[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f3haq_mygl5eM9QU_R089uV0WmqTlX04iRu_jufDTyfo":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":73,"crawl_stats":38,"alternatives":82,"analysis":190,"fingerprints":408},"email-subscription-with-secure-captcha","Easy Email Subscription","1.3.1","Yudiz Solutions Ltd.","https:\u002F\u002Fprofiles.wordpress.org\u002Fyudiz\u002F","\u003Cp>This Plugin allows widget drag n drop form with captcha to display in sidebars.You can also use shortcode to display form anywhere in the template or pages or post.\u003C\u002Fp>\n","Easy Email Subscription form with secured captcha.",30,5198,60,2,"2025-11-03T04:21:00.000Z","6.8.5","3.6.1","5.6",[20,21,22,23,24],"captcha","email-subscribers","email-subscription","email-subscription-with-captcha","simple-email-subscription","https:\u002F\u002Fwww.yudiz.com\u002Fwordpress-plugin-support\u002F?plugin=Easy%20Email%20Subscription","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femail-subscription-with-secure-captcha.1.3.1.zip",95,3,0,"2025-11-11 21:45:38","2026-03-15T15:16:48.613Z",[33,48,61],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2025-11994","easy-email-subscription-unauthenticated-stored-cross-site-scripting","Easy Email Subscription \u003C= 1.3 - Unauthenticated Stored Cross-Site Scripting","The Easy Email Subscription plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.3","high",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-11-12 11:05:39",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb5bb14c1-8713-4aa1-b50a-53bed07a5f80?source=api-prod",1,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":53,"cvss_score":54,"cvss_vector":55,"vuln_type":56,"published_date":57,"updated_date":58,"references":59,"days_to_patch":47},"CVE-2025-10691","easy-email-subscription-cross-site-request-forgery-to-arbitrary-subscriber-deletion","Easy Email Subscription \u003C= 1.3 - Cross-Site Request Forgery to Arbitrary Subscriber Deletion","The Easy Email Subscription plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the show_editsub_page() function. This makes it possible for unauthenticated attackers to delete arbitrary subscribers via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-11-05 15:20:07","2025-11-06 03:27:02",[60],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F53234e29-5213-4acd-abfe-5c4ea5dbf829?source=api-prod",{"id":62,"url_slug":63,"title":64,"description":65,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":53,"cvss_score":66,"cvss_vector":67,"vuln_type":68,"published_date":69,"updated_date":70,"references":71,"days_to_patch":47},"CVE-2025-10683","easy-email-subscription-authenticated-admin-sql-injection-via-uid","Easy Email Subscription \u003C= 1.3 - Authenticated (Admin+) SQL Injection via uid","The Easy Email Subscription plugin for WordPress is vulnerable to SQL Injection via the 'uid' parameter in all versions up to, and including, 1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",4.9,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2025-11-05 14:24:51","2025-11-06 02:31:05",[72],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc2353d9d-d5ae-4470-9c0f-119acecd6686?source=api-prod",{"slug":74,"display_name":75,"profile_url":8,"plugin_count":76,"total_installs":77,"avg_security_score":78,"avg_patch_time_days":79,"trust_score":80,"computed_at":81},"yudiz","Yudiz Solutions Pvt. Ltd.",14,6360,96,59,85,"2026-04-04T02:44:46.891Z",[83,103,127,148,167],{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":91,"downloaded":92,"rating":29,"num_ratings":29,"last_updated":93,"tested_up_to":94,"requires_at_least":95,"requires_php":96,"tags":97,"homepage":101,"download_link":102,"security_score":80,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"moptin-email-subscription-optin-form","Moptin – Email Subscription Optin form","2016.11.13.1","My Coding Tricks","https:\u002F\u002Fprofiles.wordpress.org\u002Fmycodingtricks\u002F","\u003Cp>Moptin is an Email Subscription Optin Form WordPress Plugin.\u003C\u002Fp>\n\u003Cp>This plugin will boost your email subscribers list.\u003C\u002Fp>\n\u003Cp>It’s one in all WordPress Optin Plugin.\u003C\u002Fp>\n\u003Ch3>2016.7.14\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Fixed Exit-Intent Page Takeover\u003C\u002Fli>\n\u003Cli>Converted to jQuery Plugin\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>2016.7.5\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Fixed Page Takeover\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>2016.7.4\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Added some more options in Admin Panel.\u003C\u002Fli>\n\u003Cli>Cleaned some code.