[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fHDKrgC1wNAMkrMyXES84UBXQEvT-VTxB3Qn-e1KaEmI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":39,"analysis":148,"fingerprints":295},"humancaptcha","HumanCaptcha by Outerbridge","4.1.1","Outerbridge","https:\u002F\u002Fprofiles.wordpress.org\u002Fouterbridge\u002F","\u003Cp>Most captchas are based on the requirement to reproduce a number of randomly-generated characters (which are sometimes blurred, jiggled and\u002For on a fuzzy background). HumanCaptcha generates a simple question which the user must answer using logical thought. HumanCaptcha is much more accessible than standard captchas (which many people find difficult to read or understand). Visually impaired people are much more likely to be able to use HumanCaptcha than a character-based one.\u003C\u002Fp>\n\u003Cp>** Captchas **\u003C\u002Fp>\n\u003Cp>Most captchas are based on the requirement to reproduce a number of randomly-generated characters (which are sometimes blurred, jiggled and\u002For on a fuzzy background).  HumanCaptcha generates a simple question which the user must answer using logical thought.  HumanCaptcha is much more accessible than standard captchas, which many people find difficult to read or understand.  Visually impaired people are more likely to be able to use HumanCaptcha than a character-based one.\u003C\u002Fp>\n\u003Cp>CAPTCHAs are useful for improving security in a number of situations, for example:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>Reducing Comment Spam in Blogs\u003Cbr \u002F>\nMost bloggers will have come across programs that submit spam comments, often with the aim of improving the search engine ranking of a website.  By using a CAPTCHA, only humans can enter comments on your blog, and people do not need to sign up before they enter a comment.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Protecting Email Addresses From Scrapers\u003Cbr \u002F>\nSpammers crawl the web looking for e-mail addresses rendered in text. CAPTCHAs can hide your e-mail address from web scrapers, by requiring users to solve a CAPTCHA before revealing your e-mail.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Deterring Viruses, Worms and Spam\u003Cbr \u002F>\nCAPTCHAs may reduce the likelihood of e-mailed viruses, worms and spam, by only accepting an e-mail if it has been established that there is a human behind the sending computer.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cp>Many thanks to:\u003Cbr \u002F>\nTH90 (https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fprofile\u002Fth90) of MPW D&D for the Persian translation files (fa_IR). Language: Persian, Country: Iran.\u003Cbr \u002F>\nDayl (http:\u002F\u002Fdayl.ru) in Санкт-Петербург for the Russian translation files.  Language: Russian, Country: Russia.\u003C\u002Fp>\n","HumanCaptcha is a Captcha that uses questions that require human logic to answer them to the WordPress login form, comments form and registration form &hellip;",300,12355,86,16,"2021-08-27T14:08:00.000Z","5.8.13","4.7","",[20,21,22,23,24],"captcha","human","logic","questions","text-based","https:\u002F\u002Fouterbridge.co.uk\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhumancaptcha.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":27,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"outerbridge",3,1390,30,84,"2026-04-03T23:13:21.448Z",[40,61,85,106,124],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":50,"num_ratings":51,"last_updated":52,"tested_up_to":53,"requires_at_least":54,"requires_php":18,"tags":55,"homepage":59,"download_link":60,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"i-am-human","I am Human","1.2","rclick","https:\u002F\u002Fprofiles.wordpress.org\u002Frclick\u002F","\u003Cp>\u003Cstrong>Firstly\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Sorry for not responding to forum questions; I wasn’t setup to recieve emails when posts were created so completely missed them 🙁 Thats fixed now, so hopefully I can get onto issues quicker from now on.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Secondly\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>To those who have donated money, WOW, you are good human beings. Thank you.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What is I am Human?