[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fMhLeBa3WiFA9LynPZXGSA8KKwviGb-d3YvVYUEXspnQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":17,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":36,"analysis":146,"fingerprints":331},"citizens-feedbacks","Citizens Feedbacks","1.1.1","kryu dev web","https:\u002F\u002Fprofiles.wordpress.org\u002Fkryu\u002F","\u003Cp>Citizens Feedbacks for WordPress is a plugin for recieving feedback from citizens, plus the plugin provide ‘Check status’ form to check feedback’s status.\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>To display ‘Citizens Feedback’ form add a shortcode [show_cfeedbacks_form] to a page.\u003Cbr \u002F>\nTo display ‘Check feedback status’ form add a shortcode [check_status] to a page.\u003C\u002Fp>\n","Simple citizens feedback form.",10,1523,0,"2016-07-07T08:05:00.000Z","4.5.33","3.0.1","",[19,20,21,22,23],"citizens","citizens-appeals","citizens-feedback","feedback","feedback-form","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcitizens-feedbacks.1.1.1.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"kryu",2,20,30,84,"2026-04-04T11:54:27.418Z",[37,63,85,107,125],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":58,"download_link":59,"security_score":60,"vuln_count":61,"unpatched_count":13,"last_vuln_date":62,"fetched_at":27},"pirate-forms","Contact Form & SMTP Plugin for WordPress by PirateForms","2.6.1","Syed Balkhi","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmub\u002F","\u003Cp>\u003Cstrong>Pirate Forms is no longer under active development. We recommend using \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpforms-lite\u002F\" rel=\"friend ugc\">WPForms\u003C\u002Fa> because it is the most beginner-friendly WordPress contact form plugin in the market.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>In Sep 2018, \u003Ca href=\"https:\u002F\u002Fwpforms.com\u002Fwpforms-has-acquired-pirate-forms\u002F\" rel=\"friend nofollow ugc\">Pirate Forms was acquired by WPForms\u003C\u002Fa>. We’re retiring Pirate Forms in favor of the modern form builder by WPForms, so users can have access to best user experience and more powerful WordPress form features.\u003C\u002Fp>\n\u003Cp>Stay in touch with your visitors very easily. Pirate Contact Forms offers you a great and friendly contact form for your website.\u003Cbr \u002F>\nThis is an easy-to-use WordPress contact form with captcha plugin. To create a contact form you just need to use the [pirate_forms] shortcode or use the WordPress contact form widget.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Time-saving features available in the FULL WPForms version:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Unlimited Forms\u003C\u002Fli>\n\u003Cli>Email Marketing Integrations (MailChimp, AWeber, Constant Contact, and more)\u003C\u002Fli>\n\u003Cli>Payment Integrations (PayPal and Stripe)\u003C\u002Fli>\n\u003Cli>Surveys & Polls Addon\u003C\u002Fli>\n\u003Cli>Conditional Logic\u003C\u002Fli>\n\u003Cli>User Registration, Geo-location, File Uploads, Multi-Page Forms, and a whole lot more.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwpforms.com\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=pirateformslite\" title=\"WPForms\" rel=\"friend nofollow ugc\">Learn more about WPForms Pro\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Why use our responsive WordPress Contact Form:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>It’s easy to use\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This Contact Form 7 or any form builder alternative is very easy to set up. You can quickly create an engaging contact form by using a shortcode and copying it where you want it to appear.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>It’s fully customizable\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This WordPress Contact Form plugin allows you to customize everything you want. You can change the field labels and decide what message to tell your visitors when an error shows up. You can also decide which fields are required and which are not.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Provides reCaptcha\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Avoid spam messages and make sure the e-mails you receive are entirely addressed to you.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Comes with SMTP\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Pirate Form comes with basic SMTP options, so you won’t miss any email from your visitors. The messages will be safely delivered from the source to your personal e-mail address.\u003C\u002Fp>\n\u003Cp>However for a more reliable SMTP solution, we recommend using \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-mail-smtp\u002F\" rel=\"ugc\">WP Mail SMTP by WPForms\u003C\u002Fa> which is the most popular WordPress SMTP solution being used by over 1 million websites.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Stores contacts in special databases\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can keep all the contacts in an archive by saving their e-mail addresses. Pirate Contact Form allows you to do that by providing contact databases.\u003C\u002Fp>\n\u003Cp>A simple to use contact form plugin for creating a clean contact form using the [pirate_forms] shortcode or the ‘Pirate Forms’ form widget.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Provides option to allow submitting the form using AJAX\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Standard contact forms work just fine, but you can make them nicer by using AJAX to submit the form data in the background.