[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$faBU3_7qxrs5KKTfx9wgFf-QiLbrq0BW92JG7chyJnsA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":34,"analysis":136,"fingerprints":216},"ar-registration-secure-spam-blocker","ARS Reg Secure","1.1","arijose","https:\u002F\u002Fprofiles.wordpress.org\u002Farijose\u002F","\u003Cp>This plugin was created to stop human spammers.  Captcha or other image methods do not work when an actual person is spamming your site.  This plugin helps to resolve this issue.  It allows your to create a custom question and answer on the registration page of a wordpress site that only the users in your demographic can answer.  An example (and the reason I created this plugin) is a school track website.  I would get up to 3 to 5 bogus registrations a day.  I added this plugin with the question “What city is your school in?” and that number went to 0.  Someone in another area is not going to know this question, however anyone who would\u002Fshould be registering would defintely know the answer.  This plugin will not work for everyone but it certainly was a perfect fit for me and I know it will help others too.\u003C\u002Fp>\n","This plugin helps block bogus registrations by allowing a custom registration field and answer.",10,2180,0,"2013-12-19T18:44:00.000Z","3.7.41","3.7","",[19,20,21,22],"captcha","registration-form","secure","spam-blocker","http:\u002F\u002Fwww.arijose.com\u002Far-reg-secure\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Far-registration-secure-spam-blocker.1.1.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},1,30,84,"2026-04-04T07:47:08.574Z",[35,58,79,102,120],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":56,"download_link":57,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"no-captcha-recaptcha","No CAPTCHA reCAPTCHA","1.3.4","Collins Agbonghama","https:\u002F\u002Fprofiles.wordpress.org\u002Fcollizo4sky\u002F","\u003Cp>A simple plugin for adding the new No CAPTCHA reCAPTCHA by Google to WordPress login, registration and comment system as well as BuddyPress registration form to protect against spam.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Option to activate CAPTCHA in login, registration, comment and BuddyPress registration forms.\u003C\u002Fli>\n\u003Cli>Choose a theme for the CAPTCHA.\u003C\u002Fli>\n\u003Cli>Auto-detects the user’s language.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Plugins you will like\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fno-captcha-recaptcha-for-woocommerce\u002F\" rel=\"ugc\">No CAPTCHA reCAPTCHA for WooCommerce\u003C\u002Fa>\u003C\u002Fstrong>: Protect WooCommerce login, registration and password reset form against spam using Google’s No CAPTCHA reCAPTCHA.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fppress\u002F\" rel=\"ugc\">ProfilePress\u003C\u002Fa>\u003C\u002Fstrong>: A shortcode based WordPress form builder that makes building custom login, registration and password reset forms stupidly simple. \u003Ca href=\"http:\u002F\u002Fprofilepress.net\" rel=\"nofollow ugc\">More info here\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmailoptin\u002F\" rel=\"ugc\">MailOptin\u003C\u002Fa>\u003C\u002Fstrong> – The best WordPress email optin forms, email automation & newsletters plugin in the market.\u003C\u002Fli>\n\u003C\u002Ful>\n","Protect WordPress login, registration, comment and BuddyPress registration forms with Google's No CAPTCHA reCAPTCHA.",5000,151171,86,69,"2020-04-15T16:05:00.000Z","5.4.19","4.0","5.4",[52,53,54,20,55],"comment-form","login","recaptcha","security","http:\u002F\u002Fw3guy.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fno-captcha-recaptcha.1.3.4.zip",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":68,"num_ratings":69,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":17,"tags":73,"homepage":76,"download_link":77,"security_score":78,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"mailster-recaptcha","Mailster reCaptcha","2.0.1","EverPress","https:\u002F\u002Fprofiles.wordpress.org\u002Feverpress\u002F","\u003Cp>Adds a reCaptcha™ to your Mailster subscription forms.