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>2016.11.13\u003C\u002Fh3>\n\u003Cp>1.Fixed Scroll Bug\u003C\u002Fp>\n","Moptin is an Email Subscription Optin Form WordPress Plugin.",10,1767,"2016-11-15T12:09:00.000Z","4.6.30","3.1","",[21,22,98,99,100],"opt-in-form","optin","optin-form","http:\u002F\u002Fmycodingtricks.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmoptin-email-subscription-optin-form.2016.11.13.1.zip",{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":111,"downloaded":112,"rating":113,"num_ratings":114,"last_updated":115,"tested_up_to":116,"requires_at_least":117,"requires_php":96,"tags":118,"homepage":123,"download_link":124,"security_score":125,"vuln_count":14,"unpatched_count":47,"last_vuln_date":126,"fetched_at":31},"siteguard","SiteGuard WP Plugin","1.7.9","jp-secure","https:\u002F\u002Fprofiles.wordpress.org\u002Fjp-secure\u002F","\u003Cp>You can find docs, FAQ and more detailed information on \u003Ca href=\"https:\u002F\u002Fwww.jp-secure.com\u002Fsiteguard_wp_plugin_en\u002F\" rel=\"nofollow ugc\">English Page\u003C\u002Fa> \u003Ca href=\"https:\u002F\u002Fwww.jp-secure.com\u002Fsiteguard_wp_plugin\u002F\" rel=\"nofollow ugc\">Japanese Page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Simply install the SiteGuard WP Plugin, WordPress security is improved.\u003Cbr \u002F>\nThis plugin is a security plugin that specializes in the login attack of brute force, such as protection and management capabilities.\u003C\u002Fp>\n\u003Cp>Notes\u003C\u002Fp>\n\u003Cul>\n\u003Cli>It does not support the multisite function of WordPress.\u003C\u002Fli>\n\u003Cli>It only supports Apache 1.3, 2.x for Web servers.\u003C\u002Fli>\n\u003Cli>To use the CAPTCHA function, the expansion library “mbstring” and “gd” should be installed on php.\u003C\u002Fli>\n\u003Cli>To use the management page filter function and login page change function, “mod_rewrite” should be loaded on Apache.\u003C\u002Fli>\n\u003Cli>To use the WAF Tuning Support, WAF ( SiteGuard Server Edition ) should be installed on Apache.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>There are the following functions.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Admin Page IP Filter\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function for the protection against the attack to the management page (under wp-admin.)\u003Cbr \u002F>\nTo the access from the connection source IP address which does not login to the management page, 404 (Not Found) is returned.\u003Cbr \u002F>\nAt the login, the connection source IP address is recorded and the access to that page is allowed.\u003Cbr \u002F>\nThe connection source IP address which does not login for more than 24 hours is sequentially deleted.\u003Cbr \u002F>\nThe URL (under wp-admin) where this function is excluded can be specified.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Rename Login\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to decrease the vulnerability against an illegal login attempt attack such as a brute force attack or a password list attack.\u003Cbr \u002F>\nThe login page name (wp-login.php) is changed. The initial value is “login_\u003C5 random digits>” but it can be changed to a favorite name.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>CAPTCHA\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to decrease the vulnerability against an illegal login attempt attack such as a brute force attack or a password list attack,\u003Cbr \u002F>\nor to receive less comment spam. For the character of CAPTCHA, hiragana and alphanumeric characters can be selected.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Login Lock\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to decrease the vulnerability against an illegal login attempt attack such as a brute force attack or a password list attack.\u003Cbr \u002F>\nEspecially, it is the function to prevent an automated attack. The connection source IP address the number of login failure of which reaches\u003Cbr \u002F>\nthe specified number within the specified period is blocked for the specified time.\u003Cbr \u002F>\nEach user account is not locked.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Login Alert\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to make it easier to notice unauthorized login. E-mail will be sent to a login user when logged in.\u003Cbr \u002F>\nIf you receive an e-mail to there is no logged-in idea, please suspect unauthorized login.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Fail Once\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to decrease the vulnerability against a password list attack. Even is the login input is correct, the first login must fail.