[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fDYIfaaPTSGfHKDy4QHjswnMd6JwlAmu8Wfwq_RrHjkg":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":15,"tags":18,"homepage":22,"download_link":23,"security_score":13,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":33,"analysis":131,"fingerprints":355},"first-contact-form","First Contact Form","1.0.7","capripio","https:\u002F\u002Fprofiles.wordpress.org\u002Fcapripio\u002F","\u003Cp>Create a form without knowing any HTML or PHP!\u003C\u002Fp>\n\u003Cp>Drag and drop form elements.\u003C\u002Fp>\n\u003Cp>Manage multiple forms in a few clicks away, and way more flexible and User Friendly than other form plugins.\u003C\u002Fp>\n\u003Cp>Easy to use user interface.\u003C\u002Fp>\n\u003Cp>Send submitted form data via email.\u003C\u002Fp>\n\u003Cp>Dynamically set form values from the URL.\u003C\u002Fp>\n\u003Cp>Preview while building.\u003C\u002Fp>\n\u003Cp>14 included element types.\u003C\u002Fp>\n\u003Cp>100% spam protected.\u003C\u002Fp>\n\u003Cp>Ajax Powered.\u003C\u002Fp>\n\u003Cp>WYSIWIG Mailing system.\u003C\u002Fp>\n\u003Cp>Shortcode Supported.\u003C\u002Fp>\n\u003Cp>Forms can inherit themes, style without any issue.\u003C\u002Fp>\n\u003Cp>Redirect URL.\u003C\u002Fp>\n\u003Cp>Custom autoreply.\u003C\u002Fp>\n","Manage multiple forms in a few clicks away, and way more flexible and User Friendly than other form plugins.",10,3183,100,3,"","3.9.40","3.0.1",[19,20,21],"contact","contact-form","web-form","http:\u002F\u002Fmasif.me","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffirst-contact-form.zip",0,null,"2026-03-15T10:48:56.248Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":29,"avg_security_score":30,"avg_patch_time_days":29,"trust_score":31,"computed_at":32},30,90,87,"2026-04-04T23:41:11.317Z",[34,59,77,96,114],{"slug":35,"name":36,"version":37,"author":38,"author_profile":39,"description":40,"short_description":41,"active_installs":42,"downloaded":43,"rating":44,"num_ratings":45,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":15,"tags":49,"homepage":53,"download_link":54,"security_score":55,"vuln_count":56,"unpatched_count":24,"last_vuln_date":57,"fetched_at":58},"custom-contact-forms","Custom Contact Forms","7.8.5","Taylor Lovett","https:\u002F\u002Fprofiles.wordpress.org\u002Ftlovett1\u002F","\u003Cp>Custom Contact Forms enables you to build forms and manage submissions the WordPress way. User experience is at the top of the list for this plugin. Build forms in the media manager instead of going to separate areas of your site. Live previews of your forms are generated on the fly making your life much easier. Custom Contact Forms is a legacy name. The plugin is built for much more than just contact forms. Flexibility and extensible functionality allow you and your team to create forms to power subscriptions, payments, events, and more.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Feature List (not exhaustive):\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Create text fields, paragraph fields, first\u002Flast name fields, email fields (with optional confirmation), US address fields, international address fields, date fields (optional international format), time fields, checkbox fields, dropdown (optional multi-select), radio fields, hidden fields, file upload fields, phone fields (optional international number), website fields, and more.\u003C\u002Fli>\n\u003Cli>Add HTML and sections to your forms.\u003C\u002Fli>\n\u003Cli>Conditional fields and form sections\u003C\u002Fli>\n\u003Cli>Add help text, modify labels, mark required, add CSS classes, manage options, etc. for each of your form fields.\u003C\u002Fli>\n\u003Cli>Forms use AJAX so no page reloads are necessary. Stylish error messages are shown without page reload.\u003C\u002Fli>\n\u003Cli>All form submissions shown in an easy to view format within the WordPress admin.