\u003C\u002Fp>\n\u003Cp>You may also try \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmailster-cool-captcha\u002F\" rel=\"ugc\">Mailster Cool Captcha for Forms\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Additional Info\u003C\u002Fh3>\n\u003Cp>This Plugin requires \u003Ca href=\"https:\u002F\u002Fmailster.co\u002F?utm_campaign=wporg&utm_source=wordpress.org&utm_medium=readme&utm_term=reCaptcha\" rel=\"nofollow ugc\">Mailster Newsletter Plugin for WordPress\u003C\u002Fa>\u003C\u002Fp>\n","Adds a reCaptcha™ to your Mailster subscription forms.",1000,27282,40,4,"2024-05-27T13:33:00.000Z","6.5.8","6.0",[19,74,75,54,21],"form","mailster","https:\u002F\u002Fmailster.co\u002F?utm_campaign=wporg&utm_source=wordpress.org&utm_medium=plugin&utm_term=reCaptcha","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmailster-recaptcha.2.0.1.zip",92,{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":89,"num_ratings":90,"last_updated":91,"tested_up_to":92,"requires_at_least":93,"requires_php":94,"tags":95,"homepage":100,"download_link":101,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"simple-no-bot","Invisible Anti Spam for Contact Form 7 (Simple No-Bot)","2.2.5","lilaeamedia","https:\u002F\u002Fprofiles.wordpress.org\u002Flilaeamedia\u002F","\u003Cp>Simple No-Bot uses javascript to detect if Contact Form 7 is being submitted by a spam bot.\u003C\u002Fp>\n\u003Cp>We wrote this when clients were reporting hundreds of bogus contact forms were getting past Honeypot, but did not want to add a captcha that would impact conversions.\u003C\u002Fp>\n\u003Cp>This lightweight script has been extremely effective for eliminating spam messages from Contact Form 7 (and other forms) submissions. It does not pretend to be a complete anti spam solution.\u003C\u002Fp>\n\u003Ch3>IMPORTANT\u003C\u002Fh3>\n\u003Cp>SNB REJECTS SUBMISSIONS UNLESS THE USER INTERACTS WITH THE FORM. In earlier versions of SNB, the submit button was disabled until this threshold was met. You can now set this option in wp-config.php (see below).\u003C\u002Fp>\n\u003Cp>In most cases it will be enabled after the user starts typing in the first field. It has not broken your form.\u003C\u002Fp>\n\u003Cp>Please report any feedback and false negatives\u002Fpositives on our support form at http:\u002F\u002Fwww.lilaeamedia.com\u002Fcontact\u002F before posting a crappy review. Thanks.\u003C\u002Fp>\n\u003Ch3>New! Improved!\u003C\u002Fh3>\n\u003Cp>You can now hook Simple No Bot into any form. The filter below will return TRUE if bots are detected.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$is_spam = FALSE; \u002F\u002F you can use whatever flag is being used by your plugin. \n$is_spam = apply_filters( 'snb_test_spam', $is_spam );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>We have added additional analysis to detect pesky bots that can mimic browsers and run scripts.\u003C\u002Fp>\n\u003Cp>SNB now keeps a list of IPs as they are flagged as spam and automatically fails them. The oldest IPs are pruned when it reaches 100 (or SNB_MAX_SPAM_IPS, see below). You can pass ?snb_flush=true as Admin to flush all spam IPs.\u003C\u002Fp>\n\u003Cp>You can disable the submit button until the event threshold is reached by adding the following flag to wp-config.php:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define( 'SNB_DISABLE_SUBMIT', TRUE );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Other configurable options:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define( 'SNB_SPAM_THRESHOLD', 2 ); \u002F\u002F maximum score before being considered spam\ndefine( 'SNB_MIN_EVENTS', 2 ); \u002F\u002F minimum number of events required to fetch token\ndefine( 'SNB_BLOCK_SPAM_IPS', TRUE ); \u002F\u002F use IP blocking on hard fails\ndefine( 'SNB_SPAM_IP_LIFESPAN', 60 * 60 * 24 * 30 ); \u002F\u002F time before spam ips expire - default 30 days\ndefine( 'SNB_MAX_SPAM_IPS', 100 ); \u002F\u002F max number of IPs to store before rotating\ndefine( 'SNB_SESSION_LIFESPAN', 60 * 30 ); \u002F\u002F time token is valid to send message - default 30 minutes\u003Ch3>Support\u003C\u002Fh3>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Please report any feedback and false negatives\u002Fpositives on our support form at http:\u002F\u002Fwww.lilaeamedia.com\u002Fcontact\u002F\u003C\u002Fp>\n\u003Cp>(c)2019 Lilaea Media\u003C\u002Fp>\n","Simple, lightweight, no captcha, no configuration. Just works.",200,3093,46,3,"2020-01-12T18:05:00.000Z","5.3.21","5.2","5.6",[96,97,98,99,22],"auto-captcha","bot-blocker","contact-form-7","invisible-recaptcha","http:\u002F\u002Fwww.lilaeamedia.com\u002Fsimple-no-bot\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-no-bot.2.2.5.zip",{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":110,"downloaded":111,"rating":13,"num_ratings":13,"last_updated":112,"tested_up_to":48,"requires_at_least":113,"requires_php":94,"tags":114,"homepage":118,"download_link":119,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"recaptcha-lite","reCAPTCHA Lite","1.0","Malik Naik","https:\u002F\u002Fprofiles.wordpress.org\u002Fmaliknaik16\u002F","\u003Cp>The reCAPTCHA Lite protects your WordPress site from the bots, brute-force attacks, spam, and abuse. This plugin comes with the support of reCAPTCHA v3 and v2 Checkbox. The reCAPTCHA v3 allows users to navigate site without solving “I’m not a robot” challenges.