\u003Cbr \u002F>\nAfter 5 seconds and later within 60 seconds, another correct login input make login succeed. At the first login failure, the following error message is displayed.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable Pingback\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The pingback function is disabled and its abuse is prevented.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Block Author Query\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Prevents leakage of user names due to “\u002F?author=” access.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Updates Notify\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Basic of security is that always you use the latest version. If WordPress core, plugins, and themes updates are needed , sends email to notify administrators.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WAF Tuning Support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to create the rule to avoid the false detection in WordPress (including 403 error occurrence with normal access,)\u003Cbr \u002F>\nif WAF ( SiteGuard Server Edition ) by EG Secure Solutions is installed on a Web server. WAF prevents the attack from the outside against the Web server,\u003Cbr \u002F>\nbut for some WordPress or plugin functions, WAF may detect the attack which is actually not attack and block the function.\u003Cbr \u002F>\nBy creating the WAF exclude rule, the WAF protection function can be activated while the false detection for the specified function is prevented.\u003C\u002Fp>\n\u003Ch4>Translate\u003C\u002Fh4>\n\u003Cp>If you have created your own language pack, or have an update of an existing one, you can send \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FTranslating_WordPress\" rel=\"nofollow ugc\">gettext PO and MO files\u003C\u002Fa> to sgdev@jp-secure.com so that We can bundle it into SiteGuard WP Plugin. You can download the latest \u003Ca href=\"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsiteguard\u002Ftrunk\u002Flanguages\u002Fsiteguard.pot\" rel=\"nofollow ugc\">POT file\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsiteguard\u002Fbranches\u002Flanguages\u002F\" rel=\"nofollow ugc\">PO files in each language\u003C\u002Fa>.\u003C\u002Fp>\n","SiteGurad WP Plugin is the plugin specialized for the protection against the attack to the management page and login.",600000,5177761,86,15,"2025-12-04T04:47:00.000Z","6.9.4","3.9",[20,119,120,121,122],"login-alert","login-lock","pingback","security","http:\u002F\u002Fwww.jp-secure.com\u002Fcont\u002Fproducts\u002Fsiteguard_wp_plugin\u002Findex_en.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsiteguard.1.7.9.zip",76,"2026-02-23 00:00:00",{"slug":128,"name":129,"version":130,"author":131,"author_profile":132,"description":133,"short_description":134,"active_installs":135,"downloaded":136,"rating":125,"num_ratings":137,"last_updated":138,"tested_up_to":116,"requires_at_least":139,"requires_php":18,"tags":140,"homepage":145,"download_link":146,"security_score":147,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"contact-form-7-honeypot","CF7 Apps – Honeypot, Database, Redirection, Webhook, and Addons for Contact Form 7","3.4.0","Saad Iqbal","https:\u002F\u002Fprofiles.wordpress.org\u002Fsaadiqbal\u002F","\u003Cp>\u003Cstrong>Add extra Spam Protection functionalities to your Contact Form 7 forms with CF7 Apps.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Contact Form 7 is one of the most popular form plugins for WordPress, but \u003Cstrong>it lacks many advanced features\u003C\u002Fstrong> that modern websites need. CF7 Apps adds extra Spam Protection functionalities to your Contact Form 7 forms, introducing honeypot and hCaptcha options.\u003C\u002Fp>\n\u003Cp>👉 Get Support: \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fcontact-form-7-honeypot\u002F\" rel=\"ugc\">Click Here\u003C\u002Fa>\u003Cbr \u002F>\n👉 Check out the \u003Ca href=\"https:\u002F\u002Fcf7apps.com\u002Fdocs\u002F?utm_source=wp_org&utm_medium=readme&utm_campaign=documentation\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>What CF7 Apps Can Do for You ?\u003C\u002Fh3>\n\u003Cp>Right out of the box, CF7 Apps includes:\u003C\u002Fp>\n\u003Cp>✅ \u003Cstrong>Honeypot App\u003C\u002Fstrong>\u003Cbr \u002F>\n✅ \u003Cstrong>hCaptcha App\u003C\u002Fstrong>\u003Cbr \u002F>\n✅ \u003Cstrong>Database Entries App\u003C\u002Fstrong>\u003Cbr \u002F>\n✅ \u003Cstrong>Redirection App\u003C\u002Fstrong>\u003Cbr \u002F>\n✅ \u003Cstrong>Webhook App\u003C\u002Fstrong>\u003Cbr \u002F>\n✅ \u003Cstrong>ACF Integeration\u003C\u002Fstrong>\u003Cbr \u002F>\n💡 \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fcf7apps.com\u002Fsubmit-idea\u002F?utm_source=wp_org&utm_medium=readme&utm_campaign=suggest_a_feature\" rel=\"nofollow ugc\">Suggest a Feature\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>And that’s just the beginning.