[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fQC2U6Cn6yoNA4DhXK87ZJXMEtvbbFpO6o2Toe0bYm4Y":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":49,"crawl_stats":38,"alternatives":57,"analysis":157,"fingerprints":211},"gf-google-address-autocomplete","Address Autocomplete via Google for Gravity Forms","1.3.6","PluginsCafe","https:\u002F\u002Fprofiles.wordpress.org\u002Fpluginscafe\u002F","\u003Cp>A simple and nice plugin to get auto suggestion from google place api in gravity form address field. If the installation is okay, go to gravity form menu called ‘Autocomplete API settings’. Input your google map api key and save it. Now create or edit a form, add or edit address field.\u003C\u002Fp>\n\u003Cp>You can see ‘Enable Autocomplete with Google Places API’, Just click on enable and save form. You’re done!\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>PHP 5.6 or higher\u003C\u002Fli>\n\u003Cli>Gravity Forms 2.8.0 or higher\u003C\u002Fli>\n\u003C\u002Ful>\n","A simple and nice plugin to get auto suggestion from google place api in gravity form address field.",2000,26970,94,7,"2025-08-25T10:24:00.000Z","6.8.5","5.0","5.6",[20,21,22,23,24],"address","autocomplete","geolocation","google-place-api","gravityforms","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgf-google-address-autocomplete.1.3.6.zip",99,1,0,"2025-06-27 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2025-53263","address-autocomplete-via-google-for-gravity-forms-cross-site-request-forgery","Address Autocomplete via Google for Gravity Forms \u003C= 1.3.4 - Cross-Site Request Forgery","The Address Autocomplete via Google for Gravity Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.3.4","1.3.5","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-07-18 14:14:04",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F629893b3-b5a9-44a1-89f0-a6ed35259b81?source=api-prod",22,{"slug":50,"display_name":7,"profile_url":8,"plugin_count":51,"total_installs":52,"avg_security_score":53,"avg_patch_time_days":54,"trust_score":55,"computed_at":56},"pluginscafe",16,11250,97,24,92,"2026-04-04T18:14:54.625Z",[58,78,100,116,137],{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":68,"num_ratings":69,"last_updated":70,"tested_up_to":71,"requires_at_least":17,"requires_php":72,"tags":73,"homepage":76,"download_link":77,"security_score":68,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"address-autocomplete-anything","Address Autocomplete Anything","1.2.6","WP Sunshine","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpsunshine\u002F","\u003Cp>This plugin is unique in that it allows you to add a Google Address Autocomplete to \u003Cem>anything\u003C\u002Fem> on your WordPress website. It is not made to be specific for any one e-commerce, form, LMS, or other WordPress plugin… is compatible with them all!\u003C\u002Fp>\n\u003Cp>Address Autocomplete is my favorite feature on any e-commerce site or any time I need to fill out a form on a website. Originally built for our other plugin, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsunshine-photo-cart\u002F\" rel=\"ugc\">Sunshine Photo Cart\u003C\u002Fa>, I realized I could make this available to work for \u003Cem>anything\u003C\u002Fem>.\u003C\u002Fp>\n\u003Ch3>How it works\u003C\u002Fh3>\n\u003Cp>By using CSS selectors (don’t worry non-tech person, it is easier than you think and a \u003Ca href=\"https:\u002F\u002Fwpsunshine.com\u002Fdocumentation\u002Ffinding-your-css-selectors\u002F?utm_source=wordpress.org&utm_medium=link&utm_campaign=address-autocomplete-readme\" rel=\"nofollow ugc\">simple help article and video is available\u003C\u002Fa>!), you can add Address Autocomplete to Anything! Provide a selector for which input field on your page you want to trigger the address autocomplete when a user types, and then the CSS selectors to target for the address data.