[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fWM9dHMc58QPQPbt_ZqZIbXRO51ETfFgLlv0m-luwrIk":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":65,"crawl_stats":38,"alternatives":71,"analysis":167,"fingerprints":671},"advanced-forms","Advanced Forms for ACF","1.9.3.7","Phil Kurth","https:\u002F\u002Fprofiles.wordpress.org\u002Fphilkurth\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fadvancedforms.github.io\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fhookturn.io\u002Fdownloads\u002Fadvanced-forms-pro\" rel=\"nofollow ugc\">Purchase Pro\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Advanced Forms is a WordPress plugin for creating front-end forms using \u003Ca href=\"https:\u002F\u002Fadvancedcustomfields.com\" rel=\"nofollow ugc\">Advanced Custom Fields\u003C\u002Fa>. It supports all ACF field types, including repeaters and flexible content fields, and provides the same field editing interface you are already familiar with. \u003Cem>Advanced Forms requires ACF PRO v5.7 or later\u003C\u002Fem>.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Email notifications\u003C\u002Fstrong>: Configure an unlimited number of email notifications, including support for dynamic recipients and field includes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>AJAX submissions\u003C\u002Fstrong>: Use AJAX for a better user experience with faster submissions and no page reloads.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Entries\u003C\u002Fstrong>: Save form submissions as entries with all fields.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Spam protection\u003C\u002Fstrong>: Every form is protected against spam using a honeypot. If you need more sophisticated spam protection, Advanced Forms Pro includes support for reCAPTCHA.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Restrictions\u003C\u002Fstrong>: Place limits on your form using the built-in restrictions or \u003Ca href=\"https:\u002F\u002Fadvancedforms.github.io\u002Fguides\u002Fadvanced\u002Fadding-custom-restrictions\u002F\" rel=\"nofollow ugc\">create your own\u003C\u002Fa>:\n\u003Cul>\n\u003Cli>Limit the total number of submissions\u003C\u002Fli>\n\u003Cli>Limit your form to only logged-in users\u003C\u002Fli>\n\u003Cli>Limit the time when your form can be used\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User-friendly UI\u003C\u002Fstrong>: Create forms either through the admin panel or programmatically for easy integration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Gutenberg support\u003C\u002Fstrong>: Add forms to your site using Gutenberg blocks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer-friendly\u003C\u002Fstrong>: Designed for developers with a large variety of hooks and helper functions and \u003Ca href=\"https:\u002F\u002Fadvancedforms.github.io\" rel=\"nofollow ugc\">comprehensive documentation\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Pro\u003C\u002Fh4>\n\u003Cp>On top of that, \u003Cstrong>Advanced Forms Pro\u003C\u002Fstrong> offers even more features for advanced use cases. You can purchase a license through \u003Ca href=\"https:\u002F\u002Fhookturn.io\u002Fdownloads\u002Fadvanced-forms-pro\u002F\" rel=\"nofollow ugc\">Hookturn\u003C\u002Fa> which can be used on an unlimited number of sites.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Priority support\u003C\u002Fstrong>: Get direct support with an average response time of 1-2 days.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post editing\u003C\u002Fstrong>: Set up forms to create and edit posts. Configure the post title, content and status and automatically map your existing ACF fields.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User editing\u003C\u002Fstrong>: Register new users or let people edit their user profile with automatic mapping of your user fields.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Calculated fields\u003C\u002Fstrong>: Give your users immediate feedback as they fill out your form. Calculated fields update live with the values from other fields. Calculated fields are also \u003Ca href=\"https:\u002F\u002Fadvancedforms.github.io\u002Fpro\u002Fconfiguration\u002Fusing-calculated-fields\u002F\" rel=\"nofollow ugc\">fully programmable\u003C\u002Fa> for more complex calculations.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Slack\u003C\u002Fstrong>: Get a message in \u003Ca href=\"https:\u002F\u002Fslack.com\" rel=\"nofollow ugc\">Slack\u003C\u002Fa> for each form submission, including all form data.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Mailchimp\u003C\u002Fstrong>: Create a form to sign users up for your \u003Ca href=\"https:\u002F\u002Fmailchimp.com\" rel=\"nofollow ugc\">Mailchimp\u003C\u002Fa> mailing list.