[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fHvBtIz_vG37nzPVybI9r1jH_AOeTgUfZYZjfmg5_J6U":3,"$fJZVGKQ6XRToJ8jWD_g1aDOwYmhvqznGKV2-QvcQJJ4w":212,"$fg4iRj1k2WLNyGQ4x8AbW4sPs6vWVnxqO3uOXQNQSpzs":217},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"discovery_status":31,"vulnerabilities":32,"developer":50,"crawl_stats":38,"alternatives":58,"analysis":145,"fingerprints":194},"infusionsoft-web-form-javascript","Infusionsoft Web Form JavaScript","1.1.1","Jacob Allred","https:\u002F\u002Fprofiles.wordpress.org\u002Fzulugrid\u002F","\u003Cp>We make it easy to add Infusionsoft web forms to your blog. You simply copy and paste the web form JavaScript into your post or page, and this plugin will automatically convert it to a WordPress shortcode that won’t be mangled by WordPress.\u003C\u002Fp>\n\u003Cp>By default, the plugin lets you use the shortcode \u003Cem>javascript\u003C\u002Fem>. Unlike other plugins, we let you change this shortcode to anything you like, such as \u003Cem>webform\u003C\u002Fem> or \u003Cem>infusionsoft\u003C\u002Fem>.\u003C\u002Fp>\n\u003Cp>You can even add custom CSS to your web form. Simply add a CSS attribute to the shortcode, for example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[javascript css=\"float: left;\" src=\"https:\u002F\u002Fexample.infusionsoft.com\u002Fapp\u002Fform\u002Fiframe\u002F5d07ccaa3e9ab94dea1f6982da9fb266\"\u002F]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Want to do even more with Infusionsoft?\u003C\u002Fstrong> Novak Solutions has expert developers and ready-to-go tools to make your life easier. \u003Ca href=\"http:\u002F\u002Fnovaksolutions.com\u002F\" rel=\"nofollow ugc\">Visit Novak Solutions now!\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Check us out on Facebook!\u003C\u002Fstrong> Our latest Infusionsoft tools and plugin updates are always posted on Facebook. Check us out at http:\u002F\u002Fwww.facebook.com\u002Fnovaksolutions\u002F\u003C\u002Fp>\n","Easily add Infusionsoft web forms to your posts and pages. Automatically converts JavaScript to WordPress-friendly shortcodes.",50,5096,80,4,"2014-12-18T19:21:00.000Z","4.1.42","2.7","",[20,21,22,23,24],"infusionsoft","javascript","web-forms","webform","webforms","http:\u002F\u002Fnovaksolutions.com\u002Fwordpress-plugins\u002Finfusionsoft-webform-javascript\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finfusionsoft-web-form-javascript.1.1.1.zip",64,1,"2025-03-31 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":38,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":38,"patch_diff_files":47,"patch_trac_url":38,"research_status":38,"research_verified":48,"research_rounds_completed":49,"research_plan":38,"research_summary":38,"research_vulnerable_code":38,"research_fix_diff":38,"research_exploit_outline":38,"research_model_used":38,"research_started_at":38,"research_completed_at":38,"research_error":38,"poc_status":38,"poc_video_id":38,"poc_summary":38,"poc_steps":38,"poc_tested_at":38,"poc_wp_version":38,"poc_php_version":38,"poc_playwright_script":38,"poc_exploit_code":38,"poc_has_trace":48,"poc_model_used":38,"poc_verification_depth":38},"CVE-2025-31629","infusionsoft-web-form-javascript-authenticated-contributor-stored-cross-site-scripting","Infusionsoft Web Form JavaScript \u003C= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Infusionsoft Web Form JavaScript plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.1.1","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-04-09 13:32:57",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5abae31f-2e1b-42c1-a8b0-6847aa853fb4?source=api-prod",[],false,0,{"slug":51,"display_name":7,"profile_url":8,"plugin_count":52,"total_installs":53,"avg_security_score":54,"avg_patch_time_days":55,"trust_score":56,"computed_at":57},"zulugrid",6,380,82,30,81,"2026-05-20T08:00:56.424Z",[59,80,96,111,124],{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":49,"num_ratings":49,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":18,"tags":72,"homepage":77,"download_link":78,"security_score":79,"vuln_count":49,"unpatched_count":49,"last_vuln_date":38,"fetched_at":30},"webform-integration","Web Form Integration","1","WordPress website Design and Development - Miracle Websoft","https:\u002F\u002Fprofiles.wordpress.org\u002Fmiraclewebssoft\u002F","\u003Cp>Any Web form integration into wordpress website. It can be Zoho webform, Infusionsoft webform, sugar crm, suite crm or any webform. Shortcode option to place form at any place in website.