\u003C\u002Fp>\n\u003Ch3>What you need\u003C\u002Fh3>\n\u003Cp>You only need to \u003Ca href=\"https:\u002F\u002Fwpsunshine.com\u002Fdocumentation\u002Fgoogle-maps-api-key\u002F?utm_source=wordpress.org&utm_medium=link&utm_campaign=address-autocomplete-readme\" rel=\"nofollow ugc\">get a Google Maps API key\u003C\u002Fa>. Although billing info is required, \u003Cem>most\u003C\u002Fem> sites will never be charged as the free limit is quite high.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpsunshine.com\u002Fdoccat\u002Faddress-autocomplete\u002F?utm_source=wordpress.org&utm_medium=link&utm_campaign=address-autocomplete-readme\" rel=\"nofollow ugc\">Visit the documentation\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Upgrade to Premium\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Get unlimited instances on your site\u003C\u002Fli>\n\u003Cli>More detailed data fields (latitude, longitude, county, neighborhood, sub localities, etc) to use for population\u003C\u002Fli>\n\u003Cli>Automatically integrate with popular e-commerce and form plugins with one-click set up:\n\u003Cul>\n\u003Cli>WooCommerce (Shortcode and Block Checkout, My Address in Account)\u003C\u002Fli>\n\u003Cli>Gravity Forms (Address Field)\u003C\u002Fli>\n\u003Cli>LifterLMS\u003C\u002Fli>\n\u003Cli>Paid Memberships Pro\u003C\u002Fli>\n\u003Cli>…and more coming \u003Cem>very\u003C\u002Fem> soon!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpsunshine.com\u002Fplugins\u002Faddress-autocomplete\u002F?utm_source=wordpress.org&utm_medium=link&utm_campaign=address-autocomplete-readme\" rel=\"nofollow ugc\">Get Premium here\u003C\u002Fa>\u003C\u002Fp>\n","Easily integrate Google Address Autocomplete to anything on your WordPress website!",900,11668,100,14,"2025-12-09T14:42:00.000Z","6.9.4","7.4",[20,21,74,24,75],"form","woocommerce","https:\u002F\u002Fwpsunshine.com\u002Fplugins\u002Faddress-autocomplete","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faddress-autocomplete-anything.1.2.6.zip",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":88,"num_ratings":89,"last_updated":90,"tested_up_to":91,"requires_at_least":92,"requires_php":93,"tags":94,"homepage":25,"download_link":98,"security_score":99,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"address-autocomplete-contact-form-7","Address autocomplete Contact Form 7","1.1.2","webman technologies","https:\u002F\u002Fprofiles.wordpress.org\u002Foremtech\u002F","\u003Cp>This is an addon for contact form 7 for address autocomplete functionality. Google place api is used for fetching addresses.\u003C\u002Fp>\n","Contact form 7 address autocomplete feature. We are using google maps api. https:\u002F\u002Fmaps.googleapis.com\u002Fmaps\u002Fapi",400,12021,84,6,"2019-08-19T05:04:00.000Z","5.2.24","4.4","5.2.4",[20,95,96,97,23],"address-autocomplete","contact-form-7","contact-form-7-addon","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faddress-autocomplete-contact-form-7.1.1.2.zip",85,{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":29,"downloaded":108,"rating":68,"num_ratings":109,"last_updated":110,"tested_up_to":16,"requires_at_least":17,"requires_php":111,"tags":112,"homepage":114,"download_link":115,"security_score":68,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"gomaps-address-autocomplete-for-checkout","GoMaps Address Autocomplete for Checkout","1.0.0","gomaps","https:\u002F\u002Fprofiles.wordpress.org\u002Fgomaps\u002F","\u003Cp>This plugin adds GoMaps Autocomplete to your WooCommerce billing and shipping address fields. Powered by the GoMaps API, it improves checkout UX, boosts form accuracy, and reduces cart abandonment by auto-suggesting address input with geo-targeted precision.\u003C\u002Fp>\n\u003Cp>– Fully compatible with WooCommerce checkout\u003Cbr \u002F>\n– Address Autocomplete for billing and shipping\u003Cbr \u002F>\n– IP-based geolocation country prefill\u003Cbr \u002F>\n– Supports select and text-based state fields\u003Cbr \u002F>\n– Limit suggestions to selected countries\u003Cbr \u002F>\n– Easy setup with your GoMaps API key\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftools.gomaps.pro\u002Fprivacy-policy.html\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin utilizes the following external services:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>GoMaps API (https:\u002F\u002Fmaps.gomaps.pro)\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>Purpose:\u003C\u002Fstrong> Provides address autocomplete suggestions and place details for billing and shipping fields on your WooCommerce checkout.