\u003C\u002Fp>\n\u003Cp>Pirate Forms allows you to take advantage of this great feature using the [pirate_forms ajax=”yes”] shortcode or the ‘Submit form using Ajax’ option in the Pirate Forms widget.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>What PirateForms isn’t for now\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This is not a form maker or drag & drop builder plugin nor “the best contact form plugin”. You cannot add new fields or create multiple forms (subscription forms, payment, order, feedback or quote) with Pirate Forms.\u003C\u002Fp>\n\u003Cp>This is why we recommend using \u003Ca href=\"https:\u002F\u002Fwpforms.com\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=pirateformslite\" title=\"WPForms\" rel=\"friend nofollow ugc\">WPForms\u003C\u002Fa> which is the most beginner friendly drag & drop WordPress form builder in the market.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Pirate Forms is no longer under active development\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Pirate Forms is no longer under active development. We recommend using \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpforms-lite\u002F\" rel=\"friend ugc\">WPForms\u003C\u002Fa> because it is the most beginner-friendly WordPress contact form plugin in the market.\u003C\u002Fp>\n\u003Cp>In Sep 2018, \u003Ca href=\"https:\u002F\u002Fwpforms.com\u002Fwpforms-has-acquired-pirate-forms\u002F\" rel=\"friend nofollow ugc\">Pirate Forms was acquired by WPForms\u003C\u002Fa>. We’re retiring Pirate Forms in favor of the moden form builder by WPForms, so users can have access to best user experience and more powerful WordPress form features.\u003C\u002Fp>\n\u003Ch4>What’s Next\u003C\u002Fh4>\n\u003Cp>You may also want to consider checking out our other projects:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpforms.com\u002F\" title=\"WPForms\" rel=\"friend nofollow ugc\">WPForms\u003C\u002Fa> – Best WordPress Contact Form Plugin\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Foptinmonster.com\u002F\" title=\"OptinMonster\" rel=\"friend nofollow ugc\">OptinMonster\u003C\u002Fa> – Get More Email Subscribers\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.monsterinsights.com\u002F\" title=\"MonsterInsights\" rel=\"friend nofollow ugc\">MonsterInsights\u003C\u002Fa> – Best Google Analytics Plugin for WordPress\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Visit \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002F\" title=\"WPBeginner\" rel=\"friend nofollow ugc\">WPBeginner\u003C\u002Fa> to learn from our \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002Fcategory\u002Fwp-tutorials\u002F\" title=\"WordPress Tutorials\" rel=\"friend nofollow ugc\">WordPress Tutorials\u003C\u002Fa> and find out about other \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002Fcategory\u002Fplugins\u002F\" title=\"Best WordPress Plugins\" rel=\"friend nofollow ugc\">best WordPress plugins\u003C\u002Fa>, \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002Fwordpress-hosting\u002F\" rel=\"friend nofollow ugc\">best WordPress hosting solutions\u003C\u002Fa>, and see our step by step guide on \u003Ca href=\"https:\u002F\u002Fwww.wpbeginner.com\u002Fstart-a-wordpress-blog\u002F\" rel=\"friend nofollow ugc\">how to start a blog\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Notes\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Pirate Forms was acquired by WPForms and is no longer being actively maintained.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>WPForms is absolutely, positively the most \u003Ca href=\"https:\u002F\u002Fwpforms.com\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=liteversion\" title=\"Best WordPress contact form plugin\" rel=\"friend nofollow ugc\">beginner friendly WordPress contact form plugin\u003C\u002Fa> on the market. It is both easy and powerful.\u003C\u002Fp>\n\u003Cp>We took the pain out of creating online forms and made it easy. Check out all \u003Ca href=\"https:\u002F\u002Fwpforms.com\u002Ffeatures\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=liteversion\" rel=\"friend nofollow ugc\">WPForms features\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Also, I’m the founder of \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002F\" rel=\"friend nofollow ugc\">WPBeginner\u003C\u002Fa>, the largest WordPress resource site for beginners. It was a huge priority for me to make a WordPress contact form plugin that beginners can use without any training.\u003C\u002Fp>\n\u003Cp>I feel that we have done that here. I hope you enjoy using WPForms.\u003C\u002Fp>\n\u003Cp>Thank you\u003C\u002Fp>\n\u003Cp>Syed Balkhi\u003C\u002Fp>\n","A simple and effective WordPress contact form & SMTP plugin. Compatible with best themes out there, is both a secure and responsive contact form p …",30000,3808223,94,223,"2025-01-20T14:45:00.000Z","6.7.5","5.5","5.6",[54,23,55,56,57],"contact-form","forms","smtp","subscribe-form","http:\u002F\u002Fthemeisle.com\u002Fplugins\u002Fpirate-forms\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpirate-forms.2.6.1.zip",87,4,"2025-03-03 00:00:00",{"slug":64,"name":65,"version":66,"author":67,"author_profile":68,"description":69,"short_description":70,"active_installs":71,"downloaded":72,"rating":47,"num_ratings":73,"last_updated":74,"tested_up_to":75,"requires_at_least":52,"requires_php":76,"tags":77,"homepage":81,"download_link":82,"security_score":83,"vuln_count":31,"unpatched_count":13,"last_vuln_date":84,"fetched_at":27},"clean-and-simple-contact-form-by-meg-nicholas","Contact Form Clean and Simple","4.12.2","fullworks","https:\u002F\u002Fprofiles.wordpress.org\u002Ffullworks\u002F","\u003Cp>A clean and simple AJAX contact form with Google reCAPTCHA, flexible CSS framework support, spam filtering, and REST API support for headless WordPress implementations.