\u003C\u002Fp>\n\u003Cp>🌟 \u003Cstrong>Save and Manage CF7 Form Submissions\u003C\u002Fstrong>\u003Cbr \u002F>\nThe Entries Database App stores all Contact Form 7 submissions directly to your WordPress database. Easily filter entries by form or date, view individual CF7 submissions, and export or delete them when needed. This ensures you never lose important leads or messages, even if emails fail to deliver.\u003C\u002Fp>\n\u003Cp>🌟 \u003Cstrong>Add a Honeypot Field to Prevent Spam\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Our \u003Cstrong>Honeypot Contact Form 7 extension\u003C\u002Fstrong> creates a hidden field inside your Contact Form 7 forms. Real users never see it, but bots do—and that’s how the bots fall for the trap. It blocks automated spam before it even hits your inbox.\u003C\u002Fp>\n\u003Cp>🌟 \u003Cstrong>Add hCaptcha to Contact Form 7\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Protect your forms from spam bots using \u003Cstrong>hCaptcha,\u003C\u002Fstrong> a privacy-friendly alternative to Google reCAPTCHA. This extension integrates directly with CF7 and works instantly after setup. No coding is required, and no extra plugins are needed. Just set up your site keys and you’re done.\u003C\u002Fp>\n\u003Cp>🌟 \u003Cstrong>Manage & View Contact Form 7 Entries\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Store, view, and manage all your Contact Form 7 submissions directly inside your WordPress dashboard. This extension logs every form entry automatically, giving you an organized record of user submissions. No coding or third-party tools required just activate and start tracking instantly.\u003C\u002Fp>\n\u003Cp>🌟 \u003Cstrong>Redirect Users After Form Submission\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Easily redirect users to any internal or external page after submitting a form. This extension lets you control the post-submission experience with custom URLs, thank-you pages, or marketing funnels. No coding needed configure your redirect URL and it works immediately.\u003C\u002Fp>\n\u003Cp>🌟 \u003Cstrong>Send Form Data via Webhooks\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Automatically forward your Contact Form 7 submission data to any external service using \u003Cstrong>webhooks.\u003C\u002Fstrong>This extension enables seamless API integrations, automation workflows, and third-party connections. No additional plugins or coding required just add your webhook URL and you’re ready to go.\u003C\u002Fp>\n\u003Cp>🌟 \u003Cstrong>Integrate ACF Fields into Your Forms\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Easily pull Advanced Custom Fields (ACF) data into your Contact Form 7 forms using the built-in ACF field tags. This integration lets you map and display your custom ACF fields directly inside CF7 without any extra plugins or coding. Just enable the feature, select your ACF fields, and your form is ready to use.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>NOTE:\u003C\u002Fstrong>\u003Cbr \u002F>\nThe best thing is that both features work independently. You can run them alone or together based on your site’s needs.\u003C\u002Fp>\n\u003Ch3>Real Use Cases for CF7 Apps\u003C\u002Fh3>\n\u003Cp>With the CF7 Apps, you can do the following:\u003Cbr \u002F>\n  ✔️ Trap bots using a honeypot field without affecting users\u003Cbr \u002F>\n  ✔️ Add hCaptcha to Contact Form 7 for privacy-first anti-spam\u003Cbr \u002F>\n  ✔️ Store and manage Contact Form 7 entries directly in WordPress\u003Cbr \u002F>\n  ✔️ Redirect your Contact Form 7 submissions to any internal or external page.\u003Cbr \u002F>\n  ✔️ Send your form data to any third-party service or custom endpoint through our Webhook.\u003Cbr \u002F>\n  ✔️ Display dynamic ACF field values inside your Contact Form 7 forms for personalized entries.\u003C\u002Fp>\n\u003Ch3>Why Should You Install CF7 Apps?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Works exclusively with Contact Form 7\u003C\u002Fli>\n\u003Cli>Modular design — activate only the features you need\u003C\u002Fli>\n\u003Cli>Lightweight — no unnecessary code or bloat\u003C\u002Fli>\n\u003Cli>Built for form security, user control, and advanced customization\u003C\u002Fli>\n\u003Cli>Continuously updated with new apps and requested features\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>We built CF7 Apps for users who want more power without abandoning the simplicity of Contact Form 7.\u003C\u002Fp>\n\u003Ch3>Try Our Other Awesome WordPress Plugins\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpost-smtp\u002F\" rel=\"ugc\">Post SMTP:\u003C\u002Fa>\u003C\u002Fstrong> Reliable WordPress email delivery plugin with detailed email logs and multiple SMTP integrations.