[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fmvVeF7EO6tQkCFvqN023UoCFsEK9zUo7CEV3Y-x-qak":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":49,"crawl_stats":38,"alternatives":57,"analysis":148,"fingerprints":589},"captcha-for-contact-form-7","SilentShield – Captcha & Anti-Spam for WordPress (CF7, WPForms, Elementor, WooCommerce)","2.3.5","Forge12 Interactive GmbH","https:\u002F\u002Fprofiles.wordpress.org\u002Fforge12\u002F","\u003Cp>SilentShield is a \u003Cstrong>unified captcha and anti-spam plugin for WordPress\u003C\u002Fstrong>.\u003Cbr \u002F>\nIt works with the most popular form builders and protects login, registration, and comment forms – without slowing your site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why choose SilentShield?\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>Invisible defense\u003C\u002Fstrong> – Captcha, honeypot, and blacklists working silently.\u003Cbr \u002F>\n– \u003Cstrong>Instant results\u003C\u002Fstrong> – Install, activate, and stop spam.\u003Cbr \u002F>\n– \u003Cstrong>Universal support\u003C\u002Fstrong> – Works with Contact Form 7, WPForms, Elementor, WooCommerce, and more.\u003Cbr \u002F>\n– \u003Cstrong>Privacy-first\u003C\u002Fstrong> – No cookies, no tracking, fully GDPR \u002F DSGVO compliant.\u003C\u002Fp>\n\u003Cp>SilentShield doesn’t just protect forms.\u003Cbr \u002F>\nIt protects your time, your customers, your business.\u003C\u002Fp>\n\u003Ch3>Core Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Invisible Captcha (Arithmetic, Honeypot, Image)\u003C\u002Fli>\n\u003Cli>Smart IP Blocking & Blacklists\u003C\u002Fli>\n\u003Cli>Spam filters for links, code & keywords\u003C\u002Fli>\n\u003Cli>Whitelisting for admins & customers\u003C\u002Fli>\n\u003Cli>GDPR-ready, no cookies, no tracking\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Supported Form Plugins & Integrations\u003C\u002Fh3>\n\u003Cp>SilentShield protects forms from all major WordPress form builders and core features:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Form Builders:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Contact Form 7 (CF7)\u003Cbr \u002F>\n– WPForms \u002F WPForms Lite\u003Cbr \u002F>\n– Elementor Pro Forms\u003Cbr \u002F>\n– Gravity Forms\u003Cbr \u002F>\n– Fluent Forms\u003Cbr \u002F>\n– JetFormBuilder\u003Cbr \u002F>\n– Avada (Fusion Builder) Forms\u003C\u002Fp>\n\u003Cp>\u003Cstrong>WooCommerce:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Checkout (classic & PayPal Payments)\u003Cbr \u002F>\n– Login\u003Cbr \u002F>\n– Registration\u003C\u002Fp>\n\u003Cp>\u003Cstrong>WordPress Core:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Login form (wp-login.php)\u003Cbr \u002F>\n– Registration form\u003Cbr \u002F>\n– Comment forms\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Other:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Ultimate Member (Login & Registration)\u003Cbr \u002F>\n– WP Job Manager (Job Applications)\u003C\u002Fp>\n\u003Cp>Each integration can be enabled or disabled individually under \u003Cstrong>Settings > Extended\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch3>Protection Layers\u003C\u002Fh3>\n\u003Cp>SilentShield uses \u003Cstrong>10+ protection mechanisms\u003C\u002Fstrong> working together:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>Captcha\u003C\u002Fstrong> – Arithmetic math, honeypot, or image-based captcha\u003C\u002Fli>\n\u003Cli>\u003Cstrong>JavaScript Protection\u003C\u002Fstrong> – Detects submissions from bots without JS support\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Browser Detection\u003C\u002Fstrong> – Validates User-Agent strings\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Timer Protection\u003C\u002Fstrong> – Blocks submissions faster than a human can type\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple Submission Protection\u003C\u002Fstrong> – Prevents rapid duplicate submissions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP Rate Limiting\u003C\u002Fstrong> – Limits requests per IP and time window\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP Blacklist\u003C\u002Fstrong> – Block known bad IPs\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Content Rules\u003C\u002Fstrong> – Limit URLs, block BBCode, keyword blacklist\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Whitelist\u003C\u002Fstrong> – Skip validation for admins, logged-in users, or specific emails\u002FIPs\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SilentShield API\u003C\u002Fstrong> (Beta) – Cloud-based spam detection\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>The Promise\u003C\u002Fh3>\n\u003Cp>SilentShield is not “just another plugin.”\u003Cbr \u002F>\nIt’s an invisible wall against the background noise of the internet.\u003C\u002Fp>\n\u003Cp>Activate once – and your forms are human again.\u003C\u002Fp>\n\u003Ch3>Privacy & Telemetry\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>No cookies, no user tracking.\u003C\u002Fli>\n\u003Cli>Encrypted IP storage (max. 2 months, only for spam defense).\u003C\u002Fli>\n\u003Cli>Telemetry is optional and anonymized.\u003C\u002Fli>\n\u003Cli>You can disable telemetry anytime in plugin settings.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Collected fields:\u003Cbr \u002F>\n– \u003Ccode>plugin_slug\u003C\u002Fcode>, \u003Ccode>plugin_version\u003C\u002Fcode>\u003Cbr \u002F>\n– \u003Ccode>snapshot_date\u003C\u002Fcode>\u003Cbr \u002F>\n– \u003Ccode>settings_json\u003C\u002Fcode> (anonymized config – only boolean\u002Finteger flags, no free-text)\u003Cbr \u002F>\n– \u003Ccode>features_json\u003C\u002Fcode> (enabled features)\u003Cbr \u002F>\n– \u003Ccode>created_at\u003C\u002Fcode>, \u003Ccode>first_seen\u003C\u002Fcode>, \u003Ccode>last_seen\u003C\u002Fcode>\u003Cbr \u002F>\n– \u003Ccode>counters_json\u003C\u002Fcode> (spam events)\u003Cbr \u002F>\n– \u003Ccode>wp_version\u003C\u002Fcode>, \u003Ccode>php_version\u003C\u002Fcode>, \u003Ccode>locale\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>GDPR \u002F DSGVO Compliance\u003C\u002Fstrong>\u003Cbr \u002F>\n– Basis: \u003Cem>Art. 6 Abs. 1 lit. f DSGVO\u003C\u002Fem> (legitimate interest – plugin optimization).\u003Cbr \u002F>\n– No personal data, no cookies, no user tracking.