\u003Cbr \u002F>\n* \u003Cstrong>Data Sent:\u003C\u002Fstrong> When a user types into an address field, the typed query, the GoMaps API key, and the currently selected country (if configured to limit suggestions) are sent to the GoMaps API. When a suggested address is selected, the \u003Ccode>place_id\u003C\u002Fcode> for that address is sent to retrieve full address components.\u003Cbr \u002F>\n* \u003Cstrong>When Data is Sent:\u003C\u002Fstrong> Data is sent on each keystroke (with a debounce to reduce requests) in the address fields for autocomplete, and upon explicit selection of an address suggestion for detailed information.\u003Cbr \u002F>\n* \u003Cstrong>Terms of Service:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fgomaps.pro\u002Fterms\" rel=\"nofollow ugc\">https:\u002F\u002Fgomaps.pro\u002Fterms\u003C\u002Fa>\u003Cbr \u002F>\n* \u003Cstrong>Privacy Policy:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Ftools.gomaps.pro\u002Fprivacy-policy.html\" rel=\"nofollow ugc\">https:\u002F\u002Ftools.gomaps.pro\u002Fprivacy-policy.html\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>IPAPI.co (https:\u002F\u002Fipapi.co)\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>Purpose:\u003C\u002Fstrong> To enhance the user experience by attempting to pre-fill the country selection on the checkout page based on the user’s IP address. This helps streamline the address entry process.\u003Cbr \u002F>\n* \u003Cstrong>Data Sent:\u003C\u002Fstrong> The user’s IP address.\u003Cbr \u002F>\n* \u003Cstrong>When Data is Sent:\u003C\u002Fstrong> A single request is made to this service when the WooCommerce checkout page first loads, only if the billing or shipping country fields are currently empty. This occurs once per checkout page load.\u003Cbr \u002F>\n* \u003Cstrong>Terms of Service:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fipapi.co\u002Fterms\" rel=\"nofollow ugc\">https:\u002F\u002Fipapi.co\u002Fterms\u003C\u002Fa>\u003Cbr \u002F>\n* \u003Cstrong>Privacy Policy:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fipapi.co\u002Fprivacy\" rel=\"nofollow ugc\">https:\u002F\u002Fipapi.co\u002Fprivacy\u003C\u002Fa>\u003C\u002Fp>\n","GoMaps Address Autocomplete enhances checkout address fields using real-time, fast and privacy-respecting location suggestions. Built for WooCommerce.",267,2,"2025-08-12T14:42:00.000Z","7.2",[95,113,22,104,75],"checkout","https:\u002F\u002Fapp.gomaps.pro\u002Fref\u002F8MSGL552","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgomaps-address-autocomplete-for-checkout.zip",{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":124,"downloaded":125,"rating":55,"num_ratings":126,"last_updated":127,"tested_up_to":128,"requires_at_least":129,"requires_php":25,"tags":130,"homepage":135,"download_link":136,"security_score":68,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"ip-location-block","IP Location Block","1.3.8","Darko G.","https:\u002F\u002Fprofiles.wordpress.org\u002Fdarkog\u002F","\u003Cp>IP Location Block plugin that allows you to block access to your site based on the visitor location while also keeping your site safe from malicious attacks. The plugin brings a smart and powerful protection methods such as “\u003Cstrong>WP Metadata Exploit Protection\u003C\u002Fstrong>“.\u003C\u002Fp>\n\u003Cp>Combined with those methods and IP address geolocation, you’ll be surprised to find a bunch of malicious or undesirable access blocked in the logs of this plugin after several days of installation.