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Sick of annoying CAPTCHA plugins, that give your users a blurry image that even you can’t read? Why not try I Am Human? Its a fully customisable grid based human verification technique, that you can make as easy, or as hard as you want. Not only that, you can theme it so it looks like your site, and make it fun to use! This isn’t so much of a plugin, as it is a revolution!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>How does it work?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>When a user tries to submit a post comment, they will be presented a ‘question’ grid, like whats shown in the first picture within the screen-shots section. This is accompanied with a customisable description, which will explain what the user should do. The user then clicks on cells within the grid. When they do so, they change colour! Following the example within the screen-shots section, the user should click on the four cells within smilies left eye, turning them yellow. Because the ‘answer’ grid matches this, the test will pass and the comment will be posted!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>How do I specify the grids? Is it hard?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>No! Within the WordPress admin section, you can define your question and answer grids simply by drawing them yourself! The colours and text are fully customisable too.\u003C\u002Fp>\n\u003Cp>See the screen-shots section for more details.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>All this for free?!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Seems crazy I know, but yes, its totally free.\u003C\u002Fp>\n","A customisable human detection plugin, that isn't annoying. Seriously.",10,3148,100,2,"2023-10-11T01:40:00.000Z","4.4.34","3.9.1",[20,56,57,58],"fun","human-verification","spam","http:\u002F\u002Fprogramminglinuxblog.blogspot.com\u002F2014\u002F06\u002Fi-am-human.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fi-am-human.1.2.zip",{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":13,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":18,"tags":75,"homepage":80,"download_link":81,"security_score":82,"vuln_count":51,"unpatched_count":83,"last_vuln_date":84,"fetched_at":30},"siteguard","SiteGuard WP Plugin","1.7.9","jp-secure","https:\u002F\u002Fprofiles.wordpress.org\u002Fjp-secure\u002F","\u003Cp>You can find docs, FAQ and more detailed information on \u003Ca href=\"https:\u002F\u002Fwww.jp-secure.com\u002Fsiteguard_wp_plugin_en\u002F\" rel=\"nofollow ugc\">English Page\u003C\u002Fa> \u003Ca href=\"https:\u002F\u002Fwww.jp-secure.com\u002Fsiteguard_wp_plugin\u002F\" rel=\"nofollow ugc\">Japanese Page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Simply install the SiteGuard WP Plugin, WordPress security is improved.\u003Cbr \u002F>\nThis plugin is a security plugin that specializes in the login attack of brute force, such as protection and management capabilities.\u003C\u002Fp>\n\u003Cp>Notes\u003C\u002Fp>\n\u003Cul>\n\u003Cli>It does not support the multisite function of WordPress.\u003C\u002Fli>\n\u003Cli>It only supports Apache 1.3, 2.x for Web servers.\u003C\u002Fli>\n\u003Cli>To use the CAPTCHA function, the expansion library “mbstring” and “gd” should be installed on php.\u003C\u002Fli>\n\u003Cli>To use the management page filter function and login page change function, “mod_rewrite” should be loaded on Apache.\u003C\u002Fli>\n\u003Cli>To use the WAF Tuning Support, WAF ( SiteGuard Server Edition ) should be installed on Apache.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>There are the following functions.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Admin Page IP Filter\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function for the protection against the attack to the management page (under wp-admin.)\u003Cbr \u002F>\nTo the access from the connection source IP address which does not login to the management page, 404 (Not Found) is returned.\u003Cbr \u002F>\nAt the login, the connection source IP address is recorded and the access to that page is allowed.\u003Cbr \u002F>\nThe connection source IP address which does not login for more than 24 hours is sequentially deleted.\u003Cbr \u002F>\nThe URL (under wp-admin) where this function is excluded can be specified.