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgutena-forms\u002F\" rel=\"ugc\">Gutena Forms:\u003C\u002Fa>\u003C\u002Fstrong> Create modern, responsive contact forms directly in the Gutenberg block editor. Includes advanced fields, spam protection (reCAPTCHA & Cloudflare Turnstile), and entry management.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-easy-pay\u002F\" rel=\"ugc\">WP EasyPay:\u003C\u002Fa>\u003C\u002Fstrong> Accept Square payments and donations easily on your WordPress site.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpassword-protected\u002F\" rel=\"ugc\">Password Protected:\u003C\u002Fa>\u003C\u002Fstrong> Secure your WordPress site, posts, pages, and categories with simple password protection.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffile-manager-advanced\u002F\" rel=\"ugc\">Advanced File Manager:\u003C\u002Fa>\u003C\u002Fstrong> Manage and organize WordPress files effortlessly from your dashboard.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwc-shop-sync\u002F\" rel=\"ugc\">WC Shop Sync:\u003C\u002Fa>\u003C\u002Fstrong> Add Square payments and sync WooCommerce products, customers, and orders with Square POS.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmycred\u002F\" rel=\"ugc\">myCred:\u003C\u002Fa>\u003C\u002Fstrong> Add gamification, rewards, ranks, and a points management system to your WordPress website.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbookify\u002F\" rel=\"ugc\">Bookify:\u003C\u002Fa>\u003C\u002Fstrong> Your complete online bookings and appointment scheduling solution for WordPress.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Faio-login\u002F\" rel=\"ugc\">All In One Login:\u003C\u002Fa>\u003C\u002Fstrong> Secure your WordPress login page, change wp-login.php URL, and add social logins including Google, Facebook, Microsoft, and LINE.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnew-user-approve\u002F\" rel=\"ugc\">New User Approve:\u003C\u002Fa>\u003C\u002Fstrong> Control new user registrations by approving or denying signups.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwpexperts.io\u002F\" rel=\"nofollow ugc\">WP Experts WooCommerce Store:\u003C\u002Fa>\u003C\u002Fstrong> Explore premium WooCommerce plugins and solutions by WPExperts.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contribute or Report Issues\u003C\u002Fh3>\n\u003Cp>Do you have a feature request or bug to report? Contact us via the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fcontact-form-7-honeypot\" rel=\"ugc\">official Support Channel.\u003C\u002Fa>\u003C\u002Fp>\n","Addons for Contact Form 7 — Honeypot, Database Entries, Redirection, Spam Protection, Webhooks, ACF integration for Contact Form 7, and more.",300000,5576961,131,"2026-01-30T04:54:00.000Z","4.8",[141,20,142,143,144],"anti-spam","cf7-database","honeypot","spam-protection","https:\u002F\u002Fcf7apps.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcontact-form-7-honeypot.3.4.0.zip",100,{"slug":149,"name":150,"version":151,"author":152,"author_profile":153,"description":154,"short_description":155,"active_installs":135,"downloaded":156,"rating":157,"num_ratings":158,"last_updated":159,"tested_up_to":160,"requires_at_least":161,"requires_php":162,"tags":163,"homepage":164,"download_link":165,"security_score":166,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"really-simple-captcha","Really Simple CAPTCHA","2.4","Rock Lobster Inc.","https:\u002F\u002Fprofiles.wordpress.org\u002Frocklobsterinc\u002F","\u003Cp>Really Simple CAPTCHA does not work alone and is intended to work with other plugins. It is originally created for \u003Ca href=\"https:\u002F\u002Fcontactform7.com\u002F\" rel=\"nofollow ugc\">Contact Form 7\u003C\u002Fa>, however, you can use it with your own plugin.\u003C\u002Fp>\n\u003Cp>Note: This product is “really simple” as its name suggests, i.e., it is not strongly secure. If you need perfect security, you should try other solutions.\u003C\u002Fp>\n\u003Ch4>How does it work?\u003C\u002Fh4>\n\u003Cp>Really Simple CAPTCHA does not use PHP “Sessions” for storing states, unlike many other PHP CAPTCHA solutions, but stores them as temporary files. This allows you to embed it into WordPress without worrying about conflicts.\u003C\u002Fp>\n\u003Cp>When you generate a CAPTCHA, Really Simple CAPTCHA creates two files for it; one is an image file of CAPTCHA, and the other is a text file which stores the correct answer to the CAPTCHA.