fli>\n\u003Cli>WPForms\u003C\u002Fli>\n\u003Cli>Ninja Forms\u003C\u002Fli>\n\u003Cli>Formidable Forms\u003C\u002Fli>\n\u003Cli>WooCommerce\u003C\u002Fli>\n\u003Cli>WordPress Post Comments\u003C\u002Fli>\n\u003Cli>WordPress Registration\u003C\u002Fli>\n\u003Cli>MC4WP: Mailchimp for WordPress\u003C\u002Fli>\n\u003Cli>Gravity Forms\u003C\u002Fli>\n\u003Cli>Fluent Forms\u003C\u002Fli>\n\u003Cli>WS Forms\u003C\u002Fli>\n\u003Cli>Mailster Forms\u003C\u002Fli>\n\u003Cli>Forminator Forms\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>And more support is being added gradually.\u003C\u002Fp>\n","ZeroBounce validates emails on your WordPress site in real-time, blocking invalid and risky emails to improve deliverability and reduce bounce rates.",1000,11330,96,4,"2024-11-22T15:23:00.000Z","6.7.5","4.4","7.0",[119,97,120,121,122],"email-checker","email-validation","email-verification","email-verifier","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fzerobounce\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fzerobounce.zip",92,"2023-12-26 00:00:00",{"slug":128,"name":129,"version":130,"author":131,"author_profile":132,"description":133,"short_description":134,"active_installs":135,"downloaded":136,"rating":89,"num_ratings":28,"last_updated":137,"tested_up_to":138,"requires_at_least":139,"requires_php":94,"tags":140,"homepage":145,"download_link":146,"security_score":125,"vuln_count":102,"unpatched_count":102,"last_vuln_date":37,"fetched_at":30},"mailsure","Mailsure","1.0","corytrevor","https:\u002F\u002Fprofiles.wordpress.org\u002Fcorytrevor\u002F","\u003Ch3>Test email sending, SPF, DKIM & DMARC\u003C\u002Fh3>\n\u003Cp>Mailsure provides a simple one-click email authentication test to check if WordPress is able to send properly authenticated emails.\u003C\u002Fp>\n\u003Cp>Also included:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Send a test email to any address\u003C\u002Fli>\n\u003Cli>Mail server IP blacklist check via \u003Ca href=\"https:\u002F\u002Fmxtoolbox.com\u002F\" rel=\"nofollow ugc\">MXToolbox\u003C\u002Fa>. View their privacy policy \u003Ca href=\"https:\u002F\u002Fmxtoolbox.com\u002Fprivacypolicy.aspx\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Plugin settings are in Tools -> Mailsure\u003C\u002Fp>\n","Test email sending, SPF, DKIM & DMARC",50,786,"2024-07-12T10:18:00.000Z","6.5.8","6.0",[141,142,143,144,23],"dkim","dmarc","email","email-authentication","https:\u002F\u002Fmailsure.app","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmailsure.1.0.zip",{"slug":148,"name":149,"version":150,"author":7,"author_profile":8,"description":151,"short_description":152,"active_installs":135,"downloaded":153,"rating":89,"num_ratings":28,"last_updated":154,"tested_up_to":16,"requires_at_least":155,"requires_php":156,"tags":157,"homepage":24,"download_link":160,"security_score":125,"vuln_count":102,"unpatched_count":102,"last_vuln_date":37,"fetched_at":30},"wp-smtp-mailer","WP SMTP Mailer","1.6","\u003Cp>WP SMTP Mailer is a simple and flexible plugin to configure SMTP settings in WordPress. It allows you to set up SMTP credentials, test email sending, and view email logs.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>SMTP Configuration\u003C\u002Fstrong>: Configure your SMTP server settings including host, username, password, port, and encryption system.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Test Email\u003C\u002Fstrong>: Send test emails to verify your SMTP configuration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Logs\u003C\u002Fstrong>: View and manage logs of outgoing emails with search, sorting, and pagination.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Log Management\u003C\u002Fstrong>: Automatically clears logs older than 30 days.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Responsive Design\u003C\u002Fstrong>: User-friendly interface with a responsive design for managing settings and viewing logs.