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Rename Login\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to decrease the vulnerability against an illegal login attempt attack such as a brute force attack or a password list attack.\u003Cbr \u002F>\nThe login page name (wp-login.php) is changed. The initial value is “login_\u003C5 random digits>” but it can be changed to a favorite name.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>CAPTCHA\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to decrease the vulnerability against an illegal login attempt attack such as a brute force attack or a password list attack,\u003Cbr \u002F>\nor to receive less comment spam. For the character of CAPTCHA, hiragana and alphanumeric characters can be selected.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Login Lock\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to decrease the vulnerability against an illegal login attempt attack such as a brute force attack or a password list attack.\u003Cbr \u002F>\nEspecially, it is the function to prevent an automated attack. The connection source IP address the number of login failure of which reaches\u003Cbr \u002F>\nthe specified number within the specified period is blocked for the specified time.\u003Cbr \u002F>\nEach user account is not locked.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Login Alert\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to make it easier to notice unauthorized login. E-mail will be sent to a login user when logged in.\u003Cbr \u002F>\nIf you receive an e-mail to there is no logged-in idea, please suspect unauthorized login.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Fail Once\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to decrease the vulnerability against a password list attack. Even is the login input is correct, the first login must fail.\u003Cbr \u002F>\nAfter 5 seconds and later within 60 seconds, another correct login input make login succeed. At the first login failure, the following error message is displayed.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable Pingback\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The pingback function is disabled and its abuse is prevented.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Block Author Query\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Prevents leakage of user names due to “\u002F?author=” access.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Updates Notify\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Basic of security is that always you use the latest version. If WordPress core, plugins, and themes updates are needed , sends email to notify administrators.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WAF Tuning Support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to create the rule to avoid the false detection in WordPress (including 403 error occurrence with normal access,)\u003Cbr \u002F>\nif WAF ( SiteGuard Server Edition ) by EG Secure Solutions is installed on a Web server. WAF prevents the attack from the outside against the Web server,\u003Cbr \u002F>\nbut for some WordPress or plugin functions, WAF may detect the attack which is actually not attack and block the function.\u003Cbr \u002F>\nBy creating the WAF exclude rule, the WAF protection function can be activated while the false detection for the specified function is prevented.\u003C\u002Fp>\n\u003Ch4>Translate\u003C\u002Fh4>\n\u003Cp>If you have created your own language pack, or have an update of an existing one, you can send \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FTranslating_WordPress\" rel=\"nofollow ugc\">gettext PO and MO files\u003C\u002Fa> to sgdev@jp-secure.com so that We can bundle it into SiteGuard WP Plugin. You can download the latest \u003Ca href=\"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsiteguard\u002Ftrunk\u002Flanguages\u002Fsiteguard.pot\" rel=\"nofollow ugc\">POT file\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsiteguard\u002Fbranches\u002Flanguages\u002F\" rel=\"nofollow ugc\">PO files in each language\u003C\u002Fa>.\u003C\u002Fp>\n","SiteGurad WP Plugin is the plugin specialized for the protection against the attack to the management page and login.",600000,5177761,15,"2025-12-04T04:47:00.000Z","6.9.4","3.9",[20,76,77,78,79],"login-alert","login-lock","pingback","security","http:\u002F\u002Fwww.jp-secure.com\u002Fcont\u002Fproducts\u002Fsiteguard_wp_plugin\u002Findex_en.