\u003C\u002Fp>\n","SilentShield – the invisible shield against spam. Spam is the weed of the internet. It clogs your forms, steals your time, and corrupts your data.",10000,197845,92,18,"2026-02-20T11:14:00.000Z","6.9.4","5.2","7.4",[20,21,22,23,24],"captcha","contact-form-7","fluentform","honeypot","spam-protection","https:\u002F\u002Fwww.forge12.com\u002Fproduct\u002Fwordpress-captcha\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcaptcha-for-contact-form-7.2.3.5.zip",100,1,0,"2023-10-03 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2023-45009","captchahoneypot-for-contact-form-7-captcha-bypass","Captcha\u002FHoneypot for Contact Form 7 \u003C= 1.11.3 - Captcha Bypass","The Captcha\u002FHoneypot for Contact Form 7 plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 1.11.3. This makes it possible for unauthenticated attackers to bypass the Captcha Verification.",null,"\u003C=1.11.3","1.11.4","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Guessable CAPTCHA","2024-01-22 19:56:02",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F60e9351a-302b-4a31-8a9c-c0a0b6ee3fcd?source=api-prod",112,{"slug":50,"display_name":7,"profile_url":8,"plugin_count":51,"total_installs":52,"avg_security_score":53,"avg_patch_time_days":54,"trust_score":55,"computed_at":56},"forge12",6,11980,99,76,87,"2026-04-03T17:39:31.472Z",[58,77,98,116,133],{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":54,"num_ratings":68,"last_updated":69,"tested_up_to":16,"requires_at_least":70,"requires_php":71,"tags":72,"homepage":75,"download_link":76,"security_score":27,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"contact-form-7-honeypot","CF7 Apps – Honeypot, Database, Redirection, Webhook, and Addons for Contact Form 7","3.4.0","Saad Iqbal","https:\u002F\u002Fprofiles.wordpress.org\u002Fsaadiqbal\u002F","\u003Cp>\u003Cstrong>Add extra Spam Protection functionalities to your Contact Form 7 forms with CF7 Apps.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Contact Form 7 is one of the most popular form plugins for WordPress, but \u003Cstrong>it lacks many advanced features\u003C\u002Fstrong> that modern websites need. CF7 Apps adds extra Spam Protection functionalities to your Contact Form 7 forms, introducing honeypot and hCaptcha options.\u003C\u002Fp>\n\u003Cp>👉 Get Support: \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fcontact-form-7-honeypot\u002F\" rel=\"ugc\">Click Here\u003C\u002Fa>\u003Cbr \u002F>\n👉 Check out the \u003Ca href=\"https:\u002F\u002Fcf7apps.com\u002Fdocs\u002F?utm_source=wp_org&utm_medium=readme&utm_campaign=documentation\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>What CF7 Apps Can Do for You ?\u003C\u002Fh3>\n\u003Cp>Right out of the box, CF7 Apps includes:\u003C\u002Fp>\n\u003Cp>✅ \u003Cstrong>Honeypot App\u003C\u002Fstrong>\u003Cbr \u002F>\n✅ \u003Cstrong>hCaptcha App\u003C\u002Fstrong>\u003Cbr \u002F>\n✅ \u003Cstrong>Database Entries App\u003C\u002Fstrong>\u003Cbr \u002F>\n✅ \u003Cstrong>Redirection App\u003C\u002Fstrong>\u003Cbr \u002F>\n✅ \u003Cstrong>Webhook App\u003C\u002Fstrong>\u003Cbr \u002F>\n✅ \u003Cstrong>ACF Integeration\u003C\u002Fstrong>\u003Cbr \u002F>\n💡 \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fcf7apps.com\u002Fsubmit-idea\u002F?utm_source=wp_org&utm_medium=readme&utm_campaign=suggest_a_feature\" rel=\"nofollow ugc\">Suggest a Feature\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>And that’s just the beginning.\u003C\u002Fp>\n\u003Cp>🌟 \u003Cstrong>Save and Manage CF7 Form Submissions\u003C\u002Fstrong>\u003Cbr \u002F>\nThe Entries Database App stores all Contact Form 7 submissions directly to your WordPress database. Easily filter entries by form or date, view individual CF7 submissions, and export or delete them when needed. This ensures you never lose important leads or messages, even if emails fail to deliver.\u003C\u002Fp>\n\u003Cp>🌟 \u003Cstrong>Add a Honeypot Field to Prevent Spam\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Our \u003Cstrong>Honeypot Contact Form 7 extension\u003C\u002Fstrong> creates a hidden field inside your Contact Form 7 forms. Real users never see it, but bots do—and that’s how the bots fall for the trap. It blocks automated spam before it even hits your inbox.\u003C\u002Fp>\n\u003Cp>🌟 \u003Cstrong>Add hCaptcha to Contact Form 7\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Protect your forms from spam bots using \u003Cstrong>hCaptcha,\u003C\u002Fstrong> a privacy-friendly alternative to Google reCAPTCHA. This extension integrates directly with CF7 and works instantly after setup. No coding is required, and no extra plugins are needed. Just set up your site keys and you’re done.\u003C\u002Fp>\n\u003Cp>🌟 \u003Cstrong>Manage & View Contact Form 7 Entries\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Store, view, and manage all your Contact Form 7 submissions directly inside your WordPress dashboard. This extension logs every form entry automatically, giving you an organized record of user submissions. No coding or third-party tools required just activate and start tracking instantly.\u003C\u002Fp>\n\u003Cp>🌟 \u003Cstrong>Redirect Users After Form Submission\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Easily redirect users to any internal or external page after submitting a form. This extension lets you control the post-submission experience with custom URLs, thank-you pages, or marketing funnels. No coding needed configure your redirect URL and it works immediately.\u003C\u002Fp>\n\u003Cp>🌟 \u003Cstrong>Send Form Data via Webhooks\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Automatically forward your Contact Form 7 submission data to any external service using \u003Cstrong>webhooks.\u003C\u002Fstrong>This extension enables seamless API integrations, automation workflows, and third-party connections. No additional plugins or coding required just add your webhook URL and you’re ready to go.\u003C\u002Fp>\n\u003Cp>🌟 \u003Cstrong>Integrate ACF Fields into Your Forms\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Easily pull Advanced Custom Fields (ACF) data into your Contact Form 7 forms using the built-in ACF field tags. This integration lets you map and display your custom ACF fields directly inside CF7 without any extra plugins or coding. Just enable the feature, select your ACF fields, and your form is ready to use.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>NOTE:\u003C\u002Fstrong>\u003Cbr \u002F>\nThe best thing is that both features work independently. You can run them alone or together based on your site’s needs.\u003C\u002Fp>\n\u003Ch3>Real Use Cases for CF7 Apps\u003C\u002Fh3>\n\u003Cp>With the CF7 Apps, you can do the following:\u003Cbr \u002F>\n  ✔️ Trap bots using a honeypot field without affecting users\u003Cbr \u002F>\n  ✔️ Add hCaptcha to Contact Form 7 for privacy-first anti-spam\u003Cbr \u002F>\n  ✔️ Store and manage Contact Form 7 entries directly in WordPress\u003Cbr \u002F>\n  ✔️ Redirect your Contact Form 7 submissions to any internal or external page.