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Zapier\u003C\u002Fstrong>: Connect your form to thousands of third-party services using \u003Ca href=\"https:\u002F\u002Fzapier.com\" rel=\"nofollow ugc\">Zapier\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Google reCAPTCHA\u003C\u002Fstrong>: Protect your forms against spam using an invisible captcha.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>If you need help, have a feature request, or think you’ve found a bug, don’t hesitate to reach out. Either create a ticket on the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fadvanced-forms\u002F\" rel=\"ugc\">WordPress Support Forums\u003C\u002Fa> or an issue on \u003Ca href=\"http:\u002F\u002Fgithub.com\u002Fadvancedforms\u002Fadvanced-forms\u002Fissues\" rel=\"nofollow ugc\">Github\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>For Pro users, please send an email to \u003Ca href=\"mailto:support@hookturn.io?subject=Advanced%20Forms\" rel=\"nofollow ugc\">support@hookturn.io\u003C\u002Fa> and we’ll respond as fast as we can, most often within 1-2 days.\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>The documentation has been moved to a new site, check it out: \u003Ca href=\"https:\u002F\u002Fadvancedforms.github.io\" rel=\"nofollow ugc\">advancedforms.github.io\u003C\u002Fa>\u003C\u002Fp>\n","Flexible and developer-friendly forms using the power of Advanced Custom Fields",3000,105007,100,41,"2026-03-04T13:33:00.000Z","6.9.4","5.4.0","7.1",[20,21,22,23,24],"acf","acf-form","advanced-custom-fields","contact-form","form","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fadvanced-forms\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-forms.1.9.3.7.zip",99,2,0,"2024-02-05 00:00:00","2026-03-15T15:16:48.613Z",[33,49],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2024-1121","advanced-forms-for-acf-missing-authorization-to-unauthenticated-form-settings-export","Advanced Forms for ACF \u003C= 1.9.3.2 - Missing Authorization to Unauthenticated Form Settings Export","The Advanced Forms for ACF plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_json_file() function in all versions up to, and including, 1.9.3.2. This makes it possible for unauthenticated attackers to export form settings.",null,"\u003C=1.9.3.2","1.9.3.3","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:L\u002FI:N\u002FA:N","Missing Authorization","2024-02-05 21:21:52",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7b33f2ee-3f20-4494-bdae-3f8cc3c6dc73?source=api-prod",1,{"id":50,"url_slug":51,"title":52,"description":53,"plugin_slug":4,"theme_slug":38,"affected_versions":54,"patched_in_version":55,"severity":56,"cvss_score":57,"cvss_vector":58,"vuln_type":59,"published_date":60,"updated_date":61,"references":62,"days_to_patch":64},"CVE-2021-24892","advanced-forms-for-acf-insecure-direct-object-reference","Advanced Forms for ACF \u003C= 1.6.8 - Insecure Direct Object Reference","Insecure Direct Object Reference in edit function of Advanced Forms (Free & Pro) before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset password, which could lead to take over of WordPress's administrator account. To exploit this vulnerability, an attacker must register to obtain a valid WordPress's user and use such user to authenticate with WordPress in order to exploit the vulnerable edit function.","\u003C1.6.9","1.6.9","high",8.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Authorization Bypass Through User-Controlled Key","2020-06-27 00:00:00","2024-01-22 19:56:02",[63],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F3c021686-3c9d-4382-be5c-9d4bf989cdcd?source=api-prod",1305,{"slug":66,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":67,"avg_security_score":13,"avg_patch_time_days":68,"trust_score":69,"computed_at":70},"philkurth",3010,653,79,"2026-04-03T21:12:54.715Z",[72,93,113,131,151],{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":80,"downloaded":81,"rating":82,"num_ratings":83,"last_updated":84,"tested_up_to":85,"requires_at_least":86,"requires_php":87,"tags":88,"homepage":91,"download_link":92,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"acf-field-for-contact-form-7","ACF Field For CF7","1.7","KrishaWeb","https:\u002F\u002Fprofiles.wordpress.org\u002Fkrishaweb\u002F","\u003Cp>ACF Field for Contact Form 7 allows you to seamlessly integrate Contact Form 7 forms into your Advanced Custom Fields (ACF) setup. It adds a custom field type to ACF that lets you select CF7 forms from the admin panel and output them directly in your templates. This simplifies form management and eliminates the need to manually insert shortcodes. Ideal for developers who want a cleaner, more dynamic way to embed forms in custom layouts.\u003C\u002Fp>\n\u003Ch3>Key Features:\u003C\u002Fh3>\n\u003Cp>•   Single or Multiple Forms: Choose one CF7 form in a single ACF field.\u003Cbr \u002F>\n•   Markup Returned Automatically: Selected form(s) output the CF7 shortcode markup directly—ready to display via the_field() or get_field().\u003Cbr \u002F>\n•   Lightweight & Fast: Adds minimal load (~10 KB) to your site; small memory and speed impact.