\u003C\u002Fp>\n\u003Cp>Use shortcode \u003Cstrong>[webform]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.miraclewebsoft.com\u002Fwebform-integration\u002F\" rel=\"nofollow ugc\">Check Video Tutorial\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>How to use plugin:-\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Install plugin.\u003C\u002Fli>\n\u003Cli>Now goto webform-integration under Settings in admin menu.\u003C\u002Fli>\n\u003Cli>Place given code into Form code then save.\u003C\u002Fli>\n\u003Cli>Place \u003Cstrong>[webform]\u003C\u002Fstrong> any where in website.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Plugin features:-\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Zoho webform integration\u003C\u002Fli>\n\u003Cli>Infusionsoft webform integration\u003C\u002Fli>\n\u003Cli>Suitecrm\u002Fsugar webform integration\u003C\u002Fli>\n\u003Cli>Any webform\u003C\u002Fli>\n\u003Cli>Shortcode option to place form any where in website\u003C\u002Fli>\n\u003C\u002Ful>\n","Any Web form integration into WordPress website. Shortcode option to place form any where in wordpress website.",10,1544,"2017-02-26T10:44:00.000Z","4.7.33","3.6",[73,74,75,22,76],"any-webform","infusionsoft-webform","suitecrm-webform","zoho-webform","http:\u002F\u002Fwww.miraclewebsoft.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwebform-integration.1.zip",85,{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":67,"downloaded":88,"rating":49,"num_ratings":49,"last_updated":89,"tested_up_to":90,"requires_at_least":91,"requires_php":18,"tags":92,"homepage":94,"download_link":95,"security_score":79,"vuln_count":49,"unpatched_count":49,"last_vuln_date":38,"fetched_at":30},"cts-infusionsoft-form-shortcode","CTS InfusionSoft Form Shortcode","1.1","Randell Miller","https:\u002F\u002Fprofiles.wordpress.org\u002Fcts-randell\u002F","\u003Cp>One of the issues with stock WordPress is that it tends to not like having Javascript in general and linking to an external Javascript file in specific inside of posts or pages.  This is problematic for people who are integrating InfusionSoft and WordPress.  We tried to find a good solution for this, but failed to find any good plugins which would be suited for the task.\u003C\u002Fp>\n\u003Cp>So, we wrote our own.\u003C\u002Fp>\n\u003Cp>It is a standard WordPress Plugin.  All you need to do is unzip the file to your plugins directory, or use the zip file upload feature.  Once you’ve installed it, simply activate.  There are no special settings or anything else you need to do.\u003C\u002Fp>\n\u003Cp>To embed an InfusionSoft web form into a post or page, use the following short code:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[infusionsoft_form src=\"\u003CYour form's url>\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n","This plugin adds a shortcode to easily insert into posts and pages the javascript code required to embed an InfusionSoft web form.",1897,"2013-12-12T22:49:00.000Z","3.7.41","3.3",[20,21,93],"shortcode","http:\u002F\u002Fnvcreativetechnology.com\u002Fcts-infusionsoft-form-shortcode\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcts-infusionsoft-form-shortcode.1.1.zip",{"slug":97,"name":98,"version":99,"author":7,"author_profile":8,"description":100,"short_description":101,"active_installs":67,"downloaded":102,"rating":103,"num_ratings":28,"last_updated":104,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":105,"homepage":109,"download_link":110,"security_score":79,"vuln_count":49,"unpatched_count":49,"last_vuln_date":38,"fetched_at":30},"infusionsoft-exit-optin","Infusionsoft Exit Optin","1.0.4","\u003Cp>The Exit Optin plugin integrates WordPress with your Infusionsoft app. Select a web form, and when your visitor’s mouse leaves your website the plugin will pop-up the web form optin form in a non-obtrusive way.