\u003C\u002Fli>\n\u003C\u002Ful>\n","WP SMTP Mailer is a simple and flexible plugin to configure SMTP settings in WordPress. It allows you to set up SMTP credentials, test email sending,  &hellip;",3058,"2024-07-31T07:40:00.000Z","5.0","7.4",[143,158,159,23],"email-logs","smtp-mailer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-smtp-mailer.1.6.zip",{"slug":162,"name":163,"version":164,"author":165,"author_profile":166,"description":167,"short_description":168,"active_installs":169,"downloaded":170,"rating":102,"num_ratings":102,"last_updated":171,"tested_up_to":172,"requires_at_least":173,"requires_php":24,"tags":174,"homepage":176,"download_link":177,"security_score":178,"vuln_count":102,"unpatched_count":102,"last_vuln_date":37,"fetched_at":30},"real-time-email-checker","Email Checker","1.1","virtab","https:\u002F\u002Fprofiles.wordpress.org\u002Fvirtab\u002F","\u003Cp>Email Checker’s Advanced email verification service completes a deep cleaning by performing an SMTP simulation test to check if the mailbox actually exists on the destination mail server for the best email validation accuracy.\u003C\u002Fp>\n\u003Cp>Lets face it, people misspell their email address and are completely unaware of it, resulting in a delivery failure due to a bounce or maybe even a spam complaint. Furthermore, you also just lost a potential customer for your business! What is very interesting is most of these invalid email addresses are a result of a simple misspelled domain such as “hotmail.con”, “gnail.com”, or “yahoo.cmo”.\u003C\u002Fp>\n\u003Cp>For example “jane@gmail.cmo” perfectly passes the \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fis_email\" rel=\"nofollow ugc\">is_email()\u003C\u002Fa> function, but does not really exist. Such addresses cannot escape Email Checker’s email verification test, ensuring you do not lose any valuable leads due to typos, as well as preventing spam signups by bots and more.\u003C\u002Fp>\n\u003Cp>Email Checker can verify email addresses by detecting and revising typos, invalid syntax, invalid domain DNS, invalid MX DNS, disposable addresses, role accounts, free email providers, frequent complainers, offensive words, spam traps, honey pots, blacklists, catchalls, greylistings, mailbox exists, mailbox full and mailbox does not exist.\u003C\u002Fp>\n\u003Cp>This email validation plugin integrates perfectly with other major plugins such as Contact Form 7, Gravity Forms, Ninja Forms and any other plugins that use the is_email() function. This plugin will validate email addresses in real-time and notify the user immediately so they can change it before submitting.\u003C\u002Fp>\n\u003Cp>This plugin requires an Email Checker API Key and for credits to be purchased. You can create an account for Email Checker and purchase credits here: \u003Ca href=\"https:\u002F\u002Fwww.emailchecker.io\" rel=\"nofollow ugc\">Email Checker\u003C\u002Fa> (Signup in less than 30 seconds).\u003C\u002Fp>\n\u003Cp>NOTE: You must have credits inside your \u003Ca href=\"https:\u002F\u002Fwww.emailchecker.io\" rel=\"nofollow ugc\">www.emailchecker.io\u003C\u002Fa> account in order for it to validate email addresses in your website’s forms.\u003C\u002Fp>\n","Prevent spam signups by bots and lost customers in comment, registration, and contact forms using Email Checker's Email Verification Plugin.",10,1780,"2017-02-10T14:50:00.000Z","4.7.32","3.1.0",[119,97,120,121,175],"verify-email","https:\u002F\u002Fwww.emailchecker.io","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freal-time-email-checker.zip",85,{"attackSurface":180,"codeSignals":205,"taintFlows":224,"riskAssessment":274,"analyzedAt":286},{"hooks":181,"ajaxHandlers":199,"restRoutes":200,"shortcodes":201,"cronEvents":202,"entryPointCount":102,"unprotectedCount":102},[182,188,192,195],{"type":183,"name":184,"callback":185,"file":186,"line":187},"action","admin_menu","register_wp_test_email_page","wp-test-email.php",16,{"type":183,"name":189,"callback":190,"file":186,"line":191},"phpmailer_init","log_outgoing_emails",73,{"type":183,"name":184,"callback":193,"file":186,"line":194},"register_wp_test_email_logs_page",121,{"type":183,"name":196,"callback":197,"file":186,"line":198},"wp_test_email_clear_logs","wp_test_email_clear_old_logs",363,[],[],[],[203],{"hook":196,"callback":196,"file":186,"line":204},359,{"dangerousFunctions":206,"sqlUsage":207,"outputEscaping":209,"fileOperations":102,"externalRequests":102,"nonceChecks":28,"capabilityChecks":102,"bundledLibraries":223},[],{"prepared":113,"raw":102,"locations":208},[],{"escaped":210,"rawEcho":90,"locations":211},18,[212,215,217,219,221],{"file":186,"line":213,"context":214},189,"raw