[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fP4J8OoZdhi-Xr_poC0ebmMPbVzB1adPSD7z6vXH0Ynk":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":16,"download_link":18,"security_score":19,"vuln_count":11,"unpatched_count":11,"last_vuln_date":20,"fetched_at":21,"vulnerabilities":22,"developer":23,"crawl_stats":20,"alternatives":29,"analysis":30,"fingerprints":79},"cf7-hidden-widget","Contact Form 7 – Hidden Widget","0.1","iranalves85","https:\u002F\u002Fprofiles.wordpress.org\u002Firanalves85\u002F","\u003Cp>The plugin uses default javascript events of “Contact Form 7” plugin will trigger to show a widget with custom content. The user select wich form and event will listen and add content to show when that ocurred.\u003C\u002Fp>\n\u003Cp>Important: Tested at least version 5.6 of PHP language\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Show a custom content in any sidebar when a selected “Contact Form 7” fire a javascript event when submitted.\u003C\u002Fli>\n\u003Cli>Support shortcodes in custom content field.\u003C\u002Fli>\n\u003Cli>Support multiples widgets in same page.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>English: Default!\u003C\u002Fli>\n\u003Cli>Português – Opcional!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Thanks to WordPress Community for all!\u003C\u002Fli>\n\u003C\u002Ful>\n","An add-on for Contact Form 7 to show content in widget when a event form is fired.",0,1056,"2020-01-06T17:01:00.000Z","5.3.21","3.9.23","",[],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcf7-hidden-widget.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":24,"total_installs":25,"avg_security_score":26,"avg_patch_time_days":25,"trust_score":27,"computed_at":28},4,30,89,86,"2026-04-04T20:32:50.645Z",[],{"attackSurface":31,"codeSignals":55,"taintFlows":71,"riskAssessment":72,"analyzedAt":78},{"hooks":32,"ajaxHandlers":51,"restRoutes":52,"shortcodes":53,"cronEvents":54,"entryPointCount":11,"unprotectedCount":11},[33,39,43,47],{"type":34,"name":35,"callback":36,"file":37,"line":38},"action","admin_notices","cf7_hw_data_admin_notice","contact-form-7-hidden-widget.php",40,{"type":34,"name":40,"callback":41,"file":37,"line":42},"wp_footer","cf7_hw_form_submitted",231,{"type":34,"name":44,"callback":45,"file":37,"line":46},"widgets_init","cf7_hw_register_widgets",239,{"type":34,"name":48,"callback":49,"file":37,"line":50},"plugins_loaded","cf7_hw_register_init",247,[],[],[],[],{"dangerousFunctions":56,"sqlUsage":57,"outputEscaping":59,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":70},[],{"prepared":11,"raw":11,"locations":58},[],{"escaped":60,"rawEcho":61,"locations":62},14,3,[63,66,68],{"file":37,"line":64,"context":65},32,"raw output",{"file":37,"line":67,"context":65},37,{"file":37,"line":69,"context":65},138,[],[],{"summary":73,"deductions":74},"The \"cf7-hidden-widget\" v0.1 plugin exhibits a strong security posture based on the provided static analysis. The absence of identified AJAX handlers, REST API routes, shortcodes, or cron events indicates a minimal attack surface. Crucially, the analysis reveals no dangerous functions, no SQL queries without prepared statements, and no file operations, which are significant indicators of secure coding practices. Taint analysis also returned zero critical or high severity flows, further reinforcing this positive assessment. The plugin's vulnerability history is clean, with no recorded CVEs, suggesting a commitment to security or a lack of previous exploitation.  However, the static analysis does note that 18% of output is not properly escaped. While not a critical finding in itself, especially with the limited attack surface, it represents a potential area for concern if the plugin were to evolve and handle more sensitive data or interact with user-controlled content in the future.  Overall, the plugin appears safe given its current scope and analysis, but the minor unescaped output warrants a slight deduction.",[75],{"reason":76,"points":77},"Some output is not properly escaped",5,"2026-03-17T06:30:25.205Z",{"wat":80,"direct":89},{"assetPaths":81,"generatorPatterns":83,"scriptPaths":84,"versionParams":86},[82],"\u002Fwp-content\u002Fplugins\u002Fcf7-hidden-widget\u002Fstyle.css",[],[85],"\u002Fwp-content\u002Fplugins\u002Fcf7-hidden-widget\u002Fjs\u002Fcf7-hidden-widget.js",[87,88],"cf7-hidden-widget\u002Fstyle.css?ver=","cf7-hidden-widget\u002Fjs\u002Fcf7-hidden-widget.js?ver=",{"cssClasses":90,"htmlComments":92,"htmlAttributes":93,"restEndpoints":97,"jsGlobals":98,"shortcodeOutput":99},[91],"cc7_hw_widget",[],[94,95,96],"data-cf7-hidden-widget-form-id","data-cf7-hidden-widget-event","data-cf7-hidden-widget-content",[],[],[]]