\u003C\u002Fli>\n\u003Cli>Export form submissions to CSV.\u003C\u002Fli>\n\u003Cli>Pre-setup for Twitter Bootstrap\u003C\u002Fli>\n\u003Cli>Multiple themes to choose from\u003C\u002Fli>\n\u003Cli>No custom database tables\u003C\u002Fli>\n\u003Cli>Easy form duplication\u003C\u002Fli>\n\u003Cli>Multiple types of CAPTCHAs for spam blocking\u003C\u002Fli>\n\u003Cli>Only show forms to logged in users\u003C\u002Fli>\n\u003Cli>Forms can show customizable completion text or redirect to a URL.\u003C\u002Fli>\n\u003Cli>Temporarily pause forms with a customizable pause message.\u003C\u002Fli>\n\u003Cli>Create and manage multiple notifications for each form. Notifications can send emails to one or more administrators or form submittors. Customize notification email subject, from email address, from email name, and email body. Map form fields to email subject, from name, and from email address. Easily activate and deactivate notifications.\u003C\u002Fli>\n\u003Cli>Create posts or custom post types when forms are submitted. For each form, you can configure the post type and status of the created post. You can also map form fields to post fields (as well as meta and taxonomies).\u003C\u002Fli>\n\u003Cli>View live previews for your forms. Live previews of your forms are shown in the post content. Make edits to forms and form fields without having to refresh the page in the media modal.\u003C\u002Fli>\n\u003Cli>Insert your forms in posts, custom post types, widgets, and themes.\u003C\u002Fli>\n\u003Cli>Customize form titles, submit button text, and form descriptions.\u003C\u002Fli>\n\u003Cli>Optionally only include CCF JavaScript and CSS on URLs that actually include forms improving page load times.\u003C\u002Fli>\n\u003Cli>Extensible code with many hooks and filters to allow for developer modifications.\u003C\u002Fli>\n\u003Cli>Translated in French, Chinese, German, and Danish. More translations on the way.\u003C\u002Fli>\n\u003Cli>Easily prevent spam with honey pots and \u003Ca href=\"https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fintro\u002Findex.html\" rel=\"nofollow ugc\">reCAPTCHA\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Import and export forms and form submissions with ease.\u003C\u002Fli>\n\u003Cli>Performant and scabable plugin built for enterprise.\u003C\u002Fli>\n\u003Cli>More!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For detailed install and usage instructions, please visit \u003Ca href=\"http:\u002F\u002Fgithub.com\u002Ftlovett1\u002Fcustom-contact-forms\" rel=\"nofollow ugc\">Github\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Configuring and Using the Plugin\u003C\u002Fh3>\n\u003Cp>Please refer to \u003Ca href=\"http:\u002F\u002Fgithub.com\u002Ftlovett1\u002Fcustom-contact-forms\" rel=\"nofollow ugc\">Github\u003C\u002Fa> for detailed configuration instructions.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For full documentation, questions, feature requests, and support concerning the Custom Contact Forms plugin, please refer to \u003Ca href=\"http:\u002F\u002Fgithub.com\u002Ftlovett1\u002Fcustom-contact-forms\" rel=\"nofollow ugc\">Github\u003C\u002Fa>.\u003C\u002Fp>\n","Build beautiful custom forms and manage submissions the WordPress way. View live previews of your forms while you build them.",7000,1302039,70,171,"2017-11-28T07:08:00.000Z","4.8.28","3.9",[50,20,51,52,21],"captcha-form","custom-contact-form","custom-forms","http:\u002F\u002Fwww.taylorlovett.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-contact-forms.zip",83,2,"2014-09-17 00:00:00","2026-03-15T15:16:48.613Z",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":11,"downloaded":67,"rating":24,"num_ratings":24,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":15,"tags":71,"homepage":74,"download_link":75,"security_score":76,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":58},"a-lead-capture-contact-form-and-tab-button-by-awebvoicecom","A Capture Contact Form (and tab) by AWebVoice.com","3.0","str8line0","https:\u002F\u002Fprofiles.wordpress.org\u002Fstr8line0\u002F","\u003Cp>A fully customizable contact form on your WordPress blog. And a contact tab to increase customer interaction. Join our fast growing users base who have chosen AWebVoice as their contact form of choice!