\u003Cbr \u002F>\n  ✔️ Send your form data to any third-party service or custom endpoint through our Webhook.\u003Cbr \u002F>\n  ✔️ Display dynamic ACF field values inside your Contact Form 7 forms for personalized entries.\u003C\u002Fp>\n\u003Ch3>Why Should You Install CF7 Apps?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Works exclusively with Contact Form 7\u003C\u002Fli>\n\u003Cli>Modular design — activate only the features you need\u003C\u002Fli>\n\u003Cli>Lightweight — no unnecessary code or bloat\u003C\u002Fli>\n\u003Cli>Built for form security, user control, and advanced customization\u003C\u002Fli>\n\u003Cli>Continuously updated with new apps and requested features\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>We built CF7 Apps for users who want more power without abandoning the simplicity of Contact Form 7.\u003C\u002Fp>\n\u003Ch3>Try Our Other Awesome WordPress Plugins\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpost-smtp\u002F\" rel=\"ugc\">Post SMTP:\u003C\u002Fa>\u003C\u002Fstrong> Reliable WordPress email delivery plugin with detailed email logs and multiple SMTP integrations.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgutena-forms\u002F\" rel=\"ugc\">Gutena Forms:\u003C\u002Fa>\u003C\u002Fstrong> Create modern, responsive contact forms directly in the Gutenberg block editor. Includes advanced fields, spam protection (reCAPTCHA & Cloudflare Turnstile), and entry management.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-easy-pay\u002F\" rel=\"ugc\">WP EasyPay:\u003C\u002Fa>\u003C\u002Fstrong> Accept Square payments and donations easily on your WordPress site.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpassword-protected\u002F\" rel=\"ugc\">Password Protected:\u003C\u002Fa>\u003C\u002Fstrong> Secure your WordPress site, posts, pages, and categories with simple password protection.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffile-manager-advanced\u002F\" rel=\"ugc\">Advanced File Manager:\u003C\u002Fa>\u003C\u002Fstrong> Manage and organize WordPress files effortlessly from your dashboard.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwc-shop-sync\u002F\" rel=\"ugc\">WC Shop Sync:\u003C\u002Fa>\u003C\u002Fstrong> Add Square payments and sync WooCommerce products, customers, and orders with Square POS.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmycred\u002F\" rel=\"ugc\">myCred:\u003C\u002Fa>\u003C\u002Fstrong> Add gamification, rewards, ranks, and a points management system to your WordPress website.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbookify\u002F\" rel=\"ugc\">Bookify:\u003C\u002Fa>\u003C\u002Fstrong> Your complete online bookings and appointment scheduling solution for WordPress.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Faio-login\u002F\" rel=\"ugc\">All In One Login:\u003C\u002Fa>\u003C\u002Fstrong> Secure your WordPress login page, change wp-login.php URL, and add social logins including Google, Facebook, Microsoft, and LINE.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnew-user-approve\u002F\" rel=\"ugc\">New User Approve:\u003C\u002Fa>\u003C\u002Fstrong> Control new user registrations by approving or denying signups.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwpexperts.io\u002F\" rel=\"nofollow ugc\">WP Experts WooCommerce Store:\u003C\u002Fa>\u003C\u002Fstrong> Explore premium WooCommerce plugins and solutions by WPExperts.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contribute or Report Issues\u003C\u002Fh3>\n\u003Cp>Do you have a feature request or bug to report? Contact us via the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fcontact-form-7-honeypot\" rel=\"ugc\">official Support Channel.\u003C\u002Fa>\u003C\u002Fp>\n","Addons for Contact Form 7 — Honeypot, Database Entries, Redirection, Spam Protection, Webhooks, ACF integration for Contact Form 7, and more.",300000,5576961,131,"2026-01-30T04:54:00.000Z","4.8","5.6",[73,20,74,23,24],"anti-spam","cf7-database","https:\u002F\u002Fcf7apps.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcontact-form-7-honeypot.3.4.0.zip",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":87,"num_ratings":88,"last_updated":89,"tested_up_to":16,"requires_at_least":90,"requires_php":91,"tags":92,"homepage":91,"download_link":95,"security_score":53,"vuln_count":96,"unpatched_count":29,"last_vuln_date":97,"fetched_at":31},"contact-form-7-simple-recaptcha","Contact Form 7 Captcha","0.1.7","LukasApps","https:\u002F\u002Fprofiles.wordpress.org\u002F247wd\u002F","\u003Cp>Protect your Contact Form 7 forms with \u003Cstrong>Google reCAPTCHA V2\u003C\u002Fstrong>, \u003Cstrong>Google reCAPTCHA V3\u003C\u002Fstrong>, \u003Cstrong>hCAPTCHA\u003C\u002Fstrong>, or \u003Cstrong>Cloudflare Turnstile\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Easy integration and supports multiple forms on a single page.\u003C\u002Fp>\n\u003Ch3>Four CAPTCHA Options\u003C\u002Fh3>\n\u003Cp>Choose the CAPTCHA provider that works best for you:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Google reCAPTCHA V2\u003C\u002Fstrong> — The industry-standard “I’m not a robot” checkbox, trusted by millions of sites.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Google reCAPTCHA V3\u003C\u002Fstrong> — The industry-standard invisible score-based verification, trusted by millions of sites.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>hCAPTCHA\u003C\u002Fstrong> — A privacy-first alternative that offers robust bot protection while keeping user data secure.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cloudflare Turnstile\u003C\u002Fstrong> — A modern CAPTCHA that verifies users in the background, only requiring a simple click if the visitor appears suspicious.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Simple Setup\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Sign up with your chosen CAPTCHA provider and grab your Site Key and Secret Key.\u003C\u002Fli>\n\u003Cli>Paste them into \u003Cstrong>CF7 Captcha\u003C\u002Fstrong> in your WordPress admin.\u003C\u002Fli>\n\u003Cli>Add protection to any CF7 form in seconds using the shortcode provided in the same settings page.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Customizable Appearance\u003C\u002Fh3>\n\u003Cp>Each CAPTCHA widget supports customization options directly from the shortcode:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Size\u003C\u002Fstrong> — Choose between normal and compact to fit your form layout.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Theme\u003C\u002Fstrong> — Switch between light and dark themes (or auto for Turnstile) to match your site’s design.