[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fC6aOWrlfaBNTGSn3AhSNUY2WlbVjS2ikbKV4Z_k8WLE":3,"$f4DuHEUNI4tJ4sFdazrwcDgs1ZnVR0TmoBUm9NDt7k24":376,"$fTEpSxUQb1ZGIrA0G2mJyq_kf6RfhiqduUFRDP_sYi_4":380},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"discovery_status":31,"vulnerabilities":32,"developer":58,"crawl_stats":38,"alternatives":66,"analysis":67,"fingerprints":352},"echosign","Echo Sign","1.4.1","Smackcoders Inc.,","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmackcoders\u002F","\u003Cp>Since Echo Sign was acquired and migrated as Adobe Esign, the plugin is discontinued and no longer supported.\u003C\u002Fp>\n\u003Cp>Echo Sign plugin is a simple integration of Adobe e signature Echo Sign features to your wordpress. Get complete guide on \u003Ca href=\"https:\u002F\u002Fwww.smackcoders.com\u002Fblog\u002Fadobe-echosign-wordpress.html\" rel=\"nofollow ugc\">Adobe Echo Sign WordPress plugin\u003C\u002Fa> here.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Plugin used to send PDF to users to get their electronic signature or details from user\u002Freceiver\u003C\u002Fli>\n\u003Cli>User has to create PDF using this link (https:\u002F\u002Fwww.EchoSign.adobe.com\u002Fen\u002Fhome.html)\u003C\u002Fli>\n\u003Cli>Upload created Document to Plugin. Then User can send mail to any users to get sign or details\u003C\u002Fli>\n\u003Cli>Users can see the status of the Document (Sent or Seen or Signed etc)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Read more here for complete info about \u003Ca href=\"https:\u002F\u002Fwww.smackcoders.com\u002Fblog\u002Fadobe-echosign-wordpress.html\" rel=\"nofollow ugc\">Adobe Echo Sign WordPress plugin\u003C\u002Fa> instruction and tutorial\u003C\u002Fp>\n\u003Cul>\n\u003Cli>What Echo Sign plugin can do?\u003C\u002Fli>\n\u003Cli>Simple steps to use Adobe EchoSign WordPress plugin\u003C\u002Fli>\n\u003Cli>To Get Adobe EchoSign API key\u003C\u002Fli>\n\u003Cli>How to obtain Adobe EchoSign developer API key\u003C\u002Fli>\n\u003Cli>How to install the EchoSign WordPress Plugin\u003C\u002Fli>\n\u003Cli>More links and references\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Let us know your feedback, feature suggestion etc., here –\u003C\u002Fp>\n","License: GPLv2 or later Echo Sign plugin is discontinued and no longer supported",10,3021,80,3,"2020-04-02T19:09:00.000Z","4.6.30","",[19,20,21,22,23],"digitallysignpdf","echo-sign","electronicsignaturespdf","howtoelectronicallysign","howtosignelectronically","https:\u002F\u002Fwww.smackcoders.com\u002Fwp-ultimate-csv-importer-pro.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fechosign.1.4.1.zip",84,2,0,"2016-04-21 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[33,51],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":29,"updated_date":45,"references":46,"days_to_patch":48,"patch_diff_files":49,"patch_trac_url":38,"research_status":38,"research_verified":50,"research_rounds_completed":28,"research_plan":38,"research_summary":38,"research_vulnerable_code":38,"research_fix_diff":38,"research_exploit_outline":38,"research_model_used":38,"research_started_at":38,"research_completed_at":38,"research_error":38,"poc_status":38,"poc_video_id":38,"poc_summary":38,"poc_steps":38,"poc_tested_at":38,"poc_wp_version":38,"poc_php_version":38,"poc_playwright_script":38,"poc_exploit_code":38,"poc_has_trace":50,"poc_model_used":38,"poc_verification_depth":38},"CVE-2016-10985","echo-sign-reflected-cross-site-scripting","Echo Sign \u003C 1.2 - Reflected Cross-Site Scripting","The echosign plugin before 1.2 for WordPress has XSS via the templates\u002Fadd_templates.php id parameter.",null,"\u003C1.2","1.2","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-01-22 