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Clean\u003C\u002Fstrong>: all user inputs are stripped in order to avoid cross-site scripting (XSS) vulnerabilities.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Simple\u003C\u002Fstrong>: AJAX enabled validation and submission for immediate response and guidance for your users (can be switched off).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Flexible Styling\u003C\u002Fstrong>: Choose your CSS framework – Bootstrap (default), Theme Native (inherits your theme’s styles), or Minimal (semantic classes for complete custom styling).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>REST API Support\u003C\u002Fstrong>: Enable headless WordPress implementations to submit forms via authenticated REST API endpoints.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Accessible\u003C\u002Fstrong>: Built with accessibility in mind – proper ARIA attributes, keyboard navigation, screen reader support, and WCAG AA compliant color contrast.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This is a straightforward contact form for your WordPress site. There is very minimal set-up\u003Cbr \u002F>\nrequired. Simply install, activate, and then place the short code \u003Cstrong>[cscf-contact-form]\u003C\u002Fstrong> on your web page.\u003C\u002Fp>\n\u003Cp>A standard set of input boxes are provided, these include Email Address, Name, Message and a nice big ‘Send Message’ button.\u003C\u002Fp>\n\u003Cp>When your user has completed the form an email will be sent to you containing your user’s message.\u003Cbr \u002F>\nTo reply simply click the ‘reply’ button on your email client.\u003Cbr \u002F>\nThe email address used is the one you have set up in WordPress under ‘Settings’ -> ‘General’, so do check this is correct.\u003C\u002Fp>\n\u003Cp>To help prevent spam all data is scanned can be scanned with Fullworks Anti Spam Pro.\u003Cbr \u002F>\nFor this to work you must have the \u003Ca href=\"https:\u002F\u002Ffullworksplugins.com\u002Fproducts\u002Fanti-spam\u002F\" title=\"Fullworks Anti Spam Pro\" rel=\"nofollow ugc\">Fullworks Anti Spam Pro Plugin\u003C\u002Fa> installed and activated.\u003C\u002Fp>\n\u003Cp>Fullworks Anti Spam Pro will also log all your messages, categorized  as spam or not, automatically.\u003C\u002Fp>\n\u003Cp>For added piece of mind this plugin also allows you to add a ‘\u003Cstrong>reCAPTCHA\u003C\u002Fstrong>’.\u003Cbr \u002F>\nThis adds a picture of a couple of words to the bottom of the contact form.\u003Cbr \u002F>\nYour user must correctly type the words before the form can be submitted, and in so doing, prove that they are human.\u003C\u002Fp>\n\u003Ch4>Why Choose This Plugin?\u003C\u002Fh4>\n\u003Cp>Granted there are many plugins of this type in existence already. Why use this one in-particular?\u003C\u002Fp>\n\u003Cp>Here’s why:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Minimal setup. Simply activate the plugin and place the shortcode [cscf-contact-form] on any post or page.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Safe\u003C\u002Fstrong>. All input entered by your user  is stripped back to minimise as far as possible the likelihood of any\u003Cbr \u002F>\nmalicious user attempting to inject a script into your website.\u003Cbr \u002F>\nIf the Fullworks Anti Spam Pro plugin is activated all form data will be scanned for spam.\u003Cbr \u002F>\nYou can turn on reCAPTCHA to avoid your form being abused by bots, however Fullworks Anti Spam Pro will do this without reCAPTCHA.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Ajax enabled\u003C\u002Fstrong>. You have the option to turn on AJAX (client-side) validation and submission which gives your users an immediate response when completing the form without having to wait for the page to refresh.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>The form can \u003Cstrong>integrate seamlessly into your website\u003C\u002Fstrong>. Turn off the plugin’s default css style sheet so that your theme’s style sheet can be used instead.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Flexible CSS styling\u003C\u002Fstrong>: Choose from Bootstrap, Modern (with dark mode), Theme Native, or Minimal styling modes to match your site’s design.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>This plugin will only link in its jQuery file where it’s needed, it \u003Cstrong>will not impose\u003C\u002Fstrong> itself on every page of your whole site!\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Works with the \u003Cstrong>latest version of WordPress\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Original plugin written by an \u003Cstrong>experienced PHP programmer\u003C\u002Fstrong>, Megan Nicholas, the code is rock solid, safe, and rigorously tested as standard practice.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Headless WordPress ready\u003C\u002Fstrong>. REST API support allows you to submit forms from decoupled frontends, mobile apps, or any external application with proper authentication.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Hopefully this plugin will fulfil all your needs.\u003C\u002Fp>\n\u003Ch3>PHP 8 Ready\u003C\u002Fh3>\n\u003Cp>Tested on PHP 8.4\u003C\u002Fp>\n\u003Ch3>How to Use\u003C\u002Fh3>\n\u003Cp>Unless you want to change messages or add reCAPTCHA to your contact form then this plugin will work out of the box without any additional setup.\u003C\u002Fp>\n\u003Cp>Important: Check that you have an email address set-up in your WordPress ‘Settings’->’General’ page. This is the address that the plugin will use to send the contents of the contact form.