[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fW8CxAwRwW5fkCa98U9b2n89-me78EnkUggvARnG1bDk":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":139,"fingerprints":246},"easy-captcha-by-croitre","Easy Captcha by Croitre","0.0.2","S R Tayade","https:\u002F\u002Fprofiles.wordpress.org\u002Fsushanttayade123\u002F","\u003Cp>Easy Captcha plugin is basic captcha plugin to prevent spam submissions. Using Shortcode you can show Mathematical Expression to be solved in your form to prevent spam.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Admin can specify where the captcha should be displayed i.e, comments, login, registration or lost password form.\u003C\u002Fli>\n\u003Cli>Admin can select arithmetic operations from available options – Addition, Subtraction or Multiplication.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Note\u003C\u002Fh4>\n\u003Col>\n\u003Cli>By default ‘Addition (+)’ operation is enabled. It’s recommended to keep at least one option selected at any point of time.\u003C\u002Fli>\n\u003Cli>If you find any bugs, kindly report here: https:\u002F\u002Fgithub.com\u002FSushantRT\u002Feasy-captcha\u002Fissues\u003C\u002Fli>\n\u003C\u002Fol>\n","Adds Mathematical Captcha to be solved in your form to prevent spam.",20,1225,0,"2020-02-27T05:00:00.000Z","5.3.21","5.3.2","7.2",[19,20,21,22,23],"arithmetic-captcha","captcha","captcha-code","math-captcha","wordpress-captcha","https:\u002F\u002Fcroitresoftwares.com\u002Fplugins\u002Feasy-captcha\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-captcha-by-croitre.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"sushanttayade123",1,30,84,"2026-04-04T16:04:34.902Z",[37,61,80,101,119],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":57,"download_link":58,"security_score":59,"vuln_count":32,"unpatched_count":13,"last_vuln_date":60,"fetched_at":28},"ds-cf7-math-captcha","DS CF7 Math Captcha","3.1.0","dotsquares","https:\u002F\u002Fprofiles.wordpress.org\u002Fdotsvijay\u002F","\u003Ch3>Form Stop Spam Emails – A permanent solution to stop spam emails\u003C\u002Fh3>\n\u003Cp>“DS CF7 Math Captcha” plugin gives functionality of prevent unwanted spam to your contact form 7. Contact Form 7 plugin is most widely used by many users so this plugin helps to prevent unwanted spam from website that has been created by Contact Form 7 plugin. This plugin is very much effective to stop form spam for Contact Form 7 plugin.\u003C\u002Fp>\n\u003Ch4>The plugin has been tested with the latest version (6.1) of Contact Form 7\u003C\u002Fh4>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Math Captcha\u003C\u002Fli>\n\u003Cli>Refresh Math Captcha\u003C\u002Fli>\n\u003Cli>Available Translations – English (US), French, Hindi, Spanish and German\u003C\u002Fli>\n\u003C\u002Ful>\n","\"DS CF7 Math Captcha\" is a math captcha with refresh captcha functionality to prevent unwanted spam for your contact form 7 plugin.",30000,71414,100,8,"2026-02-19T10:26:00.000Z","6.9.4","6.5","7.4",[20,54,55,56,22],"contact-form-7","contact-form-7-addon","contact-form-7-captcha","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fds-cf7-math-captcha.3.1.0.zip",99,"2024-09-05 00:00:00",{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":47,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":57,"tags":75,"homepage":57,"download_link":79,"security_score":47,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"cf7-advance-security","Contact Form 7 Spam Killer","1.8","WP-EXPERTS.IN","https:\u002F\u002Fprofiles.wordpress.org\u002Findia-web-developer\u002F","\u003Cp>“Contact Form 7 Spam Killer” is a advance spam blocker that will help to prevent unwanted spam for your Contact Form 7 plugin.