\u003Cbr \u002F>\n•   ACF-compatible: Works seamlessly with ACF 3–5 and tested up to WordPress 6.8.\u003C\u002Fp>\n\u003Ch3>Use Cases:\u003C\u002Fh3>\n\u003Cp>•   Developer-Centric Page Layouts: Define custom ACF fields in page builder templates or theme templates, letting editors easily select CF7 forms—no more shortcode errors.\u003Cbr \u002F>\n•   Content Editor Avoids Mistakes: Editors pick from a clean dropdown list instead of pasting form shortcodes, reducing the chance of broken forms or syntax errors.\u003Cbr \u002F>\n•   Modular Form Integration: Use in widget areas, theme customizer panels, or Gutenberg block templates (with Pro), letting site-wide layouts dynamically include forms.\u003C\u002Fp>\n\u003Ch3>Checkout the advanced features of ACF Field For CF 7 Pro:\u003C\u002Fh3>\n\u003Cp>•   Fully compatible with Gutenberg blocks.\u003Cbr \u002F>\n•   Supports integration with Widgets and Theme Customizer.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fstore.krishaweb.com\u002Fproduct\u002Facf-field-contact-form-7-pro\u002F\" rel=\"nofollow ugc\">Download the ACF Field For CF 7 Pro\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Cp>This ACF field type is compatible with :\u003Cbr \u002F>\n* ACF 3\u003Cbr \u002F>\n* ACF 4\u003Cbr \u002F>\n* ACF 5\u003C\u002Fp>\n","Adds a 'Contact Form 7' field type for the Advanced Custom Fields WordPress plugin.",10000,64065,94,11,"2025-06-20T12:48:00.000Z","6.8.5","5.0","7.4",[20,22,23,89,90],"contactform7","field","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Facf-field-for-contact-form-7\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Facf-field-for-contact-form-7.1.7.zip",{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":79,"active_installs":100,"downloaded":101,"rating":102,"num_ratings":103,"last_updated":104,"tested_up_to":105,"requires_at_least":106,"requires_php":107,"tags":108,"homepage":110,"download_link":111,"security_score":112,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"advanced-custom-fields-contact-form-7-field","Advanced Custom Fields – Contact Form 7 Field","1.1.0","taylor.mitchellstjoseph","https:\u002F\u002Fprofiles.wordpress.org\u002Ftaylormitchellstjoseph\u002F","\u003Cp>Adds a ‘Contact Form 7’ field type for the Advanced Custom Fields WordPress plugin.\u003C\u002Fp>\n\u003Cp>Store one or multiple contact forms in an advanced custom field.\u003C\u002Fp>\n\u003Cp>Mark one or more forms as disabled to prevent them from being selected.\u003C\u002Fp>\n\u003Cp>Field is returned as Contact Form 7 markup\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Compatible with both ACF V3 & V4\u003C\u002Fstrong>\u003C\u002Fp>\n",2000,26236,68,8,"2017-11-28T21:10:00.000Z","3.5.2","3.3","",[20,22,109],"contact-form-7","http:\u002F\u002Fgithub.com\u002Ftaylormsj\u002Facf-cf7-field","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-custom-fields-contact-form-7-field.1.1.2.zip",85,{"slug":114,"name":115,"version":116,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":121,"downloaded":122,"rating":123,"num_ratings":124,"last_updated":125,"tested_up_to":126,"requires_at_least":127,"requires_php":107,"tags":128,"homepage":107,"download_link":130,"security_score":112,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"acf-contact-form-7","Advanced Custom Fields Contact Form 7","1.1.6","imbeetle","https:\u002F\u002Fprofiles.wordpress.org\u002Fimbeetle\u002F","\u003Cp>Add a Contact Form 7 field type to Advanced Custom Fields.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Return contact form 7 shortcode\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Cp>This ACF field type is compatible with:\u003Cbr \u002F>\n* ACF 5\u003C\u002Fp>\n\u003Ch4>Languages\u003C\u002Fh4>\n\u003Cp>Supported 89 languages.\u003Cbr \u002F>\nIf you notice a mistake in the translations, write to us in support of or email to support@beetle.net.ua\u003C\u002Fp>\n\u003Ch4>Additionaly information\u003C\u002Fh4>\n\u003Cp>Found a problem in the plug-in or there is a suggestion for its improvement, write in support or email us at support@beetle.net.ua\u003C\u002Fp>\n\u003Cp>Donate link: https:\u002F\u002Fmoney.yandex.ru\u002Fto\u002F41001943592305\u003C\u002Fp>\n","Adds a new 'Contact Form 7' field to the popular Advanced Custom Fields plugin.",800,11312,60,4,"2019-10-12T13:33:00.000Z","5.3.21","4.8",[20,114,22,129,109],"advanced-custom-fields-contact-form-7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Facf-contact-form-7.zip",{"slug":132,"name":133,"version":134,"author":135,"author_profile":136,"description":137,"short_description":138,"active_installs":139,"downloaded":140,"rating":141,"num_ratings":142,"last_updated":143,"tested_up_to":144,"requires_at_least":145,"requires_php":107,"tags":146,"homepage":149,"download_link":150,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"acf-gravityforms-add-on","Advanced Custom Fields: Gravity Forms Add-on","1.3.10","DannyvanHolten","https:\u002F\u002Fprofiles.wordpress.org\u002Fdannyvanholten\u002F","\u003Cp>Provides an Advanced Custom Field which allows a WordPress editorial user or administrator to select a Gravity Form as part of a field group configuration.