19:56:02",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fa3302110-60ae-4ad1-8a8c-3511027da3a8?source=api-prod",2833,[],false,{"id":52,"url_slug":53,"title":36,"description":54,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":29,"updated_date":45,"references":55,"days_to_patch":48,"patch_diff_files":57,"patch_trac_url":38,"research_status":38,"research_verified":50,"research_rounds_completed":28,"research_plan":38,"research_summary":38,"research_vulnerable_code":38,"research_fix_diff":38,"research_exploit_outline":38,"research_model_used":38,"research_started_at":38,"research_completed_at":38,"research_error":38,"poc_status":38,"poc_video_id":38,"poc_summary":38,"poc_steps":38,"poc_tested_at":38,"poc_wp_version":38,"poc_php_version":38,"poc_playwright_script":38,"poc_exploit_code":38,"poc_has_trace":50,"poc_model_used":38,"poc_verification_depth":38},"CVE-2016-10984","echo-sign-reflected-cross-site-scripting-2","The echosign plugin before 1.2 for WordPress has XSS via the inc.php page parameter.",[56],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff3fc1686-06a0-4d48-bb79-470e63cd3600?source=api-prod",[],{"slug":59,"display_name":7,"profile_url":8,"plugin_count":60,"total_installs":61,"avg_security_score":62,"avg_patch_time_days":63,"trust_score":64,"computed_at":65},"smackcoders",23,39580,88,946,71,"2026-05-19T20:00:36.322Z",[],{"attackSurface":68,"codeSignals":105,"taintFlows":209,"riskAssessment":337,"analyzedAt":351},{"hooks":69,"ajaxHandlers":87,"restRoutes":97,"shortcodes":98,"cronEvents":103,"entryPointCount":104,"unprotectedCount":14},[70,76,80,84],{"type":71,"name":72,"callback":73,"file":74,"line":75},"action","admin_notices","admin_notice_echosign","echosign.php",65,{"type":71,"name":77,"callback":78,"file":74,"line":79},"admin_menu","wp_echosign_menu",76,{"type":71,"name":81,"callback":82,"file":74,"line":83},"admin_init","echosign_scripts",79,{"type":71,"name":85,"callback":86,"file":74,"line":13},"wp_enqueue_scripts","echosign_frontend_scripts",[88,91,94],{"action":89,"nopriv":50,"callback":89,"hasNonce":50,"hasCapCheck":50,"file":74,"line":90},"echosign_return_script",81,{"action":92,"nopriv":50,"callback":92,"hasNonce":50,"hasCapCheck":50,"file":74,"line":93},"echosignaddNewRow",524,{"action":95,"nopriv":50,"callback":95,"hasNonce":50,"hasCapCheck":50,"file":74,"line":96},"echosignaddNewCustomRow",546,[],[99],{"tag":100,"callback":101,"file":74,"line":102},"echosign_template","process_echosign_template",494,[],4,{"dangerousFunctions":106,"sqlUsage":107,"outputEscaping":109,"fileOperations":104,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":208},[],{"prepared":28,"raw":28,"locations":108},[],{"escaped":110,"rawEcho":111,"locations":112},90,53,[113,116,118,121,123,125,127,129,131,134,136,137,139,141,142,144,145,146,148,149,150,152,153,155,156,157,159,161,163,165,167,168,170,172,174,176,179,181,182,183,185,186,187,190,191,192,194,197,200,202,204,206,207],{"file":74,"line":114,"context":115},521,"raw output",{"file":74,"line":117,"context":115},542,{"file":119,"line":120,"context":115},"inc.php",173,{"file":119,"line":122,"context":115},177,{"file":119,"line":124,"context":115},209,{"file":119,"line":126,"context":115},241,{"file":119,"line":128,"context":115},263,{"file":119,"line":130,"context":115},275,{"file":132,"line":133,"context":115},"templates\\add_templates.php",43,{"file":132,"line":135,"context":115},50,{"file":132,"line":64,"context":115},{"file":132,"line":138,"context":115},72,{"file":132,"line":140,"context":115},73,{"file":132,"line":140,"context":115},{"file":132,"line":143,"context":115},75,{"file":132,"line":143,"context":115},{"file":132,"line":79,"context":115},{"file":132,"line":147,"context":115},82,{"file":132,"line":147,"context":115},{"file":132,"line":147,"context":115},{"file":132,"line":151,"context":115},86,{"file":132,"line":151,"context":115},{"file":132,"line":154,"context":115},87