Does ZeroBounce Email Verification & Validation have any unpatched vulnerabilities?

No. All known vulnerabilities in ZeroBounce Email Verification & Validation have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is ZeroBounce Email Verification & Validation compatible with WordPress 6.7.5?

According to WordPress.org data, ZeroBounce Email Verification & Validation 1.1.3 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is ZeroBounce Email Verification & Validation compatible with PHP 7.0+?

ZeroBounce Email Verification & Validation requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is ZeroBounce Email Verification & Validation updated?

ZeroBounce Email Verification & Validation was last updated on Nov 22, 2024. Frequent updates are generally a positive security signal.

What is ZeroBounce Email Verification & Validation's security score?

ZeroBounce Email Verification & Validation has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ZeroBounce Email Verification & Validation Security & Risk Analysis

wordpress.org/plugins/zerobounce

ZeroBounce validates emails on your WordPress site in real-time, blocking invalid and risky emails to improve deliverability and reduce bounce rates.

1K active installs v1.1.3 PHP 7.0+ WP 4.4+ Updated Nov 22, 2024

email-checkeremail-testeremail-validationemail-verificationemail-verifier

A · Safe

CVEs total1

Unpatched0

Last CVEDec 26, 2023

Plugin page Download

Safety Verdict

Is ZeroBounce Email Verification & Validation Safe to Use in 2026?

Generally Safe

Score 92/100

ZeroBounce Email Verification & Validation has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 26, 2023Updated 1yr ago

Risk Assessment

The "zerobounce" plugin version 1.1.3 presents several security concerns despite some good practices. While it utilizes nonce checks for most AJAX handlers and a reasonable percentage of SQL queries are prepared, the plugin suffers from a significant lack of authorization checks on its AJAX endpoints. All 10 identified AJAX handlers are exposed without any capability checks, creating a broad attack surface that could be exploited by unauthenticated users. Furthermore, the presence of the dangerous `unserialize` function, coupled with taint analysis revealing critical flows with unsanitized paths, indicates a potential for severe vulnerabilities if user-controlled data is passed to `unserialize` without proper sanitization. Although there are no currently unpatched CVEs, the plugin has a history of medium severity vulnerabilities, specifically Cross-site Scripting (XSS), suggesting a pattern of input sanitization weaknesses that attackers could leverage. The low percentage of properly escaped output further exacerbates the XSS risk. In conclusion, while the plugin shows some positive security attributes, the combination of an unprotected attack surface, dangerous function usage, and potential for unsanitized data processing, alongside its past vulnerability history, elevates the overall risk.

Key Concerns

Unprotected AJAX handlers
Dangerous function: unserialize
Taint flow: unsanitized paths (critical)
Low percentage of proper output escaping
Capability checks: 0
Taint flow: unsanitized paths (high)
Bundled library: DataTables

Vulnerabilities

ZeroBounce Email Verification & Validation Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-51374medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ZeroBounce Email Verification & Validation <= 1.0.11 - Authenticated (Administrator+) Stored Cross-Site Scripting

Dec 26, 2023 Patched in 1.0.12 (28d)

Code Analysis

Analyzed Mar 16, 2026

ZeroBounce Email Verification & Validation Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

8 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$result = unserialize($log[0]->result);admin\class-zerobounce-email-validator-admin.php:852

Bundled Libraries

DataTables

SQL Query Safety

67% prepared12 total queries

Output Escaping

24% escaped34 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

6 flows4 with unsanitized paths

validate_email_test (admin\class-zerobounce-email-validator-admin.php:522)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

10 unprotected

ZeroBounce Email Verification & Validation Attack Surface

Entry Points10

Unprotected10

AJAX Handlers 10

authwp_ajax_zerobounce_current_creditsincludes\class-zerobounce-email-validator.php:140

authwp_ajax_zerobounce_validate_email_testincludes\class-zerobounce-email-validator.php:141

authwp_ajax_zerobounce_validate_bulk_testincludes\class-zerobounce-email-validator.php:142

authwp_ajax_zerobounce_validation_logsincludes\class-zerobounce-email-validator.php:143

authwp_ajax_zerobounce_credit_usage_logsincludes\class-zerobounce-email-validator.php:144

authwp_ajax_zerobounce_validation_full_logsincludes\class-zerobounce-email-validator.php:145

authwp_ajax_zerobounce_validation_single_logincludes\class-zerobounce-email-validator.php:146

authwp_ajax_zerobounce_batch_email_validationincludes\class-zerobounce-email-validator.php:147

authwp_ajax_zerobounce_get_uploaded_file_dataincludes\class-zerobounce-email-validator.php:148

authwp_ajax_zerobounce_validated_emails_downloadincludes\class-zerobounce-email-validator.php:149

