[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f-waXK1SYviWTJjXSnnS-8wMgP1OIckLFV-yKWkI5GYM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":21,"download_link":22,"security_score":23,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":32,"analysis":33,"fingerprints":195},"alidani-contact-form","ALIDANI Contact forms","1.4","ehssan1985","https:\u002F\u002Fprofiles.wordpress.org\u002Fehssan1985\u002F","\u003Cp>ALIDANI Contact Forms features:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>► Email delivery    \n► Saves messages into database\n► Printable list of messages\n► Easy to change colour and text of the form\n► Field validation\n► One-click contact form\n► Classic and ajax submission\n► ... and more features (see below)\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The \u003Cstrong>ALIDANI Contact Form\u003C\u002Fstrong> is a powerful and easy WordPress plugin to create \u003Cstrong>contact forms\u003C\u002Fstrong> and \u003Cstrong>send their data email addresses\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>ALIDANI Contact Form\u003C\u002Fstrong> also \u003Cstrong>saves the contact form data into a database\u003C\u002Fstrong> and the option to change the content of the email with the ability to response and send the email back.\u003C\u002Fp>\n\u003Ch4>ALIDANI Contact Forms Main Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Email delivery:\u003C\u002Fstrong> The contact form data is sent to the wordpress database with the opportunity to edit the contect.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Form data saved into the database:\u003C\u002Fstrong> Avoid losing submissions and keep a record of the received contact form messages.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>list of receiving messages:\u003C\u002Fstrong> show list of received emails.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Date and time of receiving the emails:\u003C\u002Fstrong> Shows the date and time of sending the email.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Edit the contect:\u003C\u002Fstrong> Provide easy way to edit the email’s content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy to send email:\u003C\u002Fstrong> Provide easy way to replay on the email.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Form Validation:\u003C\u002Fstrong> Set validation rules for each contact form field. Keep your data clean.\u003C\u002Fli>\n\u003C\u002Ful>\n","Contact form with visual form builder. Contact form that sends the data to email, to a database list and easy to update the content.",10,1811,100,1,"2021-09-13T07:13:00.000Z","5.7.15","","5.6.25",[20],"simple-contact-form-that-sends-the-data-to-email-and-also-to-a-database-with-easy-way-to-manage-and-response-to-the-emails","https:\u002F\u002Fwww.uniquetechnology.com.au\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Falidani-contact-form.1.4.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":23,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},30,84,"2026-04-03T19:21:42.296Z",[],{"attackSurface":34,"codeSignals":73,"taintFlows":125,"riskAssessment":182,"analyzedAt":194},{"hooks":35,"ajaxHandlers":46,"restRoutes":64,"shortcodes":65,"cronEvents":70,"entryPointCount":71,"unprotectedCount":72},[36,42],{"type":37,"name":38,"callback":39,"file":40,"line":41},"action","init","alidani_contact_form_include_assets","wp-alidani-contact-form.php",45,{"type":37,"name":43,"callback":44,"file":40,"line":45},"admin_menu","alidani_contact_form_plugin_menu",57,[47,52,56,60],{"action":48,"nopriv":49,"callback":50,"hasNonce":49,"hasCapCheck":49,"file":40,"line":51},"alidanicontactlibrary",false,"alidani_contact_ajax_handler",194,{"action":53,"nopriv":49,"callback":54,"hasNonce":49,"hasCapCheck":49,"file":40,"line":55},