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> This plugin is based on the now abandoned “IP Geo Block” plugin by tokkonopapa. I fixed various issues and improved the overall codebase.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Native Geo-Location Provider\u003C\u002Fstrong>\u003Cbr \u002F>\nIP Location Block provides \u003Ca href=\"https:\u002F\u002Fiplocationblock.com\u002Fcodex\u002Fnative-geo-location-provider\u002F?utm_source=plugin&utm_medium=wporgpage&utm_campaign=readme\" rel=\"nofollow ugc\">Native Geo-Location Provider\u003C\u002Fa> that is faster, more secure and provides the needed \u003Cstrong>precision\u003C\u002Fstrong> for matching \u003Cstrong>CITY\u003C\u002Fstrong> and \u003Cstrong>STATE\u003C\u002Fstrong> besides the standard COUNTRY matching.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Privacy by design:\u003C\u002Fstrong>\u003Cbr \u002F>\nIP address is always encrypted on recording in logs\u002Fcache. Moreover, it can be anonymized and restricted on sending to the 3rd parties such as geolocation APIs or whois service.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Immigration control:\u003C\u002Fstrong>\u003Cbr \u002F>\nAccess to the basic and important entrances into back-end such as \u003Ccode>wp-comments-post.php\u003C\u002Fcode>, \u003Ccode>xmlrpc.php\u003C\u002Fcode>, \u003Ccode>wp-login.php\u003C\u002Fcode>, \u003Ccode>wp-signup.php\u003C\u002Fcode>, \u003Ccode>wp-admin\u002Fadmin.php\u003C\u002Fcode>, \u003Ccode>wp-admin\u002Fadmin-ajax.php\u003C\u002Fcode>, \u003Ccode>wp-admin\u002Fadmin-post.php\u003C\u002Fcode> will be validated by means of a country code based on IP address. It allows you to configure either whitelist or blacklist to \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FISO_3166-1_alpha-2#Officially_assigned_code_elements\" title=\"ISO 3166-1 alpha-2 - Wikipedia\" rel=\"nofollow ugc\">specify the countires\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FClassless_Inter-Domain_Routing\" title=\"Classless Inter-Domain Routing - Wikipedia\" rel=\"nofollow ugc\">CIDR notation\u003C\u002Fa> for a range of IP addresses and \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FAutonomous_system_(Internet)\" title=\"Autonomous system (Internet) - Wikipedia\" rel=\"nofollow ugc\">AS number\u003C\u002Fa> for a group of IP networks.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Guard against login attempts:\u003C\u002Fstrong>\u003Cbr \u002F>\nIn order to prevent hacking through the login form and XML-RPC by brute-force and the reverse-brute-force attacks, the number of login attempts will be limited per IP address even from the permitted countries.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Minimize server load against brute-force attacks:\u003C\u002Fstrong>\u003Cbr \u002F>\nYou can configure this plugin as a \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FMust_Use_Plugins\" title=\"Must Use Plugins « WordPress Codex\" rel=\"nofollow ugc\">Must Use Plugins\u003C\u002Fa> so that this plugin can be loaded prior to regular plugins. It can massively \u003Ca href=\"https:\u002F\u002Fiplocationblock.com\u002Fcodex\u002Fvalidation-timing\u002F\" title=\"Validation timing | IP Location Block\" rel=\"nofollow ugc\">reduce the load on server\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Prevent malicious down\u002Fuploading:\u003C\u002Fstrong>\u003Cbr \u002F>\nA malicious request such as exposing \u003Ccode>wp-config.php\u003C\u002Fcode> or uploading malwares via vulnerable plugins\u002Fthemes can be blocked.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Block badly-behaved bots and crawlers:\u003C\u002Fstrong>\u003Cbr \u002F>\nA simple logic may help to reduce the number of rogue bots and crawlers scraping your site.