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Want to do even more with Infusionsoft?\u003C\u002Fstrong> Novak Solutions has expert developers and ready-to-go tools to make your life easier. \u003Ca href=\"http:\u002F\u002Fnovaksolutions.com\u002F\" rel=\"nofollow ugc\">Visit Novak Solutions now!\u003C\u002Fa>\u003C\u002Fp>\n","Pop-up an Infusionsoft web form when your visitor goes to leave your site.",2480,20,"2014-12-18T19:18:00.000Z",[106,20,107,21,108],"exit","intent","optin","http:\u002F\u002Fnovaksolutions.com\u002Fwordpress-plugins\u002Finfusionsoft-exit-optin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finfusionsoft-exit-optin.1.0.4.zip",{"slug":112,"name":113,"version":114,"author":7,"author_profile":8,"description":115,"short_description":116,"active_installs":67,"downloaded":117,"rating":49,"num_ratings":49,"last_updated":118,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":119,"homepage":122,"download_link":123,"security_score":79,"vuln_count":49,"unpatched_count":49,"last_vuln_date":38,"fetched_at":30},"infusionsoft-one-click-upsell","Infusionsoft One-click Upsell","2.2.4","\u003Cp>The One-click Upsell Plugin makes it easy to add an upsell button to your shopping cart and order form Thank You pages.\u003C\u002Fp>\n\u003Cp>Use the upsell shortcode on any Thank You page or post. Make sure you select the option in Infusionsoft to pass the contact’s information to the Thank You page.\u003C\u002Fp>\n\u003Cp>Once the customer clicks the upsell button, One-click Upsell will charge the customer’s last used credit card and place the order in Infusionsoft.\u003C\u002Fp>\n","Easily upsell Infusionsoft® customers from within WordPress using shortcodes.",4152,"2014-12-18T19:19:00.000Z",[20,21,120,121],"one-click","upsell","http:\u002F\u002Fnovaksolutions.com\u002Fwordpress-plugins\u002Finfusionsoft-one-click-upsell\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finfusionsoft-one-click-upsell.2.2.4.zip",{"slug":125,"name":126,"version":127,"author":128,"author_profile":129,"description":130,"short_description":131,"active_installs":67,"downloaded":132,"rating":133,"num_ratings":134,"last_updated":135,"tested_up_to":136,"requires_at_least":137,"requires_php":18,"tags":138,"homepage":142,"download_link":143,"security_score":79,"vuln_count":49,"unpatched_count":49,"last_vuln_date":38,"fetched_at":144},"rackforms-express","RackForms Express Web Form Builder","1.5","rackforms","https:\u002F\u002Fprofiles.wordpress.org\u002Frackforms\u002F","\u003Cp>At nicSoft we believe “core” form software to send email and save entries to a database shouldn’t cost a dime.\u003C\u002Fp>\n\u003Cp>That’s why we’re proud to offer RackForms Express for WordPress. A totally free and unlimited form plugin that redefines the WordPress form creation landscape!\u003C\u002Fp>\n\u003Cp>Build anything from simple contact forms to multi-page applications that use conditional logic.\u003C\u002Fp>\n\u003Cp>The best part is when we say free, we mean it. This means no advertisements, up sells, or premium versions to buy.\u003C\u002Fp>\n\u003Cp>This is the real deal: Powerful and 100% free web form software!\u003C\u002Fp>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n","RackForms Express For WordPress is a FREE and UNLIMITED web form