"alidaniadmincontactlibrary","alidani_admin_contact_ajax_handler",196,{"action":57,"nopriv":49,"callback":58,"hasNonce":49,"hasCapCheck":49,"file":40,"line":59},"alidanicolorandfontlibrary","alidani_color_font_contact_ajax_handler",199,{"action":61,"nopriv":49,"callback":62,"hasNonce":49,"hasCapCheck":49,"file":40,"line":63},"alidanisendcontactlibrary","alidani_send_contact_ajax_handler",203,[],[66],{"tag":67,"callback":68,"file":40,"line":69},"alidaniform","alidani_front_contact_form",59,[],5,4,{"dangerousFunctions":74,"sqlUsage":75,"outputEscaping":92,"fileOperations":24,"externalRequests":24,"nonceChecks":24,"capabilityChecks":24,"bundledLibraries":121},[],{"prepared":76,"raw":77,"locations":78},22,6,[79,82,84,86,88,90],{"file":40,"line":80,"context":81},179,"$wpdb->query() with variable interpolation",{"file":40,"line":83,"context":81},180,{"file":40,"line":85,"context":81},181,{"file":40,"line":87,"context":81},187,{"file":40,"line":89,"context":81},188,{"file":40,"line":91,"context":81},189,{"escaped":93,"rawEcho":94,"locations":95},236,11,[96,100,102,105,107,109,111,113,115,117,119],{"file":97,"line":98,"context":99},"views\\alidani_admin_info_page.php",92,"raw output",{"file":97,"line":101,"context":99},93,{"file":103,"line":104,"context":99},"views\\alidani_front_contact_form.php",14,{"file":40,"line":106,"context":99},227,{"file":40,"line":108,"context":99},246,{"file":40,"line":110,"context":99},263,{"file":40,"line":112,"context":99},274,{"file":40,"line":114,"context":99},281,{"file":40,"line":116,"context":99},299,{"file":40,"line":118,"context":99},312,{"file":40,"line":120,"context":99},320,[122],{"name":123,"version":25,"knownCves":124},"DataTables",[],[126,154,168],{"entryPoint":127,"graph":128,"unsanitizedCount":14,"severity":153},"\u003Calidani_admin_edit_page> (views\\alidani_admin_edit_page.php:0)",{"nodes":129,"edges":149},[130,136,141,144],{"id":131,"type":132,"label":133,"file":134,"line":135},"n0","source","$_GET","views\\alidani_admin_edit_page.php",3,{"id":137,"type":138,"label":139,"file":134,"line":71,"wp_function":140},"n1","sink","get_row() [SQLi]","get_row",{"id":142,"type":132,"label":143,"file":134,"line":135},"n2","$_GET (x4)",{"id":145,"type":138,"label":146,"file":134,"line":147,"wp_function":148},"n3","echo() [XSS]",23,"echo",[150,151],{"from":131,"to":137,"sanitized":49},{"from":142,"to":145,"sanitized":152},true,"high",{"entryPoint":155,"graph":156,"unsanitizedCount":14,"severity":153},"\u003Calidani_admin_send_page> (views\\alidani_admin_send_page.php:0)",{"nodes":157,"edges":165},[158,160,161,163],{"id":131,"type":132,"label":133,"file":159,"line":135},"views\\alidani_admin_send_page.php",{"id":137,"type":138,"label":139,"file":159,"line":71,"wp_function":140},{"id":142,"type":132,"label":162,"file":159,"line":135},"$_GET (x6)",{"id":145,"type":138,"label":146,"file":159,"line":164,"wp_function":148},34,[166,167],{"from":131,"to":137,"sanitized":49},{"from":142,"to":145,"sanitized":152},{"entryPoint":169,"graph":170,"unsanitizedCount":14,"severity":153},"\u003Calidani_edit_page> (views\\alidani_edit_page.php:0)",{"nodes":171,"edges":179},[172,174,175,177],{"id":131,"type":132,"label":133,"file":173,"line":135},"views\\alidani_edit_page.php",{"id":137,"type":138,"label":139,"file":173,"line":71,"wp_function":140},{"id":142,"type":132,"label":176,"file":173,"line":135},"$_GET (x5)",{"id":145,"type":138,"label":146,"file":173,"line":178,"wp_function":148},28,[180,181],{"from":131,"to":137,"sanitized":49},{"from":142,"to":145,"sanitized":152},{"summary":183,"deductions":184},"The 'alidani-contact-form' plugin v1.4 exhibits a concerning security posture primarily due to a significant number of unprotected AJAX handlers, representing a large attack surface. While the code generally adheres to good practices like using prepared statements for SQL queries and proper output escaping, the lack of authentication and capability checks on four out of five entry points is a critical weakness.  