[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$frPOF6HyroVHe_iRON8J7sJSxB3JvEH9filbufzLooNw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":35,"analysis":146,"fingerprints":261},"gravity-forms-no-captcha-recaptcha","Gravity Forms No CAPTCHA reCAPTCHA","1.0.7","folkhack","https:\u002F\u002Fprofiles.wordpress.org\u002Ffolkhack\u002F","\u003Cp>Adds a “No CAPTCHA reCAPTCHA” field type to Gravity Forms form builder with light\u002Fdark theme options. Forms with a “No CAPTCHA reCAPTCHA” will validate the field before successful submission.\u003C\u002Fp>\n\u003Ch4>Further Reading\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffolkhack\u002FGravity-Forms-No-CAPTCHA-reCAPTCHA\" rel=\"nofollow ugc\">Official GitHub Repository\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Ffolkhack.com\" rel=\"nofollow ugc\">Folkhack Studios\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Adds \"No CAPTCHA reCAPTCHA\" field to Gravity Forms as an alternative CAPTCHA option",10000,52809,96,26,"2017-11-28T11:22:00.000Z","4.0.0","",[19,20,21,22],"captcha","gravity-forms","no-captcha","recaptcha","https:\u002F\u002Fgithub.com\u002Ffolkhack\u002FGravity-Forms-No-CAPTCHA-reCAPTCHA","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgravity-forms-no-captcha-recaptcha.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},1,30,84,"2026-04-04T16:39:57.090Z",[36,59,80,107,130],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":11,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":54,"download_link":55,"security_score":56,"vuln_count":57,"unpatched_count":26,"last_vuln_date":58,"fetched_at":28},"wp-recaptcha-integration","ReCaptcha Integration for WordPress","1.2.8","weDevs","https:\u002F\u002Fprofiles.wordpress.org\u002Fwedevs\u002F","\u003Cp>Integrate reCaptcha in your blog. Supports no Captcha as well as old style recaptcha.\u003Cbr \u002F>\nProvides of the box integration for signup, login, comment formsand Ninja Forms as well\u003Cbr \u002F>\nas a plugin API for your own integrations.\u003C\u002Fp>\n\u003Ch4>Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Secures login, signup und comments with a recaptcha.\u003C\u002Fli>\n\u003Cli>Supports old as well as new reCaptcha.\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Works together with\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WP Multisite\u003C\u002Fli>\n\u003Cli>bbPress\u003C\u002Fli>\n\u003Cli>BuddyPress\u003C\u002Fli>\n\u003Cli>AwesomeSupport (thanks to \u003Ca href=\"http:\u002F\u002Fjulienliabeuf.com\u002F\" rel=\"nofollow ugc\">Julien Liabeuf\u003C\u002Fa> )\u003C\u002Fli>\n\u003Cli>WooCommerce (Only checkout, registration and login form. Not password reset)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fninjaforms.com\u002F\" rel=\"nofollow ugc\">Ninja Forms\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>cformsII\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>For integration in your self-coded forms see this \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftareq1988\u002Fwp-recaptcha-integration\u002Fwiki\u002FCustom-Themes-and-Forms\" rel=\"nofollow ugc\">wiki article\u003C\u002Fa> for details.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Localizations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Brazilian Portuguese (thanks to \u003Ca href=\"http:\u002F\u002Fwww.viniciusferraz.com\" rel=\"nofollow ugc\">Vinícius Ferraz\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Spanish (thanks to \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fyivi\" rel=\"nofollow ugc\">Ivan Yivoff\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Italian (thanks to \u003Ca href=\"http:\u002F\u002Fblog.salaros.com\u002F\" rel=\"nofollow ugc\">Salaros\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>German\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Latest Files on GitHub: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftareq1988\u002Fwp-recaptcha-integration\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Ftareq1988\u002Fwp-recaptcha-integration\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Cp>On a \u003Cstrong>WP Multisite\u003C\u002Fstrong> you can either activate the plugin network wide or on a single site.