[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fn64S-JycAIshQuHg8I3_dEHpbV6h1vfHJuid4napK1I":3},{"slug":4,"name":5,"version":6,"author":5,"author_profile":7,"description":8,"short_description":9,"active_installs":10,"downloaded":11,"rating":12,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":57,"crawl_stats":37,"alternatives":62,"analysis":162,"fingerprints":248},"leadster-marketing-conversacional","Leadster","1.3.2","https:\u002F\u002Fprofiles.wordpress.org\u002Fleadster\u002F","\u003Ch3>Leadster – Plataforma para aumentar sua Captação de Leads\u003C\u002Fh3>\n\u003Cp>Criamos uma Metodologia Própria de Marketing Conversacional unindo 5 anos de aprendizado na construção de chatbots com as melhores práticas de otimização de conversão online.\u003C\u002Fp>\n\u003Cp>Transforme seu formulário em uma conversa, a ferramenta altera a experiência do seu cliente tornando o processo de conversão muito mais interativo e dinâmico.\u003C\u002Fp>\n\u003Cp>A ferramenta realiza Teste A\u002FB com diferentes chamadas para descobrir quais as campeãs de conversão para seu público.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Casos de Sucesso – \u003Ca href=\"https:\u002F\u002Fleadster.com.br\u002Fgeracao-de-leads\u002Fcases\" rel=\"nofollow ugc\">Veja aqui!\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Mais detalhes da ferramenta – \u003Ca href=\"https:\u002F\u002Fleadster.com.br\u002Fferramenta\" rel=\"nofollow ugc\">https:\u002F\u002Fleadster.com.br\u002Fferramenta\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Principais Recursos\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Converta em tempo real;\u003C\u002Fli>\n\u003Cli>Dashboard com métricas de desempenho;\u003C\u002Fli>\n\u003Cli>Interação fora do horário comercial;\u003C\u002Fli>\n\u003Cli>E muito mais…\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"640\" height=\"360\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FkvZxxVLApxw?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch4>Integration\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WEBHOOK – Integra qualquer aplicação via webhooks\u003C\u002Fli>\n\u003Cli>BITRIX24 – Envie seus leads para a ferramenta Bitrix24\u003C\u002Fli>\n\u003Cli>SALESFORCE – Envie seus leads para a ferramenta Salesforce\u003C\u002Fli>\n\u003Cli>ZAPIER – ntegra com mais de 1500 aplicativos Trello, Gmail, Asana e outros…\u003C\u002Fli>\n\u003Cli>FOLLOWIZE – Envie seus leads para a ferramenta Followize\u003C\u002Fli>\n\u003Cli>ANAPRO CRM – Cadastre seus leads no Anapro CRM\u003C\u002Fli>\n\u003Cli>F1 SALES – Ferramenta F1 Sales\u003C\u002Fli>\n\u003Cli>SIRENA – Envia e-mails no formato Molusco® para um sistema Sirena\u003C\u002Fli>\n\u003Cli>E-GOI – Envie leads pela APIv3 do E-goi\u003C\u002Fli>\n\u003Cli>SIMPLE PACK – Envie seus leads para o Simple Pack CRM\u003C\u002Fli>\n\u003Cli>PIPERUN – Envie seus leads para a ferramenta Piperun\u003C\u002Fli>\n\u003Cli>PLUGA – Integra seus leads com o sistema Pluga\u003C\u002Fli>\n\u003Cli>FLEEG – Integra seus leads com o sistema Fleeg\u003C\u002Fli>\n\u003Cli>EXACT SALES – Envie seus leads para a ferramenta Exact Sales\u003C\u002Fli>\n\u003Cli>HUBSPOT – Ferramenta HubSpost\u003C\u002Fli>\n\u003Cli>PRAEDIUM – Integre seus leads com o CRM Imobiliário da Praedium\u003C\u002Fli>\n\u003Cli>LAHAR – Integra seus leads com o sistema Lahar\u003C\u002Fli>\n\u003Cli>HOUSECRM – Envie seus leads para a ferramenta housecrm Marketing & Vendas\u003C\u002Fli>\n\u003Cli>RD STATION – Integre-se usando a plataforma do RD Station e mantenha seus leads organizados\u003C\u002Fli>\n\u003Cli>PARDOT – Envie seus leads para o Salesforce Pardot\u003C\u002Fli>\n\u003Cli>ActiveCampaign – Envie seus leads para a ferramenta ActiveCampaign\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support Javascript snippet code\u003C\u002Fh3>\n\u003Cp>Este plugin tem como objetivo facilitar a instalação da ferramenta chatbot da Leadster.