\u003C\u002Fp>\n\u003Ch4>Get your FREE Contact Form plugin for WordPress\u003C\u002Fh4>\n\u003Cp>Our Contact Form plugin is full of features that no other wordpress contact form can offer. See for yourself, below are a few of the features we offer:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add a customized contact form to your WordPress blog which includes a message, contact’s email, name, phone number and more!\u003C\u002Fli>\n\u003Cli>Create and customize your contact form settings right from within your WordPress Admin Panel\u003C\u002Fli>\n\u003Cli>Include your logo, business contact info,  even social links right on your contact form\u003C\u002Fli>\n\u003Cli>Notifications: Get a contacts message notifications to your inbox!\u003C\u002Fli>\n\u003Cli>Setup multiple autoresponder for your contact form so your visitors get an instant message from you\u003C\u002Fli>\n\u003Cli>Take your autoresponders to the next level, and ask your contact to join your email list.\u003C\u002Fli>\n\u003Cli>Setup a custom success message or URL for your contact form\u003C\u002Fli>\n\u003Cli>Each form has built in ROI tracking\u003C\u002Fli>\n\u003Cli>Increases conversion: Include a custom “Contact” tab to the side of your wordpress blog that pops up your contact form.\u003C\u002Fli>\n\u003Cli>…these features will always be free, but go to the next level and get many more features for your contact form!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>More than a Contact Form\u003C\u002Fh4>\n\u003Cp>Behind the AWebVoice wordpress plugin contact form is a suite of online tools to effectively manage all of your leads, contacts, and marketing ROI needs.  As leads come in from your contact form, those contacts are automatically added to your online contacts database. From there, access information about each contact, send emails to each contact, and fully track, organize, and manage your communications. AWebVoice.com is designed to scale from single person offices to Fortune 500 companies — and it is created on the very largest online database has to offer.\u003C\u002Fp>\n\u003Ch4>And it is easy to get start\u003C\u002Fh4>\n\u003Cp>AWebVoice.com’s contact form is FREE and is the easiest wordpress contact form to use.  We think you will agree, give it a try sign up now:\u003Cbr \u002F>\nwww.awebvoice.com.\u003C\u002Fp>\n","Get a contact form and a contact button. Capture your visitors and turn them into customers!",7500,"2011-07-08T18:13:00.000Z","3.1.4","2.0.2",[50,72,20,73,21],"capture-contact-form","response-forms","http:\u002F\u002Fwww.awebvoice.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fa-lead-capture-contact-form-and-tab-button-by-awebvoicecom.zip",85,{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":11,"downloaded":85,"rating":24,"num_ratings":24,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":89,"tags":90,"homepage":94,"download_link":95,"security_score":76,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":58},"corymbus-forms","Corymbus Forms","1.1.3","corymbus","https:\u002F\u002Fprofiles.wordpress.org\u002Fcorymbus\u002F","\u003Cp>Once you have created a web page\u002Fform within Corymbus, you can embed it in any WordPress content thanks to the \u003Ccode>[corymbus-forms]\u003C\u002Fcode> shortcode. The web form\u002Fpage will be embedded in a HTML \u003Ccode>IFRAME\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Ch4>Syntax\u003C\u002Fh4>\n\u003Cp>The syntax is as follows:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[corymbus-forms