\u003C\u002Fp>\n\u003Cp>Activated on a single site everything works as usual.\u003C\u002Fp>\n\u003Cp>With network activation entering the API key and setting up where a captcha is required\u003Cbr \u002F>\nis up to the network admin. A blog admin can override the API key e.g. when his blog is\u003Cbr \u002F>\nrunning under his\u002Fher own domain name.\u003C\u002Fp>\n\u003Ch4>Known Limitations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>You can’t have more than one old style reCaptcha on a page. This is a limitiation of\u003Cbr \u002F>\nreCaptcha itself. If that’s an issue for you, you should use the no Captcha Form.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>A No Captcha definitely requires client side JavaScript enabled. That’s how it does its\u003Cbr \u002F>\nsophisticated bot detection magic. There is no fallback. If your visitor does not have\u003Cbr \u002F>\nJS enabled the captcha test will not let him through.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>On a \u003Cstrong>Contact Form 7\u003C\u002Fstrong> when the reCaptcha is disabled (e.g. for logged in users) the field\u003Cbr \u002F>\nlabel will be still visible. This is due to CF7 Shortcode architecture, and can’t be fixed.\u003C\u002Fp>\n\u003Cp>To handle this there is a filter \u003Ccode>recaptcha_disabled_html\u003C\u002Fcode>. You can return a message for your logged-in\u003Cbr \u002F>\nusers here. Check out the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftareq1988\u002Fwp-recaptcha-integration\" rel=\"nofollow ugc\">GitHub Repo\u003C\u002Fa> for details.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>As of version 4.3 CF7 comes with its own recaptcha. Both are supposed to work together.\u003Cbr \u002F>\nI you want to keep the WP ReCaptcha functionality, e.g. if you want to hide the captcha\u003Cbr \u002F>\nfrom known users, leave the integration in the CF7 settings unconfigured.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Old style reCaptcha does not work together with \u003Cstrong>WooCommerce\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>In \u003Cstrong>WooCommerce\u003C\u002Fstrong> the reset password form can not be protected by a captcha. Woocommerce does\u003Cbr \u002F>\nnot fire any action in the lost password form, so there is no way for the plugin to hook in.\u003Cbr \u002F>\nTake a look at \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fcaptcha-not-showing-on-lost-password-page?replies=7\" rel=\"ugc\">this thread\u003C\u002Fa> for a workaround.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Due to a lack of filters there is no (and as far as one can see, there will never be)\u003Cbr \u002F>\nsupport for the \u003Cstrong>MailPoet\u003C\u002Fstrong> subscription form.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Plugin API\u003C\u002Fh3>\n\u003Cp>The plugin offers some filters to allow themes and other plugins to hook in.\u003C\u002Fp>\n\u003Cp>See \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftareq1988\u002Fwp-recaptcha-integration\" rel=\"nofollow ugc\">GitHub-Repo\u003C\u002Fa> for details.\u003C\u002Fp>\n","reCaptcha for login, signup, comment forms, Ninja Forms and woocommerce.",294613,88,94,"2025-10-29T05:41:00.000Z","6.8.5","3.8","5.4",[19,52,21,22,53],"login","security","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-recaptcha-integration\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-recaptcha-integration.1.2.8.zip",99,2,"2024-11-01 00:00:00",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":69,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":17,"tags":74,"homepage":78,"download_link":79,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"jc-recaptcha","JC Recaptcha","1.4","llavillaccama","https:\u002F\u002Fprofiles.wordpress.org\u002Fllavillaccama\u002F","\u003Cp>The Add new recaptcha google plugin allows you to implement a super security REcaptcha form into web forms. It protects your website from spam by means of math logic, easily understood by human beings.\u003Cbr \u002F>\nThis captcha can be used for login, registration, comments forms.