[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f16n9B2_C3Dwhguens5MFVEsv7WEblFFYkm-Sr1k-_Qk":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":17,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":58,"crawl_stats":35,"alternatives":65,"analysis":159,"fingerprints":485},"awcode-toolkit","AWcode Toolkit","1.0.24","awcode","https:\u002F\u002Fprofiles.wordpress.org\u002Fawcode\u002F","\u003Cp>A collection of useful tools & functions for WordPress site owners.\u003C\u002Fp>\n\u003Ch4>General Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>Support Cloudflare Flexible SSL\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Maintenence mode\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Coming soon mode\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Database find and replace\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Expand Smush functions\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>WooCommerce Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>Per product Sales Count\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Per User Sales Count\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Order UTM Tracking\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","AWcode Toolkit provides a collection of useful tools and functions for Wordpress site owners",100,4175,1,"2026-02-24T05:01:00.000Z","6.9.4","5.0","",[7,19,20,21,22],"cloudflare","web-developer","web-design","woocommerce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fawcode-toolkit.1.0.24.zip",98,2,0,"2025-05-19 00:00:00","2026-03-15T15:16:48.613Z",[30,46],{"id":31,"url_slug":32,"title":33,"description":34,"plugin_slug":4,"theme_slug":35,"affected_versions":36,"patched_in_version":37,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":27,"updated_date":42,"references":43,"days_to_patch":45},"CVE-2025-48238","awcode-toolkit-cross-site-request-forgery-to-stored-cross-site-scripting","AWcode Toolkit \u003C= 1.0.18 - Cross-Site Request Forgery to Stored Cross-Site Scripting","The AWcode Toolkit plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.18. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.0.18","1.0.19","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-05-28 16:48:31",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fa2887dbf-7d88-45da-afa5-e89dfa8bae21?source=api-prod",10,{"id":47,"url_slug":48,"title":49,"description":50,"plugin_slug":4,"theme_slug":35,"affected_versions":51,"patched_in_version":52,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":53,"published_date":54,"updated_date":55,"references":56,"days_to_patch":24},"CVE-2025-24554","awcode-toolkit-reflected-cross-site-scripting","AWcode Toolkit \u003C= 1.0.14 - Reflected Cross-Site Scripting","The AWcode Toolkit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=1.0.14","1.0.15","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-11-15 00:00:00","2025-02-20 16:31:35",[57],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc2a761ce-5a0c-4ba6-91f7-82ef7935f734?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":59,"total_installs":60,"avg_security_score":61,"avg_patch_time_days":62,"trust_score":63,"computed_at":64},4,110,97,38,86,"2026-04-04T18:24:00.312Z",[66,86,106,126,141],{"slug":67,"name":68,"version":69,"author":70,"author_profile":71,"description":72,"short_description":73,"active_installs":74,"downloaded":75,"rating":11,"num_ratings":76,"last_updated":77,"tested_up_to":15,"requires_at_least":78,"requires_php":79,"tags":80,"homepage":84,"download_link":85,"security_score":11,"vuln_count":26,"unpatched_count":26,"last_vuln_date":35,"fetched_at":28},"kitgenix-captcha-for-cloudflare-turnstile","Kitgenix CAPTCHA for Cloudflare Turnstile","1.0.17","Kitgenix","https:\u002F\u002Fprofiles.wordpress.org\u002Fkitgenix\u002F","\u003Cp>Spam is expensive: it wastes time, clogs inboxes, creates fake accounts, and on stores it can lead to abandoned checkout noise and fraudulent activity. Traditional CAPTCHA solutions can also hurt conversions by adding friction.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Cloudflare Turnstile\u003C\u002Fstrong> is a modern, privacy-first CAPTCHA alternative designed to reduce friction for real people while still blocking bots.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Kitgenix CAPTCHA for Cloudflare Turnstile\u003C\u002Fstrong> is a production-ready Turnstile integration for WordPress that focuses on reliability in real-world setups:\u003Cbr \u002F>\n– Server-side token verification (using Cloudflare’s official endpoint)\u003Cbr \u002F>\n– Fast, conditional loading (only where needed)\u003Cbr \u002F>\n– Support for dynamic\u002FAJAX forms and modern WooCommerce Blocks \u002F Store API checkout\u003Cbr \u002F>\n– Security features: replay protection, proxy-aware IP handling, whitelisting, and developer mode (warn-only)\u003C\u002Fp>\n\u003Cp>You can enable\u002Fdisable each integration (and many per-form toggles), choose auto-injection vs shortcode-only placement, customise display and messaging, and use built-in diagnostics and Site Health checks to troubleshoot.\u003C\u002Fp>\n\u003Ch4>Supported integrations (where Turnstile can be added)\u003C\u002Fh4>\n\u003Cp>All integrations are enable-able from settings. Many also support \u003Cstrong>Mode: Auto vs Shortcode\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>WordPress Core\u003C\u002Fstrong>\u003Cbr \u002F>\n– Login\u003Cbr \u002F>\n– Registration\u003Cbr \u002F>\n– Lost password\u003Cbr \u002F>\n– Reset password\u003Cbr \u002F>\n– Comments (including safe handling for comment failures\u002Fredirects)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>WooCommerce (Classic)\u003C\u002Fstrong>\u003Cbr \u002F>\n– Checkout\u003Cbr \u002F>\n– My Account login\u003Cbr \u002F>\n– My Account registration\u003Cbr \u002F>\n– Lost password\u003C\u002Fp>\n\u003Cp>\u003Cstrong>WooCommerce Blocks (Store API \u002F Block Checkout)\u003C\u002Fstrong>\u003Cbr \u002F>\n– UI rendering inside block-based checkout\u003Cbr \u002F>\n– Adds token to Store API requests (header and\u002For extensions payload when available)\u003Cbr \u002F>\n– Server-side validation of Store API checkout requests\u003Cbr \u002F>\n– Supports “shortcode-only mode” behaviour so you can control placement\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Easy Digital Downloads (EDD)\u003C\u002Fstrong>\u003Cbr \u002F>\n– Checkout\u003Cbr \u002F>\n– Login\u003Cbr \u002F>\n– Register\u003Cbr \u002F>\n– Profile editor\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Form plugins\u003C\u002Fstrong>\u003Cbr \u002F>\n– Contact Form 7 (CF7)\u003Cbr \u002F>\n– WPForms\u003Cbr \u002F>\n– Fluent Forms\u003Cbr \u002F>\n– Formidable Forms\u003Cbr \u002F>\n– Forminator\u003Cbr \u002F>\n– Gravity Forms\u003Cbr \u002F>\n– JetFormBuilder\u003Cbr \u002F>\n– Jetpack Forms\u003Cbr \u002F>\n– Kadence Forms\u003Cbr \u002F>\n– Elementor Forms (including popups and AJAX submissions)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Community \u002F forums\u003C\u002Fstrong>\u003Cbr \u002F>\n– bbPress (topic\u002Freply flows where applicable)\u003Cbr \u002F>\n– BuddyPress (flows where applicable)\u003C\u002Fp>\n\u003Ch4>Core features (site-wide)\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Turnstile widget rendering\u003C\u002Fstrong>\u003Cbr \u002F>\n– Uses Cloudflare’s official Turnstile API script\u003Cbr \u002F>\n– Widget options:\u003Cbr \u002F>\n  – Theme: auto \u002F light \u002F dark\u003Cbr \u002F>\n  – Size: small \u002F medium \u002F large \u002F normal \u002F flexible\u003Cbr \u002F>\n  – Appearance: stored as Turnstile “appearance” option (defaults to always)\u003Cbr \u002F>\n  – Language: auto or explicit locale (passed via \u003Ccode>hl=...