\u003C\u002Fp>\n\u003Ch3>Form Spam Killer – A permanent solution to stop spam emails from your wordpress website\u003C\u002Fh3>\n\u003Cp>“Contact Form 7 Spam Killer” plugin gives double layer security to your contact form 7. This plugin is very effective to stop machine and human spam for Contact Form 7 plugin. This plugin helps you to prevent unwanted spam from all forms of the website that has been created by Contact Form 7 plugin. As Form 7 is most popular contact form plugin and many users faced the spam issue with this form so we have created this plugin to give a permanent solution from spam emails issue.\u003C\u002Fp>\n\u003Ch4>Plugin tested with latest version 6.1 of Form 7\u003C\u002Fh4>\n\u003Cp>Do You Have Any Query? \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wp-experts.in\u002Fcontact-us\u002F?utm_source=wordpress.org&utm_medium=free-plugin&utm_campaign=form7spam-killer\" rel=\"nofollow ugc\">Submit here\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Math Captcha\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Hidden Captcha (Honeypot)\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FPwnoLegw0sM?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","\"Contact Form 7 Spam Killer\" is a advance spam blocker that will help to prevent unwanted spam for your Contact Form 7 plugin.",4000,29565,4,"2025-07-09T12:41:00.000Z","6.8.5","5.6",[76,54,56,77,78],"cf7-math-captcha","form-7-spam-stoper","form-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcf7-advance-security.1.8.zip",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":90,"num_ratings":91,"last_updated":92,"tested_up_to":93,"requires_at_least":94,"requires_php":57,"tags":95,"homepage":99,"download_link":100,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"math-captcha-for-elementor-forms","Math Captcha for Elementor Forms","1.1.0","albanotoska","https:\u002F\u002Fprofiles.wordpress.org\u002Falbanotoska\u002F","\u003Cblockquote>\n\u003Cp>\n        \u003Cstrong>BS Math Captcha for Elementor Forms\u003C\u002Fstrong>\n    \u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>BS Math Captcha for Elementor Forms is a simple plugin that add a math captcha to every elementor forms you have on your site. You can just install the plugin, activate it and that’s it. The captcha will appear automatically on all your Elementor Forms. This is made possible by jquery plugin ebcaptcha. Special thanks to the developer.\u003Cbr \u002F>\n– Make sure to check also this other jQuery plugin which runs jquery when an element is visible, useful for popup forms \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fuzairfarooq\u002Farrive\" rel=\"nofollow ugc\"> arrive.js \u003C\u002Fa>\u003Cbr \u002F>\n\u003Cem>NOTICE\u003C\u002Fem> : You need to have Elementor Pro for this plugin to work\u003C\u002Fp>\n\u003Ch3>Quick Links\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Falbanotoska.com\u002Fbsbanners\u002Fbs-math-captcha-for-elementor-forms\u002F\" rel=\"nofollow ugc\">Demo (Features)\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Falbanotoska.com\u002F#contact\" rel=\"nofollow ugc\">Contact Us\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbs-banners\u002F\" rel=\"ugc\">My other plugin on WordPress.org\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cul>\n\u003Cli>Easy to use\u003C\u002Fli>\n\u003Cli>Lightweight plugin\u003C\u002Fli>\n\u003Cli>Elementor full Support\u003C\u002Fli>\n\u003Cli>Super easy Installation\u003C\u002Fli>\n\u003Cli>100% Responsive\u003C\u002Fli>\n\u003Cli>Easy and Fast to Setup\u003C\u002Fli>\n\u003Cli>All Major browser supported\u003C\u002Fli>\n\u003C\u002Ful>\n","Wordpress Plugin that will add a simple match captcha to your Elementor Forms.",3000,21120,80,13,"2021-10-08T09:54:00.000Z","5.8.13","3.5",[20,96,22,97,98],"elementor","recaptcha","wordpress-plugin","https:\u002F\u002Falbanotoska.com\u002Fbsbanners\u002Fbs-math-captcha-for-elementor-forms\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmath-captcha-for-elementor-forms.1.1.0.zip",{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":47,"num_ratings":32,"last_updated":111,"tested_up_to":73,"requires_at_least":112,"requires_php":57,"tags":113,"homepage":117,"download_link":118,"security_score":47,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"sk-wp-admin-login-captcha","SKP WP Admin Login Captcha","1.0.5","Sandeep Kumar","https:\u002F\u002Fprofiles.wordpress.org\u002Fsk335577\u002F","\u003Cp>Simple, Lightweightht and User Friendly plugin to secure your wordpress admin panel by adding captcha on the login page.