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Language\u003C\u002Fstrong> — Force any CAPTCHA to render in a specific language for your audience.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>All options are combinable, so you can mix and match to get the exact look you need.\u003C\u002Fp>\n\u003Ch3>Submission Insights (NEW in v0.1.7)\u003C\u002Fh3>\n\u003Cp>Go beyond just blocking spam. Submission Insights gives you full visibility into every form submission:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Sender IP\u003C\u002Fstrong> — See the IP address of the person who contacted you.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Source Page\u003C\u002Fstrong> — Know exactly which page on your site the form was filled out on.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Device & Browser\u003C\u002Fstrong> — Get technical details about the sender’s setup.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🚀 Want More? Upgrade to CF7 Captcha Pro\u003C\u002Fh3>\n\u003Cp>This free version gives you solid CAPTCHA protection. But the smartest bots are already solving CAPTCHAs.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>CF7 Captcha Pro\u003C\u002Fstrong> adds six extra layers of invisible spam defense on top of what you already have here, plus a full set of tools to capture and act on every lead your forms collect.\u003C\u002Fp>\n\u003Ch3>What you get with Pro\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>6-Layer Spam Defense\u003C\u002Fstrong> — stops 99.9% of spam without ever bothering your visitors:\u003Cbr \u002F>\n– \u003Cstrong>Advanced Honeypot\u003C\u002Fstrong> — invisible trap fields with names that regenerate every 24 hours.\u003Cbr \u002F>\n– \u003Cstrong>Time Limit Validation\u003C\u002Fstrong> — bots submit in 0.2 seconds. Humans take 15–30. This blocks anything that moves too fast (or stays too long).\u003Cbr \u002F>\n– \u003Cstrong>Rate Limiting\u003C\u002Fstrong> — caps submissions per IP so bot networks can’t flood your inbox or burn through your email quota.\u003Cbr \u002F>\n– \u003Cstrong>Geographic Blocking\u003C\u002Fstrong> — whitelist only the countries you serve, or blacklist known spam regions.\u003Cbr \u002F>\n– \u003Cstrong>IP Pattern Blocking\u003C\u002Fstrong> — block single IPs, wildcards, CIDR ranges, or entire subnets when you know exactly where an attack is coming from.\u003Cbr \u002F>\n– \u003Cstrong>Word Filter\u003C\u002Fstrong> — scans every submission for spam keywords, phishing URLs, and known scam phrases before it reaches you.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Lead Recovery\u003C\u002Fstrong> — 70% of people who start filling out a form never submit it. Pro captures their data in real-time as they type, so you can follow up on leads that would otherwise vanish.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Database Storage & Export\u003C\u002Fstrong> — every submission is saved with full metadata (IP, browser, referrer, timestamp). Export to CSV, Excel, JSON, or PDF whenever you need it. No more lost leads if your email fails.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Webhooks\u003C\u002Fstrong> — send form data instantly to any URL. Connect to Zapier, Salesforce, Slack, Google Sheets, or any custom API. Multiple webhooks per form, with retry logic built in.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Mailchimp Integration\u003C\u002Fstrong> — submissions automatically added to your Mailchimp lists. Field mapping, tags, opt-in handling.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Twilio SMS\u003C\u002Fstrong> — receive instant alerts for every submission or send automated SMS replies to your clients.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Comprehensive Logging\u003C\u002Fstrong> — every spam block, webhook call, and integration event is logged. Debug any issue in minutes instead of hours.\u003C\u002Fp>\n\u003Cp>👉 \u003Cstrong>\u003Ca href=\"https:\u002F\u002Flukasapps.de\u002Fwordpress\u002Fplugins\u002Fcf7-captcha-pro\u002F\" rel=\"nofollow ugc\">Get CF7 Captcha Pro\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n","Protect your Contact Form 7 forms with Google reCAPTCHA V2, Google reCAPTCHA V3, hCAPTCHA, or Cloudflare Turnstile.",100000,1042756,82,48,"2026-02-01T21:19:00.000Z","4.1.2","",[20,21,93,94,24],"hcaptcha","recaptcha","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcontact-form-7-simple-recaptcha.zip",2,"2022-06-27 00:00:00",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":108,"num_ratings":96,"last_updated":109,"tested_up_to":110,"requires_at_least":111,"requires_php":91,"tags":112,"homepage":114,"download_link":115,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"text-captcha-contact-form-7","Contact Form 7 Text CAPTCHA","1.0.0","Saurav Sharma","https:\u002F\u002Fprofiles.wordpress.org\u002Fsauravhny\u002F","\u003Cp>Secure your website Contact Form 7 forms from bots and hackers using plugin Contact Form 7 Text CAPTCHA. Just place shortcode \u003Ccode>[captchacf7* input-captcha-cf7 id:input-captcha-cf7]\u003C\u002Fcode> in your form where you want to show captcha. It protects your website from spams and abuse.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FZgcTMZIhVio?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Simple setup.\u003C\u002Fli>\n\u003Cli>Add Shortcode\u003C\u002Fli>\n\u003Cli>It will display in your form\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Support : \u003Ca href=\"https:\u002F\u002Fphpesperto.com\u002Fcontact\" rel=\"nofollow ugc\">https:\u002F\u002Fphpesperto.com\u002Fcontact\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Shortcode\u003C\u002Fh3>\n\u003Cp>Place shortcode [captchacf7* input-captcha-cf7 id:input-captcha-cf7] in contact form 7 form, where you want to display captcha.\u003C\u002Fp>\n","Secure your website Contact Form 7 forms from bots and hackers using plugin Contact Form 7 Text CAPTCHA. Just place shortcode [captchacf7* input-captc &hellip;",2000,7915,90,"2024-12-21T11:20:00.000Z","6.7.5","6.0.2",[20,21,94,24,113],"text-captcha","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftext-captcha-contact-form-7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftext-captcha-contact-form-7.2.0.0.zip",{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":27,"downloaded":124,"rating":27,"num_ratings":125,"last_updated":126,"tested_up_to":16,"requires_at_least":127,"requires_php":18,"tags":128,"homepage":131,"download_link":132,"security_score":27,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"math-captcha-for-contact-form-7","Math Captcha for Contact Form 7","1.0.5","Shohidul Islam Apu","https:\u002F\u002Fprofiles.wordpress.org\u002Fshohidulislamapu\u002F","\u003Cp>\u003Cstrong>Math Captcha for Contact Form 7\u003C\u002Fstrong> is the ultimate lightweight security solution for your WordPress site. Stop spam submissions and bot registrations instantly without using heavy scripts like Google reCAPTCHA.