\u003C\u002Fp>\n\u003Cp>You can integrate the Google’s reCAPTCHA in the following forms:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Login Form\u003C\u002Fli>\n\u003Cli>Registration Form\u003C\u002Fli>\n\u003Cli>Lost Password Form\u003C\u002Fli>\n\u003Cli>Reset Password Form\u003C\u002Fli>\n\u003Cli>Comment Form\u003C\u002Fli>\n\u003Cli>WooCommerce Forms\u003C\u002Fli>\n\u003Cli>Buddy Press Signup Form\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you are using the Google reCAPTCHA v3 then the following actions list shows the action names that will be used to hit the \u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Frecaptcha\u002Fdocs\u002Fverify#api_request\" rel=\"nofollow ugc\">Google’s reCAPTCHA API endpoint\u003C\u002Fa> during validation. For more information on actions checkout out the \u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Frecaptcha\u002Fdocs\u002Fv3#actions\" rel=\"nofollow ugc\">official documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>login_form\u003C\u002Fli>\n\u003Cli>register_form\u003C\u002Fli>\n\u003Cli>lost_password_form\u003C\u002Fli>\n\u003Cli>reset_password_form\u003C\u002Fli>\n\u003Cli>comment_form\u003C\u002Fli>\n\u003Cli>woo_register_form\u003C\u002Fli>\n\u003Cli>woo_order_checkout\u003C\u002Fli>\n\u003Cli>woo_login_form\u003C\u002Fli>\n\u003Cli>buddypress_signup\u003C\u002Fli>\n\u003C\u002Ful>\n","Integrate the Google's reCAPTCHA Google's reCAPTCHA v2 Checkbox or v3 into the forms and protect your site from bots, brute-force attacks, s &hellip;",100,2936,"2020-04-22T07:06:00.000Z","4.4",[115,19,116,117,21],"bots","google","protect","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Frecaptcha-lite","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frecaptcha-lite.1.0.zip",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":31,"downloaded":128,"rating":13,"num_ratings":13,"last_updated":129,"tested_up_to":130,"requires_at_least":72,"requires_php":131,"tags":132,"homepage":134,"download_link":135,"security_score":110,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"r2k-captcha","R2K Security Captcha (for reCAPTCHA Enterprise & Cloudflare Turnstile)","1.0.3","systemsrtk","https:\u002F\u002Fprofiles.wordpress.org\u002Fsystemsrtk\u002F","\u003Cp>R2K Security Captcha is a comprehensive security plugin designed to safeguard your WordPress site’s critical entry points. By leveraging advanced captcha technology, it effectively blocks bots and malicious traffic without compromising user experience.\u003C\u002Fp>\n\u003Cp>Key features include:\u003Cbr \u002F>\n* \u003Cstrong>Dual-Service Support:\u003C\u002Fstrong> Seamlessly integrate with either \u003Cstrong>Google reCAPTCHA Enterprise\u003C\u002Fstrong> or \u003Cstrong>Cloudflare Turnstile\u003C\u002Fstrong>.\u003Cbr \u002F>\n* \u003Cstrong>Smart Protection:\u003C\u002Fstrong> Use reCAPTCHA Enterprise’s score-based system to dynamically assess risk and block suspicious activity.\u003Cbr \u002F>\n* \u003Cstrong>User-Friendly Turnstile:\u003C\u002Fstrong> Implement a non-intrusive, privacy-first security solution with Cloudflare Turnstile.\u003Cbr \u002F>\n* \u003Cstrong>Advanced Form Protection:\u003C\u002Fstrong> Secure your \u003Cstrong>login\u003C\u002Fstrong>, \u003Cstrong>registration\u003C\u002Fstrong>, and \u003Cstrong>lost password\u003C\u002Fstrong> forms.\u003Cbr \u002F>\n* \u003Cstrong>IP Whitelisting:\u003C\u002Fstrong> Easily add trusted IP addresses to a whitelist to bypass captcha checks for specific users or locations.\u003Cbr \u002F>\n* \u003Cstrong>Error Notifications:\u003C\u002Fstrong> Receive email notifications if your captcha keys fail, ensuring you are always aware of your site’s security status.\u003C\u002Fp>\n\u003Cp>This plugin provides a robust and secure layer of defense, making your website a safer place for real users while frustrating spammers and bots.