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsiteguard.1.7.9.zip",76,1,"2026-02-23 00:00:00",{"slug":86,"name":87,"version":88,"author":89,"author_profile":90,"description":91,"short_description":92,"active_installs":93,"downloaded":94,"rating":82,"num_ratings":95,"last_updated":96,"tested_up_to":73,"requires_at_least":97,"requires_php":98,"tags":99,"homepage":104,"download_link":105,"security_score":50,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"contact-form-7-honeypot","CF7 Apps – Honeypot, Database, Redirection, Webhook, and Addons for Contact Form 7","3.4.0","Saad Iqbal","https:\u002F\u002Fprofiles.wordpress.org\u002Fsaadiqbal\u002F","\u003Cp>\u003Cstrong>Add extra Spam Protection functionalities to your Contact Form 7 forms with CF7 Apps.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Contact Form 7 is one of the most popular form plugins for WordPress, but \u003Cstrong>it lacks many advanced features\u003C\u002Fstrong> that modern websites need. CF7 Apps adds extra Spam Protection functionalities to your Contact Form 7 forms, introducing honeypot and hCaptcha options.\u003C\u002Fp>\n\u003Cp>👉 Get Support: \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fcontact-form-7-honeypot\u002F\" rel=\"ugc\">Click Here\u003C\u002Fa>\u003Cbr \u002F>\n👉 Check out the \u003Ca href=\"https:\u002F\u002Fcf7apps.com\u002Fdocs\u002F?utm_source=wp_org&utm_medium=readme&utm_campaign=documentation\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>What CF7 Apps Can Do for You ?\u003C\u002Fh3>\n\u003Cp>Right out of the box, CF7 Apps includes:\u003C\u002Fp>\n\u003Cp>✅ \u003Cstrong>Honeypot App\u003C\u002Fstrong>\u003Cbr \u002F>\n✅ \u003Cstrong>hCaptcha App\u003C\u002Fstrong>\u003Cbr \u002F>\n✅ \u003Cstrong>Database Entries App\u003C\u002Fstrong>\u003Cbr \u002F>\n✅ \u003Cstrong>Redirection App\u003C\u002Fstrong>\u003Cbr \u002F>\n✅ \u003Cstrong>Webhook App\u003C\u002Fstrong>\u003Cbr \u002F>\n✅ \u003Cstrong>ACF Integeration\u003C\u002Fstrong>\u003Cbr \u002F>\n💡 \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fcf7apps.com\u002Fsubmit-idea\u002F?utm_source=wp_org&utm_medium=readme&utm_campaign=suggest_a_feature\" rel=\"nofollow ugc\">Suggest a Feature\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>And that’s just the beginning.\u003C\u002Fp>\n\u003Cp>🌟 \u003Cstrong>Save and Manage CF7 Form Submissions\u003C\u002Fstrong>\u003Cbr \u002F>\nThe Entries Database App stores all Contact Form 7 submissions directly to your WordPress database. Easily filter entries by form or date, view individual CF7 submissions, and export or delete them when needed. This ensures you never lose important leads or messages, even if emails fail to deliver.\u003C\u002Fp>\n\u003Cp>🌟 \u003Cstrong>Add a Honeypot Field to Prevent Spam\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Our \u003Cstrong>Honeypot Contact Form 7 extension\u003C\u002Fstrong> creates a hidden field inside your Contact Form 7 forms. Real users never see it, but bots do—and that’s how the bots fall for the trap. It blocks automated spam before it even hits your inbox.\u003C\u002Fp>\n\u003Cp>🌟 \u003Cstrong>Add hCaptcha to Contact Form 7\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Protect your forms from spam bots using \u003Cstrong>hCaptcha,\u003C\u002Fstrong> a privacy-friendly alternative to Google reCAPTCHA. This extension integrates directly with CF7 and works instantly after setup. No coding is required, and no extra plugins are needed. Just set up your site keys and you’re done.\u003C\u002Fp>\n\u003Cp>🌟 \u003Cstrong>Manage & View Contact Form 7 Entries\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Store, view, and manage all your Contact Form 7 submissions directly inside your WordPress dashboard. This extension logs every form entry automatically, giving you an organized record of user submissions. No coding or third-party tools required just activate and start tracking instantly.\u003C\u002Fp>\n\u003Cp>🌟 \u003Cstrong>Redirect Users After Form Submission\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Easily redirect users to any internal or external page after submitting a form. This extension lets you control the post-submission experience with custom URLs, thank-you pages, or marketing funnels. No coding needed configure your redirect URL and it works immediately.