,{"file":132,"line":154,"context":115},{"file":132,"line":110,"context":115},{"file":132,"line":158,"context":115},98,{"file":132,"line":160,"context":115},99,{"file":132,"line":162,"context":115},101,{"file":132,"line":164,"context":115},102,{"file":132,"line":166,"context":115},105,{"file":132,"line":166,"context":115},{"file":132,"line":169,"context":115},109,{"file":132,"line":171,"context":115},110,{"file":132,"line":173,"context":115},113,{"file":132,"line":175,"context":115},123,{"file":177,"line":178,"context":115},"templates\\form_sequence.php",41,{"file":177,"line":180,"context":115},48,{"file":177,"line":135,"context":115},{"file":177,"line":111,"context":115},{"file":177,"line":184,"context":115},58,{"file":177,"line":184,"context":115},{"file":177,"line":184,"context":115},{"file":188,"line":189,"context":115},"templates\\list_groups.php",103,{"file":188,"line":166,"context":115},{"file":188,"line":166,"context":115},{"file":188,"line":193,"context":115},107,{"file":195,"line":196,"context":115},"templates\\list_templates.php",148,{"file":198,"line":199,"context":115},"templates\\settings.php",56,{"file":198,"line":201,"context":115},62,{"file":198,"line":203,"context":115},78,{"file":198,"line":205,"context":115},92,{"file":198,"line":205,"context":115},{"file":198,"line":205,"context":115},[],[210,227,236,250,263,279,289,298,315,325],{"entryPoint":211,"graph":212,"unsanitizedCount":226,"severity":41},"echosignaddNewRow (echosign.php:498)",{"nodes":213,"edges":224},[214,219],{"id":215,"type":216,"label":217,"file":74,"line":218},"n0","source","$_REQUEST",501,{"id":220,"type":221,"label":222,"file":74,"line":114,"wp_function":223},"n1","sink","echo() [XSS]","echo",[225],{"from":215,"to":220,"sanitized":50},1,{"entryPoint":228,"graph":229,"unsanitizedCount":226,"severity":41},"echosignaddNewCustomRow (echosign.php:526)",{"nodes":230,"edges":234},[231,233],{"id":215,"type":216,"label":217,"file":74,"line":232},528,{"id":220,"type":221,"label":222,"file":74,"line":117,"wp_function":223},[235],{"from":215,"to":220,"sanitized":50},{"entryPoint":237,"graph":238,"unsanitizedCount":27,"severity":249},"echosign_return_script (echosign.php:159)",{"nodes":239,"edges":247},[240,243],{"id":215,"type":216,"label":241,"file":74,"line":242},"$_REQUEST (x2)",162,{"id":220,"type":221,"label":244,"file":74,"line":245,"wp_function":246},"update_option() [Settings Manipulation]",182,"update_option",[248],{"from":215,"to":220,"sanitized":50},"low",{"entryPoint":251,"graph":252,"unsanitizedCount":104,"severity":249},"\u003Cechosign> (echosign.php:0)",{"nodes":253,"edges":260},[254,255,256,258],{"id":215,"type":216,"label":241,"file":74,"line":242},{"id":220,"type":221,"label":244,"file":74,"line":245,"wp_function":246},{"id":257,"type":216,"label":241,"file":74,"line":218},"n2",{"id":259,"type":221,"label":222,"file":74,"line":114,"wp_function":223},"n3",[261,262],{"from":215,"to":220,"sanitized":50},{"from":257,"to":259,"sanitized":50},{"entryPoint":264,"graph":265,"unsanitizedCount":226,"severity":249},"eor_hr_forms_section (inc.php:16)",{"nodes":266,"edges":275},[267,269,271,274],{"id":215,"type":216,"label":217,"file":119,"line":268},66,{"id":220,"type":221,"label":244,"file":119,"line":270,"wp_function":246},104,{"id":257,"type":216,"label":272,"file":119,"line":273},"$_REQUEST['page']",183,{"id":259,"type":221,"label":222,"file":119,"line":273,"wp_function":223},[276,277],{"from":215,"to":220,"sanitized":50},{"from":257,"to":259,"sanitized":278},true,{"entryPoint":280,"graph":281,"unsanitizedCount":226,"severity":249},"echosign_templates (inc.php:195)",{"nodes":282,"edges":287},[283,286],{"id":215,"type":216,"label":284,"file":119,"line":285},"$_POST['api_key']",207,{"id":220,"type":221,"label":244,"file":119,"line":285,"wp_function":246},[288],{"from":215,"to":220,"sanitized":50},{"entryPoint":290,"graph":291,"unsanitizedCount":226,"severity":249},"echosign_settings (inc.php:250)",{"nodes":292,"edges":296},[293,295],{"id":215,"type":216,"label":284,"file":119,"line":294},261,{"id":220,"type":221,"label":244,"file":119,"line":294,"wp_function":246},[297],{"from":215,"to":220,"sanitized":50},{"entryPoint":299,"graph":300,"unsanitizedCount":14,"severity":249},"\u003Cinc> (inc.php:0)",{"nodes":301,"edges":311},[302,303,304,305,306,309],{"id":215,"type":216,"label":217,"file":119,"line":268},{"id":220,"type":221,"label":244,"file":119,"line":270,"wp_function":246},{"id":257,"type":216,"label":272,"file":119,"line":273},{"id":259,"type":221,"label":222,"file":119,"line":273,"wp_function":223},{"id":307,"type":216,"label":308,"file":119,"line":285},"n4","$_POST['api_key'] (x2)",{"id":310,"type":221,"label":244,"file":119,"line":285,"wp_function":246},"n5",[312,313,314],{"from":215,"to":220,"sanitized":50},{"from":257,"to":259,"sanitized":278},{"from":307,"to":310,"sanitized":50},{"entryPoint":316,"graph":317,"unsanitizedCount":28,"severity":249},"\u003Cadd_templates> (templates\\add_templates.php:0)",{"nodes":318,"edges":323},[319,322],{"id":215,"type":216,"label":320,"file":132,"line":321},"$_REQUEST['id']",37,{"id":220,"type":221,"label":222,"file":132,"line":321,"wp_function":223},[324],{"from":215,"to":220,"sanitized":278},{"entryPoint":326,"graph":327,"unsanitizedCount":27,"severity":249},"\u003Csettings> (templates\\settings.php:0)",{"nodes":328,"edges":334},[329,331,332,333],{"id":215,"type":216,"label":217,"file":198,"line":330},22,{"id":220,"type":221,"label":244,"file":198,"line":133,"wp_function":246},{"id":257,"type":216,"label":217,"file":198,"line":330},{"id":259,"type":221,"label":222,"file":198,"line":201,"wp_function":223},[335,336],{"from":215,"to":220,"sanitized":50},{"from":257,"to":259,"sanitized":50},{"summary":338,"deductions":339},"The echosign plugin version 1.4.1 presents a moderate security risk due to a combination of static analysis findings and its vulnerability history. While the plugin demonstrates good practices in its SQL query handling, ensuring all queries use prepared statements, a significant concern lies in its attack surface. Three out of four identified entry points, specifically AJAX handlers, lack proper authentication checks. This opens the door for unauthorized actions if these handlers can be triggered by unauthenticated users. Furthermore, the taint analysis reveals a high number of flows with unsanitized paths, indicating potential risks of data manipulation or injection, although no critical or high severity issues were flagged in this analysis.\n\nThe plugin's vulnerability history, with two past medium-severity Cross-Site Scripting (XSS) vulnerabilities, though none are currently unpatched, suggests a recurring pattern of input sanitization weaknesses. The fact that the last vulnerability was in 2016 might imply the codebase hasn't been actively maintained or scrutinized for newer threats. The limited output escaping (63% properly escaped) further exacerbates the risk of XSS, especially when combined with unsanitized input paths. While the absence of dangerous functions and external HTTP requests are positive, the unsecured AJAX endpoints and the history of XSS vulnerabilities are significant weaknesses that require attention for robust security.",[340,343,346,349],{"reason":341,"points":342},"Unprotected AJAX handlers",15,{"reason":344,"points":345},"High number of unsanitized paths in taint flows",8,{"reason":347,"points":348},"Low output escaping percentage",5,{"reason":350,"points":11},"Past medium severity XSS