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Support of BuddyPress and bbPress:\u003C\u002Fstrong>\u003Cbr \u002F>\nYou can configure this plugin so that a registered user can login as a membership from anywhere, while a request such as a new user registration, lost password, creating a new topic and subscribing comment can be blocked by country. It is suitable for \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbuddypress\u002F\" title=\"BuddyPress — WordPress Plugins\" rel=\"ugc\">BuddyPress\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbbpress\u002F\" title=\"WordPress › bbPress « WordPress Plugins\" rel=\"ugc\">bbPress\u003C\u002Fa> to help reducing spams.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Referrer suppressor for external links:\u003C\u002Fstrong>\u003Cbr \u002F>\nWhen you click an external hyperlink on admin screens, http referrer will be eliminated to hide a footprint of your site.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Multiple source of IP Geolocation databases:\u003C\u002Fstrong>\u003Cbr \u002F>\nBesides the \u003Ca href=\"https:\u002F\u002Fiplocationblock.com\u002Fcodex\u002Fnative-geo-location-provider\u002F?utm_source=plugin&utm_medium=wporgpage&utm_campaign=readme\" rel=\"nofollow ugc\">Native Geo-Location provider\u003C\u002Fa>, this plugin supports \u003Ca href=\"https:\u002F\u002Fwww.maxmind.com\" title=\"MaxMind - IP Geolocation and Online Fraud Prevention\" rel=\"nofollow ugc\">MaxMind GeoLite2 free databases\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.ip2location.com\u002F\" title=\"IP Address Geolocation to Identify Website Visitor's Geographical Location\" rel=\"nofollow ugc\">IP2Location LITE databases\u003C\u002Fa>. Also free Geolocation REST APIs and whois information can be available for audit purposes.\u003Cbr \u002F>\nFather more, \u003Ca href=\"https:\u002F\u002Fiplocationblock.com\u002Fcloudflare-cloudfront-api-class-library\u002F\" title=\"CloudFlare & CloudFront API class library | IP Location Block\" rel=\"nofollow ugc\">dedicated API class libraries\u003C\u002Fa> can be installed for CloudFlare and CloudFront as a reverse proxy service.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Customizing response:\u003C\u002Fstrong>\u003Cbr \u002F>\nHTTP response code can be selectable as \u003Ccode>403 Forbidden\u003C\u002Fcode> to deny access pages, \u003Ccode>404 Not Found\u003C\u002Fcode> to hide pages or even \u003Ccode>200 OK\u003C\u002Fcode> to redirect to the top page.\u003Cbr \u002F>\nYou can also have a human friendly page (like \u003Ccode>404.php\u003C\u002Fcode>) in your parent\u002Fchild theme template directory to fit your site design.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Validation logs:\u003C\u002Fstrong>\u003Cbr \u002F>\nValidation logs for useful information to audit attack patterns can be manageable.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Cooperation with full spec security plugin:\u003C\u002Fstrong>\u003Cbr \u002F>\nThis plugin is lite enough to be able to cooperate with other full spec security plugin such as \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwordfence\u002F\" title=\"Wordfence Security — WordPress Plugins\" rel=\"ugc\">Wordfence Security\u003C\u002Fa>. See \u003Ca href=\"https:\u002F\u002Fiplocationblock.com\u002Fcodex\u002Fpage-speed-performance\u002F\" title=\"Page speed performance | IP Location Block\" rel=\"nofollow ugc\">this report\u003C\u002Fa> about page speed performance.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Extendability:\u003C\u002Fstrong>\u003Cbr \u002F>\nYou can customize the behavior of this plugin via \u003Ccode>add_filter()\u003C\u002Fcode> with \u003Ca href=\"https:\u002F\u002Fiplocationblock.com\u002Fcodex\u002F\" title=\"Codex | IP Location Block\" rel=\"nofollow ugc\">pre-defined filter hook\u003C\u002Fa>. See various use cases in \u003Ca href=\"https:\u002F\u002Fiplocationblock.com\u002Fcodex\u002Fexample-use-cases-for-the-developer-hooks\u002F\" rel=\"nofollow ugc\">samples.php\u003C\u002Fa> bundled within this package.