\u003C\u002Fp>\n\u003Cp>To add the contact form to your WordPress website simply place the shortcode [cscf-contact-form] on the post or page that you wish the form to appear on.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>If you have Jetpack plugin installed disable the contact form otherwise the wrong form might display.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Additional Settings\u003C\u002Fh3>\n\u003Cp>This plugin will work out of the box without any additional setup. You have the option to change the default messages that are displayed to your user and to add reCAPTCHA capabilities.\u003C\u002Fp>\n\u003Cp>Go to the settings screen for the contact form plugin.\u003C\u002Fp>\n\u003Cp>You will find a link to the setting screen against the entry of this plugin on the ‘Installed Plugins’ page.\u003C\u002Fp>\n\u003Cp>Here is a list of things that you can change\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Message\u003C\u002Fstrong>: The message displayed to the user at the top of the contact form.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Message Sent Heading\u003C\u002Fstrong>: The message heading or title displayed to the user after the message has been sent.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Message Sent Content\u003C\u002Fstrong>: The message content or body displayed to the user after the message has been sent.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>CSS Framework\u003C\u002Fstrong>: Choose how the form is styled:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Bootstrap (Default)\u003C\u002Fstrong>: Uses Bootstrap CSS classes for full Bootstrap compatibility. Best for themes already using Bootstrap.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Modern (Card style)\u003C\u002Fstrong>: A beautiful, opinionated modern design with card-style layout, large inputs, and CSS variables for easy customization. Includes automatic dark mode support.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Theme Native\u003C\u002Fstrong>: Uses minimal classes with WordPress’s wp-element-button for the submit button. The form inherits your theme’s native form styles.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Minimal\u003C\u002Fstrong>: Uses semantic CSS classes only (cscf-field, cscf-input, etc.) for complete custom styling control.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Use this plugin’s default stylesheet\u003C\u002Fstrong>: The plugin comes with a default style sheet to make the form look nice for your user. Untick this if you want to use your theme’s stylesheet instead. The default stylesheet will simply not be linked in. This option is most relevant when using the Bootstrap CSS framework.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Use client side validation (Ajax)\u003C\u002Fstrong>: When ticked the contact form will be validated and submitted on the client giving your user instant feedback if they have filled the form in incorrectly. If you wish the form to be validated and submitted only to the server then untick this option.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Use reCAPTCHA\u003C\u002Fstrong>: Tick this option if you wish your form to have a reCAPTCHA box. ReCAPTCHA helps to avoid spam bots using your form by checking that the form filler is actually a real person. To use reCAPTCHA you will need to get a some special keys from google https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fadmin\u002Fcreate. Once you have your keys enter them into the Public key and Private key boxes\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>reCAPTCHA Public Key\u003C\u002Fstrong>: Enter the public key that you obtained from here.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>reCAPTCHA Private Key\u003C\u002Fstrong>: Enter the private key that you obtained from here.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>reCAPTCHA Theme\u003C\u002Fstrong>: Here you can change the reCAPTCHA box theme so that it fits with the style of your website.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Recipient Emails\u003C\u002Fstrong>: The email address where you would like all messages to be sent.\u003Cbr \u002F>\nThis will default to the email address you have specified under ‘E-Mail Address’ in your WordPress General Settings.\u003Cbr \u002F>\nIf you want your mail sent to a different address then enter it here.\u003Cbr \u002F>\nYou may enter multiple email addresses by clicking the ‘+’ button.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Confirm Email Address\u003C\u002Fstrong>: Email confirmation is now optional. To force your user to re-type their email address tick ‘Confirm Email Address’.\u003Cbr \u002F>\nIt is recommended that you leave this option on. If you turn this option off your user will only have to enter their email address once,\u003Cbr \u002F>\nbut if they enter it incorrectly you will have no way of getting back to them!\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Email Subject\u003C\u002Fstrong>: This is the email subject that will appear on all messages. If you would like to set it to something different then enter it here.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Override ‘From’ Address\u003C\u002Fstrong>: If you tick this and then fill in the ‘From Address:’ box then all email will be sent from the given address NOT from the email address given by the form filler.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>**Option to allow enquiry to email themselves a copy of the message.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Contact consent\u003C\u002Fstrong>: This option allows you to be GDPR compliant by adding a ‘Consent to contact’ check box at the bottom of the form.