[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f-fU5jJjAymDKbab84i8dy0V1P13fYJRLVMu4iEwx4s8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":36,"analysis":59,"fingerprints":152},"call-me-spoot","Обратный звонок","1.4","Alex Kuimov","https:\u002F\u002Fprofiles.wordpress.org\u002Fspoot1986\u002F","\u003Cp>Плагин Cms3 (Free) добавляет на сайт кнопку и форму заказа обратного звонка. Плагин не требует настройки, просто активируйте его. Уведомления будут приходить на почту администратора.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fcms3.ru\u002Fdemo\u002F\" rel=\"nofollow ugc\">Демо\u003C\u002Fa>\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FyJRa2EP_9dk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n","Плагин добавляет на сайт кнопку и форму заказа обратного звонка.",100,13694,2,"2019-03-08T19:42:00.000Z","5.1.22","4.5.3","",[19,20,21],"callback-request","callback-request-button","callback-request-form","https:\u002F\u002Fcms3.ru\u002Fknopka-obratnogo-zvonka-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcall-me-spoot.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":24,"computed_at":35},"spoot1986",9,2490,87,30,"2026-04-04T05:56:20.298Z",[37],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":25,"num_ratings":25,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":56,"download_link":57,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":58},"wp-request-callback","WP Request Callback","0.1.0","kiteframe","https:\u002F\u002Fprofiles.wordpress.org\u002Fkiteframe\u002F","\u003Cp>Easily add a form to any page on your site to allow visitors to leave their name and number to request a callback.\u003C\u002Fp>\n\u003Ch3>Settings\u003C\u002Fh3>\n\u003Cp>The settings page can be reached by clicking on Settings in the WordPress admin menu, and then clicking on WP Request Callback.\u003C\u002Fp>\n\u003Cp>Here you can add an email address to receive email notifications, as well as a Slack Webhook URL to enable notifications straight into a Slack channel.\u003C\u002Fp>\n\u003Cp>Also on this page you can choose the default theme color. This will be used by the shortcode as the background color of the submit button and the border color of the focussed inputs.\u003C\u002Fp>\n\u003Cp>The color can be overridden on a per form basis by using the shortcode settings as documented below.\u003C\u002Fp>\n\u003Ch3>Configuring the Shortcode\u003C\u002Fh3>\n\u003Cp>The shortcode usage is as follows: \u003Ccode>[wprc success_message=\"This is my custom success message.\" error_message=\"Something went wrong.\" color=\"#9f7aea\"]\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>success_message is the text displayed to the user after the form is submitted successfully. It is optional and if omitted the default message is ‘Thanks for submitting your callback request.’\u003C\u002Fli>\n\u003Cli>error_message is the text displayed to the user if an unexpected error occurs with the submission. It is optional and if omitted the default message is ‘Something went wrong. Please try again.’\u003C\u002Fli>\n\u003Cli>color is a hex color code that is used to style the button and inputs of the form. It is optional, and if omitted, the color set on the settings page is used, or blue by default (#9f7aea).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>API Documentation\u003C\u002Fh3>\n\u003Cp>The plugin makes use of the WordPress \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Frest-api\u002F\" rel=\"nofollow ugc\">REST API\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Endpoint\u003C\u002Fh4>\n\u003Cp>POST \u002Fwp-json\u002Fwprc\u002Fv1\u002Fcallback-requests\u003C\u002Fp>\n\u003Ch4>Request Body\u003C\u002Fh4>\n\u003Cp>name: Required, string.