\u003Cbr \u002F>\nYou can also get the extension \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fddur\u002FWordPress-IP-Geo-Allow\" title=\"GitHub - ddur\u002FWordPress-IP-Geo-Allow: WordPress Plugin Exension for WordPress-IP-Geo-Block Plugin\" rel=\"nofollow ugc\">IP Geo Allow\u003C\u002Fa> by \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fddur\" title=\"ddur (Dragan) - GitHub\" rel=\"nofollow ugc\">Dragan\u003C\u002Fa>. It makes admin screens strictly private with more flexible way than specifying IP addresses.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Self blocking prevention and easy rescue:\u003C\u002Fstrong>\u003Cbr \u002F>\nWebsite owners do not prefer themselves to be blocked. This plugin prevents such a sad thing unless you force it. And futhermore, if such a situation occurs, you can \u003Ca href=\"https:\u002F\u002Fiplocationblock.com\u002Fcodex\u002Fwhat-should-i-do-when-im-locked-out\u002F\" title=\"What should I do when I'm locked out? | IP Location Block\" rel=\"nofollow ugc\">rescue yourself\u003C\u002Fa> easily.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Clean uninstallation:\u003C\u002Fstrong>\u003Cbr \u002F>\nNothing is left in your precious mySQL database after uninstallation. So you can feel free to install and activate to make a trial of this plugin’s functionality.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Documentation\u003C\u002Fh4>\n\u003Cp>Documentation and more information can always be found on our \u003Ca href=\"https:\u002F\u002Fiplocationblock.com\u002F\" title=\"IP Location Block\" rel=\"nofollow ugc\">plugin website\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Attribution\u003C\u002Fh4>\n\u003Cp>This package includes GeoLite2 library distributed by MaxMind, available from \u003Ca href=\"https:\u002F\u002Fwww.maxmind.com\" title=\"MaxMind - IP Geolocation and Online Fraud Prevention\" rel=\"nofollow ugc\">MaxMind\u003C\u002Fa>, and also includes IP2Location open source libraries available from \u003Ca href=\"https:\u002F\u002Fwww.ip2location.com\" title=\"IP Address Geolocation to Identify Website Visitor's Geographical Location\" rel=\"nofollow ugc\">IP2Location\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Also thanks for providing the following services and REST APIs for free.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fgeoiplookup.net\u002F\" title=\"What Is My IP Address | GeoIP Lookup\" rel=\"nofollow ugc\">http:\u002F\u002Fgeoiplookup.net\u002F\u003C\u002Fa> (IPv4, IPv6 \u002F free)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fipinfo.io\u002F\" title=\"IP Address API and Data Solutions\" rel=\"nofollow ugc\">https:\u002F\u002Fipinfo.io\u002F\u003C\u002Fa> (IPv4, IPv6 \u002F free)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fipapi.com\u002F\" title=\"ipapi - IP Address Lookup and Geolocation API\" rel=\"nofollow ugc\">https:\u002F\u002Fipapi.com\u002F\u003C\u002Fa> (IPv4, IPv6 \u002F free, need API key)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fipstack.com\u002F\" title=\"ipstack - Free IP Geolocation API\" rel=\"nofollow ugc\">https:\u002F\u002Fipstack.com\u002F\u003C\u002Fa> (IPv4, IPv6 \u002F free, need API key)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fipinfodb.com\u002F\" title=\"Free IP Geolocation Tools and API| IPInfoDB\" rel=\"nofollow ugc\">https:\u002F\u002Fipinfodb.com\u002F\u003C\u002Fa> (IPv4, IPv6 \u002F free, need API key)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Development\u003C\u002Fh4>\n\u003Cp>Development of this plugin happens at \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fgdarko\u002Fip-location-block\" title=\"gdarko\u002Fip-location-block - GitHub\" rel=\"nofollow ugc\">IP Location Block – GitHub\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>All contributions will always be welcome.\u003C\u002Fp>\n\u003Ch4>Known issues\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>From \u003Ca href=\"https:\u002F\u002Fmake.wordpress.org\u002Fcore\u002F2016\u002F03\u002F09\u002Fcomment-changes-in-wordpress-4-5\u002F\" title=\"Comment Changes in WordPress 4.5 – Make WordPress Core\" rel=\"nofollow ugc\">WordPress 4.5\u003C\u002Fa>, \u003Ccode>rel=nofollow\u003C\u002Fcode> had no longer be attached to the links in \u003Ccode>comment_content\u003C\u002Fcode>. This change prevents to block “\u003Ca href=\"https:\u002F\u002Fwww.owasp.org\u002Findex.php\u002FServer_Side_Request_Forgery\" title=\"Server Side Request Forgery - OWASP\" rel=\"nofollow ugc\">Server Side Request Forgeries\u003C\u002Fa>” (not Cross Site but a malicious internal link in the comment field).