page=\"tenant\u002Fslug\" attr1=\"value1\" attr2=\"value2\" ... ]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Where:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>tenant\u003C\u002Fcode> is the encoded identifier of your Corymbus subscription\u003C\u002Fli>\n\u003Cli>\u003Ccode>slug\u003C\u002Fcode> is the slug of your Corymbus web page. The \u003Ccode>tenant\u002Fslug\u003C\u002Fcode> combination is what follows \u003Ccode>pages\u002F\u003C\u002Fcode> in the entire URL\u003C\u002Fli>\n\u003Cli>\u003Ccode>attr1\u003C\u002Fcode>, \u003Ccode>attr2\u003C\u002Fcode> etc. are optional HTML attributes to be given to the IFRAME embedding the web form\u002Fpage. \u003C\u002Fli>\n\u003Cli>\u003Ccode>value1\u003C\u002Fcode>, \u003Ccode>value2\u003C\u002Fcode> etc. are the optional values of each HTML attributes.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Example\u003C\u002Fh4>\n\u003Cp>If the URL of your Corymbus web form is [https:\u002F\u002Fsrv.corymb.us\u002Fpages\u002F2xy54zt6bc\u002Fmy-contact-form], as shown in the Corymbus web page view, then you may embed it in WordPress with the following shortcode:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[corymbus-forms page=\"2xy54zt6bc\u002Fmy-contact-form\" style=\"border: none\" width=\"50%\" height=\"600px\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The additional attributes \u003Ccode>style\u003C\u002Fcode>, \u003Ccode>width\u003C\u002Fcode> and \u003Ccode>height\u003C\u002Fcode> will be applied to the IFRAME tag encapsulating the web form, and will ensure that no border is visible, and that the form is presented with the proper width and height.\u003C\u002Fp>\n","Corymbus Forms provides the [corymbus-forms] shortcode which lets you easily embed in your website a web form\u002Fpage published from the Corymbus CRM.",2971,"2022-10-29T11:29:00.000Z","6.0.11","4.7","7.0",[20,91,92,93],"crm","web-forms","web-pages","https:\u002F\u002Fcorymb.us\u002Fen\u002Fwordpress-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcorymbus-forms.1.1.3.zip",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":11,"downloaded":104,"rating":105,"num_ratings":14,"last_updated":106,"tested_up_to":107,"requires_at_least":17,"requires_php":15,"tags":108,"homepage":112,"download_link":113,"security_score":76,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":58},"rackforms-express","RackForms Express Web Form Builder","1.5","rackforms","https:\u002F\u002Fprofiles.wordpress.org\u002Frackforms\u002F","\u003Cp>At nicSoft we believe “core” form software to send email and save entries to a database shouldn’t cost a dime.\u003C\u002Fp>\n\u003Cp>That’s why we’re proud to offer RackForms Express for WordPress. A totally free and unlimited form plugin that redefines the WordPress form creation landscape!\u003C\u002Fp>\n\u003Cp>Build anything from simple contact forms to multi-page applications that use conditional logic.\u003C\u002Fp>\n\u003Cp>The best part is when we say free, we mean it. This means no advertisements, up sells, or premium versions to buy.\u003C\u002Fp>\n\u003Cp>This is the real deal: Powerful and 100% free web form software!\u003C\u002Fp>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n","RackForms Express For WordPress is a FREE and UNLIMITED web form builder.",2922,46,"2018-12-09T17:08:00.000Z","5.0.25",[20,21,109,110,111],"web-form-creator","webform","webforms","https:\u002F\u002Fwww.rackforms.com\u002Frackforms-express-for-wordpress.php","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frackforms-express.zip",{"slug":115,"name":116,"version":117,"author":38,"author_profile":39,"description":118,"short_description":119,"active_installs":11,"downloaded":120,"rating":24,"num_ratings":24,"last_updated":121,"tested_up_to":122,"requires_at_least":123,"requires_php":15,"tags":124,"homepage":129,"download_link":130,"security_score":76,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":58},"wp-infusionsoft","WP InfusionSoft","1.0.0","\u003Cp>WP Infusionsoft is a plugin for handling web forms created by the popular email marketing site InfusionSoft.