[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f26NpNTEaQaBs9nnT_h6IPjnBOU-DhCfGVygHQlAne1I":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":21,"download_link":22,"security_score":23,"vuln_count":14,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":44,"crawl_stats":33,"alternatives":48,"analysis":70,"fingerprints":307},"contractor-contact-form-website-to-workflow-tool","Contractor Contact Form Website to Workflow Tool","4.5.0","Leap LLC.","https:\u002F\u002Fprofiles.wordpress.org\u002Fjobprogress\u002F","\u003Cp>This useful plugin is a website to workflow tool that allows contractors to drive leads directly from their own website form inquiries directly into their Leap workcenters. Leap is a Cloud based Business Management Platform for Home Improvement Contractors. With this useful plugin, you can drive customers directly from your website into your Leap workflow stages and begin to populate both customer and job related leads and prospects for immediate and mistake free follow-up. This is an automated Customer Relationship Management tool which will save you time and minimize mistakes. For more information about Leap, please visit our website.\u003C\u002Fp>\n\u003Ch4>Dedicated Support\u003C\u002Fh4>\n\u003Cp>We have an entire team of dedicated ready to help you.  Ask your questions in the support forum, or \u003Ca href=\"http:\u002F\u002Fwww.jobprogress.com\u002F#full-version\" rel=\"nofollow ugc\">contact us directly\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Service\u003C\u002Fh4>\n\u003Cp>Customer Management Service through the plugin for Leap.\u003C\u002Fp>\n","This useful plugin is a website to workflow tool that allows contractors to drive leads directly from their own website form inquiries directly into t &hellip;",60,11395,100,1,"2025-03-19T09:43:00.000Z","6.7.5","3.0.1","",[20],"customer-manager","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcontractor-contact-form-website-to-workflow-tool\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcontractor-contact-form-website-to-workflow-tool.4.5.0.zip",92,0,"2023-09-29 00:00:00","2026-03-15T15:16:48.613Z",[28],{"id":29,"url_slug":30,"title":31,"description":32,"plugin_slug":4,"theme_slug":33,"affected_versions":34,"patched_in_version":35,"severity":36,"cvss_score":37,"cvss_vector":38,"vuln_type":39,"published_date":25,"updated_date":40,"references":41,"days_to_patch":43},"CVE-2023-44245","contractor-contact-form-website-to-workflow-tool-reflected-cross-site-scripting","Contractor Contact Form Website to Workflow Tool \u003C= 4.0.0 - Reflected Cross-Site Scripting","The Contractor Contact Form Website to Workflow Tool plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the use of PHP_SELF in versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=4.0.0","4.1.0","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-01-22 19:56:02",[42],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fda4684b8-20f6-4dc1-8f29-d79f64ccb9d8?source=api-prod",116,{"slug":45,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":23,"avg_patch_time_days":43,"trust_score":46,"computed_at":47},"jobprogress",73,"2026-04-04T11:26:28.682Z",[49],{"slug":50,"name":51,"version":52,"author":53,"author_profile":54,"description":55,"short_description":56,"active_installs":57,"downloaded":58,"rating":24,"num_ratings":24,"last_updated":59,"tested_up_to":60,"requires_at_least":61,"requires_php":18,"tags":62,"homepage":67,"download_link":68,"security_score":69,"vuln_count":24,"unpatched_count":24,"last_vuln_date":33,"fetched_at":26},"customer-manager-for-woocommerce","Customer Manager for Woocommerce","2.3","Phoeniixx","https:\u002F\u002Fprofiles.wordpress.org\u002Fphoeniixx\u002F","\u003Cp>It is a plugin  which shows you a complete list  of registered users with orders , guest users with orders and customers with zero orders.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fcustomermanagerfree.phoeniixxdemo.com\u002Fwp-admin\" rel=\"nofollow ugc\">FREE VERSION DEMO LINK\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>The plugin is compatible with our \u003Cstrong> Support Ticket System by Phoeniixx plugin \u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Option to sort the list of customers based on \u003Cstrong>Name\u003C\u002Fstrong>, \u003Cstrong>Email\u003C\u002Fstrong>, \u003Cstrong>Location\u003C\u002Fstrong>, \u003Cstrong>Orders\u003C\u002Fstrong>, \u003Cstrong>Money Spent\u003C\u002Fstrong> and \u003Cstrong>Last Orders\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fcustomermanagerfree.phoeniixxdemo.com\u002Fwp-admin\" rel=\"nofollow ugc\">FREE VERSION DEMO LINK\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Take a look at how to set up Customer Manager in Woocommerce\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FGgO45--eXCo?