\u003C\u002Fp>\n\u003Cp>🌟 \u003Cstrong>Send Form Data via Webhooks\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Automatically forward your Contact Form 7 submission data to any external service using \u003Cstrong>webhooks.\u003C\u002Fstrong>This extension enables seamless API integrations, automation workflows, and third-party connections. No additional plugins or coding required just add your webhook URL and you’re ready to go.\u003C\u002Fp>\n\u003Cp>🌟 \u003Cstrong>Integrate ACF Fields into Your Forms\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Easily pull Advanced Custom Fields (ACF) data into your Contact Form 7 forms using the built-in ACF field tags. This integration lets you map and display your custom ACF fields directly inside CF7 without any extra plugins or coding. Just enable the feature, select your ACF fields, and your form is ready to use.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>NOTE:\u003C\u002Fstrong>\u003Cbr \u002F>\nThe best thing is that both features work independently. You can run them alone or together based on your site’s needs.\u003C\u002Fp>\n\u003Ch3>Real Use Cases for CF7 Apps\u003C\u002Fh3>\n\u003Cp>With the CF7 Apps, you can do the following:\u003Cbr \u002F>\n  ✔️ Trap bots using a honeypot field without affecting users\u003Cbr \u002F>\n  ✔️ Add hCaptcha to Contact Form 7 for privacy-first anti-spam\u003Cbr \u002F>\n  ✔️ Store and manage Contact Form 7 entries directly in WordPress\u003Cbr \u002F>\n  ✔️ Redirect your Contact Form 7 submissions to any internal or external page.\u003Cbr \u002F>\n  ✔️ Send your form data to any third-party service or custom endpoint through our Webhook.\u003Cbr \u002F>\n  ✔️ Display dynamic ACF field values inside your Contact Form 7 forms for personalized entries.\u003C\u002Fp>\n\u003Ch3>Why Should You Install CF7 Apps?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Works exclusively with Contact Form 7\u003C\u002Fli>\n\u003Cli>Modular design — activate only the features you need\u003C\u002Fli>\n\u003Cli>Lightweight — no unnecessary code or bloat\u003C\u002Fli>\n\u003Cli>Built for form security, user control, and advanced customization\u003C\u002Fli>\n\u003Cli>Continuously updated with new apps and requested features\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>We built CF7 Apps for users who want more power without abandoning the simplicity of Contact Form 7.\u003C\u002Fp>\n\u003Ch3>Try Our Other Awesome WordPress Plugins\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpost-smtp\u002F\" rel=\"ugc\">Post SMTP:\u003C\u002Fa>\u003C\u002Fstrong> Reliable WordPress email delivery plugin with detailed email logs and multiple SMTP integrations.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgutena-forms\u002F\" rel=\"ugc\">Gutena Forms:\u003C\u002Fa>\u003C\u002Fstrong> Create modern, responsive contact forms directly in the Gutenberg block editor. Includes advanced fields, spam protection (reCAPTCHA & Cloudflare Turnstile), and entry management.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-easy-pay\u002F\" rel=\"ugc\">WP EasyPay:\u003C\u002Fa>\u003C\u002Fstrong> Accept Square payments and donations easily on your WordPress site.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpassword-protected\u002F\" rel=\"ugc\">Password Protected:\u003C\u002Fa>\u003C\u002Fstrong> Secure your WordPress site, posts, pages, and categories with simple password protection.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffile-manager-advanced\u002F\" rel=\"ugc\">Advanced File Manager:\u003C\u002Fa>\u003C\u002Fstrong> Manage and organize WordPress files effortlessly from your dashboard.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwc-shop-sync\u002F\" rel=\"ugc\">WC Shop Sync:\u003C\u002Fa>\u003C\u002Fstrong> Add Square payments and sync WooCommerce products, customers, and orders with Square POS.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmycred\u002F\" rel=\"ugc\">myCred:\u003C\u002Fa>\u003C\u002Fstrong> Add gamification, rewards, ranks, and a points management system to your WordPress website.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbookify\u002F\" rel=\"ugc\">Bookify:\u003C\u002Fa>\u003C\u002Fstrong> Your complete online bookings and appointment scheduling solution for WordPress.