\u003C\u002Fcode>)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Settings & admin experience\u003C\u002Fstrong>\u003Cbr \u002F>\n– Settings page under the shared Kitgenix WP admin menu\u003Cbr \u002F>\n– Live “test widget” preview on the settings screen (renders when a Site Key is present)\u003Cbr \u002F>\n– Site Key + Secret Key storage (secret not printed in HTML by default)\u003Cbr \u002F>\n– “Reveal secret key” (admins only, nonce-protected AJAX action)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Messaging & UX\u003C\u002Fstrong>\u003Cbr \u002F>\n– Custom error message (admin-configurable, used across integrations)\u003Cbr \u002F>\n– Extra message text (optional text displayed alongside\u002Funder the widget)\u003Cbr \u002F>\n– “Disable submit until completed” option (frontend behaviour via plugin JS)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Replay protection (enabled by default)\u003C\u002Fstrong>\u003Cbr \u002F>\n– Detects re-used tokens (hash stored in transients) and blocks replays\u003Cbr \u002F>\n– TTL is filterable\u003Cbr \u002F>\n– Stores hashed token markers under the transient prefix \u003Ccode>kitgenix_captcha_for_cloudflare_turnstile_ts_\u003C\u002Fcode>\u003Cbr \u002F>\n– Sets a short-lived cookie (\u003Ccode>kitgenix_captcha_for_cloudflare_turnstile_ts_replay\u003C\u002Fcode>, ~120s) when replay is detected (for frontend behaviour\u002Fmessages)\u003Cbr \u002F>\n– Dedicated replay message (filterable)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Developer mode (warn-only)\u003C\u002Fstrong>\u003Cbr \u002F>\n– Verification failures do \u003Cstrong>not\u003C\u002Fstrong> block submissions\u003Cbr \u002F>\n– Failures are logged (and emitted via a developer log action)\u003Cbr \u002F>\n– Optional inline warning annotation for admins (frontend config)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Whitelisting (skip Turnstile + skip loading API script)\u003C\u002Fstrong>\u003Cbr \u002F>\n– Whitelist logged-in users\u003Cbr \u002F>\n– Whitelist by IP (exact, wildcards, CIDR — including IPv6)\u003Cbr \u002F>\n– Whitelist by User-Agent (substring or wildcard matching)\u003Cbr \u002F>\n– Filter hook to override whitelist decision\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Proxy \u002F real-IP handling\u003C\u002Fstrong>\u003Cbr \u002F>\n– Optional trust of proxy headers (Cloudflare \u002F X-Forwarded-For style)\u003Cbr \u002F>\n– Trusted proxy IP list \u002F trust controls\u003Cbr \u002F>\n– Forwarded headers are only honoured when the request originates from a trusted proxy\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Performance & resilience\u003C\u002Fstrong>\u003Cbr \u002F>\n– Conditional script loading only where needed\u003Cbr \u002F>\n– Async\u002Fstrategy-based script loading (depending on WP version)\u003Cbr \u002F>\n– Adds resource hints (preconnect \u002F dns-prefetch) for Turnstile domain\u003Cbr \u002F>\n– Detects duplicate Turnstile API loaders (if another plugin\u002Ftheme enqueues \u003Ccode>api.js\u003C\u002Fcode>):\u003Cbr \u002F>\n  – Stores detection in the transient \u003Ccode>kitgenix_turnstile_duplicate_scripts\u003C\u002Fcode>\u003Cbr \u002F>\n  – Shows admin notice on settings and Plugins screen\u003Cbr \u002F>\n  – Includes dismiss link (nonce-protected, uses \u003Ccode>kitgenix_captcha_for_cloudflare_turnstile_ts_dismiss_dupe=1\u003C\u002Fcode>)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Site Health + diagnostics\u003C\u002Fstrong>\u003Cbr \u002F>\n– Adds a Site Health test: “Cloudflare Turnstile readiness”\u003Cbr \u002F>\n– Checks:\u003Cbr \u002F>\n  – Keys present\u003Cbr \u002F>\n  – Duplicate API loader transient (\u003Ccode>kitgenix_turnstile_duplicate_scripts\u003C\u002Fcode>)\u003Cbr \u002F>\n  – Last verification success\u002Ffailure snapshot\u003Cbr \u002F>\n  – Heuristic warning if common optimisation\u002Fcaching plugins are active\u003Cbr \u002F>\n– Stores the last verify outcome (success, time, error codes) for Site Health display\u003Cbr \u002F>\n– Tracks privacy-safe counters in \u003Ccode>kitgenix_captcha_for_cloudflare_turnstile_metrics\u003C\u002Fcode> (checks total\u002Fpassed\u002Ffailed)\u003C\u002Fp>\n\u003Ch4>Manual placement (shortcode)\u003C\u002Fh4>\n\u003Cp>If you have a custom form or an unsupported plugin, you can manually render the widget:\u003C\u002Fp>\n\u003Cp>[kitgenix_turnstile]\u003C\u002Fp>\n\u003Cp>Shortcode output includes:\u003Cbr \u002F>\n– a nonce field\u003Cbr \u002F>\n– a hidden \u003Ccode>cf-turnstile-response\u003C\u002Fcode> input\u003Cbr \u002F>\n– the widget container (with \u003Ccode>data-sitekey\u003C\u002Fcode>)\u003Cbr \u002F>\n– support for passing arbitrary attributes via shortcode attributes\u003C\u002Fp>\n\u003Cp>Many supported integrations also offer \u003Cstrong>Shortcode-only\u003C\u002Fstrong> mode (you place the shortcode where you want; the plugin validates server-side without auto-injection).\u003C\u002Fp>\n\u003Ch4>Quick Start\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Install and activate the plugin.\u003C\u002Fli>\n\u003Cli>Open the Turnstile settings under the Kitgenix hub in wp-admin.\u003C\u002Fli>\n\u003Cli>Add your Cloudflare Turnstile Site Key and Secret Key.\u003C\u002Fli>\n\u003Cli>Configure widget options (theme\u002Fsize\u002Fappearance\u002Flanguage) and messaging if needed.\u003C\u002Fli>\n\u003Cli>Enable the integrations (and per-form toggles) you want.\u003C\u002Fli>\n\u003Cli>Save, then test the key user journeys: login, registration, checkout, and your main contact form.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Tip: Start with \u003Cstrong>Developer mode (warn-only)\u003C\u002Fstrong> on staging or during rollout. Once you’re satisfied, disable warn-only to enforce blocking.\u003C\u002Fp>\n\u003Ch4>Performance and caching notes (important for stores)\u003C\u002Fh4>\n\u003Cp>Turnstile is lightweight, but aggressive optimisation can break rendering or token freshness.