\u003C\u002Fp>\n\u003Cp>This plugin is based on the recapcha of google, for receive more information can visit the website: https:\u002F\u002Fwww.google.com\u002Frecaptcha\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwebdesignjc.com\u002Frecaptchawp\u002Findex.html\" rel=\"nofollow ugc\">Support\u003C\u002Fa>\u003C\u002Fp>\n","The Add new recaptcha google plugin allows you to implement a super security REcaptcha form into web forms.",100,7503,74,3,"2015-03-13T16:19:00.000Z","4.0.38","3.3",[75,21,76,77,22],"add","nocaptcha","re-captcha","http:\u002F\u002Fwebdesignjc.com\u002Frecaptchawp\u002Findex.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjc-recaptcha.zip",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":26,"num_ratings":26,"last_updated":90,"tested_up_to":17,"requires_at_least":91,"requires_php":17,"tags":92,"homepage":104,"download_link":105,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":106},"protect-ai-login","Protect Ai Login","1.0.0","anouny","https:\u002F\u002Fprofiles.wordpress.org\u002Fanouny\u002F","\u003Cp>Protect Ai Login changes default WordPress login URL to the url you define, denied brute force attacks, spam logins, and bot or automatic register. The plugin blocks access to default login url, generates a custom branded login panel, without creating a custom page on your website.\u003C\u002Fp>\n\u003Cp>The plugin offers protection with Google reCAPTCHA v2.\u003C\u002Fp>\n\u003Ch3>Plugin Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Define new login url easily from settings page.\u003C\u002Fli>\n\u003Cli>Protect against spam login, bot registration or signup, with the integration of Google reCaptcha.\u003C\u002Fli>\n\u003Cli>Secure AXS is compatible with any permalink setup including the default.\u003C\u002Fli>\n\u003Cli>Choose to allow users with the role “Editor” to access plugin settings.\u003C\u002Fli>\n\u003Cli>Fully branded login page with colors and login logo of your choice.\u003C\u002Fli>\n\u003Cli>Plugin doesn’t create new pages on your website for displaying the new login panel.\u003C\u002Fli>\n\u003Cli>Plugin is compatible with other major security & cache plugins.\u003C\u002Fli>\n\u003Cli>Test with wordpress 4.4.2\u003C\u002Fli>\n\u003C\u002Ful>\n","Change default login site to a custom URL, block spam, bot registration, and brute-force using Google reCAPTCHA.",10,1394,"2016-04-14T06:46:00.000Z","4.0",[93,94,95,96,97,98,19,99,52,21,76,22,100,101,53,102,103],"access","attack","axs","block","brute","brute-force-attack","force","register","secure","sign","spam","https:\u002F\u002Fwordpress.org\u002Fplugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprotect-ai-login.zip","2026-03-15T14:54:45.397Z",{"slug":108,"name":109,"version":110,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":115,"downloaded":116,"rating":13,"num_ratings":117,"last_updated":118,"tested_up_to":119,"requires_at_least":120,"requires_php":121,"tags":122,"homepage":126,"download_link":127,"security_score":128,"vuln_count":70,"unpatched_count":26,"last_vuln_date":129,"fetched_at":28},"advanced-google-recaptcha","Advanced Google reCAPTCHA","1.31","WebFactory","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebfactory\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fgetwpcaptcha.com\u002F\" rel=\"nofollow ugc\">Advanced Google reCAPTCHA\u003C\u002Fa> protects your WordPress site from spam comments & brute force login attacks using captcha. This captcha plugin, quickly adds Google reCAPTCHA and other captcha tests to WordPress comment form, login form, and other forms.\u003C\u002Fp>\n\u003Cp>Using Advanced Google reCAPTCHA (most popular captcha on the market), you’ll be safe from spam comments and protect user accounts, WooCommerce, Easy Digital Downloads, BuddyPress and other forms from brute-force login attacks.