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>This plugin does not have any effect on the frontend of the website. It does not output the form, nor does it modify the output of existing forms. The plugin only adds a custom ACF field type for use in an ACF field group.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Full documentation can be found in the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FSayHelloGmbH\u002Facf-gravityforms-add-on\u002F\" rel=\"nofollow ugc\">plugin’s GitHub Repository\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Development\u003C\u002Fh3>\n\u003Cp>Version 1.3.2 added a plain HTML filter to the output of the field. This filter is not applied to fields in ACF version 4.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>apply_filters('acf-gravityforms-add-on\u002Ffield_html', string $field_html, array $field, string $field_options, string $multiple)\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Provides an Advanced Custom Field which allows a WordPress user to select a Gravity Form as part of a field group configuration.",30000,552315,84,14,"2025-12-02T17:20:00.000Z","6.9.0","4.6",[20,22,24,147,148],"gravity-forms","sayhellogmbh","https:\u002F\u002Fgithub.com\u002Fsayhellogmbh\u002Facf-gravityforms-add-on","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Facf-gravityforms-add-on.1.3.10.zip",{"slug":152,"name":153,"version":154,"author":155,"author_profile":156,"description":157,"short_description":158,"active_installs":13,"downloaded":159,"rating":13,"num_ratings":48,"last_updated":160,"tested_up_to":161,"requires_at_least":17,"requires_php":162,"tags":163,"homepage":107,"download_link":166,"security_score":112,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"acf-feeds-for-gravity-forms","ACF Feeds for Gravity Forms","1.0.1","Alex Chernov","https:\u002F\u002Fprofiles.wordpress.org\u002Falexusblack\u002F","\u003Cp>Use this plugin to update an ACF field(s) when Gravity Form is submitted. You also can accumulate value in a certain field (only fields of type \u003Ccode>Number\u003C\u002Fcode> supported at the moment).\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Target a wide range of WP entities: page, post, custom post, user, term, taxonomy, widget, comment, options page, current page\u002Fpost.\u003C\u002Fli>\n\u003Cli>Use GF merge tags in the ACF Target field\u003C\u002Fli>\n\u003Cli>Simply map ACF and GF fields in one-to-one, one-to-many or many-to-many relations\u003C\u002Fli>\n\u003Cli>Use operations on ACF fields to modify currently stored values\u003C\u002Fli>\n\u003Cli>Number fields support +, – and * math operations\u003C\u002Fli>\n\u003Cli>All text compatible fields support + operation to join strings\u003C\u002Fli>\n\u003Cli>ACF field targets support merge tags\u003C\u002Fli>\n\u003Cli>Implement complex logic with conditional feeds\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Any GF field compatible with string\u002Fnumber values should work. Tested GF fields: Single line text, Paragraph Text, Drop Down, Number, Checkboxes, Radio Buttons, Website, Email.\u003Cbr \u002F>\nAny ACF field compatible with string\u002Fnumber values should work. Tested ACF fields: Text, Text Area, Number, Range, Email, Url, Password, Select, Checkbox, Radio Button, Button Group, True \u002F False\u003C\u002Fp>\n\u003Cp>Example use cases:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Count number of submissions\u003C\u002Fli>\n\u003Cli>Remember name\u002Flogin\u002Femail of the last user who submitted the form\u003C\u002Fli>\n\u003Cli>Make a simple page like feature\u003C\u002Fli>\n\u003Cli>Save name of a last sold product\u003C\u002Fli>\n\u003C\u002Ful>\n","Write Gravity Forms submission fields into ACF fields. Accumulate values over time.",2160,"2021-08-11T03:38:00.000Z","5.8.0","7.0",[20,22,164,147,165],"feed","integration","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Facf-feeds-for-gravity-forms.1.0.1.zip",{"attackSurface":168,"codeSignals":435,"taintFlows":568,"riskAssessment":653,"analyzedAt":670},{"hooks":169,"ajaxHandlers":418,"restRoutes":428,"shortcodes":429,"cronEvents":433,"entryPointCount":124,"unprotectedCount":434},[170,175,179,185,189,193,198,204,208,211,215,218,222,225,228,231,235,239,242,247,250,253,256,260,262,265,268,271,274,277,280,282,286,288,291,294,297,300,301,303,305,306,309,312,315,317,322,325,329,332,335,339,343,346,349,352,355,358,360,363,366,368,371,374,377,379,382,385,387,389,392,396,398,400,401,402,403,407,410,414],{"type":171,"name":172,"callback":173,"priority":13,"file":174,"line":142},"action","acf\u002Frender_field_settings","field_settings","acf\\acf-additions.php",{"type":171,"name":176,