\u003C\u002Fp>\n\u003Cp>If you use caching\u002Foptimisation plugins:\u003Cbr \u002F>\n– Allowlist https:\u002F\u002Fchallenges.cloudflare.com\u003Cbr \u002F>\n– Avoid full-page caching on login\u002Faccount\u002Fcheckout pages\u003Cbr \u002F>\n– Avoid combining\u002Finlining the Turnstile loader\u003Cbr \u002F>\n– Avoid heavily delaying Elementor\u002Fform plugin scripts\u003Cbr \u002F>\n– Ensure outbound HTTP requests to Cloudflare are not blocked (needed for server-side verification)\u003C\u002Fp>\n\u003Ch3>Settings Overview\u003C\u002Fh3>\n\u003Cp>Main settings:\u003Cbr \u002F>\n– Site Key\u003Cbr \u002F>\n– Secret Key (with “secret present” state, clear\u002Freveal)\u003Cbr \u002F>\n– Theme (auto\u002Flight\u002Fdark)\u003Cbr \u002F>\n– Size (small\u002Fmedium\u002Flarge\u002Fnormal\u002Fflexible)\u003Cbr \u002F>\n– Appearance (Turnstile appearance option)\u003Cbr \u002F>\n– Language (auto or specific locale)\u003Cbr \u002F>\n– Disable submit until completed\u003Cbr \u002F>\n– Custom error message\u003Cbr \u002F>\n– Extra message text\u003C\u002Fp>\n\u003Cp>Security & advanced:\u003Cbr \u002F>\n– Replay protection (on\u002Foff)\u003Cbr \u002F>\n– Developer mode (warn-only)\u003Cbr \u002F>\n– Whitelist logged-in users\u003Cbr \u002F>\n– Whitelist IPs (wildcards\u002FCIDR, including IPv6)\u003Cbr \u002F>\n– Whitelist user agents\u003Cbr \u002F>\n– Proxy trust (enable\u002Fdisable)\u003Cbr \u002F>\n– Trusted proxy IPs \u002F trust controls\u003C\u002Fp>\n\u003Cp>Integrations (enable + per-form toggles where available):\u003Cbr \u002F>\n– WordPress Core (login\u002Fregister\u002Flost password\u002Freset password\u002Fcomments)\u003Cbr \u002F>\n– WooCommerce (checkout\u002Flogin\u002Fregister\u002Flost password)\u003Cbr \u002F>\n– WooCommerce Blocks mode (auto vs shortcode-only)\u003Cbr \u002F>\n– Easy Digital Downloads (checkout\u002Flogin\u002Fregister\u002Fprofile)\u003Cbr \u002F>\n– Contact Form 7\u003Cbr \u002F>\n– WPForms\u003Cbr \u002F>\n– Fluent Forms\u003Cbr \u002F>\n– Formidable Forms\u003Cbr \u002F>\n– Forminator\u003Cbr \u002F>\n– Gravity Forms\u003Cbr \u002F>\n– Jetpack Forms\u003Cbr \u002F>\n– Kadence Forms\u003Cbr \u002F>\n– Elementor Forms\u003Cbr \u002F>\n– bbPress\u003Cbr \u002F>\n– BuddyPress\u003C\u002Fp>\n\u003Ch3>Developers\u003C\u002Fh3>\n\u003Cp>Shortcode:\u003Cbr \u002F>\n[kitgenix_turnstile]\u003C\u002Fp>\n\u003Cp>Server-side verification endpoint:\u003Cbr \u002F>\nhttps:\u002F\u002Fchallenges.cloudflare.com\u002Fturnstile\u002Fv0\u002Fsiteverify\u003C\u002Fp>\n\u003Cp>Filters (script\u002Floading):\u003Cbr \u002F>\n– kitgenix_captcha_for_cloudflare_turnstile_script_url( $url, $settings )\u003Cbr \u002F>\n– kitgenix_turnstile_freshness_ms\u003Cbr \u002F>\n– kitgenix_turnstile_inline_style\u003C\u002Fp>\n\u003Cp>Filters (verification \u002F request handling):\u003Cbr \u002F>\n– kitgenix_turnstile_siteverify_url\u003Cbr \u002F>\n– kitgenix_turnstile_siteverify_timeout\u003Cbr \u002F>\n– kitgenix_turnstile_siteverify_sslverify\u003Cbr \u002F>\n– kitgenix_turnstile_siteverify_http_args\u003Cbr \u002F>\n– kitgenix_turnstile_send_remoteip\u003Cbr \u002F>\n– kitgenix_turnstile_remote_ip\u003Cbr \u002F>\n– kitgenix_turnstile_token_from_request\u003Cbr \u002F>\n– kitgenix_turnstile_error_codes\u003Cbr \u002F>\n– kitgenix_turnstile_error_message\u003Cbr \u002F>\n– kitgenix_turnstile_replay_message\u003Cbr \u002F>\n– kitgenix_captcha_for_cloudflare_turnstile_{context}_turnstile_error_message\u003C\u002Fp>\n\u003Cp>Filters (replay protection):\u003Cbr \u002F>\n– kitgenix_turnstile_replay_ttl\u003C\u002Fp>\n\u003Cp>Filters (whitelist \u002F proxy trust):\u003Cbr \u002F>\n– kitgenix_turnstile_is_whitelisted( $is_whitelisted, $details )\u003Cbr \u002F>\n– kitgenix_turnstile_trust_headers\u003Cbr \u002F>\n– kitgenix_turnstile_trusted_proxies\u003C\u002Fp>\n\u003Cp>Internal identifiers (options \u002F transients \u002F cookies \u002F meta):\u003Cbr \u002F>\n– Option: kitgenix_captcha_for_cloudflare_turnstile_settings\u003Cbr \u002F>\n– Settings group (Settings API): kitgenix_captcha_for_cloudflare_turnstile_settings_group\u003Cbr \u002F>\n– Option: kitgenix_captcha_for_cloudflare_turnstile_metrics\u003Cbr \u002F>\n– Option: kitgenix_turnstile_last_verify\u003Cbr \u002F>\n– Transient: kitgenix_captcha_for_cloudflare_turnstile_do_activation_redirect\u003Cbr \u002F>\n– Transient: kitgenix_turnstile_duplicate_scripts\u003Cbr \u002F>\n– Transient prefix (replay protection): kitgenix_captcha_for_cloudflare_turnstile_ts_\u003Cbr \u002F>\n– Cookie (replay notice): kitgenix_captcha_for_cloudflare_turnstile_ts_replay\u003Cbr \u002F>\n– WooCommerce order meta (Blocks\u002FStore API verification): _kitgenix_turnstile_verified\u003C\u002Fp>\n\u003Cp>Internal nonces \u002F actions:\u003Cbr \u002F>\n– Shortcode\u002Fform nonce field name: kitgenix_captcha_for_cloudflare_turnstile_nonce\u003Cbr \u002F>\n– Shortcode\u002Fform nonce action: kitgenix_captcha_for_cloudflare_turnstile_action\u003Cbr \u002F>\n– Settings save nonce field name: kitgenix_captcha_for_cloudflare_turnstile_settings_nonce\u003Cbr \u002F>\n– Settings save nonce action: kitgenix_captcha_for_cloudflare_turnstile_settings_save\u003Cbr \u002F>\n– Admin AJAX action (reveal saved secret): kitgenix_turnstile_get_secret (WordPress hook: wp_ajax_kitgenix_turnstile_get_secret)\u003Cbr \u002F>\n– Admin AJAX nonce action (reveal saved secret): kitgenix_turnstile_reveal_secret\u003Cbr \u002F>\n– Duplicate-loader notice dismiss query arg: kitgenix_captcha_for_cloudflare_turnstile_ts_dismiss_dupe\u003Cbr \u002F>\n– Duplicate-loader notice dismiss nonce action: kitgenix_captcha_for_cloudflare_turnstile_ts_dismiss\u003C\u002Fp>\n\u003Cp>Actions (developer logging):\u003Cbr \u002F>\n– kitgenix_turnstile_dev_log\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin uses \u003Cstrong>Cloudflare Turnstile\u003C\u002Fstrong> to verify requests and prevent spam and abuse.\u003C\u002Fp>\n\u003Cp>The plugin may:\u003Cbr \u002F>\n– Load the Turnstile script:\u003Cbr \u002F>\n  https:\u002F\u002Fchallenges.cloudflare.com\u002Fturnstile\u002Fv0\u002Fapi.js\u003Cbr \u002F>\n– Submit verification requests server-side to:\u003Cbr \u002F>\n  https:\u002F\u002Fchallenges.cloudflare.com\u002Fturnstile\u002Fv0\u002Fsiteverify\u003C\u002Fp>\n\u003Cp>When verification is enabled, the plugin sends to Cloudflare:\u003Cbr \u002F>\n– Your Turnstile secret key\u003Cbr \u002F>\n– The Turnstile response token\u003Cbr \u002F>\n– The visitor IP address (as the optional \u003Ccode>remoteip\u003C\u002Fcode> parameter, when enabled)\u003C\u002Fp>\n\u003Cp>The plugin does not send the visitor’s browser user agent to Cloudflare as part of the verification payload (the HTTP request itself is made server-side by WordPress).\u003C\u002Fp>\n\u003Cp>If proxy trust is enabled, the plugin may read forwarding headers (e.g. \u003Ccode>CF-Connecting-IP\u003C\u002Fcode>, \u003Ccode>X-Forwarded-For\u003C\u002Fcode>) to determine the client IP, but only when requests originate from configured trusted proxies.\u003C\u002Fp>\n\u003Cp>The plugin does not add tracking cookies itself and does not sell or share personal data.\u003C\u002Fp>\n\u003Cp>Cloudflare Turnstile Terms: https:\u002F\u002Fdevelopers.cloudflare.com\u002Fturnstile\u002F\u003Cbr \u002F>\nCloudflare Privacy Policy: https:\u002F\u002Fwww.cloudflare.com\u002Fprivacypolicy\u002F\u003C\u002Fp>\n\u003Cp>This plugin also includes a shared “Kitgenix hub” component in wp-admin which may fetch publicly available plugin metadata from WordPress.org using the WordPress core \u003Ccode>plugins_api()\u003C\u002Fcode> function (WordPress.org Plugins API).