\u003C\u002Fp>\n\u003Cp>reCaptcha works for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Login Form\u003C\u002Fli>\n\u003Cli>Registration Form\u003C\u002Fli>\n\u003Cli>Reset Password Form\u003C\u002Fli>\n\u003Cli>Comment Form\u003C\u002Fli>\n\u003Cli>BuddyPress Form\u003C\u002Fli>\n\u003Cli>WooCommerce Form\u003C\u002Fli>\n\u003Cli>Easy Digital Downloads (EDD) Login Form\u003C\u002Fli>\n\u003Cli>Easy Digital Downloads (EDD) Registration Form\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Captcha uses these 3rd party libs:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Chart.js, 2017 Nick Downie, MIT\u003C\u002Fli>\n\u003Cli>DataTables, 2008-2017 SpryMedia Ltd, MIT\u003C\u002Fli>\n\u003Cli>moment.js, Tim Wood, Iskren Chernev, MIT\u003C\u002Fli>\n\u003Cli>SweetAlert 2, github.com\u002FSweetalert2\u002FSweetalert2, MIT\u003C\u002Fli>\n\u003Cli>tooltipster, www.heteroclito.fr\u002Fmodules\u002Ftooltipster\u002F, MIT\u003C\u002Fli>\n\u003C\u002Ful>\n","Captcha protection against spam comments & brute force login attacks using Google reCAPTCHA.",200000,2435450,428,"2025-12-02T20:29:00.000Z","6.9.4","4.9","5.2",[19,123,124,125,22],"comment-recaptcha","google-recaptcha","login-recaptcha","https:\u002F\u002Fgetwpcaptcha.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-google-recaptcha.1.31.zip",98,"2025-03-27 19:32:14",{"slug":131,"name":132,"version":133,"author":134,"author_profile":135,"description":136,"short_description":137,"active_installs":115,"downloaded":138,"rating":67,"num_ratings":139,"last_updated":140,"tested_up_to":141,"requires_at_least":120,"requires_php":17,"tags":142,"homepage":17,"download_link":145,"security_score":67,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"wpcf7-recaptcha","ReCaptcha v2 for Contact Form 7","1.4.9","IQComputing","https:\u002F\u002Fprofiles.wordpress.org\u002Fiqcomputing\u002F","\u003Cp>Contact Form 7 v5.1 dropped support for reCaptcha v2 along with the \u003Ccode>[recaptcha]\u003C\u002Fcode> tag December 2018. This plugin brings that functionality back from Contact Form 7 5.0.5 and re-adds the \u003Ccode>[recaptcha]\u003C\u002Fcode> tag.\u003C\u002Fp>\n\u003Cp>If this plugin is installed before updating Contact Form 7 from v5.0.5 to v5.1.1 then it will carry over your old API keys. At that point you will just need to head to this plugins settings page to tell the website to use reCaptcha v2.\u003C\u002Fp>\n\u003Cp>Once installed and configured it should be the same reCaptcha functionality you are used to in previous versions of Contact Form 7.\u003C\u002Fp>\n\u003Ch3>IQComputing\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Like us on \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fiqcomputing\u002F\" title=\"IQComputing on Facebook\" rel=\"nofollow ugc\">Facebook\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Follow us on \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fiqcomputing\u002F\" title=\"IQComputing on Twitter\" rel=\"nofollow ugc\">Twitter\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Fork on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FIQComputing\u002Fwpcf7-recaptcha\" title=\"IQComputing on Github\" rel=\"nofollow ugc\">Github\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Adds reCaptcha v2 from Contact Form 7 5.0.5 that was dropped on Contact Form 7 5.1",3905275,89,"2025-04-15T22:52:00.000Z","6.7.5",[143,144,22,103],"contact-form-7","contact-form-7-recaptcha","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpcf7-recaptcha.1.4.9.zip",{"attackSurface":147,"codeSignals":190,"taintFlows":218,"riskAssessment":247,"analyzedAt":260},{"hooks":148,"ajaxHandlers":186,"restRoutes":187,"shortcodes":188,"cronEvents":189,"entryPointCount":26,"unprotectedCount":26},[149,155,158,161,164,168,171,174,177,180,183],{"type":150,"name":151,"callback":152,"file":153,"line":154},"action","plugins_loaded","anonymous","includes\\class-gf-no-captcha-recaptcha.php",149,{"type":150,"name":156,"callback":152,"file":153,"line":157},"admin_init",165,{"type":150,"name":159,"callback":152,"file":153,"line":160},"admin_menu",166,{"type":150,"name":162,"callback":152,"file":153,"line":163},"admin_notices",167,{"type":165,"name":166,"callback":152,"file":153,"line":167},"filter","gform_add_field_buttons",182,{"type":165,"name":169,"callback":152,"file":153,"line":170},"gform_field_type_title",183,{"type":150,"name":172,"callback":152,"file":153,"line":173},"gform_field_input",184,{"type":150,"name":175,"callback":152,"file":153,"line":176},"gform_editor_js",185,{"type":150,"name":178,"callback":152,"file":153,"line":179},"gform_field_advanced_settings",186,{"type":150,"name":181,"callback":152,"file":153,"line":182},"gform_enqueue_scripts",187,{"type":165,"name":184,"callback":152,"file":153,"line":185},"gform_field_validation",188,[],[],[],[],{"dangerousFunctions":191,"sqlUsage":192,"outputEscaping":194,"fileOperations":31,"externalRequests":26,"nonceChecks":26,"capabilityChecks":31,"bundledLibraries":217},[],{"prepared":26,"raw":26,"locations":193},[],{"escaped":195,"rawEcho":196,"locations":197},4,8,[198,201,203,205,207,209,211,214],{"file":199,"line":167,"context":200},"admin\\class-gf-no-captcha-recaptcha-admin.php","raw