[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$faOzQIKDf56kNd1YojYKREfrvUvGkOMCcuhWYVZOwRdM":3,"$f_seEdS1CKLlIOKQciCL2yFHjf8Pes_JiuEpxjHJsALo":292,"$fBeuiD3PwpjhN0wgWk7V9Pgqal3whQG_hhQBPtimgj7w":297},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"discovery_status":30,"vulnerabilities":31,"developer":32,"crawl_stats":28,"alternatives":38,"analysis":136,"fingerprints":269},"hercules-recaptcha","Hercules Recaptcha","1.1","Todd Nestor","https:\u002F\u002Fprofiles.wordpress.org\u002Ftoddnestor\u002F","\u003Cp>Hercules Recaptcha uses the latest Google Recaptcha API to more accurately determine if users are bots or not.\u003Cbr \u002F>\nIf the user is not logged in it will display a Recaptcha for the user to fill out in the comment form.  If the user\u003Cbr \u002F>\ndisables javascript and is not logged in then comments will fail to submit.\u003C\u002Fp>\n\u003Cp>The Recaptcha is also added to the registration page for both multisite setups and single blogs.  There are options for\u003Cbr \u002F>\nhaving it show up on comments and\u002For the registration page, as well as options for its position on the comment form, and\u003Cbr \u002F>\nwhich style (Google gives only two options, dark or light).\u003C\u002Fp>\n","Hercules Recaptcha adds a Recaptcha to the comment form for non-logged in users.  It uses the latest Recaptcha API.",10,1771,100,5,"2015-01-19T02:03:00.000Z","4.0.38","3.0.1","",[20,21,22,23,24],"captcha","comments","hercules","recaptcha","spam","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhercules-recaptcha.1.1.zip",85,0,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"toddnestor",1,30,84,"2026-05-20T05:03:27.954Z",[39,64,86,104,121],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":54,"tags":55,"homepage":18,"download_link":59,"security_score":60,"vuln_count":61,"unpatched_count":27,"last_vuln_date":62,"fetched_at":63},"captcha-code-authentication","Captcha Code","3.31","WebFactory","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebfactory\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fgetwpcaptcha.com\u002F\" rel=\"nofollow ugc\">Captcha\u003C\u002Fa> adds GDPR compatible captcha code anti-spam protection (like Google ReCaptcha) to WordPress forms – comments form, registration form, lost password form, and login form. In order to post comments or register, users have to type in the code shown on the image. This prevents spam from automated bots & adds security. No external services (like Google ReCaptcha) are used. No API keys are needed, and no user-identifiable data is used so it’s GDPR compatible.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Captcha position – comments form, login form, registration form, or lost password form.\u003C\u002Fli>\n\u003Cli>Letters type – capital letters, small letters, or captial & small letters.\u003C\u002Fli>\n\u003Cli>Captcha type – alphanumeric, alphabets or numbers.\u003C\u002Fli>\n\u003Cli>Translation enabled.\u003C\u002Fli>\n\u003C\u002Fol>\n","GDPR compatible captcha anti-spam protection for login form, comments form, registration form & lost password form. Eliminate spam with captcha.",100000,708754,76,34,"2026-04-14T19:46:00.000Z","7.0","3.0","5.2",[20,56,57,58,23],"comments-spam","form-captcha","login-captcha","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcaptcha-code-authentication.3.31.zip",99,2,"2023-11-24 00:00:00","2026-04-16T10:56:18.058Z",{"slug":65,"name":66,"version":67,"author":68,"author_profile":69,"description":70,"short_description":71,"active_installs":72,"downloaded":73,"rating":74,"num_ratings":75,"last_updated":76,"tested_up_to":77,"requires_at_least":78,"requires_php":18,"tags":79,"homepage":84,"download_link":85,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":63},"recaptcha-in-wp-comments-form","reCAPTCHA in WP comments form","9.1.2","jmviade","https:\u002F\u002Fprofiles.wordpress.org\u002Fjmviade\u002F","\u003Cp>reCAPTCHA in WP comments form plugin is an \u003Cstrong>ANTISPAM tool\u003C\u002Fstrong> that adds the visible Google \u003Cstrong>reCAPTCHA field\u003C\u002Fstrong> inside the comments form of your WP theme when the user is not logged in preventing fraudulent or deceptive comments.