[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fUWaqe3Fr-5oMy-ICp3ZSzFP73Tph1S5xJEaSGwkXadU":3,"$fi_t6Dm9RW8POA7BI11CQGQawD34a_uxJyB8RMbS9ZWg":217,"$fmqJ27XNRFUV4BO7aNnoUNC-bpfREisHr6LtLGKsWa0Y":222},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":22,"download_link":23,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26,"discovery_status":27,"vulnerabilities":28,"developer":29,"crawl_stats":25,"alternatives":35,"analysis":137,"fingerprints":200},"f13-recaptcha","F13 reCaptcha","1.0.0","f13dev","https:\u002F\u002Fprofiles.wordpress.org\u002Ff13dev\u002F","\u003Cp>Add Google reCaptcha to the comments section on blog posts. Requires Google reCaptcha v2 Checkbox API key.\u003C\u002Fp>\n\u003Cp>Simple configuration via the admin settings page:\u003Cbr \u002F>\n* reCaptcha public key\u003Cbr \u002F>\n* reCaptcha private key\u003Cbr \u002F>\n* enable reCaptcha for (Everyone | Visitors | Nobody [disabled])\u003C\u002Fp>\n\u003Cp>Additional hooks for programmers:\u003Cbr \u002F>\n$v = apply_filters(‘f13_recaptcha_add’);\u003Cbr \u002F>\nWill place a reCaptcha checkbox in the desired place.\u003C\u002Fp>\n\u003Cp>$validate = apply_filters(‘f13_recaptcha_validate’);\u003Cbr \u002F>\nif (!empty($validate)) {\u003Cbr \u002F>\n    $v = $validate\u003Cbr \u002F>\n    \u002F\u002F reCaptcha failed\u003Cbr \u002F>\n} else {\u003Cbr \u002F>\n    \u002F\u002F reCaptcah passed\u003Cbr \u002F>\n}\u003C\u002Fp>\n","Add Google reCaptcha to the comments section on blog posts. Additional hooks for adding reCaptcha to custom forms.",0,862,"2021-10-30T05:15:00.000Z","5.8.13","5.0","",[18,19,20,21],"captcha","comments","recaptcha","spam","https:\u002F\u002Ff13.dev\u002Fwordpress-plugins\u002Fwordpress-plugin-recaptcha\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ff13-recaptcha.1.0.0.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":24,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},11,80,30,84,"2026-05-20T00:34:16.256Z",[36,60,82,102,120],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":16,"download_link":56,"security_score":57,"vuln_count":58,"unpatched_count":11,"last_vuln_date":59,"fetched_at":26},"captcha-code-authentication","Captcha Code","3.31","WebFactory","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebfactory\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fgetwpcaptcha.com\u002F\" rel=\"nofollow ugc\">Captcha\u003C\u002Fa> adds GDPR compatible captcha code anti-spam protection (like Google ReCaptcha) to WordPress forms – comments form, registration form, lost password form, and login form. In order to post comments or register, users have to type in the code shown on the image. This prevents spam from automated bots & adds security. No external services (like Google ReCaptcha) are used. No API keys are needed, and no user-identifiable data is used so it’s GDPR compatible.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Captcha position – comments form, login form, registration form, or lost password form.\u003C\u002Fli>\n\u003Cli>Letters type – capital letters, small letters, or captial & small letters.\u003C\u002Fli>\n\u003Cli>Captcha type – alphanumeric, alphabets or numbers.\u003C\u002Fli>\n\u003Cli>Translation enabled.\u003C\u002Fli>\n\u003C\u002Fol>\n","GDPR compatible captcha anti-spam protection for login form, comments form, registration form & lost password form. Eliminate spam with captcha.",100000,708754,76,34,"2026-04-14T19:46:00.000Z","7.0","3.0","5.2",[18,53,54,55,20],"comments-spam","form-captcha","login-captcha","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcaptcha-code-authentication.3.31.zip",99,2,"2023-11-24 00:00:00",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":70,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":16,"tags":75,"homepage":80,"download_link":81,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"recaptcha-in-wp-comments-form","reCAPTCHA in WP comments form","9.1.2","jmviade","https:\u002F\u002Fprofiles.wordpress.org\u002Fjmviade\u002F","\u003Cp>reCAPTCHA in WP comments form plugin is an \u003Cstrong>ANTISPAM tool\u003C\u002Fstrong> that adds the visible Google \u003Cstrong>reCAPTCHA field\u003C\u002Fstrong> inside the comments form of your WP theme when the user is not logged in preventing fraudulent or deceptive comments.