\u003Cbr \u002F>\nPara isso, usamos ‘https:\u002F\u002Fcdn.leadster.com.br\u002F’ para carregar nosso snippet de chatbot em seu site, sob os termos da lei e \u003Ca href=\"https:\u002F\u002Fleadster.com.br\u002Fprivacidade\" rel=\"nofollow ugc\">Políticas de Privacidade da Leadster\u003C\u002Fa>.\u003C\u002Fp>\n","Leadster Marketing Conversacional: O Futuro da Geração de Leads",5000,42451,100,3,"2024-11-26T14:07:00.000Z","6.7.5","5.0","7.0",[19,20,21,22,23],"geracao-de-leads","leads","leadster","marketing","marketing-conversacional","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fleadster-marketing-conversacional.1.3.2.zip",91,2,0,"2023-11-16 00:00:00","2026-03-15T15:16:48.613Z",[32,48],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2023-47791","leadster-cross-site-request-forgery-via-leadsterscriptcodeaction","Leadster \u003C= 1.1.2 - Cross-Site Request Forgery via leadster_script_code_action","The Leadster plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the leadster_script_code_action function. This makes it possible for unauthenticated attackers to modify the leadester script code via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.1.2","1.1.3","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2024-01-22 19:56:02",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F86837f87-ea91-404a-92ac-38d1abf14cde?source=api-prod",68,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":53,"updated_date":44,"references":54,"days_to_patch":56},"CVE-2023-41668","leadster-cross-site-request-forgery","Leadster \u003C= 1.1.2 - Cross-Site Request Forgery","The Leadster plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing nonce validation on the leadster_script_code_action() function hooked via 'admin_post'. This makes it possible for unauthenticated attackers to update the plugin's script code via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","2023-09-04 00:00:00",[55],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F361216af-b939-4ac1-ae06-97552d283670?source=api-prod",141,{"slug":21,"display_name":5,"profile_url":7,"plugin_count":58,"total_installs":10,"avg_security_score":26,"avg_patch_time_days":59,"trust_score":60,"computed_at":61},1,105,73,"2026-04-04T07:09:12.699Z",[63,86,103,125,143],{"slug":64,"name":65,"version":66,"author":67,"author_profile":68,"description":69,"short_description":70,"active_installs":71,"downloaded":72,"rating":73,"num_ratings":74,"last_updated":75,"tested_up_to":76,"requires_at_least":77,"requires_php":17,"tags":78,"homepage":82,"download_link":83,"security_score":84,"vuln_count":58,"unpatched_count":28,"last_vuln_date":85,"fetched_at":30},"sumome","Website Pop-up Builder by BDOW! (formerly Sumo): Pop-ups + forms for email opt-ins and lead generation","1.44","Sumo","https:\u002F\u002Fprofiles.wordpress.org\u002Fsumome\u002F","\u003Cp>BDOW! (formerly Sumo) is the best, free pop-up and form tool for WordPress websites. Over 30,000 online businesses use BDOW! (formerly Sumo) to grow a bigger email list and turn leads into conversions.\u003C\u002Fp>\n\u003Cp>Use BDOW! to create stunning, intelligent forms and pop-ups and…\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Use advanced targeting rules to display the right offer to the right visitors.\u003C\u002Fli>\n\u003Cli>Easily increase conversion rates using our built-in A\u002FB testing.\u003C\u002Fli>\n\u003Cli>Choose from professionally designed templates and get started quickly.\u003C\u002Fli>\n\u003Cli>Integrate with your favorite tools like ConvertKit, Flodesk, Mailerlite, and many others.\u003C\u002Fli>\n\u003Cli>Create autoresponders to deliver content upgrades and connect with your audience.