\u003C\u002Fp>\n\u003Cp>This plugin is no longer just for Contact Form 7! It has evolved into a \u003Cstrong>complete security suite\u003C\u002Fstrong> that protects your most critical forms, including WordPress Login, WooCommerce, and Tutor LMS.\u003C\u002Fp>\n\u003Ch3>🛡️ Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Smart Math Logic\u003C\u002Fstrong>: Choose from Addition (+), Subtraction (-), Multiplication (×), or Mixed (Random) challenges.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dynamic Difficulty\u003C\u002Fstrong>: Set difficulty levels (Easy, Medium, Hard) to balance security and user experience.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smart IP Blocking\u003C\u002Fstrong>: Automatically lock out IP addresses after too many failed attempts to prevent brute-force attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WP Login Protection\u003C\u002Fstrong>: Secure your default WordPress Admin Login page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce Integration\u003C\u002Fstrong>: Protect WooCommerce Login and Registration forms from fake customer accounts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Tutor LMS Support\u003C\u002Fstrong>: ideal for course sites! Stop spam student registrations and logins.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User Experience\u003C\u002Fstrong>: Option to \u003Cstrong>hide captcha for logged-in users\u003C\u002Fstrong> (Admins\u002FMembers).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Messages\u003C\u002Fstrong>: Change the error message to match your site’s tone.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight & Fast\u003C\u002Fstrong>: No external API calls, tracking scripts, or cookies. 100% GDPR compliant.\u003C\u002Fli>\n\u003C\u002Ful>\n","A powerful, lightweight, and smart Math Captcha solution to block spam from Contact Form 7, WP Login, WooCommerce, and Tutor LMS forms.",677,3,"2026-02-20T12:42:00.000Z","5.8",[20,21,24,129,130],"tutor-lms","woocommerce","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmath-captcha-for-contact-form-7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmath-captcha-for-contact-form-7.zip",{"slug":134,"name":135,"version":136,"author":137,"author_profile":138,"description":139,"short_description":140,"active_installs":141,"downloaded":142,"rating":27,"num_ratings":28,"last_updated":143,"tested_up_to":16,"requires_at_least":144,"requires_php":18,"tags":145,"homepage":91,"download_link":147,"security_score":27,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"botshield-captcha","BotShield CAPTCHA for Contact Form 7","2.0.0","R.Sabbir","https:\u002F\u002Fprofiles.wordpress.org\u002Fsabbir37\u002F","\u003Cp>Stop contact form spam instantly with \u003Cstrong>BotShield CAPTCHA for Contact Form 7\u003C\u002Fstrong>. This all-in-one spam protection plugin integrates \u003Cstrong>Google reCAPTCHA (v2 Checkbox & v3 Invisible)\u003C\u002Fstrong>, \u003Cstrong>Cloudflare Turnstile\u003C\u002Fstrong> (Privacy-Focused), and lightweight \u003Cstrong>Built-in Arithmetic\u002FImage Challenges\u003C\u002Fstrong> to block bots while letting real users pass.\u003C\u002Fp>\n\u003Cp>Whether you need strict security or a friction-free user experience, BotShield gives you complete control over your specific form protection needs. No more spam submissions, fake leads, or automated bot attacks.\u003C\u002Fp>\n\u003Cp>Protect Your Store with \u003Cstrong>Enterprise-grade CAPTCHA & Security\u003C\u002Fstrong>. \u003Ca href=\"https:\u002F\u002Fwoocommerce.com\u002Fproducts\u002Fsecuregate-captcha\u002F\" rel=\"nofollow ugc\">SecureGate CAPTCHA\u003C\u002Fa> provides full-site protection, blocking bots, spam, and fraud using Cloudflare Turnstile, Google reCAPTCHA, hCaptcha, and Geo-Blocking — keeping your store fast, secure, and bot-free.\u003C\u002Fp>\n\u003Ch4>Key Features & Benefits\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Multi-Provider Support\u003C\u002Fstrong>: Choose between Google reCAPTCHA, Cloudflare Turnstile, or Self-hosted challenges.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Google reCAPTCHA Integration\u003C\u002Fstrong>: Supports both \u003Cstrong>v2 (“I’m not a robot”)\u003C\u002Fstrong> and \u003Cstrong>v3 (Invisible)\u003C\u002Fstrong> keys.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cloudflare Turnstile\u003C\u002Fstrong>: The modern, privacy-friendly alternative that stops bots without annoying puzzles.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight Built-in Protection\u003C\u002Fstrong>: Use simple Math or Image CAPTCHAs without needing any external API keys.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Seamless Contact Form 7 Integration\u003C\u002Fstrong>: Adds a dedicated “BotShield” tag generator button directly to the CF7 editor.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Mobile Optimized\u003C\u002Fstrong>: Fully responsive challenges that work perfectly on smartphones and tablets.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>GDPR Compliant Options\u003C\u002Fstrong>: Turnstile and Built-in modes offer excellent privacy compliance.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Accessibility Ready\u003C\u002Fstrong>: WCAG 2.1 compliant designs for screen reader support.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Flexible Protection Options\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>1. Google reCAPTCHA (The Industry Standard)\u003C\u002Fstrong>\u003Cbr \u002F>\n*   \u003Cstrong>v2 Checkbox\u003C\u002Fstrong>: The classic “I’m not a robot” checkbox users trust.\u003Cbr \u002F>\n*   \u003Cstrong>v3 Invisible\u003C\u002Fstrong>: valid users are verified in the background with zero interaction.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>2. Cloudflare Turnstile (Privacy-First)\u003C\u002Fstrong>\u003Cbr \u002F>\n*   Verify visitors without solving complex puzzles. Smart, fast, and respectful of user privacy.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>3. Built-in Challenges (No Keys Required)\u003C\u002Fstrong>\u003Cbr \u002F>\n*   \u003Cstrong>Arithmetic\u003C\u002Fstrong>: Simple math questions (e.g., 7 + 2 = ?) effective against basic bots.\u003Cbr \u002F>\n*   \u003Cstrong>Alphanumeric\u003C\u002Fstrong>: Distorted text images for traditional verification.\u003Cbr \u002F>\n*   \u003Cem>Zero external dependency, 100% self-hosted.