WordPress Hooks 30

actionplugins_loadedincludes\class-zerobounce-email-validator.php:114

filterpre_update_option_zerobounce_settings_api_keyincludes\class-zerobounce-email-validator.php:129

actionadmin_enqueue_scriptsincludes\class-zerobounce-email-validator.php:132

actionadmin_enqueue_scriptsincludes\class-zerobounce-email-validator.php:133

actionadmin_menuincludes\class-zerobounce-email-validator.php:136

actionadmin_initincludes\class-zerobounce-email-validator.php:137

actionadmin_noticesincludes\class-zerobounce-email-validator.php:138

actionadded_optionincludes\class-zerobounce-email-validator.php:139

actionwp_enqueue_scriptsincludes\class-zerobounce-email-validator.php:162

actionwp_enqueue_scriptsincludes\class-zerobounce-email-validator.php:163

filterwpcf7_validate_emailincludes\class-zerobounce-email-validator.php:169

filterwpcf7_validate_email*includes\class-zerobounce-email-validator.php:170

filtercntctfrm_check_formincludes\class-zerobounce-email-validator.php:175

filterwpforms_process_after_filterincludes\class-zerobounce-email-validator.php:180

filterninja_forms_submit_dataincludes\class-zerobounce-email-validator.php:185

filterfrm_validate_entryincludes\class-zerobounce-email-validator.php:190

filterwoocommerce_after_checkout_validationincludes\class-zerobounce-email-validator.php:195

actionpre_comment_on_postincludes\class-zerobounce-email-validator.php:200

actioncomment_postincludes\class-zerobounce-email-validator.php:201

filterregistration_errorsincludes\class-zerobounce-email-validator.php:206

filterwpmu_validate_user_signupincludes\class-zerobounce-email-validator.php:207

filtermc4wp_form_messagesincludes\class-zerobounce-email-validator.php:212

filtermc4wp_form_errorsincludes\class-zerobounce-email-validator.php:213

filtergform_field_validationincludes\class-zerobounce-email-validator.php:218

filterfluentform/validate_input_item_input_emailincludes\class-zerobounce-email-validator.php:223

filterwsf_action_email_email_validateincludes\class-zerobounce-email-validator.php:228

filtermailster_verify_subscriberincludes\class-zerobounce-email-validator.php:233

filterforminator_custom_form_submit_errorsincludes\class-zerobounce-email-validator.php:238

filteris_emailpublic\class-zerobounce-email-validator-public.php:263

actionwp_initialize_sitezerobounce-email-validator.php:68

Maintenance & Trust

ZeroBounce Email Verification & Validation Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedNov 22, 2024

PHP min version7.0

Downloads11K

Community Trust

Rating96/100

Number of ratings4

Active installs1K

Alternatives

ZeroBounce Email Verification & Validation Alternatives

Clearout Email Validator – Real-Time Email Verification on WordPress Forms

clearout-email-validator

Block invalid emails like temporary, disposable, etc. with our real-time email verification. Verify email address during form-fill and stop form spam.

600 1 CVE

Emailable – Premium Email Verification & Validation

emailable

Verify emails in real-time with Emailable.

40 No CVEs

Email Checker

real-time-email-checker

Prevent spam signups by bots and lost customers in comment, registration, and contact forms using Email Checker's Email Verification Plugin.

10 No CVEs

NoParam Email Validation – Email Verification & Anti-Spam Prevention

noparam-email-validation

100

NoParam offers real-time email validation for WordPress to prevent fake signups and spam, improving email deliverability.

0 No CVEs

DeBounce Email Validator

debounce-io-email-validator

Real-time email validation for WordPress forms. Block invalid, disposable, and risky emails to keep your database clean and improve deliverability.

300 4 CVEs

Developer Profile

ZeroBounce Email Verification & Validation Developer Profile

zerobounce

1 plugin · 1K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

28 days

View full developer profile

Detection Fingerprints

How We Detect ZeroBounce Email Verification & Validation

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/zerobounce-email-validator/admin/css/bootstrap.min.css/wp-content/plugins/zerobounce-email-validator/admin/css/apexcharts.min.css/wp-content/plugins/zerobounce-email-validator/admin/css/datatables.min.css/wp-content/plugins/zerobounce-email-validator/admin/css/zerobounce-email-validator-admin.css/wp-content/plugins/zerobounce-email-validator/admin/js/bootstrap.bundle.min.js/wp-content/plugins/zerobounce-email-validator/admin/js/apexcharts.min.js/wp-content/plugins/zerobounce-email-validator/admin/js/datatables.min.js/wp-content/plugins/zerobounce-email-validator/admin/js/zerobounce-email-validator-admin.js

Version Parameters

zerobounce-email-validator/admin/css/bootstrap.min.css?ver=zerobounce-email-validator/admin/css/apexcharts.min.css?ver=zerobounce-email-validator/admin/css/datatables.min.css?ver=zerobounce-email-validator/admin/css/zerobounce-email-validator-admin.css?ver=zerobounce-email-validator/admin/js/bootstrap.bundle.min.js?ver=zerobounce-email-validator/admin/js/apexcharts.min.js?ver=zerobounce-email-validator/admin/js/datatables.min.js?ver=zerobounce-email-validator/admin/js/zerobounce-email-validator-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

zerobounce-email-validator-dashboard-container

JS Globals

zerobounce_settingszb_settingszerobounce_validator_obj

FAQ

ZeroBounce Email Verification & Validation Security & Risk Analysis

Is ZeroBounce Email Verification & Validation Safe to Use in 2026?

Generally Safe

Key Concerns

ZeroBounce Email Verification & Validation Security Vulnerabilities

CVEs by Year

Severity Breakdown

ZeroBounce Email Verification & Validation Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

ZeroBounce Email Verification & Validation Attack Surface

AJAX Handlers 10

ZeroBounce Email Verification & Validation Maintenance & Trust

Maintenance Signals

Community Trust

ZeroBounce Email Verification & Validation Alternatives

Clearout Email Validator – Real-Time Email Verification on WordPress Forms

Emailable – Premium Email Verification & Validation

Email Checker

NoParam Email Validation – Email Verification & Anti-Spam Prevention

DeBounce Email Validator

ZeroBounce Email Verification & Validation Developer Profile

How We Detect ZeroBounce Email Verification & Validation

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about ZeroBounce Email Verification & Validation