\u003C\u002Fp>\n\u003Cul>\n\u003Cli>When it runs: only in wp-admin (Kitgenix plugin admin pages)\u003C\u002Fli>\n\u003Cli>Data sent: plugin slug(s) (no personal data)\u003C\u002Fli>\n\u003Cli>Data received: publicly available plugin information (e.g. active installs, ratings)\u003C\u002Fli>\n\u003Cli>Caching: responses are cached locally using transients for ~1 day:\n\u003Cul>\n\u003Cli>\u003Ccode>kitgenix_hub_wporg_active_installs_v1\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>kitgenix_hub_wporg_ratings_v1\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Trademark Notice\u003C\u002Fh3>\n\u003Cp>“Cloudflare” and the Cloudflare logo are trademarks of Cloudflare, Inc. This plugin is not affiliated with or endorsed by Cloudflare, Inc.\u003C\u002Fp>\n\u003Ch3>Support Development\u003C\u002Fh3>\n\u003Cp>If this plugin helps keep spam away without slowing your site down, you can support ongoing development here:\u003Cbr \u002F>\nhttps:\u002F\u002Fbuymeacoffee.com\u002Fkitgenix\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Built with ❤︎ by @kitgenix – https:\u002F\u002Fkitgenix.com\u003C\u002Fp>\n","Add Cloudflare Turnstile to WordPress, WooCommerce, Elementor, and popular form plugins. Privacy-first spam protection with server-side verification.",300,2095,5,"2026-02-19T22:09:00.000Z","6.0","8.1",[81,82,19,83,22],"anti-spam","captcha","turnstile","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fkitgenix-captcha-for-cloudflare-turnstile\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkitgenix-captcha-for-cloudflare-turnstile.1.0.17.zip",{"slug":87,"name":88,"version":89,"author":90,"author_profile":91,"description":92,"short_description":93,"active_installs":94,"downloaded":95,"rating":11,"num_ratings":96,"last_updated":97,"tested_up_to":15,"requires_at_least":98,"requires_php":99,"tags":100,"homepage":104,"download_link":105,"security_score":11,"vuln_count":26,"unpatched_count":26,"last_vuln_date":35,"fetched_at":28},"beetle-tracking","Beetle Tracking – Cloudflare Zaraz for WooCommerce","1.6.27","Rocket Beetle","https:\u002F\u002Fprofiles.wordpress.org\u002Frocketbeetlecom\u002F","\u003Ch3>Beetle Tracking: Plug and Play Server-Side Tracking for WordPress\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Are you tired of spending money on high-cost marketing campaigns that aren’t delivering results?\u003C\u002Fstrong> Beetle Tracking gives you the clear view you need to understand your website visitors and target your campaigns more effectively.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>The Blurry Vision Problem\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Imagine you’re the owner of a thriving online store.\u003C\u002Fstrong> You’ve got amazing products, and you want to attract as many customers as possible, but you’re wearing blurry glasses. This means you can’t see your customers clearly, so you can’t market your products effectively.\u003C\u002Fp>\n\u003Ch3>The Solution: New Crystal Clear Glasses\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Introducing Beetle Tracking, your new pair of marketing glasses.\u003C\u002Fstrong>It helps you see your customers clearly, so you can understand their needs and preferences better. This means you can target your marketing efforts more accurately and spend less money on advertising. With Beetle Tracking, you’ll be able to connect with your customers on a deeper level and increase your sales.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Beetle Tracking is your most dedicated employee.\u003C\u002Fstrong> It works tirelessly behind the scenes to collect accurate data, so you can make informed decisions and grow your business.\u003C\u002Fp>\n\u003Ch3>Key Benefits of Beetle Tracking:\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>✅ 20-40% More Accurate Data\u003C\u002Fstrong>: With Beetle Tracking’s server-side tracking, you capture up to 40% more data than traditional client-side methods, which are often blocked by ad blockers or restricted by browsers. This gives you a more complete understanding of your users’ behavior, directly improving your marketing insights.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>✅ Boost Your Ad Campaigns\u003C\u002Fstrong>: More accurate data fuels the algorithms behind Google Ads, Facebook, and other advertising platforms. This leads to \u003Cstrong>higher conversion rates\u003C\u002Fstrong>, as you can fine-tune your targeting, resulting in \u003Cstrong>better-performing campaigns\u003C\u002Fstrong> and more return on your ad spend.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>✅ Lower Ad Costs\u003C\u002Fstrong>: By leveraging the full potential of server-side tracking, you cut wasted ad spend. With enhanced data accuracy, you can spend \u003Cstrong>less on ads\u003C\u002Fstrong> while achieving \u003Cstrong>better results\u003C\u002Fstrong>, maximizing the efficiency of your campaigns.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>✅ Simple Plug-and-Play effortless Setup\u003C\u002Fstrong>: Unlike other server-side tracking solutions on the market, which often require complex setups and tech specialists, Beetle Tracking is designed for \u003Cstrong>non-tech users,\u003C\u002Fstrong> webshop owners, marketing people and agencies. It’s an easy-to-install WordPress plugin that gets you up and running in minutes – no coding or expertise required.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>✅ Faster Site Speed\u003C\u002Fstrong>: By moving tracking processes to the server, Beetle Tracking reduce the load on your customer’s browser, making it faster and more responsive for visitors, ensuring a smoother user experience. This leads to lower bounce rates and more engagement.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>✅ Enhanced Privacy Compliance\u003C\u002Fstrong>: Stay ahead of privacy regulations like GDPR and CCPA. With server-side tracking, you’re in control of user data and can securely manage how it’s processed.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>✅  Works with All Popular Platforms\u003C\u002Fstrong>: Easily integrate with platforms like \u003Cstrong>Google Analytics\u003C\u002Fstrong>, \u003Cstrong>Meta Pixel\u003C\u002Fstrong> (Facebook), \u003Cstrong>Google Ads\u003C\u002Fstrong>, \u003Cstrong>LinkedIn\u003C\u002Fstrong>, \u003Cstrong>Pinterest\u003C\u002Fstrong>, \u003Cstrong>Bing\u003C\u002Fstrong> and \u003Cstrong>TikTok\u003C\u002Fstrong> without technical headaches.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>✅  Free and Pro Versions\u003C\u002Fstrong>: Start with the \u003Cstrong>free version\u003C\u002Fstrong> of Beetle Tracking to enhance your tracking, or upgrade to the \u003Cstrong>Pro version\u003C\u002Fstrong> to unlock powerful features like:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Beetle Consent\u003C\u002Fstrong>: A GDPR-compliant, customizable cookie banner that helps you collect valid consents from all users, ensuring full compliance with privacy laws.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Gravity Forms Tracking\u003C\u002Fstrong>: Automatically track form submissions with form ID and title, working seamlessly with both AJAX and traditional page reload submissions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Page Scroll Measurement\u003C\u002Fstrong>: Gain deeper insights into how far users scroll on your pages and optimize content accordingly.