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>Premium WordPress Themes\u003C\u002Fh4>\n\u003Cp>Here is our premium wordpress theme\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.phoeniixx.com\u002Fproduct\u002Ffoody\u002F\" rel=\"nofollow ugc\">Foody Themes\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.phoeniixx.com\u002Fproduct\u002Fjstore-theme\u002F\" rel=\"nofollow ugc\">Jstore Themes\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.phoeniixx.com\u002Fproduct\u002Feezy-store\u002F\" rel=\"nofollow ugc\">Eezy Themes\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.phoeniixx.com\u002Fproduct\u002Fcraze\u002F\" rel=\"nofollow ugc\">Craze Themes\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.phoeniixx.com\u002Fproduct\u002Fseofication\u002F\" rel=\"nofollow ugc\">Seofication Themes\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.phoeniixx.com\u002Fproduct\u002Fnews-prime\u002F\" rel=\"nofollow ugc\">News Prime Themes\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Ch4>Our Website\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>  \u003Ca href=\"https:\u002F\u002Fwww.phoeniixx.com\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.phoeniixx.com\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Support Email\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>  \u003Ca href=\"mailto:support@phoeniixx.com\" rel=\"nofollow ugc\">support@phoeniixx.com\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>NOTE\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>  Our plugin support the Multisite Network.\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fblockquote>\n","It is a plugin  which shows you a complete list  of registered users with orders , guest users with orders and customers with zero orders.",40,6528,"2020-01-23T08:56:00.000Z","5.3.21","4.0",[20,63,64,65,66],"manager","phoeniixx","wc","woocommerce-customer-manager","http:\u002F\u002Fwww.phoeniixx.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustomer-manager-for-woocommerce.2.3.zip",85,{"attackSurface":71,"codeSignals":119,"taintFlows":167,"riskAssessment":294,"analyzedAt":306},{"hooks":72,"ajaxHandlers":108,"restRoutes":109,"shortcodes":110,"cronEvents":115,"entryPointCount":14,"unprotectedCount":24},[73,79,82,86,91,94,95,101,104],{"type":74,"name":75,"callback":76,"file":77,"line":78},"action","admin_menu","jp_admin_page","class.customer.php",27,{"type":74,"name":75,"callback":76,"file":80,"line":81},"class.form_settings.php",21,{"type":74,"name":83,"callback":84,"file":80,"line":85},"admin_init","form_register_settings",22,{"type":74,"name":87,"callback":88,"file":89,"line":90},"admin_enqueue_scripts","admin_script","class.jobprogress.php",20,{"type":74,"name":92,"callback":93,"file":89,"line":81},"wp_footer","scripts",{"type":74,"name":75,"callback":76,"file":89,"line":85},{"type":96,"name":97,"callback":98,"file":99,"line":100},"filter","cron_schedules","custom_schedules","class.scheduler.php",19,{"type":74,"name":102,"callback":103,"file":99,"line":78},"jp_token_refresh_hook","update_token",{"type":74,"name":105,"callback":106,"file":99,"line":107},"jb_customer_sync_hook","sync_jp_customer",28,[],[],[111],{"tag":112,"callback":113,"file":77,"line":114},"jobprogress_customer_form_code","cf_short_code",26,[116,117],{"hook":102,"callback":102,"file":99,"line":81},{"hook":105,"callback":105,"file":99,"line":118},25,{"dangerousFunctions":120,"sqlUsage":121,"outputEscaping":127,"fileOperations":24,"externalRequests":162,"nonceChecks":136,"capabilityChecks":24,"bundledLibraries":163},[],{"prepared":122,"raw":14,"locations":123},5,[124],{"file":77,"line":125,"context":126},68,"$wpdb->get_var() with variable interpolation",{"escaped":128,"rawEcho":129,"locations":130},258,14,[131,134,137,139,141,144,146,148,150,152,154,156,158,160],{"file":89,"line":132,"context":133},114,"raw