"callback":177,"priority":13,"file":174,"line":178},"acf\u002Fprepare_field","hide_field_from_admin",15,{"type":180,"name":181,"callback":182,"priority":183,"file":174,"line":184},"filter","acf\u002Flocation\u002Frule_types","add_form_location_type",10,17,{"type":180,"name":186,"callback":187,"priority":183,"file":174,"line":188},"acf\u002Flocation\u002Frule_values\u002Faf_form","form_location_rule_values",18,{"type":180,"name":190,"callback":191,"priority":183,"file":174,"line":192},"acf\u002Flocation\u002Frule_match\u002Faf_form","form_location_rule_match",19,{"type":180,"name":194,"callback":195,"priority":183,"file":196,"line":197},"acf\u002Ffield_wrapper_attributes","_add_hidden_label_class","acf\\fields\\af-render-content-field.php",74,{"type":171,"name":199,"callback":200,"priority":201,"file":202,"line":203},"acf\u002Frender_field\u002Ftype=text","add_email_field_inserter",20,"admin\\admin-emails.php",7,{"type":180,"name":205,"callback":206,"priority":183,"file":202,"line":207},"acf\u002Fload_field\u002Fname=recipient_field","populate_email_field_choices",9,{"type":180,"name":209,"callback":210,"priority":183,"file":202,"line":183},"af\u002Fform\u002Fsettings_fields","email_acf_fields",{"type":171,"name":212,"callback":213,"priority":183,"file":214,"line":207},"acf\u002Finit","register_custom_fields","admin\\admin-entries.php",{"type":171,"name":216,"callback":217,"priority":183,"file":214,"line":83},"manage_af_entry_posts_custom_column","custom_columns_content",{"type":171,"name":219,"callback":220,"priority":183,"file":214,"line":221},"restrict_manage_posts","form_filter",13,{"type":171,"name":223,"callback":224,"priority":183,"file":214,"line":142},"pre_get_posts","filter_entries_by_form",{"type":180,"name":226,"callback":227,"priority":183,"file":214,"line":188},"acf\u002Fprepare_field\u002Fname=entry_form","entry_form_field",{"type":180,"name":229,"callback":230,"priority":183,"file":214,"line":192},"acf\u002Fprepare_field\u002Fname=entry_submission_info","entry_submission_info_field",{"type":180,"name":232,"callback":233,"priority":183,"file":214,"line":234},"acf\u002Fprepare_field\u002Fname=form_create_entries","add_entries_link_to_instruction",21,{"type":180,"name":236,"callback":237,"priority":183,"file":214,"line":238},"manage_af_entry_posts_columns","add_custom_columns",23,{"type":180,"name":209,"callback":240,"priority":183,"file":214,"line":241},"add_form_settings_fields",25,{"type":171,"name":243,"callback":244,"priority":183,"file":245,"line":246},"admin_init","add_fields_meta_box","admin\\admin-forms.php",12,{"type":171,"name":248,"callback":249,"priority":183,"file":245,"line":221},"edit_form_after_title","display_form_key",{"type":180,"name":251,"callback":252,"priority":183,"file":245,"line":142},"acf\u002Fprepare_field\u002Fname=form_shortcode_message","display_form_shortcode",{"type":171,"name":254,"callback":255,"priority":183,"file":245,"line":178},"save_post","add_form_key",{"type":180,"name":257,"callback":258,"priority":183,"file":245,"line":259},"add_post_metadata","should_add_form_key_meta",16,{"type":171,"name":212,"callback":261,"priority":183,"file":245,"line":184},"register_fields",{"type":171,"name":263,"callback":264,"priority":183,"file":245,"line":188},"media_buttons","add_wysiwyg_content_field_inserter",{"type":171,"name":266,"callback":267,"priority":183,"file":245,"line":192},"admin_footer","add_forms_sidebar",{"type":171,"name":269,"callback":270,"priority":183,"file":245,"line":234},"post_submitbox_start","add_actions",{"type":180,"name":272,"callback":273,"priority":183,"file":245,"line":238},"manage_af_form_posts_columns","manage_columns",{"type":171,"name":275,"callback":217,"priority":183,"file":245,"line":276},"manage_af_form_posts_custom_column",24,{"type":180,"name":278,"callback":279,"priority":183,"file":245,"line":241},"disable_months_dropdown","disable_months_filter",{"type":180,"name":209,"callback":240,"priority":183,"file":281,"line":103},"admin\\admin-restrictions.php",{"type":171,"name":283,"callback":284,"priority":183,"file":285,"line":103},"admin_menu","register_admin_page","admin\\forms\\forms-export.php",{"type":171,"name":243,"callback":287,"priority":183,"file":285,"line":207},"export_json_file",{"type":171,"name":289,"callback":290,"priority":178,"file":285,"line":183},"af\u002Fadmin\u002Fform\u002Factions","add_export_button",{"type":180,"name":292,"callback":293,"priority":183,"file":285,"line":83},"admin_title","fix_admin_title",{"type":171,"name":283,"callback":284,"priority":295,"file":296,"line":295},5,"admin\\forms\\forms-import.php",{"type":171,"name":243,"callback":298,"priority":183,"file":296,"line":299},"import_json_file",6,{"type":180,"name":292,"callback":293,"priority":183,"file":296,"line":203},{"type":171,"name":283,"callback":284,"priority":183,"file":302,"line":299},"admin\\forms\\forms-preview.php",{"type":171,"name":289,"callback":304,"priority":183,"file":302,"line