\u003C\u002Fp>\n\u003Cp>The plugin also \u003Cstrong>introduces a second verification process\u003C\u002Fstrong> that detects the unauthorized direct accesses by spam robots to the WP comments system and allows you to decide what do you want to do with those comments.\u003C\u002Fp>\n\u003Cp>Finally, the plugin has got an optional \u003Cstrong>forced javascript output mode\u003C\u002Fstrong> that lets you to add a reCAPTCHA field \u003Cstrong>also in old WP themes\u003C\u002Fstrong> that didn’t use the new WP form comments functions but they make a direct output of its own comments form.\u003C\u002Fp>\n\u003Ch4>FEATURES LIST\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Basic Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>All variants\u003C\u002Fstrong> of Google reCAPTCHA field are available\u003C\u002Fli>\n\u003Cli>Two simple steps \u003Cstrong>Installation Wizard\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Automatic \u003Cstrong>default configuration settings\u003C\u002Fstrong> for all plugin components\u003C\u002Fli>\n\u003Cli>Automatic default configuration for reCAPTCHA field\u003C\u002Fli>\n\u003Cli>Configuration settings for Plugin \u003C\u002Fli>\n\u003Cli>Configuration settings for \u003Cstrong>ANTISPAM operation\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Four modes of operation in case of spam robots threats (SPAM, TRASH, DELETE or DIE)\u003C\u002Fli>\n\u003Cli>Visual configuration settings for Google reCAPTCHA: theme, size, type, align, language\u003C\u002Fli>\n\u003Cli>Dynamic comments form sample for viewing configuration settings changes\u003C\u002Fli>\n\u003Cli>Visual Help\u003C\u002Fli>\n\u003Cli>RTL Language support\u003C\u002Fli>\n\u003Cli>Admin Color scheme adapted\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Middle features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Forced language option for reCAPTCHA field\u003C\u002Fli>\n\u003Cli>Plugin \u003Cstrong>blocks the submit button\u003C\u002Fstrong> while reCAPTCHA field is not verified\u003C\u002Fli>\n\u003Cli>Plugin \u003Cstrong>changes HTML structure of the comments form\u003C\u002Fstrong> to prevent malicious automatic sendings while reCAPTCHA field is not verified\u003C\u002Fli>\n\u003Cli>Plugin also blocks \u003Cstrong>other elements with \u003Ccode>[type=submit]\u003C\u002Fcode> inside form\u003C\u002Fstrong> in case of a theme customized comments form\u003C\u002Fli>\n\u003Cli>Plugin lets you to write your own \u003Cstrong>additional CSS for the reCAPTCHA field\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>New \u003Cstrong>restore default value buttons\u003C\u002Fstrong> in plugin configuration section for helping you in case of changing WP theme, accidental errors, test environtments, etc.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Advanced features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>reCAPTCHA \u003Cstrong>verification process via AJAX before submitting the form\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Second security checking process\u003C\u002Fstrong> for preventing any security breach \u003Cstrong>before saving the comment\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Supporting \u003Cstrong>four different WP comments form HTML structure types\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Advanced plugin options \u003Cstrong>based on HTML queries\u003C\u002Fstrong> for inserting the reCAPTCHA plugin in all kinds of WP themes\u003C\u002Fli>\n\u003Cli>Optional \u003Cstrong>Forced javascript output\u003C\u002Fstrong> that allows you to use the plugin with old WP themes that didn’t use function \u003Ccode>comment_form()\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Advanced ID’s tags settings for using this plugin with WP Themes that creates its own comments form HTML struct\u003C\u002Fli>\n\u003Cli>reCAPTCHA javascript initialization that prevents reCAPTCHA conflicts in case of that other plugins use reCAPTCHA.