\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch4>Perfect For\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Contact forms\u003C\u002Fli>\n\u003Cli>Registration forms\u003C\u002Fli>\n\u003Cli>Quote request forms\u003C\u002Fli>\n\u003Cli>Newsletter signups\u003C\u002Fli>\n\u003Cli>Any Contact Form 7 form needing spam protection\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 5.0 or higher\u003C\u002Fli>\n\u003Cli>Contact Form 7 plugin (must be active)\u003C\u002Fli>\n\u003Cli>PHP 7.4 or higher\u003C\u002Fli>\n\u003Cli>GD PHP extension for image CAPTCHAs\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>BotShield CAPTCHA does not:\u003Cbr \u002F>\n* Collect any personal data\u003Cbr \u002F>\n* Store user information\u003Cbr \u002F>\n* Transmit data to external servers\u003Cbr \u002F>\n* Use cookies or tracking\u003Cbr \u002F>\n* Share information with third parties\u003C\u002Fp>\n\u003Cp>All CAPTCHA processing happens locally on your WordPress server. The plugin is fully GDPR compliant.\u003C\u002Fp>\n\u003Ch3>Support & Documentation\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Support Forum: https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fbotshield-captcha\u002F\u003C\u002Fli>\n\u003Cli>Developer Website: https:\u002F\u002Fwww.rsabbir.com\u002F\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contributing\u003C\u002Fh3>\n\u003Cp>Contributions are welcome! Contact the developer or visit the GitHub repository to contribute to this plugin’s development.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Developed by R. Sabbir (https:\u002F\u002Fwww.rsabbir.com\u002F)\u003C\u002Fli>\n\u003Cli>Tested with Contact Form 7 6.1.4 and later\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Technical Specifications\u003C\u002Fh3>\n\u003Ch4>Server Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 5.0 or higher\u003C\u002Fli>\n\u003Cli>PHP 7.4 or higher\u003C\u002Fli>\n\u003Cli>Contact Form 7 plugin (active)\u003C\u002Fli>\n\u003Cli>GD PHP extension (for image CAPTCHAs)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Browser Support\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Chrome (latest versions)\u003C\u002Fli>\n\u003Cli>Firefox (latest versions)\u003C\u002Fli>\n\u003Cli>Safari (latest versions)\u003C\u002Fli>\n\u003Cli>Microsoft Edge (latest versions)\u003C\u002Fli>\n\u003Cli>Mobile browsers (iOS Safari, Chrome Mobile)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Security Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Token-based validation system\u003C\u002Fli>\n\u003Cli>HMAC-SHA256 signature verification\u003C\u002Fli>\n\u003Cli>Automatic token expiration (5 minutes)\u003C\u002Fli>\n\u003Cli>XSS protection\u003C\u002Fli>\n\u003Cli>CSRF token protection\u003C\u002Fli>\n\u003Cli>No session storage required\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Performance\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Code: ~50KB total size\u003C\u002Fli>\n\u003Cli>Assets: Minified and optimized\u003C\u002Fli>\n\u003Cli>Loading: Conditional asset loading on relevant pages\u003C\u002Fli>\n\u003Cli>HTTP Requests: Zero external requests\u003C\u002Fli>\n\u003Cli>Caching: Compatible with all major WordPress cache plugins\u003C\u002Fli>\n\u003C\u002Ful>\n","BotShield CAPTCHA for Contact Form 7 – Advanced Spam Protection with Turnstile, reCAPTCHA, Arithmetic, and Alphanumeric.",10,286,"2026-01-19T21:15:00.000Z","5.0",[20,21,94,24,146],"turnstile","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbotshield-captcha.2.0.0.zip",{"attackSurface":149,"codeSignals":354,"taintFlows":517,"riskAssessment":573,"analyzedAt":588},{"hooks":150,"ajaxHandlers":342,"restRoutes":343,"shortcodes":344,"cronEvents":345,"entryPointCount":29,"unprotectedCount":29},[151,157,161,166,171,176,179,182,184,189,192,195,198,202,205,209,213,217,222,225,229,233,238,242,245,248,252,254,257,259,263,268,272,275,280,283,287,289,294,299,302,306,309,311,315,318,322,325,329,332,335,338],{"type":152,"name":153,"callback":154,"file":155,"line":156},"action","admin_init","addHooks","compatibility\\cf7\\Backend.class.php",25,{"type":152,"name":158,"callback":159,"priority":141,"file":155,"line":160},"wpcf7_init","addFormTag",26,{"type":162,"name":163,"callback":164,"priority":141,"file":155,"line":165},"filter","wpcf7_validate_f12_captcha","validateCaptcha",27,{"type":162,"name":167,"callback":168,"priority":141,"file":169,"line":170},"wpcf7_display_message","closure","compatibility\\cf7\\ControllerCF7.class.php",78,{"type":162,"name":172,"callback":173,"file":174,"line":175},"f12_cf7_captcha_wc_login_validated","__return_true","compatibility\\ultimatemember\\ControllerUltimateMember.class.php",80,{"type":162,"name":177,"callback":173,"file":174,"line":178},"f12_cf7_captcha_wc_registration_validated",81,{"type":162,"name":172,"callback":173,"file":180,"line":181},"compatibility\\woocommerce-login\\ControllerWoocommerceLogin.class.php",44,{"type":162,"name":177,"callback":173,"file":183,"line":181},"compatibility\\woocommerce-registration\\ControllerWoocommerceRegistration.class.php",{"type":152,"name":185,"callback":186,"file":187,"line":188},"f12_cf7_captcha_compatibilities_loaded","wp_init","core\\BaseController.class.php",69,{"type":162,"name":190,"callback":168,"file":191,"line":14},"kses_allowed_protocols","core\\bootstrap.php",{"type":162,"name":193,"callback":168,"priority":141,"file":191,"line":194},"wp_img_tag_add_loading_attr",28,{"type":162,"name":196,"callback":168,"file":191,"line":197},"avada_lazyload_exclude_images",39,{"type":162,"name":199,"callback":168,"priority":200,"file":191,"line":201},"the_content",999,49,{"type":152,"name":203,"callback":168,"file":191,"line":204},"plugins_loaded",97,{"type":152,"name":206,"callback":168,"file":207,"line":208},"after_setup_theme","core\\Compatibility.class.php",55,{"type":152,"name":210,"callback":211,"priority":141,"file":207,"line":212},"f12_cf7_captcha_ui_after_load_compatibilities","wp_register_components",58,{"type":152,"name":214,"callback":215,"file":216,"line":181},"weeklyIPClear","clean","core\\log\\Log_Cleaner.class.php",{"type":152,"name":218,"callback":219,"file":220,"line":221},"init","wp_register_taxonomy","core\\log\\Log_WordPress.class.php",67,{"type":152,"name":218,"callback":223,"file":220,"line":224},"wp_register_post_type",75,{"type":152,"name":226,"callback":227,"file":220,"line":228},"admin_menu","wp_set_admin_submenu_page",83,{"type":162,"name":230,"callback":231,"file":220,"line":232},"parent_file","wp_set_admin_menu_active",88,{"type":162,"name":234,"callback":235,"file":236,"line":237},"f12-cf7-captcha-log-data","