\u003C\u002Fp>\n\u003Cp>The two files have the same (random) prefix in their file names, for example, “a7hk3ux8p.png” and “a7hk3ux8p.txt.” In this case, for example, when the respondent answers “K5GF” as an answer to the “a7hk3ux8p.png” image, then Really Simple CAPTCHA calculates hash of “K5GF” and tests it against the hash stored in the “a7hk3ux8p.txt” file. If the two match, the answer is confirmed as correct.\u003C\u002Fp>\n\u003Ch4>How to use with your plugin\u003C\u002Fh4>\n\u003Cp>Note: Below are instructions for plugin developers.\u003C\u002Fp>\n\u003Cp>First, create an instance of ReallySimpleCaptcha class:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$captcha_instance = new ReallySimpleCaptcha();\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>You can change the instance variables as you wish.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002F\u002F Change the background color of CAPTCHA image to black\n$captcha_instance->bg = array( 0, 0, 0 );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>See really-simple-captcha.php if you are interested in other variables.\u003C\u002Fp>\n\u003Cp>Generate a random word for CAPTCHA.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$word = $captcha_instance->generate_random_word();\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Generate an image file and a corresponding text file in the temporary directory.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$prefix = wp_rand();\n$captcha_instance->generate_image( $prefix, $word );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Then, show the image and get an answer from respondent.\u003C\u002Fp>\n\u003Cp>Check the correctness of the answer.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$correct = $captcha_instance->check( $prefix, $the_answer_from_respondent );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>If the $correct is true, go ahead. Otherwise, block the respondent — as it would appear not to be human.\u003C\u002Fp>\n\u003Cp>And last, remove the temporary image and text files, as they are no longer in use.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$captcha_instance->remove( $prefix );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>That’s all.\u003C\u002Fp>\n\u003Cp>If you wish to see a live sample of this, you can try \u003Ca href=\"https:\u002F\u002Fcontactform7.com\u002Fcaptcha\u002F\" rel=\"nofollow ugc\">Contact Form 7\u003C\u002Fa>.\u003C\u002Fp>\n","Really Simple CAPTCHA is a CAPTCHA module intended to be called from other plugins. It is originally created for my Contact Form 7 plugin.",9328025,84,129,"2025-02-01T08:43:00.000Z","6.7.5","6.6","7.4",[20],"https:\u002F\u002Fcontactform7.com\u002Fcaptcha\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freally-simple-captcha.2.4.zip",92,{"slug":168,"name":169,"version":170,"author":171,"author_profile":172,"description":173,"short_description":174,"active_installs":175,"downloaded":176,"rating":78,"num_ratings":177,"last_updated":178,"tested_up_to":116,"requires_at_least":179,"requires_php":180,"tags":181,"homepage":186,"download_link":187,"security_score":188,"vuln_count":28,"unpatched_count":29,"last_vuln_date":189,"fetched_at":31},"advanced-google-recaptcha","Advanced Google reCAPTCHA","1.31","WebFactory","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebfactory\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fgetwpcaptcha.com\u002F\" rel=\"nofollow ugc\">Advanced Google reCAPTCHA\u003C\u002Fa> protects your WordPress site from spam comments & brute force login attacks using captcha. This captcha plugin, quickly adds Google reCAPTCHA and other captcha tests to WordPress comment form, login form, and other forms.\u003C\u002Fp>\n\u003Cp>Using Advanced Google reCAPTCHA (most popular captcha on the market), you’ll be safe from spam comments and protect user accounts, WooCommerce, Easy Digital Downloads, BuddyPress and other forms from brute-force login attacks.\u003C\u002Fp>\n\u003Cp>reCaptcha works for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Login Form\u003C\u002Fli>\n\u003Cli>Registration Form\u003C\u002Fli>\n\u003Cli>Reset Password Form\u003C\u002Fli>\n\u003Cli>Comment Form\u003C\u002Fli>\n\u003Cli>BuddyPress Form\u003C\u002Fli>\n\u003Cli>WooCommerce Form\u003C\u002Fli>\n\u003Cli>Easy Digital Downloads (EDD) Login Form\u003C\u002Fli>\n\u003Cli>Easy Digital Downloads (EDD) Registration Form\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Captcha uses these 3rd party libs:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Chart.js, 2017 Nick Downie, MIT\u003C\u002Fli>\n\u003Cli>DataTables, 2008-2017 SpryMedia Ltd, MIT\u003C\u002Fli>\n\u003Cli>moment.js, Tim Wood, Iskren Chernev, MIT\u003C\u002Fli>\n\u003Cli>SweetAlert 2, github.com\u002FSweetalert2\u002FSweetalert2, MIT\u003C\u002Fli>\n\u003Cli>tooltipster, www.heteroclito.fr\u002Fmodules\u002Ftooltipster\u002F, MIT\u003C\u002Fli>\n\u003C\u002Ful>\n","Captcha protection against spam comments & brute force login attacks using Google reCAPTCHA.",200000,2435450,428,"2025-12-02T20:29:00.000Z","4.9","5.2",[20,182,183,184,185],"comment-recaptcha","google-recaptcha","login-recaptcha","recaptcha","https:\u002F\u002Fgetwpcaptcha.