":203},"add_preview_button",{"type":180,"name":292,"callback":293,"priority":183,"file":302,"line":103},{"type":171,"name":307,"callback":308,"priority":183,"file":302,"line":207},"admin_enqueue_scripts","enqueue_acf",{"type":180,"name":310,"callback":311,"priority":183,"file":302,"line":83},"af\u002Fform\u002Fbutton_attributes","add_classes_to_button",{"type":180,"name":313,"callback":314,"priority":183,"file":302,"line":246},"af\u002Fform\u002Fprevious_button_atts","add_classes_to_page_buttons",{"type":180,"name":316,"callback":314,"priority":183,"file":302,"line":221},"af\u002Fform\u002Fnext_button_atts",{"type":171,"name":318,"callback":319,"priority":48,"file":320,"line":321},"plugins_loaded","setup_plugin","advanced-forms.php",61,{"type":171,"name":212,"callback":323,"priority":48,"file":320,"line":324},"load_plugin",62,{"type":171,"name":326,"callback":327,"priority":183,"file":320,"line":328},"admin_notices","missing_acf_notice",63,{"type":171,"name":307,"callback":330,"priority":183,"file":320,"line":331},"enqueue_admin_styles",134,{"type":171,"name":307,"callback":333,"priority":183,"file":320,"line":334},"enqueue_admin_scripts",135,{"type":171,"name":336,"callback":337,"priority":183,"file":320,"line":338},"init","register_post_types",139,{"type":171,"name":340,"callback":341,"priority":178,"file":342,"line":203},"af\u002Fform\u002Fsubmission","send_form_emails","core\\core-emails.php",{"type":171,"name":344,"callback":345,"priority":183,"file":342,"line":103},"af\u002Femails\u002Fsend_form_email","send_single_form_email",{"type":180,"name":347,"callback":348,"priority":183,"file":342,"line":183},"af\u002Fform\u002Fvalid_form","valid_form",{"type":180,"name":350,"callback":351,"priority":183,"file":342,"line":83},"af\u002Fform\u002Ffrom_post","form_from_post",{"type":171,"name":353,"callback":354,"priority":183,"file":342,"line":246},"af\u002Fform\u002Fto_post","form_to_post",{"type":171,"name":340,"callback":356,"priority":48,"file":357,"line":183},"create_entry","core\\core-entries.php",{"type":171,"name":254,"callback":359,"priority":183,"file":357,"line":83},"entry_saved",{"type":171,"name":361,"callback":362,"priority":183,"file":357,"line":221},"af\u002Fmerge_tags\u002Fcustom","add_entry_id_tag",{"type":171,"name":364,"callback":365,"priority":183,"file":357,"line":142},"af\u002Fmerge_tags\u002Fresolve","resolve_entry_id_tag",{"type":171,"name":254,"callback":359,"priority":183,"file":357,"line":367},97,{"type":171,"name":212,"callback":369,"file":370,"line":295},"register_block","core\\core-gutenberg.php",{"type":180,"name":372,"callback":373,"priority":183,"file":370,"line":299},"acf\u002Fload_field\u002Fname=af_block_form","populate_form_select_field",{"type":180,"name":375,"callback":376,"priority":183,"file":370,"line":203},"acf\u002Fload_field\u002Fname=af_block_exclude_fields","populate_exclude_fields_field",{"type":171,"name":212,"callback":378,"file":370,"line":207},"register_block_fields",{"type":180,"name":380,"callback":381,"priority":183,"file":370,"line":183},"af\u002Fform\u002Fgutenberg\u002Ffields","add_general_block_settings",{"type":180,"name":364,"callback":383,"priority":183,"file":384,"line":299},"resolve_all_fields_tag","core\\core-merge-tags.php",{"type":180,"name":364,"callback":386,"priority":183,"file":384,"line":203},"resolve_sub_field_tag",{"type":180,"name":364,"callback":388,"priority":183,"file":384,"line":103},"resolve_field_tag",{"type":171,"name":336,"callback":390,"file":391,"line":207},"check_migration","core\\core-migrations.php",{"type":180,"name":393,"callback":394,"priority":183,"file":395,"line":83},"af\u002Fform\u002Frestriction","restrict_entries","core\\core-restrictions.php",{"type":180,"name":393,"callback":397,"priority":183,"file":395,"line":246},"restrict_user_logged_in",{"type":180,"name":393,"callback":399,"priority":183,"file":395,"line":221},"restrict_form_schedule",{"type":180,"name":347,"callback":348,"priority":183,"file":395,"line":178},{"type":180,"name":350,"callback":351,"priority":183,"file":395,"line":259},{"type":171,"name":353,"callback":354,"priority":183,"file":395,"line":184},{"type":171,"name":404,"callback":405,"priority":183,"file":406,"line":221},"af\u002Fform\u002Frender","render","core\\forms\\forms-rendering.php",{"type":171,"name":336,"callback":408,"priority":183,"file":409,"line":234},"pre_form","core\\forms\\forms-submissions.php",{"type":171,"name":411,"callback":412,"priority":183,"file":409,"line":413},"acf\u002Fvalidate_save_post","validate",22,{"type":180,"name":415,"callback":416,"priority":417,"file":409,"line":238},"acf\u002Fupload_prefilter","intercept_upload_errors",1000,[419,423,426],{"action":420,"nopriv":421,"callback":422,"hasNonce":421,"hasCapCheck":421,"file":370,"line":246},"af_gutenberg_get_form_data",false,"ajax_get_form_data",{"action":424,"nopriv":421,"callback":425,"hasNonce":421,"hasCapCheck":421,"file":409,"line":192},"af_submission","ajax_submission",{"action":424,"nopriv":427,"callback":425,"hasNonce":421,"hasCapCheck":421,"file":409,"line":201},true,[],[430],{"tag":431,"callback":432,"file":406,"line":246},"advanced_form","form_shortcode",[],3,{"dangerousFunctions":436,"sqlUsage":437,"outputEscaping":442,"fileOperations":48,"externalRequests":29,"nonceChecks":28,"capabilityChecks":48,"bundledLibraries":567},[],{"prepared":29,"raw":48,"locations":438},[439],{"file":409,"line":440,"context":441},413,"$wpdb->get_col() with