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Conversion Recovery\u003C\u002Fstrong>: With Pro, Beetle Tracking ensures you capture purchase events even when users don’t return to the “thank you” page. By matching checkout information with the payment gateway’s order status, purchase data is sent server-to-server, ensuring complete and accurate tracking of every sale.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Consent Management: Putting You in Control (For Beetle Tracking Pro)\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Building trust is key to any successful business.\u003C\u002Fstrong> With the ever-changing landscape of data privacy regulations, it’s crucial to ensure you’re collecting user data ethically and transparently.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>That’s where Beetle Consent comes in (included in Beetle Tracking Pro).\u003C\u002Fstrong> This powerful feature makes managing user consent a breeze:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Easy-to-customize consent banners:\u003C\u002Fstrong> Create clear and user-friendly banners that inform visitors about how their data is used.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Granular control:\u003C\u002Fstrong> Allow users to choose exactly which data they’re comfortable sharing.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Compliance with regulations:\u003C\u002Fstrong> Stay ahead of the curve by ensuring your website adheres to data privacy regulations like GDPR and CCPA.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>With Beetle Consent, you can focus on building relationships with your customers, knowing you’re handling their data responsibly.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Why Choose Beetle Tracking?\u003C\u002Fh3>\n\u003Cp>Beetle Tracking is built for webshop owners who care about their customers’ experience and want to ensure that every conversion is accurately tracked. Unlike client-side tracking, our server-side solution works behind the scenes to capture every detail while improving your site’s performance. With just a few clicks, you can unlock the full potential of your tracking, boosting both your insights and your bottom line.\u003C\u002Fp>\n\u003Cp>Ready to upgrade your tracking? Install \u003Cstrong>Beetle Tracking\u003C\u002Fstrong> today and take control of your data like never before.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fbeetle-tracking.com\u002F\" rel=\"nofollow ugc\">Learn More at beetle-tracking.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to the following external services:\u003C\u002Fp>\n\u003Ch4>Cloudflare Zaraz API\u003C\u002Fh4>\n\u003Cp>Beetle Tracking uses the Cloudflare Zaraz API to send tracking events server-side. When enabled, the plugin sends event data to Cloudflare’s edge network for processing and forwarding to your configured analytics platforms.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>When data is sent:\u003C\u002Fstrong> Event data is transmitted when users interact with your website (page views, add to cart, purchases, etc.) and when you push configuration settings to Cloudflare.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What data is sent:\u003C\u002Fstrong> Event names, timestamps, page URLs, product information, and user identifiers that you configure in the plugin settings.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Service links:\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwww.cloudflare.com\u002Fterms\u002F\" rel=\"nofollow ugc\">Cloudflare Terms of Service\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwww.cloudflare.com\u002Fprivacypolicy\u002F\" rel=\"nofollow ugc\">Cloudflare Privacy Policy\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fdevelopers.cloudflare.com\u002Fzaraz\u002F\" rel=\"nofollow ugc\">Cloudflare Zaraz Documentation\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Source Code\u003C\u002Fh3>\n\u003Cp>The JavaScript files in this plugin are compiled from source files using standard WordPress build tools.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Build process:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Source files are located in the \u003Ccode>src\u002Fjs\u002F\u003C\u002Fcode> directory\u003Cbr \u002F>\n– Uses \u003Ccode>@wordpress\u002Fscripts\u003C\u002Fcode> for compilation\u003Cbr \u002F>\n– Run \u003Ccode>npm install\u003C\u002Fcode> then \u003Ccode>npm run build\u003C\u002Fcode> to rebuild from source\u003C\u002Fp>\n\u003Cp>The full source code is included in the plugin and can be found in the \u003Ccode>src\u002F\u003C\u002Fcode> directory.\u003C\u002Fp>\n","Track Key Events and Parameters on WordPress Effortlessly with Cloudflare Zaraz's Real Edge Server-Side Tracking Technology.",200,10850,6,"2026-02-19T07:04:00.000Z","5.8","7.4",[19,101,102,22,103],"gdpr","server-side-tracking","zaraz","https:\u002F\u002Frocketbeetle.com\u002Fbeetle-tracking","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbeetle-tracking.1.6.27.zip",{"slug":107,"name":108,"version":109,"author":110,"author_profile":111,"description":112,"short_description":113,"active_installs":45,"downloaded":114,"rating":26,"num_ratings":26,"last_updated":115,"tested_up_to":116,"requires_at_least":117,"requires_php":17,"tags":118,"homepage":123,"download_link":124,"security_score":125,"vuln_count":26,"unpatched_count":26,"last_vuln_date":35,"fetched_at":28},"my-portfolio-plus","myPortfolio Plus","1.0.6","sbohan","https:\u002F\u002Fprofiles.wordpress.org\u002Fsbohan\u002F","\u003Ch4>About the Plugin\u003C\u002Fh4>\n\u003Cp>My Portfolio Plus is a plugin designed for WordPress 3.x that enables a Web Developer\u002FDesigner to create a WordPress Portfolio for their work in a very easy way that doesn’t rely on outdated methods such as custom fields and proprietary editors. The \u003Ca href=\"http:\u002F\u002Fwww.screensugar.co.uk\u002F2010\u002F09\u002Fmy-portfolio-plus\u002F\" rel=\"nofollow ugc\">Plugin Homepage\u003C\u002Fa> contains a full list of features.\u003C\u002Fp>\n\u003Ch4>Example Portfolio\u003C\u002Fh4>\n\u003Cp>I created this plugin to power my own portfolio. The best way to see how this plugin works on the front end of a WordPress installation is to visit \u003Ca href=\"http:\u002F\u002Fwww.screensugar.co.uk\u002Fprojects\u002F\" rel=\"nofollow ugc\">my Portfolio\u003C\u002Fa>. You can see how the administration section works by looking at the provided screenshots.\u003C\u002Fp>\n\u003Ch4>Extraordinarily Simple Management\u003C\u002Fh4>\n\u003Cp>Using the latest technologies offered by the newest version of WordPress, you can add a Project as you would normally add a Post or Page. The Project Edit Page is especially easy to use, as you give the Project a title as you would a standard WordPress Post along with some content to describe the work undertaken.\u003C\u002Fp>\n\u003Cp>What is unique about this plugin is that included in the editor is a series of fields to collect information regarding that project. Currently the plugin collects the URL of the site, the Client Name and the Date the project was completed.\u003C\u002Fp>\n\u003Ch4>Automatic Thumbnails\u003C\u002Fh4>\n\u003Cp>Some say a picture is worth 1,000 words and this plugin helps you say those words with no extra effort. Using the power of Shrink The Web (Free Account Needed)  and the URL of the site that you have already entered, My Portfolio Plus will automatically retrieve a generated thumbnail of the site in question and by default will be displayed on the Projects listing page for all to see.