vulnerabilities","2026-03-17T00:42:04.653Z",{"wat":353,"direct":366},{"assetPaths":354,"generatorPatterns":361,"scriptPaths":362,"versionParams":363},[355,356,357,358,359,360],"\u002Fwp-content\u002Fplugins\u002Fechosign\u002Fpublic\u002Fcss\u002Fcss\u002Ffont-awesome.css","\u002Fwp-content\u002Fplugins\u002Fechosign\u002Fpublic\u002Fcss\u002Fechosign-frontend.css","\u002Fwp-content\u002Fplugins\u002Fechosign\u002Fpublic\u002Fcss\u002Fbootstrap.css","\u002Fwp-content\u002Fplugins\u002Fechosign\u002Fpublic\u002Fcss\u002Fechosign-adminend.css","\u002Fwp-content\u002Fplugins\u002Fechosign\u002Fpublic\u002Fjs\u002Fechosign.js","\u002Fwp-content\u002Fplugins\u002Fechosign\u002Fpublic\u002Fjs\u002Fvalidator.js",[],[359,360],[364,365],"echosign\u002Fstyle.css?ver=","echosign\u002Fscript.js?ver=",{"cssClasses":367,"htmlComments":369,"htmlAttributes":370,"restEndpoints":372,"jsGlobals":373,"shortcodeOutput":375},[368],"alert-success",[],[371],"data-adminurl",[],[374],"wp_echosign",[],{"error":278,"url":377,"statusCode":378,"statusMessage":379,"message":379},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fechosign\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":381,"versions":382},6,[383,388,395,402,408,417],{"version":6,"download_url":25,"svn_tag_url":384,"released_at":38,"has_diff":50,"diff_files_changed":385,"diff_lines":38,"trac_diff_url":386,"vulnerabilities":387,"is_current":278},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fechosign\u002Ftags\u002F1.4.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fechosign%2Ftags%2F1.4&new_path=%2Fechosign%2Ftags%2F1.4.1",[],{"version":389,"download_url":390,"svn_tag_url":391,"released_at":38,"has_diff":50,"diff_files_changed":392,"diff_lines":38,"trac_diff_url":393,"vulnerabilities":394,"is_current":50},"1.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fechosign.1.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fechosign\u002Ftags\u002F1.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fechosign%2Ftags%2F1.3&new_path=%2Fechosign%2Ftags%2F1.4",[],{"version":396,"download_url":397,"svn_tag_url":398,"released_at":38,"has_diff":50,"diff_files_changed":399,"diff_lines":38,"trac_diff_url":400,"vulnerabilities":401,"is_current":50},"1.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fechosign.1.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fechosign\u002Ftags\u002F1.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fechosign%2Ftags%2F1.2&new_path=%2Fechosign%2Ftags%2F1.3",[],{"version":40,"download_url":403,"svn_tag_url":404,"released_at":38,"has_diff":50,"diff_files_changed":405,"diff_lines":38,"trac_diff_url":406,"vulnerabilities":407,"is_current":50},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fechosign.1.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fechosign\u002Ftags\u002F1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fechosign%2Ftags%2F1.1&new_path=%2Fechosign%2Ftags%2F1.2",[],{"version":409,"download_url":410,"svn_tag_url":411,"released_at":38,"has_diff":50,"diff_files_changed":412,"diff_lines":38,"trac_diff_url":413,"vulnerabilities":414,"is_current":50},"1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fechosign.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fechosign\u002Ftags\u002F1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fechosign%2Ftags%2F1.0&new_path=%2Fechosign%2Ftags%2F1.1",[415,416],{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"id":52,"url_slug":53,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"version":418,"download_url":419,"svn_tag_url":420,"released_at":38,"has_diff":50,"diff_files_changed":421,"diff_lines":38,"trac_diff_url":38,"vulnerabilities":422,"is_current":50},"1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fechosign.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fechosign\u002Ftags\u002F1.0\u002F",[],[423,424],{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"id":52,"url_slug":53,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40}]