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Enable REST API\u003C\u002Fstrong>: Turn on REST API support to allow headless WordPress implementations to submit forms.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Required User Capability\u003C\u002Fstrong>: Set the minimum WordPress user capability required to use the REST API (default: edit_posts).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>REST API for Headless WordPress\u003C\u002Fh3>\n\u003Cp>This plugin includes REST API support, making it perfect for headless WordPress implementations, mobile applications, and decoupled frontend frameworks like React, Vue.js, or Angular.\u003C\u002Fp>\n\u003Ch4>Enabling REST API\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Go to the plugin settings page\u003C\u002Fli>\n\u003Cli>Find the “REST API Settings” section\u003C\u002Fli>\n\u003Cli>Check “Enable REST API”\u003C\u002Fli>\n\u003Cli>Set the required user capability (default: edit_posts)\u003C\u002Fli>\n\u003Cli>Save your settings\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>API Endpoint\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>POST\u003C\u002Fstrong> \u003Ccode>\u002Fwp-json\u002Fcscf\u002Fv1\u002Fsubmit\u003C\u002Fcode>\u003C\u002Fp>\n\u003Ch4>Authentication\u003C\u002Fh4>\n\u003Cp>The REST API requires WordPress user authentication. Users must be logged in and have the capability specified in settings (default: edit_posts).\u003C\u002Fp>\n\u003Cp>For headless implementations, you can use:\u003Cbr \u002F>\n– Application Passwords (WordPress 5.6+)\u003Cbr \u002F>\n– JWT Authentication plugins\u003Cbr \u002F>\n– OAuth plugins\u003Cbr \u002F>\n– Basic Authentication (development only)\u003C\u002Fp>\n\u003Ch4>Request Format\u003C\u002Fh4>\n\u003Cp>Send a POST request with JSON body:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>`json\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>{\u003Cbr \u002F>\n  “name”: “John Doe”,\u003Cbr \u002F>\n  “email”: “john@example.com”,\u003Cbr \u002F>\n  “confirm_email”: “john@example.com”,\u003Cbr \u002F>\n  “message”: “Your message here”,\u003Cbr \u002F>\n  “phone_number”: “+1234567890”,\u003Cbr \u002F>\n  “contact_consent”: true,\u003Cbr \u002F>\n  “email_sender”: false,\u003Cbr \u002F>\n  “post_id”: 123\u003Cbr \u002F>\n}\u003Cbr \u002F>\n    `\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Required fields:\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Ccode>name\u003C\u002Fcode>: Sender’s name\u003Cbr \u002F>\n– \u003Ccode>email\u003C\u002Fcode>: Sender’s email address\u003Cbr \u002F>\n– \u003Ccode>message\u003C\u002Fcode>: The message content\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Optional fields:\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Ccode>confirm_email\u003C\u002Fcode>: Required if email confirmation is enabled in settings\u003Cbr \u002F>\n– \u003Ccode>phone_number\u003C\u002Fcode>: Required if phone number is set as mandatory in settings\u003Cbr \u002F>\n– \u003Ccode>contact_consent\u003C\u002Fcode>: Required if contact consent is enabled in settings\u003Cbr \u002F>\n– \u003Ccode>email_sender\u003C\u002Fcode>: Set to true to send a copy to the sender\u003Cbr \u002F>\n– \u003Ccode>post_id\u003C\u002Fcode>: The ID of the page\u002Fpost where the form would normally be displayed\u003C\u002Fp>\n\u003Ch4>Response Format\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Success Response (200):\u003C\u002Fstrong>\u003Cbr \u002F>\n    \u003Ccode>json\u003Cbr \u002F>\n{\u003Cbr \u002F>\n  \"success\": true,\u003Cbr \u002F>\n  \"message\": \"Message Sent\"\u003Cbr \u002F>\n}\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Validation Error Response (400):\u003C\u002Fstrong>\u003Cbr \u002F>\n    \u003Ccode>json\u003Cbr \u002F>\n{\u003Cbr \u002F>\n  \"code\": \"validation_failed\",\u003Cbr \u002F>\n  \"message\": \"Validation failed.\",\u003Cbr \u002F>\n  \"data\": {\u003Cbr \u002F>\n    \"status\": 400,\u003Cbr \u002F>\n    \"errors\": {\u003Cbr \u002F>\n      \"email\": \"Please enter a valid email address.\",\u003Cbr \u002F>\n      \"message\": \"Please enter a message.\"\u003Cbr \u002F>\n    }\u003Cbr \u002F>\n  }\u003Cbr \u002F>\n}\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Authentication Error Response (401):\u003C\u002Fstrong>\u003Cbr \u002F>\n    \u003Ccode>json\u003Cbr \u002F>\n{\u003Cbr \u002F>\n  \"code\": \"rest_forbidden\",\u003Cbr \u002F>\n  \"message\": \"Authentication required.\",\u003Cbr \u002F>\n  \"data\": {\u003Cbr \u002F>\n    \"status\": 401\u003Cbr \u002F>\n  }\u003Cbr \u002F>\n}\u003C\u002Fcode>\u003C\u002Fp>\n\u003Ch4>Example Implementation\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>JavaScript (fetch API):\u003C\u002Fstrong>\u003Cbr \u002F>\n    `javascript\u003Cbr \u002F>\nconst formData = {\u003Cbr \u002F>\n  name: “John Doe”,\u003Cbr \u002F>\n  email: “john@example.com”,\u003Cbr \u002F>\n  confirm_email: “john@example.com”,\u003Cbr \u002F>\n  message: “This is a test message from the REST API”\u003Cbr \u002F>\n};\u003C\u002Fp>\n\u003Cp>fetch(‘https:\u002F\u002Fyoursite.com\u002Fwp-json\u002Fcscf\u002Fv1\u002Fsubmit’, {\u003Cbr \u002F>\n  method: ‘POST’,\u003Cbr \u002F>\n  headers: {\u003Cbr \u002F>\n    ‘Content-Type’: ‘application\u002Fjson’,\u003Cbr \u002F>\n    ‘Authorization’: ‘Bearer YOUR_AUTH_TOKEN’\u003Cbr \u002F>\n  },\u003Cbr \u002F>\n  body: JSON.stringify(formData)\u003Cbr \u002F>\n})\u003Cbr \u002F>\n.then(response => response.json())\u003Cbr \u002F>\n.then(data => {\u003Cbr \u002F>\n  if (data.success) {\u003Cbr \u002F>\n    console.log(‘Message sent successfully!’);\u003Cbr \u002F>\n  } else {\u003Cbr \u002F>\n    console.error(‘Validation errors:’, data.data.errors);\u003Cbr \u002F>\n  }\u003Cbr \u002F>\n});\u003Cbr \u002F>\n    `\u003C\u002Fp>\n\u003Ch4>Important Notes\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>REST API is disabled by default for security\u003C\u002Fli>\n\u003Cli>reCAPTCHA is bypassed for REST API submissions (authentication provides security)\u003C\u002Fli>\n\u003Cli>All other form validations and spam filtering still apply\u003C\u002Fli>\n\u003Cli>Form submissions via REST API are processed identically to regular submissions\u003C\u002Fli>\n\u003Cli>Email notifications work the same way as standard form submissions\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Demo\u003C\u002Fh3>\n\u003Cp>Demo site coming soon.