\u003C\u002Fp>\n","Protect your WordPress website from spam and abuse with R2K Security Captcha. This plugin offers powerful security by integrating with two of the most &hellip;",241,"2025-12-16T09:24:00.000Z","6.8.5","8.0",[19,54,133,21,55],"recaptcha-enterprise","https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fr2k-security-captcha","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fr2k-captcha.1.0.3.zip",{"attackSurface":137,"codeSignals":161,"taintFlows":175,"riskAssessment":202,"analyzedAt":215},{"hooks":138,"ajaxHandlers":157,"restRoutes":158,"shortcodes":159,"cronEvents":160,"entryPointCount":13,"unprotectedCount":13},[139,145,150,154],{"type":140,"name":141,"callback":142,"file":143,"line":144},"action","admin_menu","ar_reg_secure_plugin_settings","includes\\admin.php",7,{"type":146,"name":147,"callback":148,"priority":11,"file":143,"line":149},"filter","plugin_action_links","ars_reg_secure_plugin_action_links",47,{"type":140,"name":151,"callback":152,"file":153,"line":144},"register_form","show_custom_field","includes\\core.php",{"type":140,"name":155,"callback":156,"priority":11,"file":153,"line":11},"register_post","check_fields",[],[],[],[],{"dangerousFunctions":162,"sqlUsage":163,"outputEscaping":165,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":174},[],{"prepared":13,"raw":13,"locations":164},[],{"escaped":13,"rawEcho":90,"locations":166},[167,170,172],{"file":143,"line":168,"context":169},42,"raw output",{"file":153,"line":171,"context":169},19,{"file":153,"line":173,"context":169},21,[],[176,193],{"entryPoint":177,"graph":178,"unsanitizedCount":30,"severity":192},"show_custom_field (includes\\core.php:13)",{"nodes":179,"edges":189},[180,184],{"id":181,"type":182,"label":183,"file":153,"line":173},"n0","source","$_POST['ars-custom-field']",{"id":185,"type":186,"label":187,"file":153,"line":173,"wp_function":188},"n1","sink","echo() [XSS]","echo",[190],{"from":181,"to":185,"sanitized":191},false,"medium",{"entryPoint":194,"graph":195,"unsanitizedCount":30,"severity":201},"\u003Ccore> (includes\\core.php:0)",{"nodes":196,"edges":199},[197,198],{"id":181,"type":182,"label":183,"file":153,"line":173},{"id":185,"type":186,"label":187,"file":153,"line":173,"wp_function":188},[200],{"from":181,"to":185,"sanitized":191},"low",{"summary":203,"deductions":204},"The \"ar-registration-secure-spam-blocker\" v1.1 plugin exhibits a mixed security posture.  While the absence of known CVEs and the use of prepared statements for SQL queries are positive indicators, significant concerns arise from the static analysis.  The analysis reveals that 100% of the identified outputs are not properly escaped, posing a high risk of Cross-Site Scripting (XSS) vulnerabilities.  Furthermore, the taint analysis indicates two flows with unsanitized paths, which, although not classified as critical or high severity by the analysis tool, warrant careful investigation as they represent potential pathways for malicious data to be processed without adequate validation.\n\nThe plugin's attack surface appears to be minimal with no AJAX handlers, REST API routes, shortcodes, or cron events detected, which is a strong point.  However, the lack of nonce and capability checks on the identified entry points (even if the number is zero) suggests a potential oversight in securing any future or hidden functionalities. The vulnerability history being entirely clear is a good sign, implying responsible development or a lack of prior exploitation, but it doesn't negate the current code-level risks.  Overall, the plugin has strengths in its SQL handling and limited attack surface, but the unescaped output and unsanitized taint flows are significant weaknesses that need immediate attention to mitigate XSS and potential injection risks.",[205,208,211,213],{"reason":206,"points":207},"All outputs are unescaped",8,{"reason":209,"points":210},"Taint flows with unsanitized paths",5,{"reason":212,"points":90},"No nonce checks detected",{"reason":214,"points":90},"No capability checks detected","2026-03-17T00:43:09.225Z",{"wat":217,"direct":224},{"assetPaths":218,"generatorPatterns":220,"scriptPaths":221,"versionParams":222},[219],"\u002Fwp-content\u002Fplugins\u002Far-registration-secure-spam-blocker\u002Fassets\u002Fcss\u002Fars-styles.css",[],[],[223],"ar-registration-secure-spam-blocker\u002Fassets\u002Fcss\u002Fars-styles.css?ver=",{"cssClasses":225,"htmlComments":227,"htmlAttributes":228,"restEndpoints":229,"jsGlobals":230,"shortcodeOutput":231},[226],"ars-styles",[],[],[],[],[]]