output",{"file":135,"line":136,"context":133},"customer-form-page.php",2,{"file":135,"line":138,"context":133},359,{"file":140,"line":90,"context":133},"customer-index-page.php",{"file":142,"line":143,"context":133},"customer-template.php",42,{"file":142,"line":145,"context":133},72,{"file":147,"line":57,"context":133},"form-settings-index-page.php",{"file":147,"line":149,"context":133},52,{"file":147,"line":151,"context":133},63,{"file":147,"line":153,"context":133},69,{"file":147,"line":155,"context":133},89,{"file":147,"line":157,"context":133},94,{"file":147,"line":159,"context":133},109,{"file":147,"line":161,"context":133},120,4,[164],{"name":165,"version":33,"knownCves":166},"Select2",[],[168,186,226,251,265,275,285],{"entryPoint":169,"graph":170,"unsanitizedCount":14,"severity":36},"show_form (class.customer.php:113)",{"nodes":171,"edges":183},[172,177],{"id":173,"type":174,"label":175,"file":77,"line":176},"n0","source","$_SERVER",117,{"id":178,"type":179,"label":180,"file":77,"line":181,"wp_function":182},"n1","sink","echo() [XSS]",118,"echo",[184],{"from":173,"to":178,"sanitized":185},false,{"entryPoint":187,"graph":188,"unsanitizedCount":136,"severity":36},"authorization (class.jobprogress.php:45)",{"nodes":189,"edges":219},[190,193,197,201,205,211,215,217],{"id":173,"type":174,"label":191,"file":89,"line":192},"$_GET (x2)",62,{"id":178,"type":179,"label":194,"file":89,"line":195,"wp_function":196},"update_option() [Settings Manipulation]",70,"update_option",{"id":198,"type":174,"label":199,"file":89,"line":200},"n2","$_GET['user_id']",77,{"id":202,"type":203,"label":204,"file":89,"line":200},"n3","transform","→ get()",{"id":206,"type":179,"label":207,"file":208,"line":209,"wp_function":210},"n4","wp_remote_get() [SSRF]","class.jp-request.php",15,"wp_remote_get",{"id":212,"type":174,"label":213,"file":89,"line":214},"n5","$_GET",97,{"id":216,"type":203,"label":204,"file":89,"line":214},"n6",{"id":218,"type":179,"label":207,"file":208,"line":209,"wp_function":210},"n7",[220,222,223,224,225],{"from":173,"to":178,"sanitized":221},true,{"from":198,"to":202,"sanitized":185},{"from":202,"to":206,"sanitized":185},{"from":212,"to":216,"sanitized":185},{"from":216,"to":218,"sanitized":185},{"entryPoint":227,"graph":228,"unsanitizedCount":136,"severity":36},"\u003Cclass.jobprogress> (class.jobprogress.php:0)",{"nodes":229,"edges":244},[230,231,232,234,236,237,238,239,240,242],{"id":173,"type":174,"label":191,"file":89,"line":192},{"id":178,"type":179,"label":194,"file":89,"line":195,"wp_function":196},{"id":198,"type":174,"label":175,"file":89,"line":233},307,{"id":202,"type":179,"label":207,"file":89,"line":235,"wp_function":210},337,{"id":206,"type":174,"label":199,"file":89,"line":200},{"id":212,"type":203,"label":204,"file":89,"line":200},{"id":216,"type":179,"label":207,"file":208,"line":209,"wp_function":210},{"id":218,"type":174,"label":213,"file":89,"line":214},{"id":241,"type":203,"label":204,"file":89,"line":214},"n8",{"id":243,"type":179,"label":207,"file":208,"line":209,"wp_function":210},"n9",[245,246,247,248,249,250],{"from":173,"to":178,"sanitized":221},{"from":198,"to":202,"sanitized":221},{"from":206,"to":212,"sanitized":185},{"from":212,"to":216,"sanitized":185},{"from":218,"to":241,"sanitized":185},{"from":241,"to":243,"sanitized":185},{"entryPoint":252,"graph":253,"unsanitizedCount":24,"severity":264},"\u003Cclass.customer> (class.customer.php:0)",{"nodes":254,"edges":261},[255,256,259,260],{"id":173,"type":174,"label":213,"file":77,"line":192},{"id":178,"type":179,"label":257,"file":77,"line":200,"wp_function":258},"get_results() [SQLi]","get_results",{"id":198,"type":174,"label":175,"file":77,"line":176},{"id":202,"type":179,"label":180,"file":77,"line":181,"wp_function":182},[262,263],{"from":173,"to":178,"sanitized":221},{"from":198,"to":202,"sanitized":221},"low",{"entryPoint":266,"graph":267,"unsanitizedCount":24,"severity":264},"\u003Ccustomer-form-page> (customer-form-page.php:0)",{"nodes":268,"edges":273},[269,272],{"id":173,"type":174,"label":270,"file":135,"line":271},"$_SERVER['REQUEST_URI']",33,{"id":178,"type":179,"label":180,"file":135,"line":271,"wp_function":182},[274],{"from":173,"to":178,"sanitized":221},{"entryPoint":276,"graph":277,"unsanitizedCount":24,"severity":264},"\u003Cdisconnect-form> (disconnect-form.php:0)",{"nodes":278,"edges":283},[279,282],{"id":173,"type":174,"label":270,"file":280,"line":281},"disconnect-form.php",7,{"id":178,"type":179,"label":180,"file":280,"line":281,"wp_function":182},[284],{"from":173,"to":178,"sanitized":221},{"entryPoint":286,"graph":287,"unsanitizedCount":14,"severity":293},"index (class.customer.php:61)",{"nodes":288,"edges":291},[289,290],{"id":173,"type":174,"label":213,"file":77,"line":192},{"id":178,"type":179,"label":257,"file":77,"line":200,"wp_function":258},[292],{"from":173,"to":178,"sanitized":185},"high",{"summary":295,"deductions":296},"The plugin \"contractor-contact-form-website-to-workflow-tool\" version 4.5.0 exhibits a generally good security posture with a strong emphasis on secure coding practices. The high percentage of prepared statements for SQL queries and the exceptional rate of output escaping (95%) are commendable. The limited attack surface, with no unprotected entry points, further bolsters its security.\n\nHowever, there are areas for concern. The taint analysis reveals a high number of flows with unsanitized paths, specifically one classified as high severity. While the plugin has a history of a single medium-severity Cross-Site Scripting vulnerability, this new taint flow warrants careful investigation. The absence of capability checks on any entry points, while not directly exploitable due to the lack of unprotected entry points, represents a missed opportunity for robust access control.\n\nOverall, the plugin is well-developed with good security hygiene. The primary risks stem from the identified unsanitized taint flows. The historical vulnerability, though patched and of medium severity, suggests that input sanitization should remain a focus. The lack of capability checks, while not an immediate critical flaw, is a weakness that could be exploited if the attack surface were to expand or authentication mechanisms were to fail.",[297,300,302,304],{"reason":298,"points":299},"High severity unsanitized taint flow",12,{"reason":301,"points":122},"Flows with unsanitized paths detected",{"reason":303,"points":162},"No capability checks on entry points",{"reason":305,"points":281},"History of medium severity XSS vulnerability","2026-03-16T21:41:19.197Z",{"wat":308,"direct":321},{"assetPaths":309,"generatorPatterns":314,"scriptPaths":315,"versionParams":316},[310,311,312,313],"\u002Fwp-content\u002Fplugins\u002Fcontractor-contact-form-website-to-workflow-tool\u002Fasset\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fcontractor-contact-form-website-to-workflow-tool\u002Fasset\u002Fjs\u002Fscripts.js","\u002Fwp-content\u002Fplugins\u002Fcontractor-contact-form-website-to-workflow-tool\u002Fasset\u002Fjs\u002Fjquery.validate.min.js","\u002Fwp-content\u002Fplugins\u002Fcontractor-contact-form-website-to-workflow-tool\u002Fasset\u002Fjs\u002Fjquery.form.js",[],[311,312,313],[317,318,319,320],"contractor-contact-form-website-to-workflow-tool\u002Fasset\u002Fcss\u002Fstyle.css?ver=","contractor-contact-form-website-to-workflow-tool\u002Fasset\u002Fjs\u002Fscripts.js?ver=","contractor-contact-form-website-to-workflow-tool\u002Fasset\u002Fjs\u002Fjquery.validate.min.js?ver=","contractor-contact-form-website-to-workflow-tool\u002Fasset\u002Fjs\u002Fjquery.form.js?ver=",{"cssClasses":322,"htmlComments":328,"htmlAttributes":331,"restEndpoints":334,"jsGlobals":336,"shortcodeOutput":339},[323,324,325,326,327],"jp-contact-form","jp-form-group","jp-form-control","jp-btn","jp-btn-primary",[329,330],"\u003C!-- This is a contact form plugin -->","\u003C!-- You can customize the form fields in the plugin settings -->",[332,333],"data-plugin-name=\"contractor-contact-form\"","data-plugin-version=\"4.5.0\"",[335],"\u002Fwp-json\u002Fjp-contact-form\u002Fv1\u002Fsubmit",[337,338],"window.jpFormSettings","var jp_submit_url",[340,341,342,343,344,341,345,346,344,341,347,348,344,349,350],"\u003Cform class=\"jp-contact-form\" method=\"post\">","\u003Cdiv class=\"jp-form-group\">","\u003Clabel for=\"jp-field-name\">Name:\u003C\u002Flabel>","\u003Cinput type=\"text\" id=\"jp-field-name\" name=\"name\" required>","\u003C\u002Fdiv>","\u003Clabel for=\"jp-field-email\">Email:\u003C\u002Flabel>","\u003Cinput type=\"email\" id=\"jp-field-email\" name=\"email\" required>","\u003Clabel for=\"jp-field-message\">Message:\u003C\u002Flabel>","\u003Ctextarea id=\"jp-field-message\" name=\"message\" required>\u003C\u002Ftextarea>","\u003Cbutton type=\"submit\" class=\"jp-btn jp-btn-primary\">Submit\u003C\u002Fbutton>","\u003C\u002Fform>"]