\u003C\u002Fp>\n","A clean and simple contact form with flexible CSS framework support.",8000,546899,195,"2025-12-31T15:28:00.000Z","6.9.4","7.4",[78,79,54,23,80],"bootstrap","contact","form","https:\u002F\u002Ffullworks.net\u002Fproducts\u002Fclean-and-simple-contact-form","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclean-and-simple-contact-form-by-meg-nicholas.4.12.2.zip",99,"2020-01-14 00:00:00",{"slug":86,"name":87,"version":88,"author":89,"author_profile":90,"description":91,"short_description":92,"active_installs":93,"downloaded":94,"rating":95,"num_ratings":96,"last_updated":97,"tested_up_to":98,"requires_at_least":99,"requires_php":76,"tags":100,"homepage":104,"download_link":105,"security_score":106,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"jotform-feedback-button","Feedback Button – Jotform","1.1.0","Jotform","https:\u002F\u002Fprofiles.wordpress.org\u002Fjotform\u002F","\u003Cp>Feedback buttons are great to get feedback from your website visitors. Since it is easy to send a message to you without leaving the page they will improve the quality and the quantity of the feedback you receive from your visitors.\u003C\u002Fp>\n\u003Cp>Feedback button plugin is powered by Jotform. Jotform is the first web based WYSIWYG form builder. Its intuitive drag and drop user interface makes form building a breeze. Using Jotform, you can create forms, integrate them to your site and receive responses by email.\u003C\u002Fp>\n\u003Cp>Get feedback from your visitors using Jotform Feedback Button. If you are not aware of the problems on your website you can’t fix them. Feedback button is a great way to help you improve your website.\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to external services to provide functionality and improve user experience. Below are the details of the external services used:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Jotform Feedback Button\u003C\u002Fstrong>\u003Cbr \u002F>\n   – \u003Ca href=\"https:\u002F\u002Fwww.jotform.com\u002Fprivacy\u002F?utm_source=wordpress&utm_medium=plugin_directory&utm_campaign=feedback_button_plugin_content&utm_content=privacy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003Cbr \u002F>\n   – \u003Ca href=\"https:\u002F\u002Fwww.jotform.com\u002Fterms\u002F?utm_source=wordpress&utm_medium=plugin_directory&utm_campaign=feedback_button_plugin_content&utm_content=terms\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Service usage\u003C\u002Fstrong>\u003Cbr \u002F>\n– The plugin makes external requests on the following domain to render feedback form functionalities:\u003Cbr \u002F>\n       \u003Cstrong>https:\u002F\u002Fwww.jotform.com\u003C\u002Fstrong>\u003Cbr \u002F>\n– The plugin uses the domain [\u003Cstrong>https:\u002F\u002Fwww.jotform.com\u003C\u002Fstrong>] as a service to deliver and render the feedback form.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Asset usage\u003C\u002Fstrong>\u003Cbr \u002F>\n– The plugin makes external asset requests on the following domain to enable feedback button functionalities:\u003Cbr \u002F>\n       \u003Cstrong>https:\u002F\u002Fjs.jotform.com\u003C\u002Fstrong>\u003Cbr \u002F>\n– The plugin uses the domain [\u003Cstrong>https:\u002F\u002Fjs.jotform.com\u003C\u002Fstrong>] as a asset service to deliver and render the embedded feedback button.\u003C\u002Fp>\n","Display a beautiful feedback button on the side of your blog. When a reader clicks on it a feedback form pops up. Completely customizable.",500,26307,80,3,"2025-11-20T06:09:00.000Z","6.8.5","5.3",[22,101,23,102,103],"feedback-button","jotform","online-forms","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjotform-feedback-button\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjotform-feedback-button.1.1.0.zip",100,{"slug":108,"name":109,"version":110,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":106,"downloaded":115,"rating":106,"num_ratings":116,"last_updated":117,"tested_up_to":118,"requires_at_least":119,"requires_php":120,"tags":121,"homepage":123,"download_link":124,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"lite-contact-form","Lite Contact Form","1.1.6","Beherit","https:\u002F\u002Fprofiles.wordpress.org\u002Fbeherit\u002F","\u003Cp>Lightweight and simple contact form with no additional user-unfriendly options. You can add the contact form to any page with a shortcode \u003Ccode>[contact_form]\u003C\u002Fcode>. Plugin is integrated with plugin \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fakismet\u002F\" rel=\"ugc\">Akismet\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgrecaptcha\u002F\" rel=\"ugc\">GreCAPTCHA\u003C\u002Fa> which protect against spam.