[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fsodAsjKis4OpWyOtHqvHkk-UgkpZR_f_oV0kead_aWQ":3,"$fsor5UF6Eo4rzLKoM_p0Q_xMeoWR4pm5L6dw7DuXfpGU":217},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":20,"download_link":21,"security_score":22,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":24,"vulnerabilities":25,"developer":26,"crawl_stats":23,"alternatives":34,"analysis":64,"fingerprints":190},"callback","Callback","1.0","Graham","https:\u002F\u002Fprofiles.wordpress.org\u002Faerin\u002F","\u003Cp>A simple callback, newsletter signup or lead generator form. There are just two basic fields: name and telephone\u002Femail.\u003C\u002Fp>\n\u003Cp>The shortcode to add the form is [callback] or you can use the callback block.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Spam checker\u003C\u002Fli>\n\u003Cli>Choice of shortcode or block to add the form to your site\u003C\u002Fli>\n\u003Cli>Notification emails\u003C\u002Fli>\n\u003Cli>Callback manager\u003C\u002Fli>\n\u003Cli>Form completion tracking\u003C\u002Fli>\n\u003Cli>Mailchimp integration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Settings\u003C\u002Fh4>\n\u003Cp>To change the settings go to \u003Cstrong>Settings\u003C\u002Fstrong> > \u003Cstrong>Callback Form\u003C\u002Fstrong>. You can now change the form settings, labels and other options and add your mailchimp ID.\u003Cbr \u002F>\nTo manage callbacks click on the \u003Cstrong>Callbacks\u003C\u002Fstrong> link in your dasboard menu.\u003Cbr \u002F>\nCallback tracking is shown on your dashboard homepage.\u003C\u002Fp>\n\u003Cp>If you want to change the styling use your theme customiser or edit the callback.css file.\u003C\u002Fp>\n","A simple callback, newsletter signup or lead generator form. There are just two basic fields: name and telephone\u002Femail.",70,2839,0,"2025-12-23T09:10:00.000Z","6.9.4","6.0","",[19],"loan-slider-jquery","http:\u002F\u002Floanpaymentplugin.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcallback.1.1.zip",100,null,"2026-04-06T09:54:40.288Z",[],{"slug":27,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":30,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"aerin",5,1550,88,154,71,"2026-04-10T14:04:39.726Z",[35,51],{"slug":36,"name":37,"version":38,"author":7,"author_profile":8,"description":39,"short_description":40,"active_installs":41,"downloaded":42,"rating":43,"num_ratings":44,"last_updated":45,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":46,"homepage":20,"download_link":47,"security_score":48,"vuln_count":28,"unpatched_count":49,"last_vuln_date":50,"fetched_at":24},"quick-interest-slider","Quick Interest Slider","3.1.5","\u003Cp>Ideal for payday loans, fixed fee payments, regular payments, savings, comparisons and pretty much anything else that gets calculated from a variable amount and term.\u003C\u002Fp>\n\u003Cp>GDPR compliant.\u003C\u002Fp>\n\u003Cp>Bespoke versions available for bank comparisons, quotes, full loan applications and so on.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Ultra lightweight – under 5kB\u003C\u002Fli>\n\u003Cli>Any currency\u003C\u002Fli>\n\u003Cli>Multiple interest rates: fixed, simple, compound and amortization\u003C\u002Fli>\n\u003Cli>Set the max, min, initial and step values on the sliders\u003C\u002Fli>\n\u003Cli>Set the term to days, weeks, months or years\u003C\u002Fli>\n\u003Cli>Set interest rate changes with period and amount tiggers\u003C\u002Fli>\n\u003Cli>Select from a range of different outputs\u003C\u002Fli>\n\u003Cli>Change the labels on all outputs\u003C\u002Fli>\n\u003Cli>Style borders, colors and backgrounds\u003C\u002Fli>\n\u003Cli>GDPR compliant\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Upgrade to Pro\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Application form and autoresponders with GDPR compliance\u003C\u002Fli>\n\u003Cli>Akismet validation\u003C\u002Fli>\n\u003Cli>Apply Now button for external processing\u003C\u002Fli>\n\u003Cli>Store, manage and download applications\u003C\u002Fli>\n\u003Cli>Annuity and amortization repayment calculations\u003C\u002Fli>\n\u003Cli>Additional layout options\u003C\u002Fli>\n\u003Cli>Currency selectors and foreign exchange\u003C\u002Fli>\n\u003Cli>Tooltips\u003C\u002Fli>\n\u003Cli>Downpayment