\u003C\u002Fp>\n\u003Ch4>Live Site Preview\u003C\u002Fh4>\n\u003Cp>Thumbnails are great but your hard work deserves to be seen as it was intended at full size. That is why by utilising the power of colorbox, My Portfolio Plus enables the end user to click a site thumbnail and view it within a gorgeous in-place frame without ever leaving your portfolio page.\u003C\u002Fp>\n\u003Ch4>Filter by Platform\u003C\u002Fh4>\n\u003Cp>Using the powerful new taxonomy features of WordPress 3, I have added the ability to group projects by the platform used to develop them. For instance you could define that a project was completed using PHP, WordPress & jQuery, another using .NET & Moo Tools and finally a site using PHP, Zend Framework & Scriptaculous.\u003C\u002Fp>\n\u003Cp>While this may seem pedantic at first, the default project list template included with the plugin comes complete with a sidebar that will list all of the platforms you have defined, in the form of a tag cloud. Clicking on one of these platforms will filter the projects list to show only the projects completed using that platform, this information is available through a URL too. You can link to all of your completed WordPress projects by simply sending the link: http:\u002F\u002Fyour-site-url\u002Fprojects\u002Fplatform\u002Fwordpress\u002F to a potential client.\u003C\u002Fp>\n\u003Ch4>Speed Up Your Portfolio Management\u003C\u002Fh4>\n\u003Cp>Remember, this is all available by simply providing the Name of a Website you have worked on and the URL at which it is available. Depending on the size of your project description you can add a completely new project in under 30 seconds.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Please leave a comment on the plugin home page.\u003C\u002Fp>\n\u003Ch3>Official Homepage\u003C\u002Fh3>\n\u003Cp>The official homepage of this plugin is here:\u003Cbr \u002F>\nhttp:\u002F\u002Fwww.screensugar.co.uk\u002F2010\u002F09\u002Fmy-portfolio-plus\u002F\u003C\u002Fp>\n","My Portfolio Plus enables a Web Developer\u002FDesigner to create a Wordpress Portfolio for their work in a very easy way.",8402,"2010-09-24T14:04:00.000Z","3.0.5","3.0",[119,120,121,122,20],"portfolio","project","thumbnails","web-designer","http:\u002F\u002Fwww.screensugar.co.uk\u002F2010\u002F09\u002Fmy-portfolio-plus\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmy-portfolio-plus.1.0.6.zip",85,{"slug":127,"name":128,"version":129,"author":130,"author_profile":131,"description":132,"short_description":133,"active_installs":45,"downloaded":134,"rating":135,"num_ratings":13,"last_updated":17,"tested_up_to":136,"requires_at_least":136,"requires_php":17,"tags":137,"homepage":138,"download_link":139,"security_score":11,"vuln_count":26,"unpatched_count":26,"last_vuln_date":35,"fetched_at":140},"wp-foliolio","WP Folio","0.2.5","Michael O'Toole","https:\u002F\u002Fprofiles.wordpress.org\u002Fmikeymjco\u002F","\u003Ch4>About the Plugin\u003C\u002Fh4>\n\u003Cp>This plugin is unmaintained, please contact me if you wish to take over maintenance.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Please contact me through [my website] (http:\u002F\u002Fmjco.me.uk\u002Fcontact\u002F)\u003C\u002Fp>\n","WP-Foliolio enables a Web Developer\u002FDesigner to create a Wordpress Portfolio for their work with wp's familiar content creation system.",4053,40,"3.2.1",[119,120,121,122,20],"http:\u002F\u002Fmjco.me.uk","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-foliolio.0.2.5.zip","2026-03-15T10:48:56.248Z",{"slug":142,"name":143,"version":144,"author":145,"author_profile":146,"description":147,"short_description":148,"active_installs":26,"downloaded":149,"rating":26,"num_ratings":26,"last_updated":150,"tested_up_to":151,"requires_at_least":152,"requires_php":99,"tags":153,"homepage":157,"download_link":158,"security_score":11,"vuln_count":26,"unpatched_count":26,"last_vuln_date":35,"fetched_at":28},"edgemail","EdgeMail","1.0.0","David","https:\u002F\u002Fprofiles.wordpress.org\u002Fdavidrukahu\u002F","\u003Cp>EdgeMail intercepts WordPress outbound email (wp_mail) and sends it via your Cloudflare Worker endpoint instead of using the default PHP mailer.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Cloudflare Integration\u003C\u002Fstrong>: Send emails through your Cloudflare Worker using the Email Service API\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Safe Fallback\u003C\u002Fstrong>: Automatically falls back to default WordPress email if Worker fails or plugin is not configured\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Logging\u003C\u002Fstrong>: Track all email attempts with status, HTTP codes, and responses\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy Configuration\u003C\u002Fstrong>: Simple settings page with Worker URL, API token, and default From fields\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Test Email\u003C\u002Fstrong>: Send test emails to verify your configuration\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce Status\u003C\u002Fstrong>: View recent email logs and configuration status in WooCommerce \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Status\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Zero Downtime\u003C\u002Fstrong>: Unconfigured installations continue to work normally\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Cloudflare Email Service\u003C\u002Fh4>\n\u003Cp>This plugin is designed to work with Cloudflare’s Email Service, announced in September 2025. Your Cloudflare Worker endpoint should handle the email sending using the \u003Ccode>env.SEND_EMAIL.send()\u003C\u002Fcode> binding.\u003C\u002Fp>\n\u003Ch4>Installation\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Upload the plugin to the \u003Ccode>\u002Fwp-content\u002Fplugins\u002F\u003C\u002Fcode> directory\u003C\u002Fli>\n\u003Cli>Activate the plugin through the ‘Plugins’ menu in WordPress\u003C\u002Fli>\n\u003Cli>Go to Tools \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> EdgeMail in the WordPress admin\u003C\u002Fli>\n\u003Cli>Configure your Worker URL, API token, and default From fields\u003C\u002Fli>\n\u003Cli>Send a test email to verify your configuration\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Configuration\u003C\u002Fh4>\n\u003Cp>In the EdgeMail settings page, you’ll need to provide:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Worker URL\u003C\u002Fstrong>: Your Cloudflare Worker endpoint (e.g., https:\u002F\u002Fyour-worker.your-subdomain.workers.dev)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>API Token\u003C\u002Fstrong>: Shared secret for authenticating with your Worker\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Default From Name\u003C\u002Fstrong>: Default sender name for emails\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Default From Email\u003C\u002Fstrong>: Default sender email (must be verified in Cloudflare Email Service)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Limitations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Attachments are not supported in v1\u003C\u002Fli>\n\u003Cli>Requires WordPress 5.7+ (uses pre_wp_mail filter)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>This plugin may collect the following data:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Email delivery logs (recipient email addresses, subject lines, delivery status, timestamps) are stored in the database for troubleshooting and compliance purposes\u003C\u002Fli>\n\u003Cli>Worker endpoint URL and API token are stored in wp_options for plugin functionality\u003C\u002Fli>\n\u003Cli>No user data is sent to third parties except for email delivery through your configured Cloudflare Worker endpoint\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>All data is stored locally on your WordPress installation. This plugin does not track users or send data to external analytics services.