\u003C\u002Fp>\n\u003Cp>Features:\u003Cbr \u002F>\n*   Mathematical Captcha\u003Cbr \u002F>\n*   Google reCAPTCHA V2\u003Cbr \u002F>\n*   Google reCAPTCHA V3\u003C\u002Fp>\n","Add Google or Mathematical captcha on wordpress login page",1000,4217,"2025-05-10T08:43:00.000Z","3.1",[20,114,115,22,116],"google-captcha","login-captcha","wordpress-admin-captcha","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsk-wp-admin-login-captcha\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsk-wp-admin-login-captcha.zip",{"slug":120,"name":121,"version":122,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":47,"downloaded":127,"rating":47,"num_ratings":128,"last_updated":129,"tested_up_to":130,"requires_at_least":131,"requires_php":132,"tags":133,"homepage":137,"download_link":138,"security_score":47,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"mimi-captcha","Mimi Captcha","0.7.0","stevenjoezhang","https:\u002F\u002Fprofiles.wordpress.org\u002Fstevenjoezhang\u002F","\u003Cp>在 WordPress 登陆、注册或评论表单中加入验证码，支持字母、数字、中文和算术形式。用户需要输入验证码才可以进行进一步操作，这可以有效阻止机器人发表垃圾评论或暴力破解密码，增加安全性。\u003Cbr \u002F>\n如果需要在登陆密码输错若干次后限制该 IP 登陆，或拉入黑名单，可以将本插件配合 Limit Login Attempts Reloaded 插件使用。\u003Cbr \u002F>\nAdds Captcha code anti-spam methods to WordPress forms. Forms include login form, registration form, lost password form and comments form. In order to post comments or register, users will have to type in the code shown on the image. This prevents spam from automated bots, and increase security.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\n\u003Cp>管理员可以设置在哪些情况下需要输入验证码。\u003Cbr \u002F>\nAdministrator can specify where the Captcha should be displayed.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>管理员可以选择验证码的字符类型：字母、数字、混合或者中文。\u003Cbr \u002F>\nAdministrator can select the Captcha type from the options available – Alphanumeric, Alphabets, Numbers or Chinese characters.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>管理员可以选择验证码的字母类型：大写、小写或大小写混合。\u003Cbr \u002F>\nAdministrator can select the letters type from the options available – Capital letters, Small letters or Both.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\n\u003Cp>生成验证码的 ‘imagettftext()’ 函数需要 gd 库和 FreeType 支持。您可以通过执行 ‘php -m’ 或 ‘phpinfo()’ 检查 php 是否具有此拓展，以确保验证码能够正确显示。\u003Cbr \u002F>\nPHP gd2 extension is required. You can run ‘php -m’ or use ‘phpinfo()’ to check if it’s installed properly.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>为了避免出现安全问题，建议将 PHP 更新至 7.4 以上的版本，WordPress 更新至最新版本。\u003Cbr \u002F>\nUpgrade your PHP and WordPress to the latest version to avoid security vulnerabilities.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>感谢您下载安装这个插件。您可以通过氪金来支持我们继续开发。博客页面：\u003Cbr \u002F>\nThanks for downloading and installing this plugin. You can show your appreciation and support future development by donating. Blog page:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fzhangshuqiao.org\u002F2018-07\u002FWordPress中文验证码\u002F\" rel=\"nofollow ugc\">WordPress中文验证码\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Development\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\n\u003Cp>Active development of this plugin is handled \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fstevenjoezhang\u002Fmimi-captcha\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Translation of the plugin into different languages is on the \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fmimi-captcha\" rel=\"nofollow ugc\">translation page\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Note\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\n\u003Cp>如果您发现了任何 BUG，请通过上方的 GitHub 仓库页面进行报告，这样我们才能尽快修正。