\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fapps.wordpress.com\u002Fmobile\u002F\" title=\"WordPress.com Apps - Mobile Apps\" rel=\"nofollow ugc\">WordPress.com Mobile App\u003C\u002Fa> can’t execute image uploading because of its own authentication system via XMLRPC.\u003C\u002Fli>\n\u003C\u002Ful>\n","Easily block visitors by country, state or ISP provider. Also, protects your site from spam, login attempts, malicious access & more.",10000,192738,33,"2026-03-13T00:57:00.000Z","7.0","3.7",[131,132,22,133,134],"block","country","ip-address","ip-geo-block","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fip-location-block\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fip-location-block.1.3.8.zip",{"slug":138,"name":139,"version":140,"author":141,"author_profile":142,"description":143,"short_description":144,"active_installs":145,"downloaded":146,"rating":147,"num_ratings":148,"last_updated":149,"tested_up_to":71,"requires_at_least":150,"requires_php":25,"tags":151,"homepage":155,"download_link":156,"security_score":68,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"autocomplete-google-address","Autocomplete Google Address","4.0.0","Md Nishath Khandakar","https:\u002F\u002Fprofiles.wordpress.org\u002Fnishatbd31\u002F","\u003Cp>Tired of manually typing addresses? Autocomplete Google Address integrates the power of Google Places Autocomplete with any form on your WordPress site.\u003C\u002Fp>\n\u003Cp>This plugin doesn’t force you to create new forms. Instead, it provides a powerful, selector-based “form builder” that lets you map Google’s rich address data to your \u003Cem>existing\u003C\u002Fem> form fields. It’s compatible with WooCommerce, Contact Form 7, WPForms, Gravity Forms, and virtually any other form.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Works with Any Form:\u003C\u002Fstrong> Add address autocomplete to checkout fields, contact forms, registration forms, and more.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Selector-Based Mapping:\u003C\u002Fstrong> A simple but powerful UI lets you connect Google Address components to your form fields using CSS selectors (like \u003Ccode>#billing_address\u003C\u002Fcode> or \u003Ccode>.shipping-street\u003C\u002Fcode>).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Two Powerful Modes:\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>\u003Cstrong>Single Line Mode:\u003C\u002Fstrong> A single field autocompletes the full, formatted address. Perfect for simple address fields.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smart Mapping Mode:\u003C\u002Fstrong> One field triggers the autocomplete, and the plugin intelligently fills multiple fields like Street, City, State, Zip, and Country.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Unlimited Configurations:\u003C\u002Fstrong> Create as many mapping configurations as you need. You can have different setups for your checkout form and your contact form on the same site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Friendly:\u003C\u002Fstrong> Use the \u003Ccode>[aga_form id=\"123\"]\u003C\u002Fcode> shortcode or the \u003Ccode>aga_render_form_config(123)\u003C\u002Fcode> PHP function to apply configurations exactly where you need them.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Conflict Prevention:\u003C\u002Fstrong> Includes an option to prevent the plugin from loading the Google Maps API if another plugin or your theme already does.