\u003C\u002Fp>\n\u003Ch3>Configuring and Using the Plugin\u003C\u002Fh3>\n\u003Col>\n\u003Cli>In the WordPress Admin Panel, under the settings tab click WP Infusionsoft\u003C\u002Fli>\n\u003Cli>Enter your forms information in the Create A New Form section\u003Cbr \u002F>\nForm Name – similar to a post slug, is not visible to users, must be unique – for identification purposes only\u003Cbr \u002F>\nForm Title – Shows up above the form and is visible to site visitors\u003Cbr \u002F>\nSubmit Button Text – The text that shows up on top of the forms submit button\u003Cbr \u002F>\nHidden Code – When you create a web form in Infusionsoft, the code contains three lines of hidden input fields.\u003Cbr \u002F>\nFor example:\u003C\u002Fp>\n\u003Cp>It is important you paste all three lines of hidden input fields in this field or your form will not work.\u003Cbr \u002F>\nAdd Name, Add Phone, Add Address – Choose which input fields you want your form to show.\u003C\u002Fli>\n\u003Cli>Click Create Form\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Showing Your Form in Pages and Posts\u003C\u002Fh3>\n\u003Cp>After creating a form, you form will show up in the Manage Forms area. Copy your forms “Code to Show Form in Blog” (i.e. [infusion form=4] ) and paste that in your post or page to display your infusion soft web form.\u003C\u002Fp>\n\u003Ch3>WP Infusionsoft Sidebar Widget\u003C\u002Fh3>\n\u003Cp>In the widget section under Appearance you can drag the “Infusionsoft Optin” widget in to your sidebar.\u003Cbr \u002F>\nIn the widget options, the title is the same as Form Title in “Creating a Form” as well as the Hidden Code and Submit Button Text. Check Add Name, Add Phone, and Add Address depending on which input fields you want your infusion web form to show.\u003C\u002Fp>\n\u003Ch3>Questions, Troubleshooting, Bug Reports\u003C\u002Fh3>\n\u003Cp>Email me at admin@taylorlovett.com\u003C\u002Fp>\n","WP Infusionsoft is a plugin for handling web forms created by the popular email marketing site InfusionSoft.",3128,"2010-07-23T16:34:00.000Z","3.0.5","2.7.1",[125,126,127,128,92],"contact-forms","infusion-forms","infusionsoft","infusionsoft-web-form","http:\u002F\u002Ftaylorlovett.com\u002Fwordpress-plugins","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-infusionsoft.1.0.0.zip",{"attackSurface":132,"codeSignals":169,"taintFlows":311,"riskAssessment":339,"analyzedAt":354},{"hooks":133,"ajaxHandlers":156,"restRoutes":157,"shortcodes":158,"cronEvents":168,"entryPointCount":14,"unprotectedCount":24},[134,139,142,145,148,151],{"type":135,"name":136,"callback":136,"file":137,"line":138},"action","init","include\\Core.class.php",14,{"type":135,"name":140,"callback":140,"file":137,"line":141},"add_meta_boxes",15,{"type":135,"name":143,"callback":143,"file":137,"line":144},"admin_enqueue_scripts",16,{"type":135,"name":146,"callback":146,"file":137,"line":147},"wp_enqueue_scripts",17,{"type":135,"name":149,"callback":149,"file":137,"line":150},"save_post",18,{"type":152,"name":153,"callback":154,"file":137,"line":155},"filter","wp_mail_content_type","set_html_content_type",206,[],[],[159,163,166],{"tag":160,"callback":161,"file":137,"line":162},"fcf","fcf_generate_form_shortcode_out",22,{"tag":160,"callback":164,"file":137,"line":165},"mail_form_shortcode",48,{"tag":160,"callback":164,"file":137,"line":167},179,[],{"dangerousFunctions":170,"sqlUsage":171,"outputEscaping":173,"fileOperations":309,"externalRequests":24,"nonceChecks":24,"capabilityChecks":24,"bundledLibraries":310},[],{"prepared":24,"raw":24,"locations":172},[],{"escaped":24,"rawEcho":174,"locations":175},86,[176,179,181,184,186,187,189,191,193,195,197,199,200,201,203,205,207,209,211,213,215,216,217,218,220,222,223,224,225,227,229,230,231,233,235,236,237,238,239,240,241,243,245,246,248,250,251,253,254,256,257,259,260,262,263,265,267,268,269,271,272,274,276,277,279,281,282,283,284,285,287,289,290,291,292,293,295,297,298,300,302,303,304,305,306,308],{"file":137,"line":177,"context":178},213,"raw