\u003Cbr \u002F>\nIf you find any bugs, please report in the GitHub repository above, so that it will be fixed as soon as possible.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>如果您认为可以增加新功能，请通过上方的 GitHub 仓库页面给我们建议。\u003Cbr \u002F>\nIf you think any feature adding to this plugin can improve its features, please recommend it in the GitHub repository above.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Known Issues\u003C\u002Fh3>\n\u003Cp>本插件使用了 SESSION 存储用户信息，这可能造成性能瓶颈。建议通过在 php.ini 中设置 session.save_handler 为 redis 或 memcached（均需要安装拓展），以提升性能。\u003Cbr \u002F>\nThis plugin uses SESSION to save user information, you can configure redis or memcached server in your php.ini for better performance.\u003C\u002Fp>\n\u003Ch3>TODO List\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\n\u003Cp>设置黑名单（根据用户名，或者 IP 地址）\u003Cbr \u002F>\nBlocklist\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>允许用户选择下载字体库\u003Cbr \u002F>\nProvide more user selectable fonts\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>本项目从 Vinoj Cardoza 的 Captcha Code，BestWebSoft 的 Google Captcha 和 Sola 的 User Generate Password 插件中获得了灵感。这些项目的重要信息摘录如下：\u003Cbr \u002F>\nThis plugin is inspired by some other plugins. More information about them is listed below:\u003C\u002Fp>\n\u003Cp>Plugin Name: Captcha Code\u003Cbr \u002F>\nPlugin URI: https:\u002F\u002Fcn.wordpress.org\u002Fplugins\u002Fcaptcha-code-authentication\u002F\u003Cbr \u002F>\nDescription: Adds Captcha Code anti-spam methods to User front-end WordPress forms.\u003Cbr \u002F>\nAuthor: Vinoj Cardoza\u003Cbr \u002F>\nAuthor URI: https:\u002F\u002Fwww.cardozatechnologies.com\u003Cbr \u002F>\nLicense: GPL2\u003C\u002Fp>\n\u003Cp>Plugin Name: Google Captcha (reCAPTCHA) by BestWebSoft\u003Cbr \u002F>\nPlugin URI: https:\u002F\u002Fcn.wordpress.org\u002Fplugins\u002Fgoogle-captcha\u002F\u003Cbr \u002F>\nDescription: Protect WordPress website forms from spam entries with Google Captcha (reCaptcha).\u003Cbr \u002F>\nAuthor: BestWebSoft\u003Cbr \u002F>\nAuthor URI: https:\u002F\u002Fbestwebsoft.com\u003Cbr \u002F>\nLicense: GPLv3 or later\u003C\u002Fp>\n\u003Cp>Plugin Name: User Generate Password\u003Cbr \u002F>\nPlugin URI: https:\u002F\u002Fwww.solagirl.net\u002Fwordpress-user-generate-password.html\u003Cbr \u002F>\nDescription: Let user enter password instead of generated by WordPress when sign up. 用户注册时可以输入密码。\u003Cbr \u002F>\nAuthor: Sola\u003Cbr \u002F>\nAuthor URI: https:\u002F\u002Fwww.solagirl.net\u003Cbr \u002F>\nLicense: Unknown\u003C\u002Fp>\n","简洁的中文验证码插件。在 WordPress 登陆、注册或评论表单中加入验证码，支持字母、数字、中文和算术形式。 Adds Captcha Code anti-spam methods to WordPress forms. Supports numbers, alphabets and Chine &hellip;",7738,2,"2025-04-06T15:33:00.000Z","6.7.5","3.7","8.1",[20,21,134,135,136],"forms-captcha","security","text-captcha","https:\u002F\u002Fgithub.com\u002Fstevenjoezhang\u002Fmimi-captcha","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmimi-captcha.0.7.0.zip",{"attackSurface":140,"codeSignals":176,"taintFlows":203,"riskAssessment":229,"analyzedAt":245},{"hooks":141,"ajaxHandlers":160,"restRoutes":168,"shortcodes":169,"cronEvents":174,"entryPointCount":175,"unprotectedCount":128},[142,148,152,156],{"type":143,"name":144,"callback":145,"file":146,"line":147},"action","admin_menu","register_ccs_easy_cap_settings_page","ccs-easy-captcha.php",76,{"type":143,"name":149,"callback":150,"file":146,"line":151},"admin_init","ccs_easycap_register_settings",154,{"type":143,"name":153,"callback":154,"file":146,"line":155},"wp_footer","ccs_easycap_ajaxscript",163,{"type":143,"name":157,"callback":158,"file":146,"line":159},"template_redirect","ccs_verify_captcha",221,[161,165],{"action":162,"nopriv":163,"callback":162,"hasNonce":163,"hasCapCheck":163,"file":146,"line":164},"ccs_verify_captcha_js",false,295,{"action":162,"nopriv":166,"callback":162,"hasNonce":163,"hasCapCheck":163,"file":146,"line":167},true,296,[],[170],{"tag":171,"callback":172,"file":146,"line":173},"ccs_easy_captcha","ccs_easy_captcha_show_fields",207,[],3,{"dangerousFunctions":177,"sqlUsage":178,"outputEscaping":180,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":202},[],{"prepared":13,"raw":13,"locations":179},[],{"escaped":32,"rawEcho":181,"locations":182},11,[183,186,188,189,191,192,194,196,198,199,201],{"file":146,"line":184,"context":185},120,"raw