The taint analysis further highlights this, revealing three critical severity flows with unsanitized paths, strongly suggesting potential vulnerabilities that could be exploited through these unprotected AJAX endpoints.\n\nThe plugin's clean vulnerability history is a positive sign, indicating that past issues have likely been addressed or that the plugin hasn't been a significant target. However, this history does not mitigate the immediate risks identified in the static and taint analysis. The presence of a bundled library, DataTables, while not flagged as a specific issue here, could become a future concern if it's not kept up-to-date.\n\nIn conclusion, despite good practices in areas like SQL and output handling, the unprotected AJAX handlers and critical taint flows present a substantial risk. Developers should prioritize implementing proper authentication and capability checks for these AJAX actions to secure the plugin.",[185,187,190,192],{"reason":186,"points":11},"Unprotected AJAX handlers",{"reason":188,"points":189},"Critical severity taint flows (unsanitized paths)",15,{"reason":191,"points":11},"Missing nonce checks on AJAX handlers",{"reason":193,"points":11},"Missing capability checks on AJAX handlers","2026-03-17T00:11:53.357Z",{"wat":196,"direct":217},{"assetPaths":197,"generatorPatterns":208,"scriptPaths":209,"versionParams":216},[198,199,200,201,202,203,204,205,206,207],"\u002Fwp-content\u002Fplugins\u002Falidani-contact-form\u002Fassets\u002Fcss\u002Fbootstrap.min.css","\u002Fwp-content\u002Fplugins\u002Falidani-contact-form\u002Fassets\u002Fcss\u002Fjquery.dataTables.min.css","\u002Fwp-content\u002Fplugins\u002Falidani-contact-form\u002Fassets\u002Fcss\u002Fjquery.notifyBar.css","\u002Fwp-content\u002Fplugins\u002Falidani-contact-form\u002Fassets\u002Fcss\u002Falidanicontactformstyle.css","\u002Fwp-content\u002Fplugins\u002Falidani-contact-form\u002Fassets\u002Fjs\u002Falidanijquery.js","\u002Fwp-content\u002Fplugins\u002Falidani-contact-form\u002Fassets\u002Fjs\u002Fbootstrap.min.js","\u002Fwp-content\u002Fplugins\u002Falidani-contact-form\u002Fassets\u002Fjs\u002Fjquery.dataTables.min.js","\u002Fwp-content\u002Fplugins\u002Falidani-contact-form\u002Fassets\u002Fjs\u002Fjquery.notifyBar.js","\u002Fwp-content\u002Fplugins\u002Falidani-contact-form\u002Fassets\u002Fjs\u002Fjquery.validate.min.js","\u002Fwp-content\u002Fplugins\u002Falidani-contact-form\u002Fassets\u002Fjs\u002Falidaniscript.js",[],[210,211,212,213,214,215],"https:\u002F\u002Fwww.uniquetechnology.com.au\u002Fwp-content\u002Fplugins\u002Falidani-contact-form\u002Fassets\u002Fjs\u002Falidanijquery.js","https:\u002F\u002Fwww.uniquetechnology.com.au\u002Fwp-content\u002Fplugins\u002Falidani-contact-form\u002Fassets\u002Fjs\u002Fbootstrap.min.js","https:\u002F\u002Fwww.uniquetechnology.com.au\u002Fwp-content\u002Fplugins\u002Falidani-contact-form\u002Fassets\u002Fjs\u002Fjquery.dataTables.min.js","https:\u002F\u002Fwww.uniquetechnology.com.au\u002Fwp-content\u002Fplugins\u002Falidani-contact-form\u002Fassets\u002Fjs\u002Fjquery.notifyBar.js","https:\u002F\u002Fwww.uniquetechnology.com.au\u002Fwp-content\u002Fplugins\u002Falidani-contact-form\u002Fassets\u002Fjs\u002Fjquery.validate.min.js","https:\u002F\u002Fwww.uniquetechnology.com.au\u002Fwp-content\u002Fplugins\u002Falidani-contact-form\u002Fassets\u002Fjs\u002Falidaniscript.js",[],{"cssClasses":218,"htmlComments":220,"htmlAttributes":221,"restEndpoints":222,"jsGlobals":223,"shortcodeOutput":225},[219],"alidani_contact_form_style",[],[],[],[224],"alidaniformajaxurl",[226],"[alidaniform]"]