\u003C\u002Fp>\n\u003Cp>The plugin also \u003Cstrong>introduces a second verification process\u003C\u002Fstrong> that detects the unauthorized direct accesses by spam robots to the WP comments system and allows you to decide what do you want to do with those comments.\u003C\u002Fp>\n\u003Cp>Finally, the plugin has got an optional \u003Cstrong>forced javascript output mode\u003C\u002Fstrong> that lets you to add a reCAPTCHA field \u003Cstrong>also in old WP themes\u003C\u002Fstrong> that didn’t use the new WP form comments functions but they make a direct output of its own comments form.\u003C\u002Fp>\n\u003Ch4>FEATURES LIST\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Basic Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>All variants\u003C\u002Fstrong> of Google reCAPTCHA field are available\u003C\u002Fli>\n\u003Cli>Two simple steps \u003Cstrong>Installation Wizard\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Automatic \u003Cstrong>default configuration settings\u003C\u002Fstrong> for all plugin components\u003C\u002Fli>\n\u003Cli>Automatic default configuration for reCAPTCHA field\u003C\u002Fli>\n\u003Cli>Configuration settings for Plugin \u003C\u002Fli>\n\u003Cli>Configuration settings for \u003Cstrong>ANTISPAM operation\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Four modes of operation in case of spam robots threats (SPAM, TRASH, DELETE or DIE)\u003C\u002Fli>\n\u003Cli>Visual configuration settings for Google reCAPTCHA: theme, size, type, align, language\u003C\u002Fli>\n\u003Cli>Dynamic comments form sample for viewing configuration settings changes\u003C\u002Fli>\n\u003Cli>Visual Help\u003C\u002Fli>\n\u003Cli>RTL Language support\u003C\u002Fli>\n\u003Cli>Admin Color scheme adapted\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Middle features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Forced language option for reCAPTCHA field\u003C\u002Fli>\n\u003Cli>Plugin \u003Cstrong>blocks the submit button\u003C\u002Fstrong> while reCAPTCHA field is not verified\u003C\u002Fli>\n\u003Cli>Plugin \u003Cstrong>changes HTML structure of the comments form\u003C\u002Fstrong> to prevent malicious automatic sendings while reCAPTCHA field is not verified\u003C\u002Fli>\n\u003Cli>Plugin also blocks \u003Cstrong>other elements with \u003Ccode>[type=submit]\u003C\u002Fcode> inside form\u003C\u002Fstrong> in case of a theme customized comments form\u003C\u002Fli>\n\u003Cli>Plugin lets you to write your own \u003Cstrong>additional CSS for the reCAPTCHA field\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>New \u003Cstrong>restore default value buttons\u003C\u002Fstrong> in plugin configuration section for helping you in case of changing WP theme, accidental errors, test environtments, etc.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Advanced features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>reCAPTCHA \u003Cstrong>verification process via AJAX before submitting the form\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Second security checking process\u003C\u002Fstrong> for preventing any security breach \u003Cstrong>before saving the comment\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Supporting \u003Cstrong>four different WP comments form HTML structure types\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Advanced plugin options \u003Cstrong>based on HTML queries\u003C\u002Fstrong> for inserting the reCAPTCHA plugin in all kinds of WP themes\u003C\u002Fli>\n\u003Cli>Optional \u003Cstrong>Forced javascript output\u003C\u002Fstrong> that allows you to use the plugin with old WP themes that didn’t use function \u003Ccode>comment_form()\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Advanced ID’s tags settings for using this plugin with WP Themes that creates its own comments form HTML struct\u003C\u002Fli>\n\u003Cli>reCAPTCHA javascript initialization that prevents reCAPTCHA conflicts in case of that other plugins use reCAPTCHA.