\u003C\u002Fli>\n\u003Cli>New mínimum CSS styles for recaptcha alignment\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>PLUGIN PAGE\u003C\u002Fh4>\n\u003Cp>To learn more about the plugin, visit the \u003Ca href=\"http:\u002F\u002Fwww.joanmiquelviade.com\u002Fplugin\u002Fgoogle-recaptcha-in-wp-comments-form\u002F\" title=\"Author's plugin page\" rel=\"nofollow ugc\">Plugin page\u003C\u002Fa>.\u003C\u002Fp>\n","reCAPTCHA in WP comments form is an ANTISPAM tool that adds a Google reCAPTCHA to the comments form and protects your site from the spam robots threat &hellip;",8000,72956,82,20,"2019-04-22T12:10:00.000Z","5.1.22","4.0.0",[76,77,78,79,20],"antispam","antispam-protection","comments-antispam","comments-recaptcha","http:\u002F\u002Fwww.joanmiquelviade.com\u002Fplugin\u002Fgoogle-recaptcha-in-wp-comments-form\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frecaptcha-in-wp-comments-form.9.1.2.zip",{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":90,"downloaded":91,"rating":92,"num_ratings":93,"last_updated":94,"tested_up_to":95,"requires_at_least":96,"requires_php":49,"tags":97,"homepage":100,"download_link":101,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"toms-recaptcha","TomS reCAPTCHA","1.2.0","TomS Caprice","https:\u002F\u002Fprofiles.wordpress.org\u002Ftomsneddon\u002F","\u003Cp>Integrated Google ReCaptcha for WordPress. Protect the login, register, lostpassword and comment forms. Support Woocommerce, Ultimate Member and more popular forms.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Frecaptcha\" rel=\"nofollow ugc\">\u003Cstrong>Google reCAPTCHA\u003C\u002Fstrong>\u003C\u002Fa> is a free service that protects your site from spam and abuse. It uses advanced risk analysis techniques to tell humans and bots apart.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>Go to \u003Ca href=\"https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fadmin\u002Fcreate\" rel=\"nofollow ugc\">Google reCAPTCHA\u003C\u002Fa> to get the \u003Cstrong>Site key\u003C\u002Fstrong> and \u003Cstrong>Secret key\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4>reCAPTCHA Type:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>reCAPTCHA \u003Cstrong>v3\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>reCAPTCHA \u003Cstrong>v2 Checkbox\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>reCAPTCHA \u003Cstrong>v2 Invisible\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Supported Form List\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress default login form\u003C\u002Fli>\n\u003Cli>WordPress default register form\u003C\u002Fli>\n\u003Cli>WordPress default lostpassword form\u003C\u002Fli>\n\u003Cli>\n\u003Cp>WordPress default comment form\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">\u003Cstrong>Woocommerce\u003C\u002Fstrong>\u003C\u002Fa> login form\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">\u003Cstrong>Woocommerce\u003C\u002Fstrong>\u003C\u002Fa> register form\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">\u003Cstrong>Woocommerce\u003C\u002Fstrong>\u003C\u002Fa> lostpassword form\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">\u003Cstrong>Woocommerce\u003C\u002Fstrong>\u003C\u002Fa> checkout Billing form\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Add a shortcode \u003Cstrong>[toms_woo_register_form]\u003C\u002Fstrong> for \u003Cstrong>woocommerce register form\u003C\u002Fstrong> on any page you want.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fultimate-member\u002F\" rel=\"ugc\">\u003Cstrong>Ultimate Member\u003C\u002Fstrong>\u003C\u002Fa> login form\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fultimate-member\u002F\" rel=\"ugc\">\u003Cstrong>Ultimate Member\u003C\u002Fstrong>\u003C\u002Fa> register form\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fultimate-member\u002F\" rel=\"ugc\">\u003Cstrong>Ultimate Member\u003C\u002Fstrong>\u003C\u002Fa> lostpassword form\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcontact-form-block\u002F\" rel=\"ugc\">\u003Cstrong>Contact Form Block\u003C\u002Fstrong>\u003C\u002Fa> Contact Form Block\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>more support forms comming soon…\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Option settings\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Verify API : \u003Cstrong>Google.com\u003C\u002Fstrong>\u002F\u003Cstrong>Recaptcha.net\u003C\u002Fstrong> \u003Cstrong>—Notice:—\u003C\u002Fstrong> Some country can not use Google verify API, that means Google verify API will not work, even using vpn. If google.com not work try use Recaptcha.net\u003C\u002Fli>\n\u003Cli>reCAPTCHA v2 (Checkbox)  Theme: \u003Cstrong>Light\u003C\u002Fstrong>\u002F\u003Cstrong>Dark\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>reCAPTCHA v2 (Invisible) Badge: \u003Cstrong>Bottom Right\u003C\u002Fstrong>\u002F\u003Cstrong>Bottom Left\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Custom reCAPTCHA Language\u003C\u002Fh4>\n\u003Ch4>Translation ready\u003C\u002Fh4>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cp>Reliance upon any non-English translation is at your own risk; TomS reCAPTCHA can give no guarantees that translations from the original English are accurate.\u003C\u002Fp>\n\u003Cp>We recognise and thank those mentioned at https:\u002F\u002Ftoms-caprice.org\u002Ftranslations for code and\u002For libraries used and\u002For modified under the terms of their open source licences.\u003C\u002Fp>\n","Integrated Google ReCaptcha for WordPress.Protect the login, register, lostpassword and comment forms. Support Woocommerce, Ultimate Member and more p &hellip;",600,16788,100,1,"2023-03-29T08:59:00.000Z","6.2.9","5.8",[98,18,99,20,83],"block-spam-comments","nocaptcha","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftoms-recaptcha","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftoms-recaptcha.1.2.0.zip",{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":110,"downloaded":111,"rating":92,"num_ratings":93,"last_updated":112,"tested_up_to":113,"requires_at_least":114,"requires_php":16,"tags":115,"homepage":116,"download_link":117,"security_score":118,"vuln_count":93,"unpatched_count":93,"last_vuln_date":119,"fetched_at":26},"recaptcha-wp","Recaptcha – wp","0.2.6","rozx","https:\u002F\u002Fprofiles.wordpress.org\u002Frozx\u002F","\u003Cp>Protect your WordPress site from spam machines by enable google recaptcha.\u003C\u002Fp>\n\u003Cp>Simple and lightweight to install.\u003C\u002Fp>\n\u003Cp>Free and fast.\u003C\u002Fp>\n","Protect your WordPress site from spam machines by using google recaptcha. Note the setting is under Settings -> Discussion menu.",40,3910,"2016-09-12T15:13:00.000Z","4.6.30","3.0.1",[19,20,21],"http:\u002F\u002Fwww.heavyskymobile.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frecaptcha-wp.zip",63,"2025-09-26 00:00:00",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":128,"downloaded":129,"rating":92,"num_ratings":130,"last_updated":131,"tested_up_to":132,"requires_at_least":114,"requires_php":16,"tags":133,"homepage":16,"download_link":135,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":136},"hercules-recaptcha","Hercules Recaptcha","1.1","Todd Nestor","https:\u002F\u002Fprofiles.wordpress.org\u002Ftoddnestor\u002F","\u003Cp>Hercules Recaptcha uses the latest Google Recaptcha API to more accurately determine if users are bots or not.\u003Cbr \u002F>\nIf the user is not logged in it will display a Recaptcha for the user to fill out in the comment form.  If the user\u003Cbr \u002F>\ndisables javascript and is not logged in then comments will fail to submit.\u003C\u002Fp>\n\u003Cp>The Recaptcha is also added to the registration page for both multisite setups and single blogs.  There are options for\u003Cbr \u002F>\nhaving it show up on comments and\u002For the registration page, as well as options for its position on the comment form, and\u003Cbr \u002F>\nwhich style (Google gives only two options, dark or light).\u003C\u002Fp>\n","Hercules Recaptcha adds a Recaptcha to the comment form for non-logged in users.  