\u003C\u002Fp>\n","Lightweight and simple contact form with no additional user-unfriendly options. Can be additionally protected against spam by using Akismet and Google …",5673,1,"2022-02-16T12:45:00.000Z","5.9.13","4.6","7.0",[79,54,122,22,23],"email","https:\u002F\u002Fbeherit.pl\u002Fen\u002Fwordpress\u002Flite-contact-form\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flite-contact-form.1.1.6.zip",{"slug":126,"name":127,"version":128,"author":129,"author_profile":130,"description":131,"short_description":132,"active_installs":133,"downloaded":134,"rating":135,"num_ratings":136,"last_updated":137,"tested_up_to":138,"requires_at_least":139,"requires_php":17,"tags":140,"homepage":144,"download_link":145,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"surveys-by-feedback-cat","Surveys by Feedback Cat","1.2.2","fatcatapps","https:\u002F\u002Fprofiles.wordpress.org\u002Ffatcatapps\u002F","\u003Cp>Surveys by Feedback Cat is the first WordPress plugin that lets you read people’s minds.\u003C\u002Fp>\n\u003Cp>Well, sort of.\u003C\u002Fp>\n\u003Cp>When you use our plugin you’ll be able to know what your users are really thinking.\u003C\u002Fp>\n\u003Cp>Unfortunately, though, “reading minds” here doesn’t mean doing anything out of the X-Men movies. We’re not talking mind reading in that sense.\u003C\u002Fp>\n\u003Cp>Instead, Surveys by Feedback Cat lets you create surveys and get direct user feedback. With this feedback, you will know what your users are thinking. You can then use their thoughts from the survey to grow your business more effectively.\u003C\u002Fp>\n\u003Cp>So, do you have 2 minutes?\u003C\u002Fp>\n\u003Cp>That’s how “long” it takes to set up Surveys by Feedback Cat. You’ll find complete installation instructions below. But don’t expect anything long or time-consuming. It really is easy to get up and running with Surveys by Feedback Cat. You can do it in 2 minutes. Seriously!\u003C\u002Fp>\n\u003Cp>Then there’s the whole issue of price.\u003C\u002Fp>\n\u003Cp>Brace yourself. Sit down if you need to. Stop chewing a chicken bone, so you won’t choke on it.\u003C\u002Fp>\n\u003Cp>Surveys by Feedback Cat is…\u003C\u002Fp>\n\u003Cp>FREE!\u003C\u002Fp>\n\u003Cp>Libre. Gratis. 免費.\u003C\u002Fp>\n\u003Cp>You can set up your surveys and get powerful user feedback at NO charge.\u003C\u002Fp>\n\u003Cp>Speaking of free – Surveys by Feedback Cat is proudly 100%, bull**** free.\u003C\u002Fp>\n\u003Cp>That means you can use our plugin without being harassed by annoying up-sells.\u003C\u002Fp>\n\u003Cp>We’re NOT going to be cheapskates and only let you do X number of surveys for free.\u003C\u002Fp>\n\u003Cp>We also respect you enough to NOT shove a branding link inside your feedback forms. They are your surveys, after all. We’re just along for the ride.\u003C\u002Fp>\n\u003Cp>Got all that?\u003C\u002Fp>\n\u003Cp>Hope so. Here are just a few more things you need to know.\u003C\u002Fp>\n\u003Cp>First, once you set up Surveys by Feedback Cat, make sure your email inbox is ready. All user feedback is going straight to the inbox – meaning you don’t want responses from surveys to accidentally get flagged as spam.\u003C\u002Fp>\n\u003Cp>You should also know that Surveys by Feedback cat is completely open source. Feel free to download our code and modify it to your heart’s content.\u003C\u002Fp>\n\u003Cp>For the coders reading this, here’s a link to our Surveys by Feedback Cat, GitHub repository, where you can check out the code —\u003C\u002Fp>\n\u003Cp>For the non-coders, there’s no need to now go Google what a “GitHub repository” is. You can use Surveys by Feedback Cat without knowing how to code.\u003C\u002Fp>\n\u003Cp>As long as you can publish a blog post in WordPress, you’ll have no trouble using the Surveys by Feedback Cat plugin to set up surveys. We’ve purposely made it this easy so anyone can gather user or customer feedback. Whether you’re a blogger, entrepreneur, marketer, or something else entirely – you’ll be happy to know that Surveys by Feedback Cat “just works”.\u003C\u002Fp>\n\u003Cp>That does it for our description of Surveys by Feedback Cat.\u003C\u002Fp>\n\u003Cp>WAIT!\u003C\u002Fp>\n\u003Cp>There is one more thing, actually.\u003C\u002Fp>\n\u003Cp>In the spirit of getting feedback, we at Surveys by Feedback Cat would love to hear from you. You don’t have to fill out a survey. But it would be awesome to connect with you and get your thoughts.\u003C\u002Fp>\n\u003Cp>To reach us directly and share your feedback on Surveys by Feedback Cat, please leave a comment in the support forum on WordPress.org.\u003C\u002Fp>\n","Surveys by Feedback Cat Helps You Grow Your Business Or Blog By Making It Easy To Gather Feedback Using Onpage User Surveys.",50,10659,82,11,"2015-07-16T09:42:00.000Z","4.2.39","4.0",[22,23,141,142,143],"poll","survey","survey-form","https:\u002F\u002Ffatcatapps.com\u002Ffeedbackcat","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsurveys-by-feedback-cat.1.2.2.zip",{"attackSurface":147,"codeSignals":171,"taintFlows":219,"riskAssessment":318,"analyzedAt":330},{"hooks":148,"ajaxHandlers":159,"restRoutes":160,"shortcodes":161,"cronEvents":170,"entryPointCount":31,"unprotectedCount":13},[149,155],{"type":150,"name":151,"callback":152,"file":153,"line":154},"action","admin_menu","generate_admin_menu","citizens-feedbacks.php",25,{"type":150,"name":156,"callback":157,"file":153,"line":158},"wp_print_styles","public_load_styles",27,[],[],[162,166],{"tag":163,"callback":164,"file":153,"line":165},"show_cfeedbacks_form","public_show_cfeedbacks",28,{"tag":167,"callback":168,"file":153,"line":169},"check_status","public_check_status",29,[],{"dangerousFunctions":172,"sqlUsage":173,"outputEscaping":196,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":218},[],{"prepared":13,"raw":174,"locations":175},7,[176,179,182,185,188,191,194],{"file":153,"line":177,"context":178},58,"$wpdb->get_var() with variable interpolation",{"file":153,"line":180,"context":181},83,"$wpdb->get_row() with variable interpolation",{"file":153,"line":183,"context":184},108,"$wpdb->query() with variable interpolation",{"file":153,"line":186,"context":187},180,"$wpdb->get_results() with