output",{"file":199,"line":202,"context":200},197,{"file":199,"line":204,"context":200},212,{"file":199,"line":206,"context":200},230,{"file":199,"line":208,"context":200},233,{"file":199,"line":210,"context":200},234,{"file":212,"line":213,"context":200},"admin\\partials\\gf-no-captcha-recaptcha-admin-display.php",16,{"file":215,"line":216,"context":200},"public\\partials\\gf-no-captcha-recaptcha-public-gforms-editor-js.php",21,[],[219,239],{"entryPoint":220,"graph":221,"unsanitizedCount":31,"severity":238},"gravity_forms_validate (public\\class-gf-no-captcha-recaptcha-public.php:270)",{"nodes":222,"edges":235},[223,229],{"id":224,"type":225,"label":226,"file":227,"line":228},"n0","source","$_POST","public\\class-gf-no-captcha-recaptcha-public.php",277,{"id":230,"type":231,"label":232,"file":227,"line":233,"wp_function":234},"n1","sink","file_get_contents() [SSRF\u002FLFI]",280,"file_get_contents",[236],{"from":224,"to":230,"sanitized":237},false,"medium",{"entryPoint":240,"graph":241,"unsanitizedCount":31,"severity":238},"\u003Cclass-gf-no-captcha-recaptcha-public> (public\\class-gf-no-captcha-recaptcha-public.php:0)",{"nodes":242,"edges":245},[243,244],{"id":224,"type":225,"label":226,"file":227,"line":228},{"id":230,"type":231,"label":232,"file":227,"line":233,"wp_function":234},[246],{"from":224,"to":230,"sanitized":237},{"summary":248,"deductions":249},"The plugin \"gravity-forms-no-captcha-recaptcha\" version 1.0.7 exhibits a generally good security posture with no recorded vulnerabilities or critical code signals. The static analysis shows a remarkably small attack surface, with zero entry points identified that lack authentication or permission checks. Furthermore, all SQL queries are properly prepared, and there are no external HTTP requests or bundled libraries, which are positive indicators. \n\nHowever, there are a few areas of concern. The taint analysis revealed two flows with unsanitized paths, which could potentially lead to vulnerabilities if not carefully handled, although no critical or high severity issues were flagged in this regard. The output escaping is also a point of weakness, with only 33% of outputs being properly escaped, which could open the door to cross-site scripting (XSS) vulnerabilities if user-supplied data is outputted without sufficient sanitization. The presence of file operations and a single capability check without other security measures like nonces also warrants attention. \n\nIn conclusion, while the plugin benefits from a lack of historical vulnerabilities and a minimal attack surface, the identified unsanitized paths and insufficient output escaping present potential risks. Developers should prioritize addressing these code-level concerns to further strengthen the plugin's security.",[250,252,255,257],{"reason":251,"points":196},"Unsanitized paths found in taint analysis",{"reason":253,"points":254},"Low percentage of properly escaped output",6,{"reason":256,"points":70},"File operations present",{"reason":258,"points":259},"No nonce checks on entry points",5,"2026-03-16T17:49:34.895Z",{"wat":262,"direct":270},{"assetPaths":263,"generatorPatterns":265,"scriptPaths":266,"versionParams":268},[264],"\u002Fwp-content\u002Fplugins\u002Fgravity-forms-no-captcha-recaptcha\u002Fpublic\u002Fjs\u002Fgf-no-captcha-recaptcha-public.js",[],[267],"https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fapi.js",[269],"gravity-forms-no-captcha-recaptcha\u002Fpublic\u002Fjs\u002Fgf-no-captcha-recaptcha-public.js?ver=",{"cssClasses":271,"htmlComments":273,"htmlAttributes":274,"restEndpoints":276,"jsGlobals":277,"shortcodeOutput":279},[272],"g-recaptcha",[],[275],"data-sitekey",[],[278],"grecaptcha",[]]