\u003C\u002Fli>\n\u003Cli>Integrate with WooCommerce and supercharge your bottom line using BDOW!’s monetization features.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Create your free BDOW! account today and build a bigger list, faster.\u003C\u002Fp>\n\u003Ch3>Latest Updates\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Performance updates: 35%+ faster script\u003C\u002Fli>\n\u003Cli>New integrations: Webhooks, Flodesk, Mailerlite, Klaviyo\u003C\u002Fli>\n\u003Cli>Enhanced integrations: ConvertKit, ActiveCampaign\u003C\u002Fli>\n\u003Cli>Updated BDOW! User Interface\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fbdow.com\u002F?src=wordpress_bottom\" rel=\"nofollow ugc\">See more at bdow.com!\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>What Customers Are Saying About BDOW! (formerly Sumo)\u003C\u002Fh3>\n\u003Cp>“An extra $4000 we wouldn’t have made in the first week alone? HOLY BDOW!, BATMAN!” – Jen Olmstead, TONIC\u003C\u002Fp>\n\u003Cp>“Since implementing BDOW! into our live launches, we’ve been able to capitalize on leads we’d normally be losing with an exit intent pop up.” – Jon Hayes, Erica + Jon\u003C\u002Fp>\n\u003Cp>“I love the A\u002FB testing and the data. BDOW! makes it so easy to create tests and choose a winner!” – Liz, UAV Coach\u003C\u002Fp>\n\u003Ch3>Core Features Overview\u003C\u002Fh3>\n\u003Ch3>Grow your email list with super speed!\u003C\u002Fh3>\n\u003Cp>Grow your email list by collecting email addresses with high-converting opt-in forms as visitors browse your site, so you can follow up with them later and turn them into customers.\u003C\u002Fp>\n\u003Cp>Create pop-ups, scroll-boxes, inline forms, click triggers, welcome mats, and smart bars.\u003C\u002Fp>\n\u003Ch3>Advanced targeting rules make it easy to target the right visitors with the right message.\u003C\u002Fh3>\n\u003Cp>Show or don’t show pop-ups and forms based on factors like URLs, Pages, Devices, Referrer, Visitor Behavior, Exit Intent, Cookies, Parameters, and more.\u003C\u002Fp>\n\u003Ch3>Manage all your websites from a single dashboard.\u003C\u002Fh3>\n\u003Cp>BDOW! (formerly Sumo) makes it easy for agencies and designers to manage their own sites and client sites from one place.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Fast set-up + installation\u003C\u002Fli>\n\u003Cli>User management controls\u003C\u002Fli>\n\u003Cli>Easy to add + remove sites\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Easily set-up A\u002FB tests to increase conversion rates.\u003C\u002Fh4>\n\u003Cp>Set-up A\u002FB tests with a single click and test headlines, form fields, and messaging. Control how often each variation is seen, and choose a winner with one-click!\u003C\u002Fp>\n\u003Ch4>Earn more using BDOW!’s integration with WooCommerce.\u003C\u002Fh4>\n\u003Cp>BDOW! seamlessly integrates with WooCommerce to create unique offers and discounts along with beautiful forms that help you increase your average order value and reduce cart abandonment.\u003C\u002Fp>\n\u003Ch4>Fast and friendly customer support.\u003C\u002Fh4>\n\u003Cp>Have questions on how to increase conversions and sales for your online business? Your success is our success. Our dedicated Customer Experience team will make sure your business is growing and you’re getting the most out of BDOW!.\u003C\u002Fp>\n\u003Ch4>Fast, Secure, and SEO-friendly!\u003C\u002Fh4>\n\u003Cp>Compliant with GDPR and the latest SEO guidelines from Google so you can convert more visitors and make more sales.\u003C\u002Fp>\n\u003Ch4>Easy to get started using dozens of professionally designed templates.\u003C\u002Fh4>\n\u003Cp>Get set up in minutes and use BDOW! (formerly Sumo) for FREE.