\u003Cbr \u002F>\nphone: Required, string, numbers or spaces.\u003C\u002Fp>\n\u003Cp>Example:\u003Cbr \u002F>\n{ name: ‘Name’, phone: ‘01234567890’ }\u003C\u002Fp>\n\u003Ch4>Responses\u003C\u002Fh4>\n\u003Cp>\u003Cem>Success\u003C\u002Fem>\u003Cbr \u002F>\nStatus: 201\u003Cbr \u002F>\nResponse data: ‘Success’\u003C\u002Fp>\n\u003Cp>\u003Cem>Validation error\u003C\u002Fem>\u003Cbr \u002F>\nStatus: 422\u003Cbr \u002F>\nResponse data: { errors: { name: [‘Example validation error’], phone: [‘Example validation error’] } }\u003C\u002Fp>\n","Capture callback requests from potential clients on your site. Use our built in forms or create your own. Simple, customisable, and easy to use.",10,1603,"2019-09-30T14:05:00.000Z","5.2.24","5.0","7.0",[52,19,53,54,55],"callback","phone","phone-back","request","https:\u002F\u002Fwprequestcallback.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-request-callback.0.1.0.zip","2026-03-15T14:54:45.397Z",{"attackSurface":60,"codeSignals":102,"taintFlows":136,"riskAssessment":137,"analyzedAt":151},{"hooks":61,"ajaxHandlers":91,"restRoutes":99,"shortcodes":100,"cronEvents":101,"entryPointCount":13,"unprotectedCount":13},[62,68,72,76,80,83,88],{"type":63,"name":64,"callback":65,"file":66,"line":67},"action","plugins_loaded","cms30_languages","call-me-spoot.php",14,{"type":63,"name":69,"callback":70,"file":66,"line":71},"wp_head","cms30_script",34,{"type":63,"name":73,"callback":74,"file":66,"line":75},"wp_enqueue_scripts","cms30_style",35,{"type":63,"name":77,"callback":78,"file":66,"line":79},"wp_footer","cms30_button",60,{"type":63,"name":77,"callback":81,"file":66,"line":82},"cms30_form",61,{"type":84,"name":85,"callback":86,"file":66,"line":87},"filter","wp_mail_charset","anonymous",71,{"type":84,"name":89,"callback":86,"file":66,"line":90},"wp_mail_content_type",72,[92,96],{"action":93,"nopriv":94,"callback":93,"hasNonce":94,"hasCapCheck":94,"file":66,"line":95},"cms30_send",false,83,{"action":93,"nopriv":97,"callback":93,"hasNonce":94,"hasCapCheck":94,"file":66,"line":98},true,84,[],[],[],{"dangerousFunctions":103,"sqlUsage":115,"outputEscaping":117,"fileOperations":25,"externalRequests":25,"nonceChecks":25,"capabilityChecks":25,"bundledLibraries":135},[104,107,109,112],{"fn":105,"file":66,"line":87,"context":106},"create_function","add_filter('wp_mail_charset', create_function('', 'return \"utf-8\";'));",{"fn":105,"file":66,"line":90,"context":108},"add_filter('wp_mail_content_type', create_function('', 'return \"text\u002Fhtml\";'));",{"fn":105,"file":66,"line":110,"context":111},76,"remove_filter('wp_mail_charset', create_function('', 'return \"utf-8\";'));",{"fn":105,"file":66,"line":113,"context":114},77,"remove_filter('wp_mail_content_type', create_function('', 'return \"text\u002Fhtml\";'));",{"prepared":25,"raw":25,"locations":116},[],{"escaped":118,"rawEcho":119,"locations":120},1,7,[121,124,126,128,130,132,134],{"file":66,"line":122,"context":123},39,"raw output",{"file":66,"line":125,"context":123},49,{"file":66,"line":127,"context":123},50,{"file":66,"line":129,"context":123},51,{"file":66,"line":131,"context":123},52,{"file":66,"line":133,"context":123},53,{"file":66,"line":133,"context":123},[],[],{"summary":138,"deductions":139},"The 'call-me-spoot' plugin version 1.4 presents a significant security risk due to multiple unauthenticated entry points and poor output escaping practices.  The static analysis revealed two AJAX handlers, both of which lack authentication checks. This means any unauthenticated user could potentially trigger these handlers, leading to unintended actions or information disclosure.