\u003C\u002Fp>\n","Replace WordPress transactional email with Cloudflare Worker endpoint integration.",135,"2025-11-04T10:16:00.000Z","6.8.5","5.7",[19,154,155,22,156],"email","transactional","workers","https:\u002F\u002Fgithub.com\u002Fdavidrukahu\u002Fedgemail","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fedgemail.1.0.0.zip",{"attackSurface":160,"codeSignals":303,"taintFlows":347,"riskAssessment":473,"analyzedAt":484},{"hooks":161,"ajaxHandlers":285,"restRoutes":300,"shortcodes":301,"cronEvents":302,"entryPointCount":59,"unprotectedCount":25},[162,168,173,177,182,187,191,194,198,201,205,208,211,215,218,222,226,229,233,237,241,245,249,252,256,260,263,266,269,273,278,281],{"type":163,"name":164,"callback":165,"file":166,"line":167},"filter","init","aw_checkmaintenance","aw-toolkit.php",48,{"type":169,"name":170,"callback":171,"file":166,"line":172},"action","admin_footer","enqueue_scripts",102,{"type":169,"name":174,"callback":175,"priority":26,"file":166,"line":176},"admin_head","closure",103,{"type":169,"name":178,"callback":179,"priority":180,"file":166,"line":181},"plugins_loaded","get_instance",20,160,{"type":169,"name":183,"callback":184,"file":185,"line":186},"shutdown","forceLoadFirst","includes\\class.awtoolkit-general.php",16,{"type":169,"name":188,"callback":189,"file":190,"line":186},"rest_api_init","register_routes","includes\\class.awtoolkit-remote.php",{"type":163,"name":192,"callback":175,"priority":11,"file":190,"line":193},"filesystem_method",215,{"type":169,"name":195,"callback":196,"file":197,"line":96},"admin_menu","awtoolbox_control_menu","includes\\class.awtoolkit-setting.php",{"type":169,"name":195,"callback":199,"priority":11,"file":200,"line":186},"awtoolkit_suppliers_per_product","includes\\class.awtoolkit-woo-product-suppliers.php",{"type":169,"name":202,"callback":203,"file":200,"line":204},"woocommerce_product_options_inventory_product_data","awtoolkit_add_custom_supplier",43,{"type":169,"name":206,"callback":175,"file":200,"line":207},"woocommerce_product_quick_edit_end",45,{"type":169,"name":209,"callback":175,"priority":45,"file":200,"line":210},"woocommerce_product_quick_edit_save",101,{"type":169,"name":212,"callback":175,"priority":213,"file":200,"line":214},"manage_product_posts_custom_column",99,148,{"type":169,"name":170,"callback":216,"file":200,"line":217},"_supplier_quick_edit_javascript",172,{"type":169,"name":219,"callback":220,"priority":45,"file":200,"line":221},"save_post_product","mp_sync_on_product_save",432,{"type":163,"name":223,"callback":224,"file":200,"line":225},"manage_edit-product_columns","_admin_products_supplier_column",434,{"type":169,"name":212,"callback":227,"priority":45,"file":200,"line":228},"_admin_products_supplier_column_content",441,{"type":169,"name":230,"callback":231,"file":200,"line":232},"add_meta_boxes","_supplier_order_box",452,{"type":169,"name":234,"callback":235,"priority":45,"file":200,"line":236},"woocommerce_product_bulk_edit_start","_supplier_field_product_bulk_edit",490,{"type":169,"name":238,"callback":239,"priority":45,"file":200,"line":240},"woocommerce_product_bulk_edit_save","save_supplier_field_product_bulk_edit",520,{"type":169,"name":242,"callback":243,"priority":45,"file":200,"line":244},"restrict_manage_posts","location_filtering",563,{"type":163,"name":246,"callback":247,"priority":45,"file":200,"line":248},"parse_query","supplier_filter_request_query",604,{"type":169,"name":212,"callback":250,"priority":45,"file":251,"line":76},"awtoolkit_product_order_count_column","includes\\class.awtoolkit-woocommerce.php",{"type":163,"name":223,"callback":253,"priority":254,"file":251,"line":255},"awtoolkit_add_order_count_columns_to_product_grid",15,14,{"type":163,"name":257,"callback":258,"file":251,"line":259},"manage_edit-product_sortable_columns","awtoolkit_order_count_sortable_column",22,{"type":169,"name":212,"callback":261,"priority":45,"file":251,"line":262},"awtoolkit_product_dimensions_column",32,{"type":163,"name":223,"callback":264,"priority":254,"file":251,"line":265},"awtoolkit_add_dimensions_columns_to_product_grid",41,{"type":163,"name":257,"callback":267,"file":251,"line":268},"awtoolkit_dimensions_sortable_column",49,{"type":169,"name":270,"callback":271,"priority":180,"file":251,"line":272},"manage_shop_order_posts_custom_column","awtoolkit_order_count_column",61,{"type":163,"name":274,"callback":275,"priority":276,"file":251,"line":277},"posts_orderby","awtoolkit_order_count_orderby",25,87,{"type":169,"name":164,"callback":279,"file":251,"line":280},"awtoolkit_utm_tracking",170,{"type":163,"name":282,"callback":283,"priority":180,"file":251,"line":284},"woocommerce_checkout_create_order","awtoolkit_add_utm_data",197,[286,291,294,298],{"action":287,"nopriv":288,"callback":289,"hasNonce":288,"hasCapCheck":288,"file":200,"line":290},"check_supplier",false,"_supplier_filter_function",330,{"action":287,"nopriv":292,"callback":289,"hasNonce":288,"hasCapCheck":288,"file":200,"line":293},true,331,{"action":295,"nopriv":288,"callback":296,"hasNonce":292,"hasCapCheck":288,"file":200,"line":297},"supplierAddNew","supplier_add_new",394,{"action":295,"nopriv":292,"callback":296,"hasNonce":292,"hasCapCheck":288,"file":200,"line":299},395,[],[],[],{"dangerousFunctions":304,"sqlUsage":309,"outputEscaping":316,"fileOperations":26,"externalRequests":26,"nonceChecks":25,"capabilityChecks":13,"bundledLibraries":346},[305],{"fn":306,"file":197,"line":307,"context":308},"unserialize",236,"$unserialized_string = @unserialize( $serialized_string );",{"prepared":45,"raw":25,"locations":310},[311,314],{"file":197,"line":312,"context":313},74,"$wpdb->get_results() with variable interpolation",{"file":197,"line":315,"context":313},91,{"escaped":317,"rawEcho":255,"locations":318},107,[319,321,323,325,326,328,330,332,334,336,338,340,342,344],{"file":166,"line":272,"context":320},"raw output",{"file":166,"line":322,"context":320},63,{"file":166,"line":324,"context":320},65,{"file":200,"line":180,"context":320},{"file":200,"line":327,"context":320},27,{"file":200,"line":329,"context":320},340,{"file":200,"line":331,"context":320},342,{"file":200,"line":333,"context":320},346,{"file":200,"line":335,"context":320},447,{"file":200,"line":337,"context":320},592,{"file":200,"line":339,"context":320},600,{"file":341,"line":315,"context":320},"includes\\settings-template.php",{"file":341,"line":343,"context":320},95,{"file":345,"line":322,"context":320},"templete\\supplier_list.php",[],[348,381,392,402,426,441,452,463],{"entryPoint":349,"graph":350,"unsanitizedCount":26,"severity":380},"\u003Cclass.awtoolkit-woo-product-suppliers> (includes\\class.awtoolkit-woo-product-suppliers.php:0)",{"nodes":351,"edges":376},[352,357,363,367,370,372],{"id":353,"type":354,"label":355,"file":200,"line":356},"n0","source","$_REQUEST (x3)",121,{"id":358,"type":359,"label":360,"file":200,"line":361,"wp_function":362},"n1","sink","get_results() [SQLi]",122,"get_results",{"id":364,"type":354,"label":365,"file":200,"line":366},"n2","$_POST",336,{"id":368,"type":359,"label":360,"file":200,"line":369,"wp_function":362},"n3",338,{"id":371,"type":354,"label":365,"file":200,"line":366},"n4",{"id":373,"type":359,"label":374,"file":200,"line":331,"wp_function":375},"n5","echo() [XSS]","echo",[377,378,379],{"from":353,"to":358,"sanitized":292},{"from":364,"to":368,"sanitized":292},{"from":371,"to":373,"sanitized":292},"low",{"entryPoint":382,"graph":383,"unsanitizedCount":26,"severity":380},"\u003Csupplier_add> (templete\\supplier_add.php:0)",{"nodes":384,"edges":390},[385,388],{"id":353,"type":354,"label":386,"file":387,"line":255},"$_GET (x2)","templete\\supplier_add.php",{"id":358,"type":359,"label":374,"file":387,"line":389,"wp_function":375},28,[391],{"from":353,"to":358,"sanitized":292},{"entryPoint":393,"graph":394,"unsanitizedCount":26,"severity":380},"\u003Csupplier_list> (templete\\supplier_list.php:0)",{"nodes":395,"edges":400},[396,399],{"id":353,"type":354,"label":397,"file":345,"line":398},"$_GET['message']",37,{"id":358,"type":359,"label":374,"file":345,"line":398,"wp_function":375},[401],{"from":353,"to":358,"sanitized":292},{"entryPoint":403,"graph":404,"unsanitizedCount":25,"severity":425},"awtoolbox_dashboard (includes\\class.awtoolkit-setting.php:10)",{"nodes":405,"edges":420},[406,407,410,414,415,416],{"id":353,"type":354,"label":365,"file":197,"line":207},{"id":358,"type":408,"label":409,"file":197,"line":207},"transform","→ awDbFindReplace()",{"id":364,"type":359,"label":411,"file":197,"line":412,"wp_function":413},"query() [SQLi]",138,"query",{"id":368,"type":354,"label":365,"file":197,"line":207},{"id":371,"type":408,"label":409,"file":197,"line":207},{"id":373,"type":359,"label":417,"file":197,"line":418,"wp_function":419},"update_option() [Settings Manipulation]",117,"update_option",[421,422,423,424],{"from":353,"to":358,"sanitized":288},{"from":358,"to":364,"sanitized":288},{"from":368,"to":371,"sanitized":288},{"from":371,"to":373,"sanitized":288},"high",{"entryPoint":427,"graph":428,"unsanitizedCount":25,"severity":425},"\u003Cclass.awtoolkit-setting> (includes\\class.awtoolkit-setting.php:0)",{"nodes":429,"edges":436},[430,431,432,433,434,435],{"id":353,"type":354,"label":365,"file":197,"line":207},{"id":358,"type":408,"label":409,"file":197,"line":207},{"id":364,"type":359,"label":411,"file":197,"line":412,"wp_function":413},{"id":368,"type":354,"label":365,"file":197,"line":207},{"id":371,"type":408,"label":409,"file":197,"line":207},{"id":373,"type":359,"label":417,"file":197,"line":418,"wp_function":419},[437,438,439,440],{"from":353,"to":358,"sanitized":288},{"from":358,"to":364,"sanitized":288},{"from":368,"to":371,"sanitized":288},{"from":371,"to":373,"sanitized":288},{"entryPoint":442,"graph":443,"unsanitizedCount":25,"severity":425},"_supplier_filter_function (includes\\class.awtoolkit-woo-product-suppliers.php:333)",{"nodes":444,"edges":449},[445,446,447,448],{"id":353,"type":354,"label":365,"file":200,"line":366},{"id":358,"type":359,"label":360,"file":200,"line":369,"wp_function":362},{"id":364,"type":354,"label":365,"file":200,"line":366},{"id":368,"type":359,"label":374,"file":200,"line":331,"wp_function":375},[450,451],{"from":353,"to":358,"sanitized":288},{"from":364,"to":368,"sanitized":288},{"entryPoint":453,"graph":454,"unsanitizedCount":13,"severity":425},"mp_sync_on_product_save (includes\\class.awtoolkit-woo-product-suppliers.php:397)",{"nodes":455,"edges":461},[456,459],{"id":353,"type":354,"label":457,"file":200,"line":458},"$_REQUEST",405,{"id":358,"type":359,"label":360,"file":200,"line":460,"wp_function":362},406,[462],{"from":353,"to":358,"sanitized":288},{"entryPoint":464,"graph":465,"unsanitizedCount":13,"severity":425},"save_supplier_field_product_bulk_edit (includes\\class.awtoolkit-woo-product-suppliers.php:521)",{"nodes":466,"edges":471},[467,469],{"id":353,"type":354,"label":457,"file":200,"line":468},534,{"id":358,"type":359,"label":360,"file":200,"line":470,"wp_function":362},535,[472],{"from":353,"to":358,"sanitized":288},{"summary":474,"deductions":475},"The awcode-toolkit plugin v1.0.24 presents a mixed security posture.  While it demonstrates good practices in utilizing prepared statements for SQL queries and properly escaping a high percentage of output, several areas raise concerns.  The presence of a dangerous `unserialize` function is a significant red flag, especially when combined with a high number of unsanitized taint flows.  Furthermore, the attack surface includes two AJAX handlers without authentication checks, creating a direct pathway for potential unauthorized actions.  The vulnerability history, while showing no currently unpatched CVEs, reveals a pattern of past medium-severity issues related to CSRF and XSS, suggesting a recurring need for careful input validation and output sanitization.  The existence of two unprotected AJAX endpoints and the use of `unserialize` without apparent validation are the most immediate risks.",[476,478,480,482],{"reason":477,"points":45},"Unprotected AJAX handlers",{"reason":479,"points":45},"Dangerous function: unserialize",{"reason":481,"points":45},"High number of unsanitized taint flows",{"reason":483,"points":76},"Past CSRF and XSS vulnerabilities","2026-03-16T20:33:39.657Z",{"wat":486,"direct":497},{"assetPaths":487,"generatorPatterns":494,"scriptPaths":495,"versionParams":496},[488,489,490,491,492,493],"\u002Fwp-content\u002Fplugins\u002Fawcode-toolkit\u002Fincludes\u002Fclass.awtoolkit-remote.php","\u002Fwp-content\u002Fplugins\u002Fawcode-toolkit\u002Fincludes\u002Fclass.awtoolkit-general.php","\u002Fwp-content\u002Fplugins\u002Fawcode-toolkit\u002Fincludes\u002Fclass.awtoolkit-setting.php","\u002Fwp-content\u002Fplugins\u002Fawcode-toolkit\u002Fincludes\u002Fclass.awtoolkit-woocommerce.php","\u002Fwp-content\u002Fplugins\u002Fawcode-toolkit\u002Fincludes\u002Fclass.awtoolkit-woo-product-suppliers.php","\u002Fwp-content\u002Fplugins\u002Fawcode-toolkit\u002Faw-toolkit.php",[],[],[],{"cssClasses":498,"htmlComments":502,"htmlAttributes":503,"restEndpoints":504,"jsGlobals":512,"shortcodeOutput":516},[499,500,501],"wp-smush-exceed-limit","wp-smush-resume-bulk-smush","wp-smush-bulk-progress-bar-wrapper",[],[],[505,506,507,508,509,510,511],"\u002Fawtoolkit\u002Fv1\u002Fstatus","\u002Fawtoolkit\u002Fv1\u002Fplugins","\u002Fawtoolkit\u002Fv1\u002Fthemes","\u002Fawtoolkit\u002Fv1\u002Fusers","\u002Fawtoolkit\u002Fv1\u002Fupgrade\u002Fcore","\u002Fawtoolkit\u002Fv1\u002Fupgrade\u002Fplugin","\u002Fawtoolkit\u002Fv1\u002Fupgrade\u002Ftheme",[513,514,515],"MutationObserver","window","$",[]]