[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f-uFTnSt-CQvTT7rBr4lGMfXG0wMJp8Hl3b1u4gTtWK0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":20,"download_link":21,"security_score":22,"vuln_count":23,"unpatched_count":23,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":34,"analysis":35,"fingerprints":125},"formspammertrap-for-contact-form-7","FormSpammerTrap for Contact Form 7","1.02","Rick Hellewell","https:\u002F\u002Fprofiles.wordpress.org\u002Frhellewellgmailcom\u002F","\u003Cp>Add one simple shortcode added to your Contact Form 7 form to effectively block form spam bots from spamming your Contact Form 7 forms. It does this with effective techniques, not things that don’t work – like hidden fields, silly questions, irritating Captchas, or more. If an automated bot tries to spam your form, they will get blocked.\u003C\u002Fp>\n\u003Cp>It is based on our very successful FormSpammerTrap for Comments plugin, which uses the same techniques to effectively block Contact Form Spammers.\u003C\u002Fp>\n\u003Cp>More details about how it all works – and a Contact form that uses the same effective spambot-blocking technique – is on our \u003Ca href=\"http:\u002F\u002Fwww.FormSpammerTrap.com\" rel=\"nofollow ugc\">FormSpammerTrap.com Site\u003C\u002Fa>. There’s a Contact form there that has never been successfully ‘spam-botted’ (defined as submitting many comments within a very short period of time).\u003C\u002Fp>\n","Adds effective form spam bot blocking to Contact Form 7 forms.",30,1675,20,1,"2021-07-24T17:01:00.000Z","5.8.13","4.6","",[4],"http:\u002F\u002Fcellarweb.com\u002Fwordpress-plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fformspammertrap-for-contact-form-7.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":11,"trust_score":32,"computed_at":33},"rhellewellgmailcom",16,1040,91,88,"2026-04-04T14:48:15.571Z",[],{"attackSurface":36,"codeSignals":77,"taintFlows":114,"riskAssessment":115,"analyzedAt":124},{"hooks":37,"ajaxHandlers":67,"restRoutes":68,"shortcodes":69,"cronEvents":75,"entryPointCount":76,"unprotectedCount":23},[38,44,48,52,58,61,63,65],{"type":39,"name":40,"callback":41,"file":42,"line":43},"action","admin_menu","fst4cf7_add_plugin_page","backups\\formspammertrap-for-contact-form-7.php",55,{"type":39,"name":45,"callback":46,"file":42,"line":47},"admin_notices","fst4cf7_show_admin_notice",191,{"type":39,"name":49,"callback":50,"file":42,"line":51},"init","fst4cf7_shortcodes_init",219,{"type":53,"name":54,"callback":55,"priority":56,"file":42,"line":57},"filter","wpcf7_form_id_attr","fst4cf7_form_id",10,221,{"type":39,"name":40,"callback":41,"file":59,"line":60},"formspammertrap-for-contact-form-7.php",54,{"type":39,"name":45,"callback":46,"file":59,"line":62},189,{"type":39,"name":49,"callback":50,"file":59,"line":64},214,{"type":53,"name":54,"callback":55,"priority":56,"file":59,"line":66},216,[],[],[70,73],{"tag":71,"callback":72,"file":42,"line":64},"formspammertrap","fst4cf7_process_shortcode",{"tag":71,"callback":72,"file":59,"line":74},210,[],2,{"dangerousFunctions":78,"sqlUsage":79,"outputEscaping":81,"fileOperations":23,"externalRequests":23,"nonceChecks":23,"capabilityChecks":23,"bundledLibraries":113},[],{"prepared":23,"raw":23,"locations":80},[],{"escaped":23,"rawEcho":82,"locations":83},14,[84,87,89,91,93,95,97,99,101,103,105,107,109,111],{"file":42,"line":85,"context":86},98,"raw output",{"file":42,"line":88,"context":86},150,{"file":42,"line":90,"context":86},281,{"file":42,"line":92,"context":86},285,{"file":42,"line":94,"context":86},286,{"file":42,"line":96,"context":86},287,{"file":42,"line":98,"context":86},305,{"file":42,"line":100,"context":86},306,{"file":59,"line":102,"context":86},97,{"file":59,"line":104,"context":86},149,{"file":59,"line":106,"context":86},255,{"file":59,"line":108,"context":86},256,{"file":59,"line":110,"context":86},257,{"file":59,"line":112,"context":86},271,[],[],{"summary":116,"deductions":117},"The \"formspammertrap-for-contact-form-7\" plugin, in version 1.02, exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by utilizing prepared statements for all SQL queries and has no recorded vulnerability history, suggesting a history of secure development or diligent patching by users.  There are also no external HTTP requests or file operations, which minimizes certain attack vectors.\n\nHowever, significant concerns arise from the static analysis. The plugin fails to implement any output escaping, meaning that user-supplied data displayed on the frontend or backend could be vulnerable to Cross-Site Scripting (XSS) attacks. Furthermore, the absence of nonce checks and capability checks on its entry points (shortcodes) means that an attacker could potentially trigger actions or manipulate plugin behavior without proper authorization, especially if the shortcodes are used in contexts where user input can influence their execution. The lack of taint analysis results also makes it difficult to assess potential vulnerabilities related to data flow within the plugin.\n\nIn conclusion, while the plugin benefits from a clean vulnerability history and secure database interactions, the lack of output escaping and authorization checks on its shortcodes present critical security weaknesses. The absence of taint analysis further obscures potential risks. Users should be aware of the XSS and potential authorization bypass vulnerabilities and consider mitigating these risks.",[118,120,122],{"reason":119,"points":13},"Output escaping is not implemented",{"reason":121,"points":56},"No nonce checks on entry points",{"reason":123,"points":56},"No capability checks on entry points","2026-03-16T22:36:50.315Z",{"wat":126,"direct":131},{"assetPaths":127,"generatorPatterns":128,"scriptPaths":129,"versionParams":130},[],[],[],[],{"cssClasses":132,"htmlComments":133,"htmlAttributes":134,"restEndpoints":135,"jsGlobals":136,"shortcodeOutput":137},[],[],[],[],[],[138],"[formspammertrap]"]