\u003C\u002Fli>\n\u003Cli>New mínimum CSS styles for recaptcha alignment\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>PLUGIN PAGE\u003C\u002Fh4>\n\u003Cp>To learn more about the plugin, visit the \u003Ca href=\"http:\u002F\u002Fwww.joanmiquelviade.com\u002Fplugin\u002Fgoogle-recaptcha-in-wp-comments-form\u002F\" title=\"Author's plugin page\" rel=\"nofollow ugc\">Plugin page\u003C\u002Fa>.\u003C\u002Fp>\n","reCAPTCHA in WP comments form is an ANTISPAM tool that adds a Google reCAPTCHA to the comments form and protects your site from the spam robots threat …",8000,72956,82,20,"2019-04-22T12:10:00.000Z","5.1.22","4.0.0",[80,81,82,83,23],"antispam","antispam-protection","comments-antispam","comments-recaptcha","http:\u002F\u002Fwww.joanmiquelviade.com\u002Fplugin\u002Fgoogle-recaptcha-in-wp-comments-form\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frecaptcha-in-wp-comments-form.9.1.2.zip",{"slug":87,"name":88,"version":89,"author":90,"author_profile":91,"description":92,"short_description":93,"active_installs":94,"downloaded":95,"rating":13,"num_ratings":34,"last_updated":96,"tested_up_to":97,"requires_at_least":98,"requires_php":52,"tags":99,"homepage":102,"download_link":103,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":63},"toms-recaptcha","TomS reCAPTCHA","1.2.0","TomS Caprice","https:\u002F\u002Fprofiles.wordpress.org\u002Ftomsneddon\u002F","\u003Cp>Integrated Google ReCaptcha for WordPress. Protect the login, register, lostpassword and comment forms. Support Woocommerce, Ultimate Member and more popular forms.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Frecaptcha\" rel=\"nofollow ugc\">\u003Cstrong>Google reCAPTCHA\u003C\u002Fstrong>\u003C\u002Fa> is a free service that protects your site from spam and abuse. It uses advanced risk analysis techniques to tell humans and bots apart.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>Go to \u003Ca href=\"https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fadmin\u002Fcreate\" rel=\"nofollow ugc\">Google reCAPTCHA\u003C\u002Fa> to get the \u003Cstrong>Site key\u003C\u002Fstrong> and \u003Cstrong>Secret key\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4>reCAPTCHA Type:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>reCAPTCHA \u003Cstrong>v3\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>reCAPTCHA \u003Cstrong>v2 Checkbox\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>reCAPTCHA \u003Cstrong>v2 Invisible\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Supported Form List\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress default login form\u003C\u002Fli>\n\u003Cli>WordPress default register form\u003C\u002Fli>\n\u003Cli>WordPress default lostpassword form\u003C\u002Fli>\n\u003Cli>\n\u003Cp>WordPress default comment form\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">\u003Cstrong>Woocommerce\u003C\u002Fstrong>\u003C\u002Fa> login form\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">\u003Cstrong>Woocommerce\u003C\u002Fstrong>\u003C\u002Fa> register form\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">\u003Cstrong>Woocommerce\u003C\u002Fstrong>\u003C\u002Fa> lostpassword form\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">\u003Cstrong>Woocommerce\u003C\u002Fstrong>\u003C\u002Fa> checkout Billing form\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Add a shortcode \u003Cstrong>[toms_woo_register_form]\u003C\u002Fstrong> for \u003Cstrong>woocommerce register form\u003C\u002Fstrong> on any page you want.