variable interpolation",{"file":189,"line":190,"context":184},"uninstall.php",6,{"file":192,"line":193,"context":187},"view_cfeedbacks.php",14,{"file":192,"line":195,"context":178},72,{"escaped":197,"rawEcho":198,"locations":199},53,12,[200,203,205,207,209,210,211,213,214,215,216,217],{"file":153,"line":201,"context":202},149,"raw output",{"file":153,"line":204,"context":202},168,{"file":206,"line":11,"context":202},"edit_cfeedbacks.php",{"file":206,"line":208,"context":202},36,{"file":206,"line":197,"context":202},{"file":192,"line":165,"context":202},{"file":192,"line":212,"context":202},32,{"file":192,"line":212,"context":202},{"file":192,"line":212,"context":202},{"file":192,"line":133,"context":202},{"file":192,"line":133,"context":202},{"file":192,"line":34,"context":202},[],[220,238,250,260,284,304],{"entryPoint":221,"graph":222,"unsanitizedCount":116,"severity":237},"public_show_cfeedbacks (citizens-feedbacks.php:139)",{"nodes":223,"edges":234},[224,229],{"id":225,"type":226,"label":227,"file":153,"line":228},"n0","source","$_SERVER",142,{"id":230,"type":231,"label":232,"file":153,"line":201,"wp_function":233},"n1","sink","echo() [XSS]","echo",[235],{"from":225,"to":230,"sanitized":236},false,"medium",{"entryPoint":239,"graph":240,"unsanitizedCount":116,"severity":249},"\u003Ccheck_status_form> (check_status_form.php:0)",{"nodes":241,"edges":247},[242,246],{"id":225,"type":226,"label":243,"file":244,"line":245},"$_GET['check_message']","check_status_form.php",5,{"id":230,"type":231,"label":232,"file":244,"line":245,"wp_function":233},[248],{"from":225,"to":230,"sanitized":236},"low",{"entryPoint":251,"graph":252,"unsanitizedCount":116,"severity":249},"\u003Cpublic_cfeedbacks_form> (public_cfeedbacks_form.php:0)",{"nodes":253,"edges":258},[254,257],{"id":225,"type":226,"label":255,"file":256,"line":245},"$_GET['add_message']","public_cfeedbacks_form.php",{"id":230,"type":231,"label":232,"file":256,"line":245,"wp_function":233},[259],{"from":225,"to":230,"sanitized":236},{"entryPoint":261,"graph":262,"unsanitizedCount":31,"severity":283},"public_check_status (citizens-feedbacks.php:158)",{"nodes":263,"edges":279},[264,266,267,271,275],{"id":225,"type":226,"label":227,"file":153,"line":265},161,{"id":230,"type":231,"label":232,"file":153,"line":204,"wp_function":233},{"id":268,"type":226,"label":269,"file":153,"line":270},"n2","$_POST",162,{"id":272,"type":273,"label":274,"file":153,"line":270},"n3","transform","→ check_status()",{"id":276,"type":231,"label":277,"file":153,"line":186,"wp_function":278},"n4","get_results() [SQLi]","get_results",[280,281,282],{"from":225,"to":230,"sanitized":236},{"from":268,"to":272,"sanitized":236},{"from":272,"to":276,"sanitized":236},"high",{"entryPoint":285,"graph":286,"unsanitizedCount":61,"severity":283},"\u003Ccitizens-feedbacks> (citizens-feedbacks.php:0)",{"nodes":287,"edges":299},[288,290,291,293,294,295,297],{"id":225,"type":226,"label":289,"file":153,"line":228},"$_SERVER (x2)",{"id":230,"type":231,"label":232,"file":153,"line":201,"wp_function":233},{"id":268,"type":226,"label":269,"file":153,"line":292},160,{"id":272,"type":231,"label":277,"file":153,"line":186,"wp_function":278},{"id":276,"type":226,"label":269,"file":153,"line":270},{"id":296,"type":273,"label":274,"file":153,"line":270},"n5",{"id":298,"type":231,"label":277,"file":153,"line":186,"wp_function":278},"n6",[300,301,302,303],{"from":225,"to":230,"sanitized":236},{"from":268,"to":272,"sanitized":236},{"from":276,"to":296,"sanitized":236},{"from":296,"to":298,"sanitized":236},{"entryPoint":305,"graph":306,"unsanitizedCount":96,"severity":283},"\u003Cview_cfeedbacks> (view_cfeedbacks.php:0)",{"nodes":307,"edges":315},[308,311,312,314],{"id":225,"type":226,"label":309,"file":192,"line":310},"$_GET",8,{"id":230,"type":231,"label":277,"file":192,"line":193,"wp_function":278},{"id":268,"type":226,"label":313,"file":192,"line":158},"$_GET (x2)",{"id":272,"type":231,"label":232,"file":192,"line":165,"wp_function":233},[316,317],{"from":225,"to":230,"sanitized":236},{"from":268,"to":272,"sanitized":236},{"summary":319,"deductions":320},"The \"citizens-feedbacks\" plugin v1.1.1 exhibits a mixed security posture. While it boasts no known CVEs and a good percentage of properly escaped output, significant concerns arise from the static analysis. The plugin utilizes raw SQL queries without prepared statements, which is a major vulnerability that could lead to SQL injection attacks.  Furthermore, the taint analysis revealed multiple flows with unsanitized paths, three of which are classified as high severity. This indicates a potential for attackers to manipulate input and execute malicious code or access sensitive data. The complete absence of nonce checks and capability checks, combined with the reliance on raw SQL, presents a substantial risk despite the lack of historical vulnerabilities.  The plugin's strengths lie in its minimal attack surface and good output escaping, but these are overshadowed by the critical flaws in data handling.",[321,324,326,328],{"reason":322,"points":323},"SQL queries without prepared statements",15,{"reason":325,"points":323},"High severity taint flows (3)",{"reason":327,"points":11},"Missing nonce checks",{"reason":329,"points":11},"Missing capability checks","2026-03-17T01:36:16.468Z",{"wat":332,"direct":338},{"assetPaths":333,"generatorPatterns":335,"scriptPaths":336,"versionParams":337},[334],"\u002Fwp-content\u002Fplugins\u002Fcitizens-feedbacks\u002Fcss\u002Fcitizens-feedbacks-style.css",[],[],[],{"cssClasses":339,"htmlComments":340,"htmlAttributes":341,"restEndpoints":342,"jsGlobals":343,"shortcodeOutput":344},[],[],[],[],[],[345,346],"[show_cfeedbacks_form]","[check_status]"]