\u003C\u002Fli>\n\u003C\u002Ful>\n","Add Google Places address autocomplete to any existing form in WordPress using a selector-based mapping builder.",3000,67886,80,23,"2026-01-10T11:09:00.000Z","5.4",[20,21,152,153,154],"google","maps","places","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fautocomplete-google-address\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fautocomplete-google-address.zip",{"attackSurface":158,"codeSignals":194,"taintFlows":202,"riskAssessment":203,"analyzedAt":210},{"hooks":159,"ajaxHandlers":190,"restRoutes":191,"shortcodes":192,"cronEvents":193,"entryPointCount":29,"unprotectedCount":29},[160,166,171,176,180,184],{"type":161,"name":162,"callback":163,"file":164,"line":165},"filter","gform_tooltips","add_tooltips","class-auto-address-complete.php",38,{"type":167,"name":168,"callback":169,"file":164,"line":170},"action","gform_editor_js","editor_script",39,{"type":161,"name":172,"callback":173,"priority":174,"file":164,"line":175},"gform_register_init_scripts","add_init_script",10,40,{"type":161,"name":177,"callback":178,"priority":174,"file":164,"line":179},"gform_field_settings_tabs","pcafe_aac_fields_settings_tab",42,{"type":167,"name":181,"callback":182,"priority":174,"file":164,"line":183},"gform_field_settings_tab_content_address_auto_complete","pcafe_aac_fields_settings_tab_content",43,{"type":167,"name":185,"callback":186,"priority":187,"file":188,"line":189},"gform_loaded","load",5,"gf-auto-address-complete.php",20,[],[],[],[],{"dangerousFunctions":195,"sqlUsage":196,"outputEscaping":198,"fileOperations":29,"externalRequests":29,"nonceChecks":29,"capabilityChecks":29,"bundledLibraries":201},[],{"prepared":29,"raw":29,"locations":197},[],{"escaped":199,"rawEcho":29,"locations":200},4,[],[],[],{"summary":204,"deductions":205},"The plugin \"gf-google-address-autocomplete\" v1.3.6 exhibits a generally strong security posture based on the static analysis. The absence of dangerous functions, raw SQL queries, unescaped output, file operations, external HTTP requests, and a clean taint analysis indicate that the core code is well-written and resistant to common vulnerabilities. The plugin also adheres to good practices by not exposing a large attack surface through AJAX handlers, REST API routes, shortcodes, or cron events without proper checks.\n\nHowever, the plugin's vulnerability history presents a notable concern. It has a recorded CVE, specifically a medium-severity Cross-Site Request Forgery (CSRF) vulnerability, which was last patched on June 27, 2025. While currently unpatched CVEs are zero, the existence of a past CSRF vulnerability, even if patched, suggests a potential area of weakness. The lack of nonce checks in the static analysis could be a contributing factor to such vulnerabilities, as it indicates a reliance on other mechanisms or assumptions for security, which can be brittle.\n\nIn conclusion, while the static code analysis is impressive and points to robust development practices, the historical vulnerability data, particularly the CSRF issue, warrants a cautious approach. Developers should ensure that all entry points, even those not immediately apparent in the static analysis, are protected against CSRF attacks and that ongoing security monitoring remains a priority.",[206,208],{"reason":207,"points":174},"Past medium-severity CVE (CSRF)",{"reason":209,"points":187},"Zero nonce checks detected","2026-03-16T18:32:15.532Z",{"wat":212,"direct":221},{"assetPaths":213,"generatorPatterns":216,"scriptPaths":217,"versionParams":218},[214,215],"\u002Fwp-content\u002Fplugins\u002Fgf-google-address-autocomplete\u002Fassets\u002Fcss\u002Fgf-auto-address-complete.css","\u002Fwp-content\u002Fplugins\u002Fgf-google-address-autocomplete\u002Fassets\u002Fjs\u002Fgf-auto-address-complete.js",[],[215],[219,220],"\u002Fwp-content\u002Fplugins\u002Fgf-google-address-autocomplete\u002Fassets\u002Fcss\u002Fgf-auto-address-complete.css?ver=","\u002Fwp-content\u002Fplugins\u002Fgf-google-address-autocomplete\u002Fassets\u002Fjs\u002Fgf-auto-address-complete.js?ver=",{"cssClasses":222,"htmlComments":223,"htmlAttributes":224,"restEndpoints":225,"jsGlobals":226,"shortcodeOutput":227},[],[],[],[],[],[]]