builder.",2944,46,3,"2018-12-09T17:08:00.000Z","5.0.25","3.0.1",[139,140,141,23,24],"contact-form","web-form","web-form-creator","https:\u002F\u002Fwww.rackforms.com\u002Frackforms-express-for-wordpress.php","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frackforms-express.zip","2026-04-06T09:54:40.288Z",{"attackSurface":146,"codeSignals":170,"taintFlows":184,"riskAssessment":185,"analyzedAt":193},{"hooks":147,"ajaxHandlers":166,"restRoutes":167,"shortcodes":168,"cronEvents":169,"entryPointCount":49,"unprotectedCount":49},[148,153,157,162],{"type":149,"name":150,"callback":151,"file":152,"line":133},"filter","wp_insert_post_data","novaksolutions_wf_replace_js","novaksolutions-infusionsoft-javascript.php",{"type":149,"name":154,"callback":155,"priority":67,"file":152,"line":156},"plugin_action_links","novaksolutions_wf_plugin_action_links",57,{"type":158,"name":159,"callback":160,"file":152,"line":161},"action","admin_menu","novaksolutions_wf_admin_menu",67,{"type":158,"name":163,"callback":164,"file":152,"line":165},"admin_init","novaksolutions_wf_settings_api_init",123,[],[],[],[],{"dangerousFunctions":171,"sqlUsage":172,"outputEscaping":174,"fileOperations":49,"externalRequests":49,"nonceChecks":49,"capabilityChecks":28,"bundledLibraries":183},[],{"prepared":49,"raw":49,"locations":173},[],{"escaped":28,"rawEcho":134,"locations":175},[176,179,181],{"file":152,"line":177,"context":178},86,"raw output",{"file":152,"line":180,"context":178},136,{"file":152,"line":182,"context":178},140,[],[],{"summary":186,"deductions":187},"The plugin \"infusionsoft-web-form-javascript\" v1.1.1 exhibits a mixed security posture. While the static analysis shows a very limited attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events, and importantly, no direct SQL queries or file operations, there are significant concerns regarding output escaping and a known vulnerability.\n\nThe static analysis reveals that only 25% of the identified output points are properly escaped, indicating a potential for Cross-Site Scripting (XSS) vulnerabilities. This is further corroborated by the vulnerability history, which shows a medium severity CVE related to 'Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')'. The existence of a currently unpatched medium severity vulnerability is a critical weakness that needs immediate attention.\n\nWhile the absence of common attack vectors like direct SQL injection or insecure file operations is positive, the unpatched XSS vulnerability and the poor output escaping practices present a tangible risk to users. The plugin's vulnerability history suggests a pattern of potential security flaws, necessitating a cautious approach and prompt patching of identified vulnerabilities.",[188,191],{"reason":189,"points":190},"Unpatched Medium severity CVE",18,{"reason":192,"points":52},"Poor output escaping (75% unescaped)","2026-04-16T11:09:25.727Z",{"wat":195,"direct":201},{"assetPaths":196,"generatorPatterns":198,"scriptPaths":199,"versionParams":200},[197],"\u002Fwp-content\u002Fplugins\u002Finfusionsoft-web-form-javascript\u002Fnovaksolutions-infusionsoft-javascript.php",[],[],[],{"cssClasses":202,"htmlComments":204,"htmlAttributes":205,"restEndpoints":207,"jsGlobals":208,"shortcodeOutput":209},[203],"javascript-container",[],[206],"data-src",[],[],[210,211],"[javascript","[javascript src=",{"error":213,"url":214,"statusCode":215,"statusMessage":216,"message":216},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Finfusionsoft-web-form-javascript\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":218,"versions":219},2,[220,226],{"version":6,"download_url":26,"svn_tag_url":221,"released_at":38,"has_diff":48,"diff_files_changed":222,"diff_lines":38,"trac_diff_url":223,"vulnerabilities":224,"is_current":213},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Finfusionsoft-web-form-javascript\u002Ftags\u002F1.1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Finfusionsoft-web-form-javascript%2Ftags%2F1.1.0&new_path=%2Finfusionsoft-web-form-javascript%2Ftags%2F1.1.1",[225],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":38},{"version":227,"download_url":228,"svn_tag_url":229,"released_at":38,"has_diff":48,"diff_files_changed":230,"diff_lines":38,"trac_diff_url":38,"vulnerabilities":231,"is_current":48},"1.1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finfusionsoft-web-form-javascript.1.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Finfusionsoft-web-form-javascript\u002Ftags\u002F1.1.0\u002F",[],[232],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":38}]