output",{"file":186,"line":216,"context":214},190,{"file":186,"line":218,"context":214},191,{"file":186,"line":220,"context":214},193,{"file":186,"line":222,"context":214},226,[],[225,260],{"entryPoint":226,"graph":227,"unsanitizedCount":102,"severity":259},"wp_test_email_logs (wp-test-email.php:123)",{"nodes":228,"edges":254},[229,234,240,242,247,249],{"id":230,"type":231,"label":232,"file":186,"line":233},"n0","source","$_GET",146,{"id":235,"type":236,"label":237,"file":186,"line":238,"wp_function":239},"n1","sink","get_results() [SQLi]",160,"get_results",{"id":241,"type":231,"label":232,"file":186,"line":233},"n2",{"id":243,"type":236,"label":244,"file":186,"line":245,"wp_function":246},"n3","get_var() [SQLi]",170,"get_var",{"id":248,"type":231,"label":232,"file":186,"line":233},"n4",{"id":250,"type":236,"label":251,"file":186,"line":252,"wp_function":253},"n5","echo() [XSS]",181,"echo",[255,257,258],{"from":230,"to":235,"sanitized":256},true,{"from":241,"to":243,"sanitized":256},{"from":248,"to":250,"sanitized":256},"low",{"entryPoint":261,"graph":262,"unsanitizedCount":102,"severity":259},"\u003Cwp-test-email> (wp-test-email.php:0)",{"nodes":263,"edges":270},[264,265,266,267,268,269],{"id":230,"type":231,"label":232,"file":186,"line":233},{"id":235,"type":236,"label":237,"file":186,"line":238,"wp_function":239},{"id":241,"type":231,"label":232,"file":186,"line":233},{"id":243,"type":236,"label":244,"file":186,"line":245,"wp_function":246},{"id":248,"type":231,"label":232,"file":186,"line":233},{"id":250,"type":236,"label":251,"file":186,"line":252,"wp_function":253},[271,272,273],{"from":230,"to":235,"sanitized":256},{"from":241,"to":243,"sanitized":256},{"from":248,"to":250,"sanitized":256},{"summary":275,"deductions":276},"The wp-test-email plugin, version 1.1.7, exhibits a mixed security posture.  On the positive side, the static analysis reveals a commendable lack of dangerous functions, SQL injection vulnerabilities due to the exclusive use of prepared statements, and no file operations or external HTTP requests.  The presence of nonce checks and a low number of total entry points (all reported as protected) are also good indicators. However, the plugin's vulnerability history is a significant concern, with three known CVEs, one of which remains unpatched and is of high severity. The common vulnerability type being Cross-site Scripting (XSS) suggests a recurring pattern of input sanitization issues in previous versions. The last recorded vulnerability being in 2026 is an anomaly and should be treated as a potential data error, but the existence of multiple past vulnerabilities, including an unpatched one, points to a need for ongoing security diligence.",[277,279,282,284],{"reason":278,"points":210},"Unpatched high severity CVE",{"reason":280,"points":281},"Two previously patched medium severity CVEs",12,{"reason":283,"points":113},"Moderate output escaping (78% proper)",{"reason":285,"points":90},"0 capability checks on entry points","2026-03-16T17:30:26.581Z",{"wat":288,"direct":293},{"assetPaths":289,"generatorPatterns":290,"scriptPaths":291,"versionParams":292},[],[],[],[],{"cssClasses":294,"htmlComments":305,"htmlAttributes":306,"restEndpoints":312,"jsGlobals":313,"shortcodeOutput":314},[295,296,297,298,299,300,301,302,303,304],"wrap","form-table","notice","notice-success","is-dismissible","notice-error","description","widefat","fixed","search-wrapper",[],[307,308,309,310,311],"nonce","name=\"mail_to\"","value=\"Test Mail\"","name=\"mail_subject\"","id=\"wp_test_email_nonce_field\"",[],[],[]]