\n\nWhile the plugin utilizes prepared statements for SQL queries, which is a strength, the overwhelmingly low percentage of properly escaped output (13%) is a major concern. This indicates a high likelihood of cross-site scripting (XSS) vulnerabilities, where malicious code could be injected into the website's output.  The presence of `create_function`, while less critical on its own, can also be a vector for code injection if not handled with extreme care.  The absence of any recorded vulnerability history is positive but does not negate the inherent risks identified in the code analysis. \n\nIn conclusion, the plugin's security posture is weak. The unauthenticated AJAX handlers and severe output escaping deficiencies create substantial risks. While good practices like prepared statements are present, they are overshadowed by critical vulnerabilities that require immediate attention. The plugin's attack surface is small but poorly secured.",[140,142,145,148],{"reason":141,"points":45},"Unprotected AJAX handlers",{"reason":143,"points":144},"Low output escaping percentage",8,{"reason":146,"points":147},"Use of dangerous function create_function",3,{"reason":149,"points":150},"Missing nonce checks on AJAX handlers",5,"2026-03-16T20:32:39.381Z",{"wat":153,"direct":166},{"assetPaths":154,"generatorPatterns":159,"scriptPaths":160,"versionParams":161},[155,156,157,158],"\u002Fwp-content\u002Fplugins\u002Fcall-me-spoot\u002Fcss\u002Ffont-awesome.css","\u002Fwp-content\u002Fplugins\u002Fcall-me-spoot\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fcall-me-spoot\u002Fjs\u002Fphone_mask.js","\u002Fwp-content\u002Fplugins\u002Fcall-me-spoot\u002Fjs\u002Fscript.js",[],[157,158],[162,163,164,165],"call-me-spoot\u002Fcss\u002Ffont-awesome.css?ver=","call-me-spoot\u002Fcss\u002Fstyle.css?ver=","call-me-spoot\u002Fjs\u002Fphone_mask.js?ver=","call-me-spoot\u002Fjs\u002Fscript.js?ver=",{"cssClasses":167,"htmlComments":177,"htmlAttributes":178,"restEndpoints":181,"jsGlobals":182,"shortcodeOutput":184},[168,78,169,170,171,172,173,174,175,176],"cms30_link","cms30_modal_wrapper","cms30_close_modal","cms30_modal_dialog","cms30_container","cms30_callback_form","cms30_close_modal_min","cms30_phone","cms30_msg",[],[179,180],"data-cms30-phone-mask","data-cms30-form-submit",[],[183],"ajax_object",[185,186],"\u003Ca class=\"cms30_link cms30_button\" href=\"#cms30_call_me\">\u003Ci class=\"fa fa-phone-square\" aria-hidden=\"true\">\u003C\u002Fi> Callback request\u003C\u002Fa>","\u003Cdiv class=\"cms30_modal_wrapper\" id=\"cms30_call_me\">\n    \u003Ca href=\"#close\" class=\"cms30_close_modal\">\u003C\u002Fa>\n    \u003Cdiv class=\"cms30_modal_dialog\">\n        \u003Cdiv class=\"cms30_container\">  \n            \u003Cform class=\"cms30_callback_form\" action=\"#\" method=\"post\">\n                \u003Ca href=\"#close\" class=\"cms30_close_modal_min\">\u003C\u002Fa>\n                \u003Cdiv class=\"title_h3\">Callback form\u003C\u002Fdiv>              \n                \u003Cinput name=\"cms30_phone\" class=\"cms30_phone\" placeholder=\"Phone\" type=\"tel\" tabindex=\"1\">\n                \u003Cinput type=\"hidden\" name=\"cms30_msg\" class=\"cms30_msg\" value=\"Thanks!\">\n                \u003Cbutton name=\"submit\" type=\"submit\">Send\u003C\u002Fbutton>\n                \u003Ca class=\"copyright\" title=\"Форма обратного звонка WordPress\" href=\"https:\u002F\u002Fcms3.ru\u002F\">Форма обратного звонка WordPress\u003C\u002Fa>\n            \u003C\u002Fform>\n        \u003C\u002Fdiv>        \n    \u003C\u002Fdiv>\n\u003C\u002Fdiv>"]