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-google-recaptcha.1.31.zip",98,"2025-03-27 19:32:14",{"attackSurface":191,"codeSignals":248,"taintFlows":290,"riskAssessment":396,"analyzedAt":407},{"hooks":192,"ajaxHandlers":232,"restRoutes":240,"shortcodes":241,"cronEvents":247,"entryPointCount":28,"unprotectedCount":14},[193,199,202,205,208,212,217,220,224,228],{"type":194,"name":195,"callback":196,"file":197,"line":198},"filter","transient_pcc_scan_results","sies_adjust_pcc_results","simple-email-subscription.php",71,{"type":194,"name":200,"callback":196,"file":197,"line":201},"pre_set_transient_pcc_scan_results",72,{"type":194,"name":203,"callback":196,"file":197,"line":204},"site_transient_pcc_scan_results",73,{"type":194,"name":206,"callback":196,"file":197,"line":207},"pre_set_site_transient_pcc_scan_results",74,{"type":194,"name":209,"callback":210,"file":197,"line":211},"widget_text","do_shortcode",150,{"type":213,"name":214,"callback":215,"file":197,"line":216},"action","admin_menu","register_sies_mainpage",176,{"type":213,"name":214,"callback":218,"file":197,"line":219},"register_sies_subpage",392,{"type":213,"name":221,"callback":222,"priority":47,"file":197,"line":223},"init","custom_init_session",549,{"type":213,"name":225,"callback":226,"file":197,"line":227},"widgets_init","register_sies_widget",641,{"type":213,"name":229,"callback":230,"file":197,"line":231},"admin_enqueue_scripts","enqueue_admin_js_css",728,[233,237],{"action":234,"nopriv":235,"callback":234,"hasNonce":235,"hasCapCheck":235,"file":197,"line":236},"sies_export_xls",false,672,{"action":238,"nopriv":235,"callback":238,"hasNonce":235,"hasCapCheck":235,"file":197,"line":239},"sies_export_csv",699,[],[242],{"tag":243,"callback":244,"file":245,"line":246},"sies_subc_form","sies_subc_form_display","subscriber-form.php",118,[],{"dangerousFunctions":249,"sqlUsage":250,"outputEscaping":264,"fileOperations":29,"externalRequests":29,"nonceChecks":288,"capabilityChecks":47,"bundledLibraries":289},[],{"prepared":91,"raw":251,"locations":252},4,[253,256,259,262],{"file":197,"line":254,"context":255},190,"$wpdb->query() with variable interpolation",{"file":197,"line":257,"context":258},208,"$wpdb->get_row() with variable interpolation",{"file":197,"line":260,"context":261},659,"$wpdb->get_results() with variable interpolation",{"file":197,"line":263,"context":261},686,{"escaped":265,"rawEcho":91,"locations":266},97,[267,270,272,274,276,278,280,282,284,286],{"file":197,"line":268,"context":269},212,"raw output",{"file":197,"line":271,"context":269},224,{"file":197,"line":273,"context":269},265,{"file":197,"line":275,"context":269},359,{"file":197,"line":277,"context":269},360,{"file":197,"line":279,"context":269},376,{"file":197,"line":281,"context":269},377,{"file":197,"line":283,"context":269},596,{"file":197,"line":285,"context":269},667,{"file":197,"line":287,"context":269},694,5,[],[291,310,349,378,388],{"entryPoint":292,"graph":293,"unsanitizedCount":29,"severity":309},"sies_mainpage_show (simple-email-subscription.php:182)",{"nodes":294,"edges":306},[295,300],{"id":296,"type":297,"label":298,"file":197,"line":299},"n0","source","$_POST",196,{"id":301,"type":302,"label":303,"file":197,"line":304,"wp_function":305},"n1","sink","update_option() [Settings Manipulation]",198,"update_option",[307],{"from":296,"to":301,"sanitized":308},true,"low",{"entryPoint":311,"graph":312,"unsanitizedCount":29,"severity":309},"show_editsub_page (simple-email-subscription.php:398)",{"nodes":313,"edges":344},[314,317,321,324,329,331,336,339],{"id":296,"type":297,"label":315,"file":197,"line":316},"$_GET",405,{"id":301,"type":302,"label":318,"file":197,"line":319,"wp_function":320},"query() [SQLi]",416,"query",{"id":322,"type":297,"label":298,"file":197,"line":323},"n2",447,{"id":325,"type":302,"label":326,"file":197,"line":327,"wp_function":328},"n3","get_var() [SQLi]",456,"get_var",{"id":330,"type":297,"label":315,"file":197,"line":316},"n4",{"id":332,"type":302,"label":333,"file":197,"line":334,"wp_function":335},"n5","get_row() [SQLi]",494,"get_row",{"id":337,"type":297,"label":338,"file":197,"line":316},"n6","$_GET (x4)",{"id":340,"type":302,"label":341,"file":197,"line":342,"wp_function":343},"n7","echo() [XSS]",518,"echo",[345,346,347,348],{"from":296,"to":301,"sanitized":308},{"from":322,"to":325,"sanitized":308},{"from":330,"to":332,"sanitized":308},{"from":337,"to":340,"sanitized":308},{"entryPoint":350,"graph":351,"unsanitizedCount":29,"severity":309},"\u003Csimple-email-subscription> (simple-email-subscription.php:0)",{"nodes":352,"edges":371},[353,354,355,356,357,358,359,360,361,363,365,369],{"id":296,"type":297,"label":298,"file":197,"line":299},{"id":301,"type":302,"label":303,"file":197,"line":304,"wp_function":305},{"id":322,"type":297,"label":315,"file":197,"line":316},{"id":325,"type":302,"label":318,"file":197,"line":319,"wp_function":320},{"id":330,"type":297,"label":298,"file":197,"line":323},{"id":332,"type":302,"label":326,"file":197,"line":327,"wp_function":328},{"id":337,"type":297,"label":315,"file":197,"line":316},{"id":340,"type":302,"label":333,"file":197,"line":334,"wp_function":335},{"id":362,"type":297,"label":338,"file":197,"line":316},"n8",{"id":364,"type":302,"label":341,"file":197,"line":342,"wp_function":343},"n9",{"id":366,"type":297,"label":367,"file":197,"line":368},"n10","$_POST (x2)",446,{"id":370,"type":302,"label":341,"file":197,"line":285,"wp_function":343},"n11",[372,373,374,375,376,377],{"from":296,"to":301,"sanitized":308},{"from":322,"to":325,"sanitized":308},{"from":330,"to":332,"sanitized":308},{"from":337,"to":340,"sanitized":308},{"from":362,"to":364,"sanitized":308},{"from":366,"to":370,"sanitized":308},{"entryPoint":379,"graph":380,"unsanitizedCount":29,"severity":309},"sies_subc_form_display (subscriber-form.php:2)",{"nodes":381,"edges":386},[382,384],{"id":296,"type":297,"label":298,"file":245,"line":383},18,{"id":301,"type":302,"label":326,"file":245,"line":385,"wp_function":328},37,[387],{"from":296,"to":301,"sanitized":308},{"entryPoint":389,"graph":390,"unsanitizedCount":29,"severity":309},"\u003Csubscriber-form> (subscriber-form.php:0)",{"nodes":391,"edges":394},[392,393],{"id":296,"type":297,"label":298,"file":245,"line":383},{"id":301,"type":302,"label":326,"file":245,"line":385,"wp_function":328},[395],{"from":296,"to":301,"sanitized":308},{"summary":397,"deductions":398},"The email-subscription-with-secure-captcha plugin exhibits a mixed security posture.  While it demonstrates good practices in its use of prepared statements for SQL queries (71%) and proper output escaping (91%), significant concerns arise from its attack surface. Two AJAX handlers are exposed without authentication checks, representing a direct vulnerability to unauthorized actions.  The absence of critical or high severity taint flows is positive, suggesting that known pathways for immediate exploitation within the current version are limited.\n\nHowever, the plugin's vulnerability history is a major red flag.  With a total of 3 known CVEs, including one high severity and two medium severity vulnerabilities, it indicates a pattern of past security weaknesses. The common vulnerability types (XSS, CSRF, SQL Injection) suggest that the plugin has historically struggled with input validation and authorization.  The fact that there are currently no unpatched vulnerabilities is a positive sign, but the historical data strongly suggests a need for vigilance and prompt updates.\n\nIn conclusion, while the current static analysis reveals fewer immediate critical flaws compared to some plugins, the exposed AJAX endpoints and the plugin's historical vulnerability record present notable risks. The presence of unprotected entry points coupled with a history of XSS, CSRF, and SQL Injection vulnerabilities means that users should remain cautious and ensure the plugin is always updated to the latest version.",[399,401,403,405],{"reason":400,"points":91},"Unprotected AJAX handlers",{"reason":402,"points":114},"Past high severity vulnerability",{"reason":404,"points":91},"Past medium severity vulnerabilities",{"reason":406,"points":288},"Total known CVEs","2026-03-16T22:36:58.359Z",{"wat":409,"direct":418},{"assetPaths":410,"generatorPatterns":413,"scriptPaths":414,"versionParams":415},[411,412],"\u002Fwp-content\u002Fplugins\u002Femail-subscription-with-secure-captcha\u002Fassets\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Femail-subscription-with-secure-captcha\u002Fassets\u002Fjs\u002Fscripts.js",[],[412],[416,417],"email-subscription-with-secure-captcha\u002Fassets\u002Fcss\u002Fstyle.css?ver=","email-subscription-with-secure-captcha\u002Fassets\u002Fjs\u002Fscripts.js?ver=",{"cssClasses":419,"htmlComments":425,"htmlAttributes":426,"restEndpoints":428,"jsGlobals":429,"shortcodeOutput":431},[420,421,422,423,424],"sies-form-wrap","sies-form-email","sies-form-fullname","sies-form-submit","sies-admin-page",[],[427],"data-plugin-name=\"Easy Email Subscription\"",[],[430],"window.sies_ajax_object",[432],"[easy_email_subscription]"]