variable interpolation",{"escaped":207,"rawEcho":443,"locations":444},66,[445,449,451,453,456,457,458,460,462,464,466,467,469,471,473,475,477,479,481,483,485,486,488,489,491,492,494,495,497,499,500,502,504,506,508,510,512,514,516,518,520,521,523,525,527,529,531,532,534,536,538,540,542,544,545,547,549,551,553,554,555,557,559,561,563,565],{"file":446,"line":447,"context":448},"acf\\fields\\field_select.php",128,"raw output",{"file":446,"line":450,"context":448},148,{"file":446,"line":452,"context":448},209,{"file":454,"line":455,"context":448},"acf\\fields\\page.php",59,{"file":454,"line":324,"context":448},{"file":454,"line":328,"context":448},{"file":214,"line":459,"context":448},140,{"file":214,"line":461,"context":448},175,{"file":245,"line":463,"context":448},72,{"file":245,"line":465,"context":448},147,{"file":245,"line":465,"context":448},{"file":245,"line":468,"context":448},152,{"file":245,"line":470,"context":448},153,{"file":245,"line":472,"context":448},154,{"file":245,"line":474,"context":448},167,{"file":245,"line":476,"context":448},202,{"file":245,"line":478,"context":448},212,{"file":245,"line":480,"context":448},215,{"file":245,"line":482,"context":448},260,{"file":245,"line":484,"context":448},264,{"file":245,"line":484,"context":448},{"file":245,"line":487,"context":448},265,{"file":245,"line":487,"context":448},{"file":245,"line":490,"context":448},266,{"file":245,"line":490,"context":448},{"file":245,"line":493,"context":448},278,{"file":245,"line":493,"context":448},{"file":285,"line":496,"context":448},55,{"file":285,"line":498,"context":448},57,{"file":285,"line":102,"context":448},{"file":285,"line":501,"context":448},81,{"file":285,"line":503,"context":448},91,{"file":285,"line":505,"context":448},179,{"file":302,"line":507,"context":448},47,{"file":302,"line":509,"context":448},48,{"file":302,"line":511,"context":448},53,{"file":302,"line":513,"context":448},104,{"file":320,"line":515,"context":448},162,{"file":517,"line":178,"context":448},"api\\api-forms.php",{"file":519,"line":452,"context":448},"api\\api-helpers.php",{"file":519,"line":480,"context":448},{"file":519,"line":522,"context":448},223,{"file":519,"line":524,"context":448},248,{"file":519,"line":526,"context":448},249,{"file":370,"line":528,"context":448},46,{"file":406,"line":530,"context":448},110,{"file":406,"line":334,"context":448},{"file":406,"line":533,"context":448},166,{"file":406,"line":535,"context":448},180,{"file":406,"line":537,"context":448},185,{"file":406,"line":539,"context":448},196,{"file":406,"line":541,"context":448},224,{"file":406,"line":543,"context":448},247,{"file":406,"line":524,"context":448},{"file":406,"line":546,"context":448},250,{"file":406,"line":548,"context":448},253,{"file":406,"line":550,"context":448},254,{"file":406,"line":552,"context":448},259,{"file":406,"line":484,"context":448},{"file":406,"line":487,"context":448},{"file":406,"line":556,"context":448},269,{"file":406,"line":558,"context":448},429,{"file":406,"line":560,"context":448},437,{"file":406,"line":562,"context":448},440,{"file":406,"line":564,"context":448},453,{"file":406,"line":566,"context":448},475,[],[569,584,596,604,614,633,645],{"entryPoint":570,"graph":571,"unsanitizedCount":124,"severity":41},"export_page (admin\\forms\\forms-export.php:36)",{"nodes":572,"edges":582},[573,577],{"id":574,"type":575,"label":576,"file":285,"line":14},"n0","source","$_GET (x4)",{"id":578,"type":579,"label":580,"file":285,"line":496,"wp_function":581},"n1","sink","echo() [XSS]","echo",[583],{"from":574,"to":578,"sanitized":421},{"entryPoint":585,"graph":586,"unsanitizedCount":48,"severity":41},"import_json_file (admin\\forms\\forms-import.php:65)",{"nodes":587,"edges":594},[588,590],{"id":574,"type":575,"label":589,"file":296,"line":197},"$_FILES",{"id":578,"type":579,"label":591,"file":296,"line":592,"wp_function":593},"file_get_contents() [SSRF\u002FLFI]",75,"file_get_contents",[595],{"from":574,"to":578,"sanitized":421},{"entryPoint":597,"graph":598,"unsanitizedCount":48,"severity":41},"\u003Cforms-import> (admin\\forms\\forms-import.php:0)",{"nodes":599,"edges":602},[600,601],{"id":574,"type":575,"label":589,"file":296,"line":197},{"id":578,"type":579,"label":591,"file":296,"line":592,"wp_function":593},[603],{"from":574,"to":578,"sanitized":421},{"entryPoint":605,"graph":606,"unsanitizedCount":28,"severity":41},"preview_page (admin\\forms\\forms-preview.php:38)",{"nodes":607,"edges":612},[608,611],{"id":574,"type":575,"label":609,"file":302,"line":610},"$_GET (x2)",43,{"id":578,"type":579,"label":580,"file":302,"line":507,"wp_function":581},[613],{"from":574,"to":578,"sanitized":421},{"entryPoint":615,"graph":616,"unsanitizedCount":29,"severity":632},"export_json_file (admin\\forms\\forms-export.php:148)",{"nodes":617,"edges":629},[618,621,625,627],{"id":574,"type":575,"label":619,"file":285,"line":620},"$_GET",169,{"id":578,"type":579,"label":622,"file":285,"line":623,"wp_function":624},"header() [Header Injection]",176,"header",{"id":626,"type":575,"label":619,"file":285,"line":620},"n2",{"id":628,"type":579,"label":580,"file":285,"line":505,"wp_function":581},"n3",[630,631],{"from":574,"to":578,"sanitized":427},{"from":626,"to":628,"sanitized":427},"low",{"entryPoint":634,"graph":635,"unsanitizedCount":29,"severity":632},"\u003Cforms-export> (admin\\forms\\forms-export.php:0)",{"nodes":636,"edges":642},[637,639,640,641],{"id":574,"type":575,"label":638,"file":285,"line":14},"$_GET (x6)",{"id":578,"type":579,"label":580,"file":285,"line":496,"wp_function":581},{"id":626,"type":575,"label":619,"file":285,"line":620},{"id":628,"type":579,"label":622,"file":285,"line":623,"wp_function":624},[643,644],{"from":574,"to":578,"sanitized":427},{"from":626,"to":628,"sanitized":427},{"entryPoint":646,"graph":647,"unsanitizedCount":28,"severity":632},"\u003Cforms-preview> (admin\\forms\\forms-preview.php:0)",{"nodes":648,"edges":651},[649,650],{"id":574,"type":575,"label":609,"file":302,"line":610},{"id":578,"type":579,"label":580,"file":302,"line":507,"wp_function":581},[652],{"from":574,"to":578,"sanitized":421},{"summary":654,"deductions":655},"The \"advanced-forms\" plugin v1.9.3.7 presents a concerning security posture. While it has no currently unpatched CVEs, its vulnerability history reveals a pattern of critical security flaws, specifically Missing Authorization and Authorization Bypass Through User-Controlled Key. This suggests a recurring weakness in how the plugin handles user permissions and access control.\n\nThe static analysis highlights significant security risks. A substantial portion of the attack surface, specifically 3 out of 4 entry points (all AJAX handlers), lacks proper authentication checks. This makes these handlers vulnerable to unauthorized access and potential exploitation. Furthermore, the plugin exhibits poor output escaping practices, with only 12% of outputs being properly escaped, increasing the risk of Cross-Site Scripting (XSS) vulnerabilities. The presence of unsanitized paths in taint analysis flows, even without critical or high severity identified, warrants caution as it indicates potential for path traversal or other file-related attacks.\n\nWhile the plugin does have some security measures in place, such as nonce and capability checks, their limited application across the attack surface is a major concern. The complete absence of prepared statements for its single SQL query is another critical weakness, leaving it susceptible to SQL injection attacks. The history of serious vulnerabilities, combined with the identified weaknesses in authentication, output escaping, and data sanitization, indicates that this plugin requires immediate attention to mitigate potential risks.",[656,658,660,662,664,666,668],{"reason":657,"points":178},"Unprotected AJAX handlers",{"reason":659,"points":183},"Raw SQL query without prepared statements",{"reason":661,"points":103},"Low percentage of properly escaped output",{"reason":663,"points":103},"Unsanitized paths in taint flows",{"reason":665,"points":178},"Previous high severity vulnerabilities",{"reason":667,"points":295},"Previous medium severity vulnerabilities",{"reason":669,"points":203},"Limited capability checks across entry points","2026-03-16T18:21:29.503Z",{"wat":672,"direct":681},{"assetPaths":673,"generatorPatterns":676,"scriptPaths":677,"versionParams":678},[674,675],"\u002Fwp-content\u002Fplugins\u002Fadvanced-forms\u002Fassets\u002Fdist\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fadvanced-forms\u002Fassets\u002Fdist\u002Fjs\u002Fadmin.js",[],[675],[679,680],"advanced-forms\u002Fassets\u002Fdist\u002Fcss\u002Fadmin.css?ver=","advanced-forms\u002Fassets\u002Fdist\u002Fjs\u002Fadmin.js?ver=",{"cssClasses":682,"htmlComments":689,"htmlAttributes":692,"restEndpoints":695,"jsGlobals":699,"shortcodeOutput":702},[683,684,685,686,687,688],"af-admin-wrap","acf-field-af-form-fields","acf-field-af-form-settings","acf-field-af-form-submissions","acf-field-af-form-emails","acf-field-af-form-entries",[690,691],"\u003C!-- Advanced Forms Admin Menu -->","\u003C!-- Advanced Forms Admin Wrap -->",[693,694],"data-af-form-id","data-af-submission-id",[696,697,698],"\u002Fwp-json\u002Fadvanced-forms\u002Fv1\u002Fsubmissions","\u002Fwp-json\u002Fadvanced-forms\u002Fv1\u002Fentries","\u002Fwp-json\u002Fadvanced-forms\u002Fv1\u002Fforms",[700,701],"advancedFormsAdmin","AFAdmin",[]]