output",{"file":146,"line":187,"context":185},240,{"file":146,"line":187,"context":185},{"file":146,"line":190,"context":185},241,{"file":146,"line":190,"context":185},{"file":146,"line":193,"context":185},243,{"file":146,"line":195,"context":185},248,{"file":146,"line":197,"context":185},251,{"file":146,"line":197,"context":185},{"file":146,"line":200,"context":185},252,{"file":146,"line":200,"context":185},[],[204,221],{"entryPoint":205,"graph":206,"unsanitizedCount":32,"severity":220},"ccs_verify_captcha (ccs-easy-captcha.php:214)",{"nodes":207,"edges":218},[208,213],{"id":209,"type":210,"label":211,"file":146,"line":212},"n0","source","$_SERVER['HTTP_REFERER']",217,{"id":214,"type":215,"label":216,"file":146,"line":212,"wp_function":217},"n1","sink","header() [Header Injection]","header",[219],{"from":209,"to":214,"sanitized":163},"medium",{"entryPoint":222,"graph":223,"unsanitizedCount":32,"severity":220},"\u003Cccs-easy-captcha> (ccs-easy-captcha.php:0)",{"nodes":224,"edges":227},[225,226],{"id":209,"type":210,"label":211,"file":146,"line":212},{"id":214,"type":215,"label":216,"file":146,"line":212,"wp_function":217},[228],{"from":209,"to":214,"sanitized":163},{"summary":230,"deductions":231},"The \"easy-captcha-by-croitre\" plugin version 0.0.2 exhibits a mixed security posture. While it demonstrates good practices by not using dangerous functions, avoiding file operations, external HTTP requests, and utilizing prepared statements for all SQL queries, significant concerns arise from its attack surface and output escaping. The plugin exposes two AJAX handlers without any authentication or capability checks, creating a direct pathway for unauthorized actions. Furthermore, a substantial portion of output (92%) is not properly escaped, leaving it vulnerable to Cross-Site Scripting (XSS) attacks.\n\nThe taint analysis reveals two flows with unsanitized paths, which, although not classified as critical or high severity in this specific analysis, point to potential vulnerabilities if user-supplied data is not handled with extreme care before being used in sensitive operations. The absence of any known vulnerabilities in its history is a positive indicator, suggesting that the current codebase might be relatively clean or has not been extensively targeted. However, this does not negate the immediate risks identified in the static analysis.\n\nIn conclusion, the plugin's lack of authentication on AJAX endpoints and inadequate output escaping are major security weaknesses that overshadow its positive aspects. While the absence of historical vulnerabilities is encouraging, the identified code signals present real and exploitable risks that require immediate attention. The potential for XSS and unauthorized actions via unprotected AJAX calls makes this plugin a moderate to high risk, despite its otherwise clean code in other areas.",[232,235,237,240,243],{"reason":233,"points":234},"Unprotected AJAX handlers",10,{"reason":236,"points":48},"Insufficient output escaping",{"reason":238,"points":239},"Flows with unsanitized paths",5,{"reason":241,"points":242},"Missing nonce checks on AJAX",7,{"reason":244,"points":242},"Missing capability checks on AJAX","2026-03-16T22:48:20.548Z",{"wat":247,"direct":252},{"assetPaths":248,"generatorPatterns":249,"scriptPaths":250,"versionParams":251},[],[],[],[],{"cssClasses":253,"htmlComments":255,"htmlAttributes":256,"restEndpoints":258,"jsGlobals":259,"shortcodeOutput":262},[254],"ccs-easycap-blinking",[],[257],"name=\"ccs_ps_ans\"",[],[260,261],"ccs_easycap_tok_secret","ccs_easycap_ans_secret",[263,264],"\u003Cdiv class=\"form-group\">\n\t\t\u003Clabel class=\"control-label col-sm-4\" for=\"ccs_ps_ans\">","'\u003Cinput name=\""]