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fultimate-member\u002F\" rel=\"ugc\">\u003Cstrong>Ultimate Member\u003C\u002Fstrong>\u003C\u002Fa> login form\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fultimate-member\u002F\" rel=\"ugc\">\u003Cstrong>Ultimate Member\u003C\u002Fstrong>\u003C\u002Fa> register form\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fultimate-member\u002F\" rel=\"ugc\">\u003Cstrong>Ultimate Member\u003C\u002Fstrong>\u003C\u002Fa> lostpassword form\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcontact-form-block\u002F\" rel=\"ugc\">\u003Cstrong>Contact Form Block\u003C\u002Fstrong>\u003C\u002Fa> Contact Form Block\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>more support forms comming soon…\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Option settings\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Verify API : \u003Cstrong>Google.com\u003C\u002Fstrong>\u002F\u003Cstrong>Recaptcha.net\u003C\u002Fstrong> \u003Cstrong>—Notice:—\u003C\u002Fstrong> Some country can not use Google verify API, that means Google verify API will not work, even using vpn. If google.com not work try use Recaptcha.net\u003C\u002Fli>\n\u003Cli>reCAPTCHA v2 (Checkbox)  Theme: \u003Cstrong>Light\u003C\u002Fstrong>\u002F\u003Cstrong>Dark\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>reCAPTCHA v2 (Invisible) Badge: \u003Cstrong>Bottom Right\u003C\u002Fstrong>\u002F\u003Cstrong>Bottom Left\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Custom reCAPTCHA Language\u003C\u002Fh4>\n\u003Ch4>Translation ready\u003C\u002Fh4>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cp>Reliance upon any non-English translation is at your own risk; TomS reCAPTCHA can give no guarantees that translations from the original English are accurate.\u003C\u002Fp>\n\u003Cp>We recognise and thank those mentioned at https:\u002F\u002Ftoms-caprice.org\u002Ftranslations for code and\u002For libraries used and\u002For modified under the terms of their open source licences.\u003C\u002Fp>\n","Integrated Google ReCaptcha for WordPress.Protect the login, register, lostpassword and comment forms. Support Woocommerce, Ultimate Member and more p …",600,16788,"2023-03-29T08:59:00.000Z","6.2.9","5.8",[100,20,101,23,87],"block-spam-comments","nocaptcha","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftoms-recaptcha","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftoms-recaptcha.1.2.0.zip",{"slug":105,"name":106,"version":107,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":112,"downloaded":113,"rating":13,"num_ratings":34,"last_updated":114,"tested_up_to":115,"requires_at_least":17,"requires_php":18,"tags":116,"homepage":117,"download_link":118,"security_score":119,"vuln_count":34,"unpatched_count":34,"last_vuln_date":120,"fetched_at":63},"recaptcha-wp","Recaptcha – wp","0.2.6","rozx","https:\u002F\u002Fprofiles.wordpress.org\u002Frozx\u002F","\u003Cp>Protect your WordPress site from spam machines by enable google recaptcha.\u003C\u002Fp>\n\u003Cp>Simple and lightweight to install.\u003C\u002Fp>\n\u003Cp>Free and fast.\u003C\u002Fp>\n","Protect your WordPress site from spam machines by using google recaptcha. Note the setting is under Settings -> Discussion menu.",40,3910,"2016-09-12T15:13:00.000Z","4.6.30",[21,23,24],"http:\u002F\u002Fwww.heavyskymobile.