[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fwZx67GvpWzppB6hsb9RWFlTQh0TB9iXWlTfQrHEkwYc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":22,"download_link":23,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":35,"analysis":128,"fingerprints":346},"kiamo","Kiamo Chat and web call back by IRCF","1.1","ircf","https:\u002F\u002Fprofiles.wordpress.org\u002Fircf\u002F","\u003Cp>A non-official WordPress plugin to integrate \u003Ca href=\"https:\u002F\u002Fkiamo.fr\u002Flogiciel\u002Fcanaux\u002Flive-chat\u002F\" rel=\"nofollow ugc\">Kiamo Chat\u003C\u002Fa>\u003Cbr \u002F>\nand \u003Ca href=\"https:\u002F\u002Fkiamo.fr\u002Flogiciel\u002Fcanaux\u002Fweb\u002F\" rel=\"nofollow ugc\">Web call back\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>The Kiamo Chat integration is included in the free version.\u003C\u002Fp>\n\u003Cp>The Kiamo web call back integration is only available in the pro version.\u003C\u002Fp>\n\u003Cp>Appearance custom settings are only available in the pro version.\u003C\u002Fp>\n\u003Cp>You can buy the pro version on our \u003Ca href=\"https:\u002F\u002Fircf.fr\u002Fplugins-wordpress\u002F\" rel=\"nofollow ugc\">WordPress plugin shop\u003C\u002Fa>\u003C\u002Fp>\n","Integrates Kiamo chat and web call back on your WordPress website. This is a non-offical plugin, IRCF is not related to Kiamo brand.",0,1080,"2020-06-18T16:52:00.000Z","5.4.19","3.0.1","",[18,19,20,21,4],"back","call","callback","chat","https:\u002F\u002Fircf.fr\u002Fplugins-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkiamo.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},5,310,94,282,75,"2026-04-04T05:53:20.281Z",[36,57,74,90,108],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":16,"tags":51,"homepage":55,"download_link":56,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"integration-with-bitrix24","Bitrix24","1.0.0","bitrix24","https:\u002F\u002Fprofiles.wordpress.org\u002Fbitrix24\u002F","\u003Cp>This free Bitrix24 widget lets you insert live chat, call back request and various web forms into your website.\u003Cbr \u002F>\nAll information from chat and forms is automatically imported into free Bitrix24 CRM. The widget supports up to\u003Cbr \u002F>\n12 agents absolutely free, is easily customizable, and works on mobile, web and desktop apps.\u003C\u002Fp>\n\u003Cp>How to connect Bitrix24?\u003C\u002Fp>\n\u003Cp>After you install the plugin, all links to Bitrix24 forms will be displayed on WordPress sites as embedded forms.\u003Cbr \u002F>\nYou can also use this plugin to install live chat and call back widgets on your WordPress site as well.\u003C\u002Fp>\n\u003Cp>In addition to that, this plugin can send orders from WordPress based online stores into Bitrix24 CRM.\u003Cbr \u002F>\nPlease follow these instructions to access these features:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Log into your Bitrix24 account and enable website widget.\u003C\u002Fli>\n\u003Cli>Get the widget code for WordPress and insert it into appropriate plugin field (instructions\u003Cbr \u002F>\narea available at https:\u002F\u002Fhelpdesk.bitrix24.com\u002Fopen\u002F4112659\u002F)\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>If you use popular any WordPress ecommerce engine to run your online store, this plugin can automatically\u003Cbr \u002F>\nsend online orders to your CRM. Simply go to plugin settings and do the following:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Enable CRM connector. \u003C\u002Fli>\n\u003Cli>Insert connector URL. You can get the URL inside Bitrix24 CRM. \u003C\u002Fli>\n\u003Cli>Select default currently for your online store. Otherwise the currency will be determined automatically.\u003C\u002Fli>\n\u003C\u002Fol>\n","This free Bitrix24 widget lets you insert live chat, call back request and various web forms into your website.",600,13757,60,6,"2017-04-04T10:30:00.000Z","4.7.32","3.0",[40,20,52,53,54],"crm","integration","live-chat","https:\u002F\u002Fwww.bitrix24.