It uses the latest Recaptcha API.",10,1771,5,"2015-01-19T02:03:00.000Z","4.0.38",[18,19,134,20,21],"hercules","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhercules-recaptcha.1.1.zip","2026-04-06T09:54:40.288Z",{"attackSurface":138,"codeSignals":175,"taintFlows":187,"riskAssessment":188,"analyzedAt":199},{"hooks":139,"ajaxHandlers":171,"restRoutes":172,"shortcodes":173,"cronEvents":174,"entryPointCount":11,"unprotectedCount":11},[140,145,149,154,159,163,167],{"type":141,"name":142,"callback":142,"file":143,"line":144},"action","admin_menu","controllers\u002Fadmin.php",7,{"type":141,"name":146,"callback":147,"file":143,"line":148},"admin_init","register_settings",8,{"type":141,"name":150,"callback":151,"file":152,"line":153},"comment_form_defaults","fields","controllers\u002Fcontrol.php",28,{"type":155,"name":156,"callback":157,"file":152,"line":158},"filter","preprocess_comment","validate",29,{"type":155,"name":160,"callback":161,"priority":128,"file":152,"line":162},"f13_recaptcha_add","recaptcha_add",31,{"type":155,"name":164,"callback":165,"priority":128,"file":152,"line":166},"f13_recaptcha_validate","recaptcha_validate",32,{"type":141,"name":168,"callback":169,"file":170,"line":153},"wp_enqueue_scripts","style_and_scripts","f13-recaptcha.php",[],[],[],[],{"dangerousFunctions":176,"sqlUsage":177,"outputEscaping":179,"fileOperations":11,"externalRequests":58,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":186},[],{"prepared":11,"raw":11,"locations":178},[],{"escaped":144,"rawEcho":58,"locations":180},[181,184],{"file":143,"line":182,"context":183},33,"raw output",{"file":143,"line":185,"context":183},45,[],[],{"summary":189,"deductions":190},"The f13-recaptcha v1.0.0 plugin exhibits a generally good security posture based on the provided static analysis. The complete absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the plugin's attack surface. Furthermore, the code demonstrates sound practices by utilizing prepared statements for all SQL queries, which is a critical defense against SQL injection vulnerabilities. The presence of external HTTP requests (2) and a notable percentage of properly escaped output (78%) are positive indicators. However, the lack of nonce checks and capability checks, coupled with a 0% taint analysis coverage, presents potential blind spots. The absence of any historical vulnerabilities is a strong positive, suggesting the developers may have a history of producing secure code or that the plugin has not yet been subjected to extensive security scrutiny.\n\nDespite the strong foundation of secure coding practices observed, the lack of nonce and capability checks is a significant concern, especially as the plugin makes external HTTP requests. While the current analysis doesn't show direct evidence of exploitable paths, these missing checks could open the door to various attacks if the plugin's functionality were to be expanded or if external data were to be more deeply integrated without proper validation. The 0% taint analysis coverage means that potentially harmful data flows might have been missed. The plugin's current minimal attack surface is its greatest asset; however, any future expansion should be approached with extreme caution and rigorous security reviews, particularly concerning input validation and access control.",[191,193,195,197],{"reason":192,"points":128},"No nonce checks present",{"reason":194,"points":128},"No capability checks present",{"reason":196,"points":148},"Taint analysis coverage is 0%",{"reason":198,"points":130},"Output escaping not fully implemented (78%)","2026-04-16T13:53:02.879Z",{"wat":201,"direct":210},{"assetPaths":202,"generatorPatterns":205,"scriptPaths":206,"versionParams":207},[203,204],"\u002Fwp-content\u002Fplugins\u002Ff13-recaptcha\u002Fcss\u002Ff13-recaptcha.css","\u002Fwp-content\u002Fplugins\u002Ff13-recaptcha\u002Fjs\u002Ff13-recaptcha.js",[],[],[208,209],"f13-recaptcha\u002Fcss\u002Ff13-recaptcha.css?ver=","f13-recaptcha\u002Fjs\u002Ff13-recaptcha.js?ver=",{"cssClasses":211,"htmlComments":212,"htmlAttributes":213,"restEndpoints":214,"jsGlobals":215,"shortcodeOutput":216},[],[],[],[],[],[],{"error":218,"url":219,"statusCode":220,"statusMessage":221,"message":221},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Ff13-recaptcha\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":93,"versions":223},[224],{"version":6,"download_url":23,"svn_tag_url":225,"released_at":25,"has_diff":226,"diff_files_changed":227,"diff_lines":25,"trac_diff_url":25,"vulnerabilities":228,"is_current":218},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Ff13-recaptcha\u002Ftags\u002F1.0.0\u002F",false,[],[]]