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Faio-login\u002F\" rel=\"ugc\">All In One Login:\u003C\u002Fa>\u003C\u002Fstrong> Secure your WordPress login page, change wp-login.php URL, and add social logins including Google, Facebook, Microsoft, and LINE.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnew-user-approve\u002F\" rel=\"ugc\">New User Approve:\u003C\u002Fa>\u003C\u002Fstrong> Control new user registrations by approving or denying signups.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwpexperts.io\u002F\" rel=\"nofollow ugc\">WP Experts WooCommerce Store:\u003C\u002Fa>\u003C\u002Fstrong> Explore premium WooCommerce plugins and solutions by WPExperts.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contribute or Report Issues\u003C\u002Fh3>\n\u003Cp>Do you have a feature request or bug to report? Contact us via the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fcontact-form-7-honeypot\" rel=\"ugc\">official Support Channel.\u003C\u002Fa>\u003C\u002Fp>\n","Addons for Contact Form 7 — Honeypot, Database Entries, Redirection, Spam Protection, Webhooks, ACF integration for Contact Form 7, and more.",300000,5576961,131,"2026-01-30T04:54:00.000Z","4.8","5.6",[100,20,101,102,103],"anti-spam","cf7-database","honeypot","spam-protection","https:\u002F\u002Fcf7apps.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcontact-form-7-honeypot.3.4.0.zip",{"slug":107,"name":108,"version":109,"author":110,"author_profile":111,"description":112,"short_description":113,"active_installs":93,"downloaded":114,"rating":37,"num_ratings":115,"last_updated":116,"tested_up_to":117,"requires_at_least":118,"requires_php":119,"tags":120,"homepage":121,"download_link":122,"security_score":123,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"really-simple-captcha","Really Simple CAPTCHA","2.4","Rock Lobster Inc.","https:\u002F\u002Fprofiles.wordpress.org\u002Frocklobsterinc\u002F","\u003Cp>Really Simple CAPTCHA does not work alone and is intended to work with other plugins. It is originally created for \u003Ca href=\"https:\u002F\u002Fcontactform7.com\u002F\" rel=\"nofollow ugc\">Contact Form 7\u003C\u002Fa>, however, you can use it with your own plugin.\u003C\u002Fp>\n\u003Cp>Note: This product is “really simple” as its name suggests, i.e., it is not strongly secure. If you need perfect security, you should try other solutions.\u003C\u002Fp>\n\u003Ch4>How does it work?\u003C\u002Fh4>\n\u003Cp>Really Simple CAPTCHA does not use PHP “Sessions” for storing states, unlike many other PHP CAPTCHA solutions, but stores them as temporary files. This allows you to embed it into WordPress without worrying about conflicts.\u003C\u002Fp>\n\u003Cp>When you generate a CAPTCHA, Really Simple CAPTCHA creates two files for it; one is an image file of CAPTCHA, and the other is a text file which stores the correct answer to the CAPTCHA.\u003C\u002Fp>\n\u003Cp>The two files have the same (random) prefix in their file names, for example, “a7hk3ux8p.png” and “a7hk3ux8p.txt.” In this case, for example, when the respondent answers “K5GF” as an answer to the “a7hk3ux8p.png” image, then Really Simple CAPTCHA calculates hash of “K5GF” and tests it against the hash stored in the “a7hk3ux8p.txt” file. If the two match, the answer is confirmed as correct.\u003C\u002Fp>\n\u003Ch4>How to use with your plugin\u003C\u002Fh4>\n\u003Cp>Note: Below are instructions for plugin developers.\u003C\u002Fp>\n\u003Cp>First, create an instance of ReallySimpleCaptcha class:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$captcha_instance = new ReallySimpleCaptcha();\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>You can change the instance variables as you wish.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002F\u002F Change the background color of CAPTCHA image to black\n$captcha_instance->bg = array( 0, 0, 0 );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>See really-simple-captcha.php if you are interested in other variables.\u003C\u002Fp>\n\u003Cp>Generate a random word for CAPTCHA.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$word = $captcha_instance->generate_random_word();\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Generate an image file and a corresponding text file in the temporary directory.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$prefix = wp_rand();\n$captcha_instance->generate_image( $prefix, $word );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Then, show the image and get an answer from respondent.