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fintegration-with-bitrix24.zip",{"slug":58,"name":59,"version":6,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":44,"downloaded":64,"rating":65,"num_ratings":66,"last_updated":67,"tested_up_to":68,"requires_at_least":15,"requires_php":16,"tags":69,"homepage":72,"download_link":73,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"leadback","LeadBack – Callback, Chatbot and Live Chat Widgets for WordPress sites","LeadBack","https:\u002F\u002Fprofiles.wordpress.org\u002Fleadbackru\u002F","\u003Cp>Every website visitor is a potential customer. LeadBack allows you to call your customer for free in 27 seconds. The LeadBack widget lets you call your website visitors and helps you gain an additional 30-125% leads on the phone.\u003C\u002Fp>\n\u003Cp>This plugin makes a simple widget for callback and live chat on your website. LeadBack its a services for the site, allowing you to increase the conversion to leads. Official LeadBack plugin.\u003C\u002Fp>\n\u003Ch4>How it works\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Visitors visit your website, click on a callback button, enter their phone number.\u003C\u002Fli>\n\u003Cli>The service quickly calls your company, and then immediately to the visitor himself.\u003C\u002Fli>\n\u003Cli>Within 27 seconds, your employee communicates with the client and makes a sale!\u003C\u002Fli>\n\u003Cli>The client is shocked by your promptness and is ready to spend the money.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"640\" height=\"360\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FjkxWHU0vjg4?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch4>Supported languages\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>English \u002F English Callback, Chatbot and Live Chat Plugin\u003C\u002Fli>\n\u003Cli>Russian \u002F Русский Плагин обратного звонка, чат и бот для сайта\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin makes a simple widget for callback and live chat on your website. Official LeadBack plugin.",4277,100,1,"2021-09-24T11:24:00.000Z","5.8.13",[20,21,58,70,71],"livechat","widget","https:\u002F\u002Fleadback.ru\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fleadback.1.1.zip",{"slug":75,"name":76,"version":39,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":11,"num_ratings":11,"last_updated":83,"tested_up_to":84,"requires_at_least":15,"requires_php":85,"tags":86,"homepage":16,"download_link":89,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"novocall-callback-widget","Novocall – Callback Widget","novocall","https:\u002F\u002Fprofiles.wordpress.org\u002Fnovocall\u002F","\u003Cp>Novocall is a callback widget that allows you to easily communicate with your customers. It analyzes web behaviour, and once a visitor is interested, it offers a free callback within seconds, helping you increase your web conversions.\u003C\u002Fp>\n\u003Cp>What can I do with Novocall?\u003C\u002Fp>\n\u003Cp>Capture & convert leads: Detect interested website visitors & get them to call you through our Exit Intent Technology, along with other web behavioral triggers.\u003C\u002Fp>\n\u003Cp>Engage web visitors instantly: Provide visitors with a free instant callback to a call rep, who can then close the sales easily.\u003C\u002Fp>\n\u003Cp>Automate scheduling of calls: Capture after-hour leads by automatically scheduling calls during your working hours, or automate call scheduling on emails and through SMS.\u003C\u002Fp>\n\u003Cp>See where your interested customers come from: Gain context before your calls by seeing the exact web page that your customers come from.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Provide visitors with \u003Cstrong>free\u003C\u002Fstrong>, \u003Cstrong>instant\u003C\u002Fstrong>, callback to your company\u003C\u002Fli>\n\u003Cli>Automatically schedule calls after working hours \u003C\u002Fli>\n\u003Cli>Send automated SMS\u003C\u002Fli>\n\u003Cli>See caller information – gain context before your calls by seeing the exact web page that your customers come from\u003C\u002Fli>\n\u003Cli>Integration with a multitude of third-party applications. From Webhooks to Slack, Google Analytics & more…\u003C\u002Fli>\n\u003Cli>Customisable design\u003C\u002Fli>\n\u003C\u002Ful>\n","Novocall is a powerful callback widget that helps increase your web conversion by prompting interested visitors with a free callback in seconds, while …",80,2561,"2019-04-08T05:36:00.000Z","4.9.29","5.2.4",[20,87,21,88,77],"calls","lead-generation","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnovocall-callback-widget.zip",{"slug":91,"name":92,"version":93,"author":94,"author_profile":95,"description":96,"short_description":97,"active_installs":98,"downloaded":99,"rating":81,"num_ratings":100,"last_updated":101,"tested_up_to":102,"requires_at_least":103,"requires_php":16,"tags":104,"homepage":106,"download_link":107,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"callback-widget-pozvonim","Callback widget Pozvonim","20151220","wpcraft","https:\u002F\u002Fprofiles.wordpress.org\u002Fcasepress\u002F","\u003Cp>Pozvonim.com – позволяет существенно повысить конверсию сайта и продажи.