output",{"file":137,"line":180,"context":178},222,{"file":182,"line":183,"context":178},"include\\Helper.class.php",12,{"file":182,"line":185,"context":178},20,{"file":182,"line":165,"context":178},{"file":182,"line":188,"context":178},50,{"file":182,"line":190,"context":178},51,{"file":182,"line":192,"context":178},62,{"file":182,"line":194,"context":178},73,{"file":182,"line":196,"context":178},74,{"file":182,"line":198,"context":178},113,{"file":182,"line":198,"context":178},{"file":182,"line":198,"context":178},{"file":182,"line":202,"context":178},131,{"file":182,"line":204,"context":178},137,{"file":182,"line":206,"context":178},139,{"file":182,"line":208,"context":178},149,{"file":182,"line":210,"context":178},164,{"file":182,"line":212,"context":178},181,{"file":182,"line":214,"context":178},182,{"file":182,"line":214,"context":178},{"file":182,"line":214,"context":178},{"file":182,"line":214,"context":178},{"file":182,"line":219,"context":178},192,{"file":182,"line":221,"context":178},193,{"file":182,"line":221,"context":178},{"file":182,"line":221,"context":178},{"file":182,"line":221,"context":178},{"file":182,"line":226,"context":178},203,{"file":182,"line":228,"context":178},204,{"file":182,"line":228,"context":178},{"file":182,"line":228,"context":178},{"file":182,"line":232,"context":178},215,{"file":182,"line":234,"context":178},216,{"file":182,"line":234,"context":178},{"file":182,"line":234,"context":178},{"file":182,"line":234,"context":178},{"file":182,"line":234,"context":178},{"file":182,"line":234,"context":178},{"file":182,"line":234,"context":178},{"file":182,"line":242,"context":178},225,{"file":182,"line":244,"context":178},226,{"file":182,"line":244,"context":178},{"file":182,"line":247,"context":178},228,{"file":182,"line":249,"context":178},232,{"file":182,"line":249,"context":178},{"file":182,"line":252,"context":178},236,{"file":182,"line":252,"context":178},{"file":182,"line":255,"context":178},240,{"file":182,"line":255,"context":178},{"file":182,"line":258,"context":178},244,{"file":182,"line":258,"context":178},{"file":182,"line":261,"context":178},249,{"file":182,"line":261,"context":178},{"file":182,"line":264,"context":178},263,{"file":182,"line":266,"context":178},265,{"file":182,"line":266,"context":178},{"file":182,"line":266,"context":178},{"file":182,"line":270,"context":178},267,{"file":182,"line":270,"context":178},{"file":182,"line":273,"context":178},280,{"file":182,"line":275,"context":178},281,{"file":182,"line":275,"context":178},{"file":182,"line":278,"context":178},283,{"file":182,"line":280,"context":178},286,{"file":182,"line":280,"context":178},{"file":182,"line":280,"context":178},{"file":182,"line":280,"context":178},{"file":182,"line":280,"context":178},{"file":182,"line":286,"context":178},299,{"file":182,"line":288,"context":178},302,{"file":182,"line":288,"context":178},{"file":182,"line":288,"context":178},{"file":182,"line":288,"context":178},{"file":182,"line":288,"context":178},{"file":182,"line":294,"context":178},315,{"file":182,"line":296,"context":178},316,{"file":182,"line":296,"context":178},{"file":182,"line":299,"context":178},318,{"file":182,"line":301,"context":178},319,{"file":182,"line":301,"context":178},{"file":182,"line":301,"context":178},{"file":182,"line":301,"context":178},{"file":182,"line":301,"context":178},{"file":182,"line":307,"context":178},627,{"file":182,"line":307,"context":178},1,[],[312,330],{"entryPoint":313,"graph":314,"unsanitizedCount":309,"severity":329},"need_message (include\\Core.class.php:218)",{"nodes":315,"edges":326},[316,321],{"id":317,"type":318,"label":319,"file":137,"line":320},"n0","source","$_POST",220,{"id":322,"type":323,"label":324,"file":137,"line":180,"wp_function":325},"n1","sink","echo() [XSS]","echo",[327],{"from":317,"to":322,"sanitized":328},false,"medium",{"entryPoint":331,"graph":332,"unsanitizedCount":309,"severity":338},"\u003CCore.class> (include\\Core.class.php:0)",{"nodes":333,"edges":336},[334,335],{"id":317,"type":318,"label":319,"file":137,"line":320},{"id":322,"type":323,"label":324,"file":137,"line":180,"wp_function":325},[337],{"from":317,"to":322,"sanitized":328},"low",{"summary":340,"deductions":341},"The \"first-contact-form\" plugin v1.0.7 exhibits a mixed security posture.  On the positive side, the plugin has no known CVEs, no dangerous functions, and all SQL queries utilize prepared statements, indicating good practices in these areas.  Furthermore, there are no external HTTP requests or cron events, which can often be sources of vulnerabilities.\n\nHowever, significant concerns arise from the static code analysis. A notable issue is that 0% of the 86 output escapings are properly escaped, presenting a high risk of Cross-Site Scripting (XSS) vulnerabilities. The taint analysis reveals two flows with unsanitized paths, although these are not classified as critical or high severity.  The absence of nonce checks and capability checks on any entry points (AJAX handlers, REST API routes, shortcodes) is a serious oversight, leaving the plugin vulnerable to unauthorized actions and CSRF attacks.  The presence of file operations without clear security context also warrants further investigation.\n\nWhile the plugin's vulnerability history is clean, this can be misleading if the code has not been thoroughly audited or if the lack of detected issues is due to the absence of specific vulnerability patterns. The current analysis points to substantial weaknesses in output sanitization and authorization for its entry points, which must be addressed to improve its security.",[342,344,346,348,351],{"reason":343,"points":185},"No proper output escaping",{"reason":345,"points":11},"Missing nonce checks on entry points",{"reason":347,"points":11},"Missing capability checks on entry points",{"reason":349,"points":350},"Taint flows with unsanitized paths (2 flows)",6,{"reason":352,"points":353},"File operations without clear context",5,"2026-03-16T23:24:32.049Z",{"wat":356,"direct":370},{"assetPaths":357,"generatorPatterns":367,"scriptPaths":368,"versionParams":369},[358,359,360,361,362,363,364,365,366],"\u002Fwp-content\u002Fplugins\u002Ffirst-contact-form\u002Fresources\u002Fjquery.form.min.js","\u002Fwp-content\u002Fplugins\u002Ffirst-contact-form\u002Fresources\u002Fmodernizr.js","\u002Fwp-content\u002Fplugins\u002Ffirst-contact-form\u002Fresources\u002Fjs-webshim\u002Fpolyfiller.js","\u002Fwp-content\u002Fplugins\u002Ffirst-contact-form\u002Fresources\u002Ffunctions.js","\u002Fwp-content\u002Fplugins\u002Ffirst-contact-form\u002Fresources\u002Fformbuilder.css","\u002Fwp-content\u002Fplugins\u002Ffirst-contact-form\u002Fresources\u002Fcss\u002Fvendor.css","\u002Fwp-content\u002Fplugins\u002Ffirst-contact-form\u002Fresources\u002Fjs\u002Fvendor.js","\u002Fwp-content\u002Fplugins\u002Ffirst-contact-form\u002Fresources\u002Fformbuilder-min.js","\u002Fwp-content\u002Fplugins\u002Ffirst-contact-form\u002Fresources\u002Fadmin-functions.js",[],[358,359,360,361,364,365,366],[],{"cssClasses":371,"htmlComments":373,"htmlAttributes":374,"restEndpoints":384,"jsGlobals":385,"shortcodeOutput":387},[372],"fcf-submit-button",[],[375,376,377,378,379,380,381,382,383],"name=\"form_code\"","name=\"user_email\"","name=\"mail_content\"","name=\"submit_txt\"","name=\"redirect_url\"","name=\"status_auto_res\"","name=\"auto_responder_subject\"","name=\"auto_responder_message\"","name=\"responder_attachment\"",[],[386],"FCF_Helper",[388],"[fcf]"]