\u003C\u002Fp>\n\u003Cp>See more at \u003Ca href=\"https:\u002F\u002Fbdow.com\" rel=\"nofollow ugc\">https:\u002F\u002Fbdow.com\u003C\u002Fa>!\u003C\u002Fp>\n","Sumo is trusted by over 600,000 businesses — small and large — in growing their email lists, customer base, and revenue online.",20000,2458436,84,519,"2025-06-05T19:44:00.000Z","6.8.5","4.7",[79,80,81,20,22],"analytics","ecommerce","email","https:\u002F\u002Fbdow.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsumome.1.44.zip",99,"2024-04-05 00:00:00",{"slug":87,"name":88,"version":89,"author":90,"author_profile":91,"description":92,"short_description":93,"active_installs":94,"downloaded":95,"rating":12,"num_ratings":58,"last_updated":96,"tested_up_to":15,"requires_at_least":97,"requires_php":24,"tags":98,"homepage":100,"download_link":101,"security_score":102,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"funnel","Funnel","1.4.2","ablancodev","https:\u002F\u002Fprofiles.wordpress.org\u002Feggemplo\u002F","\u003Cp>Create a conversion funnel in your wordpress.\u003Cbr \u002F>\nIt allows for seamless tracking and categorization of users based on their conversion states, providing valuable insights to optimize marketing strategies and enhance overall user engagement.\u003C\u002Fp>\n\u003Cp>You can create leads manually or automatically when register new users.\u003C\u002Fp>\n\u003Cp>Users can travel through the conversion funnel by visiting different pages.\u003C\u002Fp>\n\u003Cp>Referrer system ready with url param.\u003C\u002Fp>\n\u003Cp>If you need to notify them, you can use WordPress emails.\u003C\u002Fp>\n","Streamline Your Marketing: Effortlessly Navigate User Conversion Paths",20,3988,"2025-02-12T07:32:00.000Z","5.9",[99,87,20,22],"contacts","https:\u002F\u002Ffunnelwpplugin.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffunnel.1.4.2.zip",92,{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":111,"downloaded":112,"rating":28,"num_ratings":28,"last_updated":113,"tested_up_to":114,"requires_at_least":115,"requires_php":24,"tags":116,"homepage":122,"download_link":123,"security_score":124,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"leadsource-tracker","LeadSource Tracker – Free Edition","1.0","cchui","https:\u002F\u002Fprofiles.wordpress.org\u002Fcchui\u002F","\u003Cp>Finally, marketing attribution that won’t break the bank!\u003C\u002Fp>\n\u003Cp>LeadSource Tracker is a plugin for WordPress websites which allows you to tag your inbound links (emails, advertisements, newsletters, press releases, even\u003Cbr \u002F>\noffline venues) so that you can find out where your leads and opportunities are coming from and calculate real ROI.\u003C\u002Fp>\n\u003Cp>LeadSource Tracker can attribute MULTIPLE lead sources to a visitor when they register.  When the user registers or places an order on your website, all the\u003Cbr \u002F>\npast campaigns that the user has clicked on can be populated into your forms, where they can be stored in your CRM for reports that consist of marketing attribution to multiple campaigns.  You can even retrieve the lead sources and use the campaign information to customize your web pages.\u003C\u002Fp>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n","LeadSource Tracker is a simple campaign and marketing attribution that tracks multiple lead sources per visitor.",10,1481,"2015-05-25T03:20:00.000Z","4.2.39","3.7",[117,118,119,120,121],"campaign-attribution","lead-source","leadsource","marketing-attribution","multiple-lead-source","http:\u002F\u002Fwww.leadsourcetracker.