get_log_data","core\\protection\\browser\\Browser.php",93,{"type":152,"name":239,"callback":215,"file":240,"line":241},"dailyCaptchaClear","core\\protection\\captcha\\CaptchaCleaner.class.php",29,{"type":152,"name":239,"callback":243,"file":240,"line":244},"maybe_fill_captcha_pool",30,{"type":152,"name":246,"callback":243,"file":240,"line":247},"f12_captcha_pool_fill",33,{"type":162,"name":249,"callback":250,"file":240,"line":251},"cron_schedules","add_cron_intervals",41,{"type":152,"name":214,"callback":215,"file":253,"line":241},"core\\protection\\ip\\IPBanCleaner.class.php",{"type":152,"name":214,"callback":215,"file":255,"line":256},"core\\protection\\ip\\IPLogCleaner.class.php",21,{"type":162,"name":234,"callback":235,"file":258,"line":88},"core\\protection\\javascript\\Javascript_Validator.php",{"type":152,"name":185,"callback":260,"file":261,"line":262},"on_init","core\\protection\\Protection.class.php",57,{"type":162,"name":264,"callback":265,"priority":141,"file":266,"line":267},"f12-cf7-captcha-ruleregex-exclusion-counter","wp_add_exclusions","core\\protection\\rules\\RuleRegex.class.php",37,{"type":152,"name":269,"callback":270,"file":271,"line":247},"admin_enqueue_scripts","load_assets","core\\protection\\rules\\RulesAjax.class.php",{"type":162,"name":167,"callback":273,"priority":141,"file":274,"line":212},"get_spam_message","core\\protection\\rules\\RulesHandler.class.php",{"type":152,"name":276,"callback":277,"file":278,"line":279},"rest_api_init","register_routes","core\\rest\\RestController.class.php",43,{"type":162,"name":281,"callback":282,"priority":141,"file":278,"line":181},"rest_post_dispatch","add_security_headers",{"type":152,"name":284,"callback":285,"file":286,"line":96},"admin_notices","f12_cf7_captcha_maybe_show_review_notice","core\\review.php",{"type":152,"name":153,"callback":288,"file":286,"line":125},"f12_cf7_captcha_handle_review_actions",{"type":152,"name":290,"callback":291,"priority":292,"file":293,"line":156},"wp_footer","wp_add_link",9999,"core\\Support.class.php",{"type":152,"name":295,"callback":296,"file":297,"line":298},"f12_cf7_captcha_daily_telemetry","anonymous","core\\telemetry.php",163,{"type":152,"name":300,"callback":215,"file":301,"line":165},"dailyCaptchaTimerClear","core\\timer\\CaptchaTimerCleaner.class.php",{"type":152,"name":218,"callback":303,"file":304,"line":305},"_init","core\\timer\\Timer_Controller.class.php",40,{"type":152,"name":218,"callback":168,"file":307,"line":308},"f12-cf7-captcha.php",299,{"type":152,"name":218,"callback":168,"file":307,"line":310},304,{"type":162,"name":312,"callback":313,"file":307,"line":314},"f12-cf7-captcha_settings_loaded","wp_load_blacklist",310,{"type":152,"name":269,"callback":316,"file":307,"line":317},"load_admin_assets",324,{"type":152,"name":319,"callback":320,"file":307,"line":321},"wp_enqueue_scripts","load_frontend_assets",325,{"type":152,"name":323,"callback":320,"file":307,"line":324},"login_enqueue_scripts",326,{"type":152,"name":326,"callback":327,"priority":141,"file":307,"line":328},"in_plugin_update_message-f12-cf7-captcha\u002Ff12-cf7-captcha.php","wp_show_update_message",330,{"type":152,"name":269,"callback":330,"file":331,"line":279},"load_scripts","ui\\core\\UI_Asset_Handler.php",{"type":152,"name":269,"callback":333,"file":331,"line":334},"load_styles",46,{"type":152,"name":226,"callback":336,"file":337,"line":241},"add_submenu_pages","ui\\core\\UI_WordPress.php",{"type":152,"name":339,"callback":340,"file":337,"line":341},"admin_head","hide_submenu_pages",34,[],[],[],[346,349,350,351,353],{"hook":295,"callback":295,"file":347,"line":348},"core\\cron.php",14,{"hook":214,"callback":214,"file":347,"line":241},{"hook":239,"callback":239,"file":347,"line":181},{"hook":300,"callback":300,"file":347,"line":352},59,{"hook":246,"callback":246,"file":240,"line":267},{"dangerousFunctions":355,"sqlUsage":356,"outputEscaping":369,"fileOperations":125,"externalRequests":125,"nonceChecks":515,"capabilityChecks":96,"bundledLibraries":516},[],{"prepared":357,"raw":125,"locations":358},56,[359,363,365],{"file":360,"line":361,"context":362},"core\\protection\\ip\\Salt.class.php",188,"$wpdb->query() with variable interpolation",{"file":360,"line":142,"context":364},"$wpdb->get_var() with variable interpolation",{"file":366,"line":367,"context":368},"core\\settings\\Form_Discovery.php",279,"$wpdb->get_results() with variable interpolation",{"escaped":370,"rawEcho":371,"locations":372},510,65,[373,376,378,380,383,384,386,388,390,391,394,396,397,400,401,403,406,408,410,412,414,416,419,421,423,426,428,430,433,435,437,440,442,444,446,448,450,452,454,457,460,462,465,467,470,472,474,477,480,482,484,486,488,490,492,494,496,498,500,502,504,506,508,510,513],{"file":374,"line":352,"context":375},"compatibility\\elementor\\ControllerElementor.class.php","raw output",{"file":377,"line":181,"context":375},"compatibility\\fluentform\\ControllerFluentform.class.php",{"file":377,"line":379,"context":375},105,{"file":381,"line":382,"context":375},"compatibility\\jetform\\ControllerJetForm.class.php",94,{"file":174,"line":334,"context":375},{"file":174,"line":385,"context":375},51,{"file":387,"line":197,"context":375},"compatibility\\woocommerce-checkout\\ControllerWoocommerceCheckout.class.php",{"file":389,"line":197,"context":375},"compatibility\\wpforms\\ControllerWPForms.class.php",{"file":187,"line":361,"context":375},{"file":392,"line":393,"context":375},"core\\settings\\Override_Panel_Renderer.php",382,{"file":392,"line":395,"context":375},408,{"file":293,"line":48,"context":375},{"file":398,"line":399,"context":375},"templates\\captcha\\template-0.php",45,{"file":398,"line":262,"context":375},{"file":398,"line":402,"context":375},62,{"file":404,"line":405,"context":375},"templates\\captcha\\template-1.php",50,{"file":404,"line":407,"context":375},60,{"file":404,"line":409,"context":375},72,{"file":411,"line":385,"context":375},"templates\\captcha\\template-2.php",{"file":411,"line":413,"context":375},61,{"file":411,"line":415,"context":375},63,{"file":417,"line":418,"context":375},"ui\\controller\\deprecated\\UI_Avada.php",172,{"file":417,"line":420,"context":375},213,{"file":417,"line":422,"context":375},230,{"file":424,"line":425,"context":375},"ui\\controller\\deprecated\\UI_CF7.php",166,{"file":424,"line":427,"context":375},207,{"file":424,"line":429,"context":375},224,{"file":431,"line":432,"context":375},"ui\\controller\\deprecated\\UI_Comments.php",127,{"file":431,"line":434,"context":375},169,{"file":431,"line":436,"context":375},187,{"file":438,"line":439,"context":375},"ui\\controller\\deprecated\\UI_Elementor.php",145,{"file":438,"line":441,"context":375},185