\u003C\u002Fp>\n\u003Cp>Данный плагин позволит вам легко вставить код виджета Pozvonim на ваш сайт.\u003Cbr \u002F>\nПри этом вам не нужно редактировать файлы вашей темы, и виджет продолжит работать даже при смене вашей активной темы.\u003C\u002Fp>\n\u003Cp>После активации плагина зайдите в раздел Обсуждение, далее найти секцию настройки Pozvonim для того чтобы вставить код вашего виджета.\u003C\u002Fp>\n\u003Cp>Учтите, что для редактирования кода виджета, вам необходимы права администратора на сайте WordPress (или супер-администратора в режиме Multisite).\u003C\u002Fp>\n\u003Cp>Попробовать бесплатно:\u003C\u002Fp>\n\u003Cp>Попробовать виджет вы можете бесплатно + получить бонус 1000 рублей на счет при регистрации по ссылке\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fpozvonim.com\u002F?i=13633093\" rel=\"nofollow ugc\">регистрация с бонусом +1000 рублей\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Видео:\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FkQCt2eJuy-Q?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n","Виджет обратного звонка Pozvonim - позволяет повысить конверсию сайта",30,5629,2,"2015-12-21T16:59:00.000Z","4.4.34","3.8",[20,21,70,105,71],"pozvonim","https:\u002F\u002Fgithub.com\u002Fsystemo-biz\u002Fcallback-widget-pozvonim","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcallback-widget-pozvonim.zip",{"slug":109,"name":110,"version":111,"author":112,"author_profile":113,"description":114,"short_description":115,"active_installs":116,"downloaded":117,"rating":118,"num_ratings":100,"last_updated":119,"tested_up_to":120,"requires_at_least":121,"requires_php":16,"tags":122,"homepage":126,"download_link":127,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"fonetic-web-callback","Fonetic Web Callback","2.0.1","netiva","https:\u002F\u002Fprofiles.wordpress.org\u002Fnetiva\u002F","\u003Cp>Web Callback is an instant phone call service for your website, email signature or newsletter.\u003Cbr \u002F>\nIt allows your visitors to be called back for free. Get a real leverage for your online conversions !\u003C\u002Fp>\n\u003Cp>For the attention of our english users\u003Cbr \u002F>\nFONETIC commercial & service website is currently being translated in english. Please apologize for the inconvenience. However FONETIC’s widget (non-customizable fields) is already translated and available in the following languages : FR, EN, ES, DE, IT, CN, PT, FI, SE.\u003Cbr \u002F>\nPlease note that connections are possible with 233 countries.\u003C\u002Fp>\n\u003Ch4>Live demo\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwordpress35.netiva.fr\u002F\" rel=\"nofollow ugc\">WordPress 3.5\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Plugin language\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>French\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Widget language\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>French\u003C\u002Fli>\n\u003Cli>Spanish\u003C\u002Fli>\n\u003Cli>German\u003C\u002Fli>\n\u003Cli>Italian\u003C\u002Fli>\n\u003Cli>Chinese\u003C\u002Fli>\n\u003Cli>Portuguese\u003C\u002Fli>\n\u003Cli>Finnish\u003C\u002Fli>\n\u003Cli>Swedish\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Links\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Ffonetic.fr\u002F\" rel=\"nofollow ugc\">Project Homepage\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Ffonetic.fr\u002F\" rel=\"nofollow ugc\">Support\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fnetiva.fr\u002F\" rel=\"nofollow ugc\">Team\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Fonetic is a web call feature for your website that allows your visitors to be called back for free. Get a real leverage for your online conversions !",10,2717,70,"2013-05-22T08:30:00.000Z","3.5.2","3.5",[20,21,123,124,125],"fonetic","instant-call","web-callback","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Ffonetic\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffonetic-web-callback.zip",{"attackSurface":129,"codeSignals":169,"taintFlows":283,"riskAssessment":334,"analyzedAt":345},{"hooks":130,"ajaxHandlers":157,"restRoutes":166,"shortcodes":167,"cronEvents":168,"entryPointCount":100,"unprotectedCount":100},[131,137,141,145,149,153],{"type":132,"name":133,"callback":134,"priority":11,"file":135,"line":136},"action","plugins_loaded","kiamo_loaded","kiamo.php",46,{"type":132,"name":138,"callback":139,"file":135,"line":140},"admin_menu","kiamo_menu",50,{"type":132,"name":142,"callback":143,"file":135,"line":144},"customize_register","register",359,{"type":132,"name":146,"callback":147,"file":135,"line":148},"wp_head","header_output",360,{"type":132,"name":150,"callback":151,"file":135,"line":152},"wp_enqueue_scripts","kiamo_enqueue_scripts",384,{"type":132,"name":154,"callback":155,"file":135,"line":156},"wp_footer","kiamo_footer",392,[158,163],{"action":159,"nopriv":160,"callback":161,"hasNonce":160,"hasCapCheck":160,"file":135,"line":162},"kiamo_callback",false,"kiamo_callback_ajax",429,{"action":159,"nopriv":164,"callback":161,"hasNonce":160,"hasCapCheck":160,"file":135,"line":165},true,430,[],[],[],{"dangerousFunctions":170,"sqlUsage":171,"outputEscaping":173,"fileOperations":11,"externalRequests":100,"nonceChecks":66,"capabilityChecks":11,"bundledLibraries":282},[],{"prepared":11,"raw":11,"locations":172},[],{"escaped":174,"rawEcho":175,"locations":176},8,55,[177,181,183,185,187,189,191,192,194,196,198,200,202,204,206,208,210,212,214,216,218,220,222,224,226,228,230,232,234,236,238,240,242,244,246,248,250,252,255,256,258,260,261,263,265,266,268,269,271,272,273,275,277,278,280],{"file":178,"line":179,"context":180},"includes\\class-kiamo-license.php",29,"raw output",{"file":178,"line":182,"context":180},32,{"file":178,"line":184,"context":180},33,{"file":178,"line":186,"context":180},42,{"file":178,"line":188,"context":180},44,{"file":178,"line":190,"context":180},47,{"file":178,"line":140,"context":180},{"file":135,"line":193,"context":180},79,{"file":135,"line":195,"context":180},92,{"file":135,"line":197,"context":180},95,{"file":135,"line":199,"context":180},139,{"file":135,"line":201,"context":180},140,{"file":135,"line":203,"context":180},141,{"file":135,"line":205,"context":180},143,{"file":135,"line":207,"context":180},145,{"file":135,"line":209,"context":180},147,{"file":135,"line":211,"context":180},149,{"file":135,"line":213,"context":180},153,{"file":135,"line":215,"context":180},157,{"file":135,"line":217,"context":180},159,{"file":135,"line":219,"context":180},160,{"file":135,"line":221,"context":180},164,{"file":135,"line":223,"context":180},168,{"file":135,"line":225,"context":180},172,{"file":135,"line":227,"context":180},176,{"file":135,"line":229,"context":180},179,{"file":135,"line":231,"context":180},181,{"file":135,"line":233,"context":180},184,{"file":135,"line":235,"context":180},188,{"file":135,"line":237,"context":180},192,{"file":135,"line":239,"context":180},196,{"file":135,"line":241,"context":180},200,{"file":135,"line":243,"context":180},204,{"file":135,"line":245,"context":180},209,{"file":135,"line":247,"context":180},210,{"file":135,"line":249,"context":180},213,{"file":135,"line":251,"context":180},346,{"file":253,"line":254,"context":180},"templates\\kiamo.php",12,{"file":253,"line":254,"context":180},{"file":253,"line":257,"context":180},25,{"file":253,"line":259,"context":180},27,{"file":253,"line":98,"context":180},{"file":253,"line":262,"context":180},36,{"file":253,"line":264,"context":180},39,{"file":253,"line":186,"context":180},{"file":253,"line":267,"context":180},43,{"file":253,"line":188,"context":180},{"file":253,"line":270,"context":180},45,{"file":253,"line":136,"context":180},{"file":253,"line":190,"context":180},{"file":253,"line":274,"context":180},48,{"file":253,"line":276,"context":180},49,{"file":253,"line":140,"context":180},{"file":253,"line":279,"context":180},51,{"file":253,"line":281,"context":180},52,[],[284,306,319],{"entryPoint":285,"graph":286,"unsanitizedCount":66,"severity":305},"process_admin_options (includes\\class-kiamo-license.php:56)",{"nodes":287,"edges":302},[288,292,296],{"id":289,"type":290,"label":291,"file":178,"line":46},"n0","source","$_POST",{"id":293,"type":294,"label":295,"file":178,"line":46},"n1","transform","→ verify_license()",{"id":297,"type":298,"label":299,"file":178,"line":300,"wp_function":301},"n2","sink","update_option() [Settings Manipulation]",87,"update_option",[303,304],{"from":289,"to":293,"sanitized":160},{"from":293,"to":297,"sanitized":160},"low",{"entryPoint":307,"graph":308,"unsanitizedCount":11,"severity":305},"verify_license (includes\\class-kiamo-license.php:67)",{"nodes":309,"edges":317},[310,313],{"id":289,"type":290,"label":311,"file":178,"line":312},"$_SERVER",72,{"id":293,"type":298,"label":314,"file":178,"line":315,"wp_function":316},"wp_remote_get() [SSRF]",76,"wp_remote_get",[318],{"from":289,"to":293,"sanitized":164},{"entryPoint":320,"graph":321,"unsanitizedCount":66,"severity":305},"\u003Cclass-kiamo-license> (includes\\class-kiamo-license.php:0)",{"nodes":322,"edges":330},[323,324,325,326,328],{"id":289,"type":290,"label":311,"file":178,"line":312},{"id":293,"type":298,"label":314,"file":178,"line":315,"wp_function":316},{"id":297,"type":290,"label":291,"file":178,"line":46},{"id":327,"type":294,"label":295,"file":178,"line":46},"n3",{"id":329,"type":298,"label":299,"file":178,"line":300,"wp_function":301},"n4",[331,332,333],{"from":289,"to":293,"sanitized":164},{"from":297,"to":327,"sanitized":160},{"from":327,"to":329,"sanitized":160},{"summary":335,"deductions":336},"The \"kiamo\" plugin v1.1 exhibits a concerning security posture due to a significant number of unprotected entry points. The static analysis reveals two AJAX handlers, both lacking authentication checks, which presents a substantial attack surface for unauthorized actions. While the plugin demonstrates good practices in its SQL queries by exclusively using prepared statements and has no recorded vulnerability history, these strengths are overshadowed by the critical lack of security on its primary interaction points.\n\nThe taint analysis identified two flows with unsanitized paths, although they were not categorized as critical or high severity. This, coupled with a low percentage (13%) of properly escaped outputs, suggests a potential for cross-site scripting (XSS) vulnerabilities if user-supplied data is not handled with extreme care. The absence of capability checks further exacerbates the risk, as actions can be performed without verifying user roles or permissions.\n\nOverall, while the plugin has a clean vulnerability history and uses secure SQL practices, the presence of unprotected AJAX handlers and unsanitized data flows poses a significant risk. The lack of robust authentication and authorization mechanisms on its entry points is a critical weakness that needs immediate attention. The low output escaping rate also points to potential XSS vulnerabilities.",[337,339,341,343],{"reason":338,"points":116},"AJAX handlers without authentication checks",{"reason":340,"points":29},"Unsanitized paths in taint analysis",{"reason":342,"points":174},"Low percentage of properly escaped outputs",{"reason":344,"points":116},"No capability checks","2026-03-17T06:25:08.896Z",{"wat":347,"direct":354},{"assetPaths":348,"generatorPatterns":351,"scriptPaths":352,"versionParams":353},[349,350],"\u002Fwp-content\u002Fplugins\u002Fkiamo\u002Fjs\u002Fkiamo-admin-options.js","\u002Fwp-content\u002Fplugins\u002Fkiamo\u002Fcss\u002Fkiamo-admin-options.css",[],[349],[],{"cssClasses":355,"htmlComments":361,"htmlAttributes":362,"restEndpoints":375,"jsGlobals":376,"shortcodeOutput":380},[356,357,358,359,360],"form-group-chat","form-group-callback","form-group-chat-mode","form-group-chat-mode-chat","form-group-chat-mode-targeting",[],[363,364,365,366,367,368,369,370,371,372,373,374],"name=\"kiamo_chat_enabled\"","name=\"kiamo_callback_enabled\"","name=\"kiamo_chat_mode\"","name=\"kiamo_chat_server\"","name=\"kiamo_chat_id\"","name=\"kiamo_chat_targeting_id\"","name=\"kiamo_chat_agent_id\"","name=\"kiamo_chat_customer_id\"","name=\"kiamo_callback_server\"","name=\"kiamo_callback_id\"","name=\"kiamo_callback_agent_id\"","name=\"kiamo_callback_customer_id\"",[],[377,378,379],"kiamo_options_chat_enable","kiamo_options_callback_enable","kiamo_options_chat_mode",[]]