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frecaptcha-wp.zip",63,"2025-09-26 00:00:00",{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":27,"downloaded":129,"rating":27,"num_ratings":27,"last_updated":130,"tested_up_to":131,"requires_at_least":78,"requires_php":132,"tags":133,"homepage":18,"download_link":135,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":63},"captcha-for-comments-form","Comments Form Captcha","1.0","Milankumar Kyada","https:\u002F\u002Fprofiles.wordpress.org\u002Fmilankyada\u002F","\u003Cp>This is a very basic plugin but work efficiently. Any suggestions are welcomed and I assure users that I will make\u003Cbr \u002F>\nchanges if it’s in favor of the plugin. This plugin is using google recaptcha and reason for making this plugin is the\u003Cbr \u002F>\nsame as others, I was facing spam comments too.\u003C\u002Fp>\n","This is a very basic plugin but work efficiently. Any suggestions are welcomed and I assure users that I will make",1048,"2020-01-24T21:03:00.000Z","5.3.21","5.2.4",[20,21,134,24],"googlerecaptcha","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcaptcha-for-comments-form.zip",{"attackSurface":137,"codeSignals":176,"taintFlows":199,"riskAssessment":256,"analyzedAt":268},{"hooks":138,"ajaxHandlers":172,"restRoutes":173,"shortcodes":174,"cronEvents":175,"entryPointCount":27,"unprotectedCount":27},[139,145,149,153,157,160,164,168,170],{"type":140,"name":141,"callback":142,"file":143,"line":144},"action","admin_menu","AddSettingsPage","hercules_recaptcha.php",29,{"type":146,"name":147,"callback":148,"file":143,"line":50},"filter","preprocess_comment","VerifyCommentRecaptcha",{"type":140,"name":150,"callback":151,"file":143,"line":152},"signup_extra_fields","RenderRecaptcha",39,{"type":146,"name":154,"callback":155,"file":143,"line":156},"wpmu_validate_user_signup","VerifyRegistrationRecaptcha",41,{"type":146,"name":158,"callback":155,"file":143,"line":159},"registration_errors",43,{"type":140,"name":161,"callback":162,"file":143,"line":163},"wp_head","AddRecaptchaSnippet",45,{"type":140,"name":165,"callback":166,"file":143,"line":167},"wp_enqueue_scripts","AddRecaptchaScript",46,{"type":146,"name":154,"callback":155,"file":143,"line":169},402,{"type":146,"name":158,"callback":155,"file":143,"line":171},406,[],[],[],[],{"dangerousFunctions":177,"sqlUsage":178,"outputEscaping":180,"fileOperations":27,"externalRequests":61,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":198},[],{"prepared":27,"raw":27,"locations":179},[],{"escaped":27,"rawEcho":181,"locations":182},8,[183,186,188,190,192,193,195,196],{"file":143,"line":184,"context":185},94,"raw output",{"file":143,"line":187,"context":185},114,{"file":143,"line":189,"context":185},124,{"file":143,"line":191,"context":185},157,{"file":143,"line":191,"context":185},{"file":143,"line":194,"context":185},198,{"file":143,"line":194,"context":185},{"file":143,"line":197,"context":185},275,[],[200,219,229,247],{"entryPoint":201,"graph":202,"unsanitizedCount":34,"severity":218},"VerifyCommentRecaptcha (hercules_recaptcha.php:324)",{"nodes":203,"edges":215},[204,209],{"id":205,"type":206,"label":207,"file":143,"line":208},"n0","source","$_SERVER",340,{"id":210,"type":211,"label":212,"file":143,"line":213,"wp_function":214},"n1","sink","wp_remote_get() [SSRF]",341,"wp_remote_get",[216],{"from":205,"to":210,"sanitized":217},false,"medium",{"entryPoint":220,"graph":221,"unsanitizedCount":34,"severity":218},"VerifyRegistrationRecaptcha (hercules_recaptcha.php:363)",{"nodes":222,"edges":227},[223,225],{"id":205,"type":206,"label":207,"file":143,"line":224},378,{"id":210,"type":211,"label":212,"file":143,"line":226,"wp_function":214},379,[228],{"from":205,"to":210,"sanitized":217},{"entryPoint":230,"graph":231,"unsanitizedCount":246,"severity":218},"\u003Chercules_recaptcha> (hercules_recaptcha.php:0)",{"nodes":232,"edges":243},[233,235,238,241],{"id":205,"type":206,"label":234,"file":143,"line":74},"$_POST['herc_recaptcha_options']",{"id":210,"type":211,"label":236,"file":143,"line":74,"wp_function":237},"update_option() [Settings Manipulation]","update_option",{"id":239,"type":206,"label":240,"file":143,"line":208},"n2","$_SERVER (x2)",{"id":242,"type":211,"label":212,"file":143,"line":213,"wp_function":214},"n3",[244,245],{"from":205,"to":210,"sanitized":217},{"from":239,"to":242,"sanitized":217},3,{"entryPoint":248,"graph":249,"unsanitizedCount":34,"severity":255},"GenerateSettingsPage (hercules_recaptcha.php:78)",{"nodes":250,"edges":253},[251,252],{"id":205,"type":206,"label":234,"file":143,"line":74},{"id":210,"type":211,"label":236,"file":143,"line":74,"wp_function":237},[254],{"from":205,"to":210,"sanitized":217},"low",{"summary":257,"deductions":258},"The 'hercules-recaptcha' v1.1 plugin exhibits a mixed security posture. On one hand, the absence of known CVEs and the exclusive use of prepared statements for SQL queries are positive indicators. The static analysis also shows a very limited attack surface with no discoverable AJAX handlers, REST API routes, shortcodes, or cron events. However, there are significant concerns regarding output escaping and taint analysis.  The fact that 0% of the 8 total outputs are properly escaped is a critical weakness, potentially leading to cross-site scripting (XSS) vulnerabilities if user-supplied data is displayed without sanitization. Furthermore, the taint analysis revealing 4 flows with unsanitized paths, even if not classified as critical or high severity in this report, warrants attention as it suggests potential avenues for data manipulation or injection.  The lack of nonce and capability checks also contributes to the overall risk, as these are fundamental security mechanisms for preventing unauthorized actions and ensuring proper authorization.  While the plugin appears to have a clean vulnerability history, the identified code signals and taint flows point to areas that require immediate attention and remediation to strengthen its security.",[259,261,263,266],{"reason":260,"points":181},"Unescaped output found",{"reason":262,"points":14},"Taint flows with unsanitized paths",{"reason":264,"points":265},"Missing nonce checks",7,{"reason":267,"points":265},"Missing capability checks","2026-03-16T23:21:43.920Z",{"wat":270,"direct":278},{"assetPaths":271,"generatorPatterns":273,"scriptPaths":274,"versionParams":276},[272],"\u002Fwp-content\u002Fplugins\u002Fhercules-recaptcha\u002Fhercules-recaptcha.js",[],[275],"https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fapi.js",[277],"hercules-recaptcha\u002Fhercules-recaptcha.js?ver=",{"cssClasses":279,"htmlComments":280,"htmlAttributes":284,"restEndpoints":289,"jsGlobals":290,"shortcodeOutput":291},[],[281,282,283],"\u003C!-- Settings Page -->","\u003C!-- Recaptcha Settings -->","\u003C!-- Comment Form -->",[285,286,287,288],"name=\"herc_recaptcha_options[public_key]\"","name=\"herc_recaptcha_options[private_key]\"","name=\"herc_recaptcha_options[comment_form]\"","name=\"herc_recaptcha_options[placement]\"",[],[],[],{"error":293,"url":294,"statusCode":295,"statusMessage":296,"message":296},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fhercules-recaptcha\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":61,"versions":298},[299,304],{"version":6,"download_url":25,"svn_tag_url":300,"released_at":28,"has_diff":217,"diff_files_changed":301,"diff_lines":28,"trac_diff_url":302,"vulnerabilities":303,"is_current":293},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fhercules-recaptcha\u002Ftags\u002F1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fhercules-recaptcha%2Ftags%2F1.0&new_path=%2Fhercules-recaptcha%2Ftags%2F1.1",[],{"version":124,"download_url":305,"svn_tag_url":306,"released_at":28,"has_diff":217,"diff_files_changed":307,"diff_lines":28,"trac_diff_url":28,"vulnerabilities":308,"is_current":217},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhercules-recaptcha.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fhercules-recaptcha\u002Ftags\u002F1.0\u002F",[],[]]