,{"file":438,"line":443,"context":375},202,{"file":445,"line":232,"context":375},"ui\\controller\\deprecated\\UI_Filter_Rules.php",{"file":445,"line":447,"context":375},104,{"file":445,"line":449,"context":375},143,{"file":445,"line":451,"context":375},204,{"file":445,"line":453,"context":375},222,{"file":455,"line":456,"context":375},"ui\\controller\\deprecated\\UI_GravityForms.php",153,{"file":458,"line":459,"context":375},"ui\\controller\\deprecated\\UI_Ultimate_Member.php",161,{"file":458,"line":461,"context":375},250,{"file":463,"line":464,"context":375},"ui\\controller\\deprecated\\UI_Woocommerce.php",160,{"file":463,"line":466,"context":375},251,{"file":468,"line":469,"context":375},"ui\\controller\\deprecated\\UI_Wordpress.php",147,{"file":468,"line":471,"context":375},237,{"file":473,"line":456,"context":375},"ui\\controller\\deprecated\\UI_WPForms.php",{"file":475,"line":476,"context":375},"ui\\controller\\UI_Beta.php",135,{"file":478,"line":479,"context":375},"ui\\controller\\UI_Extended.php",426,{"file":478,"line":481,"context":375},467,{"file":478,"line":483,"context":375},879,{"file":478,"line":485,"context":375},932,{"file":478,"line":487,"context":375},953,{"file":478,"line":489,"context":375},974,{"file":478,"line":491,"context":375},1042,{"file":478,"line":493,"context":375},1118,{"file":478,"line":495,"context":375},1177,{"file":478,"line":497,"context":375},1222,{"file":478,"line":499,"context":375},1317,{"file":478,"line":501,"context":375},1473,{"file":478,"line":503,"context":375},1582,{"file":478,"line":505,"context":375},1610,{"file":478,"line":507,"context":375},1650,{"file":478,"line":509,"context":375},1693,{"file":511,"line":512,"context":375},"ui\\controller\\UI_Forms.php",264,{"file":511,"line":514,"context":375},277,4,[],[518,544,554,565],{"entryPoint":519,"graph":520,"unsanitizedCount":29,"severity":543},"delete_timer (core\\protection\\time\\TimerValidatorController.class.php:62)",{"nodes":521,"edges":538},[522,527,531],{"id":523,"type":524,"label":525,"file":526,"line":409},"n0","source","$_POST","core\\protection\\time\\TimerValidatorController.class.php",{"id":528,"type":529,"label":530,"file":526,"line":409},"n1","transform","→ delete_by_hash()",{"id":532,"type":533,"label":534,"file":535,"line":536,"wp_function":537},"n2","sink","query() [SQLi]","core\\timer\\CaptchaTimer.class.php",663,"query",[539,541],{"from":523,"to":528,"sanitized":540},false,{"from":528,"to":532,"sanitized":542},true,"low",{"entryPoint":545,"graph":546,"unsanitizedCount":29,"severity":543},"\u003CTimerValidatorController.class> (core\\protection\\time\\TimerValidatorController.class.php:0)",{"nodes":547,"edges":551},[548,549,550],{"id":523,"type":524,"label":525,"file":526,"line":409},{"id":528,"type":529,"label":530,"file":526,"line":409},{"id":532,"type":533,"label":534,"file":535,"line":536,"wp_function":537},[552,553],{"from":523,"to":528,"sanitized":540},{"from":528,"to":532,"sanitized":542},{"entryPoint":555,"graph":556,"unsanitizedCount":28,"severity":543},"on_save (ui\\controller\\deprecated\\UI_Filter_Rules.php:23)",{"nodes":557,"edges":563},[558,560],{"id":523,"type":524,"label":559,"file":445,"line":194},"$_POST[$key]",{"id":528,"type":533,"label":561,"file":445,"line":194,"wp_function":562},"update_option() [Settings Manipulation]","update_option",[564],{"from":523,"to":528,"sanitized":540},{"entryPoint":566,"graph":567,"unsanitizedCount":28,"severity":543},"\u003CUI_Filter_Rules> (ui\\controller\\deprecated\\UI_Filter_Rules.php:0)",{"nodes":568,"edges":571},[569,570],{"id":523,"type":524,"label":559,"file":445,"line":194},{"id":528,"type":533,"label":561,"file":445,"line":194,"wp_function":562},[572],{"from":523,"to":528,"sanitized":540},{"summary":574,"deductions":575},"The plugin 'captcha-for-contact-form-7' v2.3.5 exhibits a generally good security posture, with several positive indicators. The attack surface is notably clean, with no AJAX handlers, REST API routes, or shortcodes found. The majority of SQL queries (95%) are prepared, and a high percentage of output (89%) is properly escaped, suggesting developers have taken care to prevent common web vulnerabilities. The plugin also incorporates nonce and capability checks, further bolstering its defenses.\n\nHowever, some areas warrant attention. The presence of two flows with unsanitized paths in the taint analysis, although not resulting in critical or high severity issues, indicates a potential for indirect manipulation if these paths are used in file operations or other sensitive contexts. Furthermore, the plugin has a history of known vulnerabilities, including a medium-severity one, and a past common vulnerability type of 'Guessable CAPTCHA'. While the most recent vulnerability is patched, this history suggests that the plugin might be a target for attackers and requires ongoing vigilance.\n\nIn conclusion, while the current version shows good adherence to many security best practices and has a small attack surface, the past vulnerability history and the presence of unsanitized paths in taint flows are areas that require careful monitoring and potentially further investigation to ensure complete security. The plugin's strengths lie in its minimal entry points and good data handling practices, but its past suggests a need for continued security focus.",[576,579,582,584,586],{"reason":577,"points":578},"Known medium severity CVE present",15,{"reason":580,"points":581},"Flows with unsanitized paths (potential risk)",5,{"reason":583,"points":125},"Limited capability checks (2)",{"reason":585,"points":96},"File operations present (3)",{"reason":587,"points":96},"External HTTP requests present (3)","2026-03-16T17:49:39.582Z",{"wat":590,"direct":599},{"assetPaths":591,"generatorPatterns":594,"scriptPaths":595,"versionParams":596},[592,593],"\u002Fwp-content\u002Fplugins\u002Fcaptcha-for-contact-form-7\u002Fbuild\u002Fcss\u002Fmain.css","\u002Fwp-content\u002Fplugins\u002Fcaptcha-for-contact-form-7\u002Fbuild\u002Fjs\u002Fcaptcha-for-contact-form-7.js",[],[593],[597,598],"captcha-for-contact-form-7\u002Fbuild\u002Fcss\u002Fmain.css?ver=","captcha-for-contact-form-7\u002Fbuild\u002Fjs\u002Fcaptcha-for-contact-form-7.js?ver=",{"cssClasses":600,"htmlComments":603,"htmlAttributes":606,"restEndpoints":609,"jsGlobals":611,"shortcodeOutput":613},[601,602],"f12-cf7-captcha-wrapper","f12-cf7-captcha-input-wrapper",[604,605],"\u003C!-- F12 CAPTCHA START -->","\u003C!-- F12 CAPTCHA END -->",[607,608],"data-f12-cf7-captcha-site-key","data-f12-cf7-captcha-theme",[610],"\u002Fwp-json\u002Ff12-cf7-captcha\u002Fv1\u002Fcaptcha-config",[612],"f12_cf7_captcha_settings",[614],"[f12_cf7_captcha]"]