calculation\u003C\u002Fli>\n\u003Cli>Interest rate sliders\u003C\u002Fli>\n\u003Cli>Application tracking\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Developer’s plugin pages\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Floanpaymentplugin.com\u002F\" rel=\"nofollow ugc\">loanpaymentplugin.com\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Floanpaymentplugin.com\u002Floan-repayment-form-examples\u002F\" rel=\"nofollow ugc\">Example forms\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Floanpaymentplugin.com\u002Fbespoke-versions\u002F\" rel=\"nofollow ugc\">Bespoke versions\u003C\u002Fa>\u003C\u002Fp>\n","A simple repayment calculator. Uses sliders to set the amount and term and displays a range of outputs",1000,61236,92,13,"2025-12-23T09:12:00.000Z",[19],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fquick-interest-slider.3.1.5.zip",42,3,"2025-11-29 00:00:00",{"slug":52,"name":53,"version":6,"author":7,"author_profile":8,"description":54,"short_description":55,"active_installs":56,"downloaded":57,"rating":22,"num_ratings":58,"last_updated":59,"tested_up_to":60,"requires_at_least":16,"requires_php":17,"tags":61,"homepage":62,"download_link":63,"security_score":22,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":24},"take-the-lead","Take the Lead","\u003Cp>Can be added to any WordPress site where there is a need to capture leads. Works straight out the box – no fiddly setting up needed\u003C\u002Fp>\n\u003Cp>Bespoke versions available for Infusionsoft and Hubspot CRM\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Any number of steps\u003C\u002Fli>\n\u003Cli>You choose what goes in what step\u003C\u002Fli>\n\u003Cli>Homepage option with background image\u003C\u002Fli>\n\u003Cli>Simple styling options\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Developer’s plugin pages\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftake-the-lead.loanpaymentplugin.com\u002F\" rel=\"nofollow ugc\">take-the-lead.loanpaymentplugin.com\u003C\u002Fa>\u003C\u002Fp>\n","Multistep lead generating form. Simple for your visitors and easy to manage",30,1967,1,"2025-04-17T08:49:00.000Z","6.8.5",[19],"http:\u002F\u002Ftake-the-lead.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftake-the-lead.zip",{"attackSurface":65,"codeSignals":115,"taintFlows":133,"riskAssessment":178,"analyzedAt":189},{"hooks":66,"ajaxHandlers":94,"restRoutes":109,"shortcodes":110,"cronEvents":114,"entryPointCount":28,"unprotectedCount":93},[67,73,76,80,86,90],{"type":68,"name":69,"callback":70,"file":71,"line":72},"action","wp_enqueue_scripts","callback_scripts","callback.php",29,{"type":68,"name":74,"callback":75,"file":71,"line":56},"init","callback_init",{"type":68,"name":77,"callback":78,"file":71,"line":79},"wp_dashboard_setup","callback_add_dashboard_widgets",35,{"type":81,"name":82,"callback":83,"priority":84,"file":71,"line":85},"filter","plugin_action_links","callback_plugin_action_links",10,37,{"type":68,"name":87,"callback":88,"file":89,"line":49},"admin_menu","callback_admin_pages","settings.php",{"type":68,"name":91,"callback":92,"file":89,"line":93},"admin_notices","callback_admin_notice",4,[95,100,103,107],{"action":96,"nopriv":97,"callback":98,"hasNonce":97,"hasCapCheck":97,"file":71,"line":99},"ajax_callback_submit",false,"callback_ajax_submit",31,{"action":96,"nopriv":101,"callback":98,"hasNonce":97,"hasCapCheck":97,"file":71,"line":102},true,32,{"action":104,"nopriv":97,"callback":105,"hasNonce":97,"hasCapCheck":97,"file":71,"line":106},"ajax_track","callback_ajax_track",33,{"action":104,"nopriv":101,"callback":105,"hasNonce":97,"hasCapCheck":97,"file":71,"line":108},34,[],[111],{"tag":4,"callback":112,"file":71,"line":113},"callback_display",39,[],{"dangerousFunctions":116,"sqlUsage":117,"outputEscaping":119,"fileOperations":13,"externalRequests":58,"nonceChecks":131,"capabilityChecks":13,"bundledLibraries":132},[],{"prepared":13,"raw":13,"locations":118},[],{"escaped":72,"rawEcho":93,"locations":120},[121,125,127,129],{"file":122,"line":123,"context":124},"modules.php",65,"raw output",{"file":122,"line":126,"context":124},123,{"file":122,"line":128,"context":124},208,{"file":122,"line":130,"context":124},216,7,[],[134,165],{"entryPoint":135,"graph":136,"unsanitizedCount":58,"severity":164},"callback_messages (messages.php:5)",{"nodes":137,"edges":160},[138,144,150,153,157],{"id":139,"type":140,"label":141,"file":142,"line":143},"n0","source","$_POST","messages.php",38,{"id":145,"type":146,"label":147,"file":142,"line":148,"wp_function":149},"n1","sink","echo() [XSS]",77,"echo",{"id":151,"type":140,"label":141,"file":142,"line":152},"n2",41,{"id":154,"type":155,"label":156,"file":142,"line":152},"n3","transform","→ callback_admin_notice()",{"id":158,"type":146,"label":147,"file":89,"line":159,"wp_function":149},"n4",229,[161,162,163],{"from":139,"to":145,"sanitized":101},{"from":151,"to":154,"sanitized":97},{"from":154,"to":158,"sanitized":97},"medium",{"entryPoint":166,"graph":167,"unsanitizedCount":58,"severity":164},"\u003Cmessages> (messages.php:0)",{"nodes":168,"edges":174},[169,170,171,172,173],{"id":139,"type":140,"label":141,"file":142,"line":143},{"id":145,"type":146,"label":147,"file":142,"line":148,"wp_function":149},{"id":151,"type":140,"label":141,"file":142,"line":152},{"id":154,"type":155,"label":156,"file":142,"line":152},{"id":158,"type":146,"label":147,"file":89,"line":159,"wp_function":149},[175,176,177],{"from":139,"to":145,"sanitized":101},{"from":151,"to":154,"sanitized":97},{"from":154,"to":158,"sanitized":97},{"summary":179,"deductions":180},"The \"callback\" v1.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries, a high percentage of properly escaped output, and the absence of any known historical vulnerabilities. The lack of dangerous functions, file operations, and external HTTP requests are also strengths.\n\nHowever, significant concerns arise from the attack surface analysis. The plugin exposes four AJAX handlers that lack authentication checks, making them prime targets for unauthorized actions. Furthermore, the taint analysis reveals two flows with unsanitized paths, indicating potential for various injection attacks if user-supplied data is not handled with extreme care. The absence of capability checks on any entry points is a critical oversight that exacerbates the risk posed by the unprotected AJAX handlers.\n\nWhile the plugin has no recorded vulnerability history, this does not negate the inherent risks identified in the static and taint analysis. The current findings suggest that a proactive security approach is necessary to mitigate potential exploits. The strengths in SQL handling and output escaping are commendable, but they are overshadowed by the critical deficiencies in authentication and input sanitization on its exposed entry points.",[181,184,187],{"reason":182,"points":183},"Unprotected AJAX handlers",20,{"reason":185,"points":186},"Flows with unsanitized paths",15,{"reason":188,"points":84},"No capability checks","2026-03-16T21:33:09.324Z",{"wat":191,"direct":201},{"assetPaths":192,"generatorPatterns":195,"scriptPaths":196,"versionParams":198},[193,194],"\u002Fwp-content\u002Fplugins\u002Fcallback\u002Fcallback.css","\u002Fwp-content\u002Fplugins\u002Fcallback\u002Fcallback.js",[],[197],"\u002Fwp-content\u002Fplugins\u002Fcallback\u002Fblock.js",[199,200],"callback\u002Fstyle.css?ver=","callback.js?ver=",{"cssClasses":202,"htmlComments":208,"htmlAttributes":209,"restEndpoints":211,"jsGlobals":212,"shortcodeOutput":215},[203,204,205,206,207],"callback_form","openmodal","opentoggle","modal","toggle",[],[210],"id=\"callback\"",[],[213,214],"callback_fields","callback_ajax_url",[216],"\u003Cform action=\"\" class=\"callback_form\" method=\"POST\" id=\"callback\">",{"slug":4,"current_version":6,"total_versions":218,"versions":219},2,[220,226],{"version":221,"download_url":21,"svn_tag_url":222,"released_at":23,"has_diff":97,"diff_files_changed":223,"diff_lines":23,"trac_diff_url":224,"vulnerabilities":225,"is_current":97},"1.1","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcallback\u002Ftags\u002F1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fcallback%2Ftags%2F1.0&new_path=%2Fcallback%2Ftags%2F1.1",[],{"version":6,"download_url":227,"svn_tag_url":228,"released_at":23,"has_diff":97,"diff_files_changed":229,"diff_lines":23,"trac_diff_url":23,"vulnerabilities":230,"is_current":101},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcallback.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcallback\u002Ftags\u002F1.0\u002F",[],[]]