\u003C\u002Fp>\n\u003Cp>Check the correctness of the answer.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$correct = $captcha_instance->check( $prefix, $the_answer_from_respondent );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>If the $correct is true, go ahead. Otherwise, block the respondent — as it would appear not to be human.\u003C\u002Fp>\n\u003Cp>And last, remove the temporary image and text files, as they are no longer in use.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$captcha_instance->remove( $prefix );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>That’s all.\u003C\u002Fp>\n\u003Cp>If you wish to see a live sample of this, you can try \u003Ca href=\"https:\u002F\u002Fcontactform7.com\u002Fcaptcha\u002F\" rel=\"nofollow ugc\">Contact Form 7\u003C\u002Fa>.\u003C\u002Fp>\n","Really Simple CAPTCHA is a CAPTCHA module intended to be called from other plugins. It is originally created for my Contact Form 7 plugin.",9328025,129,"2025-02-01T08:43:00.000Z","6.7.5","6.6","7.4",[20],"https:\u002F\u002Fcontactform7.com\u002Fcaptcha\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freally-simple-captcha.2.4.zip",92,{"slug":125,"name":126,"version":127,"author":128,"author_profile":129,"description":130,"short_description":131,"active_installs":132,"downloaded":133,"rating":134,"num_ratings":135,"last_updated":136,"tested_up_to":73,"requires_at_least":137,"requires_php":138,"tags":139,"homepage":144,"download_link":145,"security_score":146,"vuln_count":34,"unpatched_count":28,"last_vuln_date":147,"fetched_at":30},"advanced-google-recaptcha","Advanced Google reCAPTCHA","1.31","WebFactory","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebfactory\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fgetwpcaptcha.com\u002F\" rel=\"nofollow ugc\">Advanced Google reCAPTCHA\u003C\u002Fa> protects your WordPress site from spam comments & brute force login attacks using captcha. This captcha plugin, quickly adds Google reCAPTCHA and other captcha tests to WordPress comment form, login form, and other forms.\u003C\u002Fp>\n\u003Cp>Using Advanced Google reCAPTCHA (most popular captcha on the market), you’ll be safe from spam comments and protect user accounts, WooCommerce, Easy Digital Downloads, BuddyPress and other forms from brute-force login attacks.\u003C\u002Fp>\n\u003Cp>reCaptcha works for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Login Form\u003C\u002Fli>\n\u003Cli>Registration Form\u003C\u002Fli>\n\u003Cli>Reset Password Form\u003C\u002Fli>\n\u003Cli>Comment Form\u003C\u002Fli>\n\u003Cli>BuddyPress Form\u003C\u002Fli>\n\u003Cli>WooCommerce Form\u003C\u002Fli>\n\u003Cli>Easy Digital Downloads (EDD) Login Form\u003C\u002Fli>\n\u003Cli>Easy Digital Downloads (EDD) Registration Form\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Captcha uses these 3rd party libs:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Chart.js, 2017 Nick Downie, MIT\u003C\u002Fli>\n\u003Cli>DataTables, 2008-2017 SpryMedia Ltd, MIT\u003C\u002Fli>\n\u003Cli>moment.js, Tim Wood, Iskren Chernev, MIT\u003C\u002Fli>\n\u003Cli>SweetAlert 2, github.com\u002FSweetalert2\u002FSweetalert2, MIT\u003C\u002Fli>\n\u003Cli>tooltipster, www.heteroclito.fr\u002Fmodules\u002Ftooltipster\u002F, MIT\u003C\u002Fli>\n\u003C\u002Ful>\n","Captcha protection against spam comments & brute force login attacks using Google reCAPTCHA.",200000,2435450,96,428,"2025-12-02T20:29:00.000Z","4.9","5.2",[20,140,141,142,143],"comment-recaptcha","google-recaptcha","login-recaptcha","recaptcha","https:\u002F\u002Fgetwpcaptcha.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-google-recaptcha.1.31.zip",98,"2025-03-27 19:32:14",{"attackSurface":149,"codeSignals":197,"taintFlows":254,"riskAssessment":284,"analyzedAt":294},{"hooks":150,"ajaxHandlers":193,"restRoutes":194,"shortcodes":195,"cronEvents":196,"entryPointCount":28,"unprotectedCount":28},[151,157,160,165,169,173,177,181,185,189],{"type":152,"name":153,"callback":154,"file":155,"line":156},"action","plugins_loaded","obr_update_check","outerbridge-humancaptcha.php",59,{"type":152,"name":153,"callback":158,"file":155,"line":159},"obr_internationalisation",60,{"type":161,"name":162,"callback":163,"file":155,"line":164},"filter","comment_form_default_fields","obr_comment_build_form",61,{"type":161,"name":166,"callback":167,"priority":