In the current version 1.2.2, the function json_decode returns an empty value when processing verification links and it is causing the verification to fail.
Why it is happening: on file class-af-email-verification-front.php, the link generation logic in af_ev_code_generateANDset() (line 549) is hardcoded to use serialize():
“`php
$verification_link = get_site_url() . ‘?ev=’ . base64_encode(serialize($string));
““
Because the data is stored as a serialized PHP string, json_decode naturally fails to parse it in the af_ev_init_callback on line 426:
“`php
$data = json_decode(base64_decode(sanitize_text_field($_GET[‘ev’])));
“`
Proposal to Fix: Synchronize both functions to use JSON. This improves security by avoiding serialize()/unserialize() and ensures compatibility:
Update line 549 to use json_encode($string).
Thank you,
JP Juliao
Open
Last updated: May 9, 2026
0 comments
Log in to comment on this feature request.