48,"file":155,"line":168},"preprocess_comment","obr_comment_validate_answer",62,{"type":152,"name":170,"callback":171,"file":155,"line":172},"register_form","obr_register_build_form",64,{"type":161,"name":174,"callback":175,"priority":48,"file":155,"line":176},"registration_errors","obr_register_validate_answer",65,{"type":152,"name":178,"callback":179,"file":155,"line":180},"login_form","obr_login_build_form",67,{"type":161,"name":182,"callback":183,"priority":48,"file":155,"line":184},"wp_authenticate","obr_login_validate_answer",68,{"type":152,"name":186,"callback":187,"file":155,"line":188},"admin_menu","obr_admin_menu",70,{"type":152,"name":190,"callback":191,"file":155,"line":192},"init","obr_init",71,[],[],[],[],{"dangerousFunctions":198,"sqlUsage":199,"outputEscaping":213,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":253},[],{"prepared":200,"raw":201,"locations":202},5,4,[203,205,207,210],{"file":155,"line":123,"context":204},"$wpdb->get_var() with variable interpolation",{"file":155,"line":206,"context":204},104,{"file":155,"line":208,"context":209},405,"$wpdb->query() with variable interpolation",{"file":155,"line":211,"context":212},489,"$wpdb->get_row() with variable interpolation",{"escaped":214,"rawEcho":215,"locations":216},8,18,[217,221,222,223,225,227,229,231,233,235,237,239,241,243,245,247,249,251],{"file":218,"line":219,"context":220},"outerbridge-humancaptcha-admin.php",53,"raw output",{"file":218,"line":159,"context":220},{"file":218,"line":168,"context":220},{"file":155,"line":224,"context":220},234,{"file":155,"line":226,"context":220},336,{"file":155,"line":228,"context":220},338,{"file":155,"line":230,"context":220},339,{"file":155,"line":232,"context":220},340,{"file":155,"line":234,"context":220},341,{"file":155,"line":236,"context":220},346,{"file":155,"line":238,"context":220},347,{"file":155,"line":240,"context":220},356,{"file":155,"line":242,"context":220},366,{"file":155,"line":244,"context":220},371,{"file":155,"line":246,"context":220},387,{"file":155,"line":248,"context":220},437,{"file":155,"line":250,"context":220},450,{"file":155,"line":252,"context":220},458,[],[255],{"entryPoint":256,"graph":257,"unsanitizedCount":34,"severity":283},"\u003Couterbridge-humancaptcha-admin> (outerbridge-humancaptcha-admin.php:0)",{"nodes":258,"edges":278},[259,264,269,272,276],{"id":260,"type":261,"label":262,"file":218,"line":263},"n0","source","$_POST",25,{"id":265,"type":266,"label":267,"file":218,"line":159,"wp_function":268},"n1","sink","echo() [XSS]","echo",{"id":270,"type":261,"label":271,"file":218,"line":159},"n2","$_POST (x2)",{"id":273,"type":274,"label":275,"file":218,"line":159},"n3","transform","→ obr_qanda_settings()",{"id":277,"type":266,"label":267,"file":155,"line":242,"wp_function":268},"n4",[279,281,282],{"from":260,"to":265,"sanitized":280},false,{"from":270,"to":273,"sanitized":280},{"from":273,"to":277,"sanitized":280},"medium",{"summary":285,"deductions":286},"The humancaptcha plugin v4.1.1 presents a concerning security posture despite a seemingly clean vulnerability history and a limited attack surface.  While there are no recorded CVEs and the static analysis shows no directly dangerous functions or external HTTP requests, several code signals raise red flags.  The fact that 44% of SQL queries are not using prepared statements is a significant risk, potentially leading to SQL injection vulnerabilities.  Furthermore, a high percentage (69%) of output is not properly escaped, which could open the door to cross-site scripting (XSS) attacks. The single taint flow with an unsanitized path, though not flagged as critical or high severity, still represents an area where malicious input could be processed improperly.",[287,289,292],{"reason":288,"points":214},"SQL queries not using prepared statements",{"reason":290,"points":291},"Output escaping is not properly implemented",6,{"reason":293,"points":200},"Flows with unsanitized paths","2026-03-16T20:07:43.405Z",{"wat":296,"direct":303},{"assetPaths":297,"generatorPatterns":298,"scriptPaths":299,"versionParams":300},[],[],[],[301,302],"humancaptcha\u002Fstyle.css?ver=","humancaptcha\u002Fscript.js?ver=",{"cssClasses":304,"htmlComments":306,"htmlAttributes":307,"restEndpoints":309,"jsGlobals":310,"shortcodeOutput":312},[305],"comment-form-email",[],[308],"data-humancaptcha-id",[],[311],"obr_answer_data",[]]