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fleadsource-tracker.zip",85,{"slug":126,"name":127,"version":128,"author":129,"author_profile":130,"description":131,"short_description":132,"active_installs":111,"downloaded":133,"rating":28,"num_ratings":28,"last_updated":134,"tested_up_to":135,"requires_at_least":136,"requires_php":137,"tags":138,"homepage":141,"download_link":142,"security_score":124,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"metricspot-seo-leads","MetricSpot SEO Leads","2017.09.25","angel","https:\u002F\u002Fprofiles.wordpress.org\u002Fangeldiazibarra\u002F","\u003Cp>This plugin inserts \u003Ca href=\"https:\u002F\u002Fmetricspot.com\u002Fseo-leads\u002F\" rel=\"nofollow ugc\">MetricSpot’s SEO Leads\u003C\u002Fa> script in your WordPress site so you don’t have to edit your theme’s code. It’s the first step you need to take in order to embed our lead generation widgets in your website.\u003C\u002Fp>\n\u003Cp>Once the plugin is installed and activated, you can insert our widgets in your website by pasting the following code snippets where you want them to appear:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Sidabar Widget\u003C\u002Fstrong>\u003Cbr \u002F>\n    \u003Cdiv id=”ms-audit” data-ms-id=”{your_id}” data-ms-lang=”en” >\u003C\u002Fdiv>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Inline Widget\u003C\u002Fstrong>\u003Cbr \u002F>\n    \u003Cdiv class=”ms-inline” data-ms-id=”{your_id}” data-ms-lang=”en” >\u003C\u002Fdiv>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Popup Widget\u003C\u002Fstrong>\u003Cbr \u002F>\n    \u003Cdiv id=”ms-popup” data-ms-id=”{your_id}” data-ms-lang=”en” >\u003C\u002Fdiv>\u003C\u002Fp>\n\u003Cp>Remember to replace the \u003Ccode>{your_id}\u003C\u002Fcode> by your MetricSpot’s user ID on the above snippets. If you don’t know your MetricSpot’s user ID you can obtain it from our website.\u003C\u002Fp>\n\u003Cp>To use this plugin you have to be a \u003Cstrong>Pro user of MetricSpot’s tools\u003C\u002Fstrong>. \u003Ca href=\"https:\u002F\u002Fmetricspot.com\u002Fcontact\u002F\" rel=\"nofollow ugc\">Send us a message\u003C\u002Fa> with your registration e-mail and we’ll give you a free one week trial.\u003C\u002Fp>\n","With MetricSpot's SEO Leads Plugin you will be able to offer free SEO reports on your own website. Automate the process of capturing SEO leads!",1370,"2017-09-28T10:29:00.000Z","4.8.28","3.0.1","5.4",[139,20,22,140],"conversions","seo","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmetricspot-seo-leads\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmetricspot-seo-leads.zip",{"slug":144,"name":145,"version":146,"author":147,"author_profile":148,"description":149,"short_description":150,"active_installs":111,"downloaded":151,"rating":12,"num_ratings":13,"last_updated":152,"tested_up_to":153,"requires_at_least":154,"requires_php":155,"tags":156,"homepage":159,"download_link":160,"security_score":124,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":161},"slide-to-subscribe","Slide to Subscribe","1.1","andreitp1","https:\u002F\u002Fprofiles.wordpress.org\u002Fandreitp1\u002F","\u003Cp>Seamlessly collect email addresses on your website. Slide to Subscribe helps you get more newsletter subscribers by making it incredibly-easy to subscribe. Due to its unique subscribe flow, Slide to Subscribe allows you to remove double opt-in, while keeping your list (very) clean.\u003C\u002Fp>\n\u003Cp>Slide to Subscribe has built-in, free email verification and bot detection. This means you are significantly less likely to fall into spam traps and throwaway emails are automatically rejected. The built-in bot detection ensures that only real humans subscribe to your email list.\u003C\u002Fp>\n\u003Cp>Manage subscribers in one place via your subscribers dashboard on https:\u002F\u002Fslidetosubscribe.com. Export your subscribers or have them automatically sync with your lists on Mailchimp, Sendgrid, SendinBlue etc.\u003C\u002Fp>\n\u003Cp>Get a unique subscribe.to\u002Fwhatever-you-want URL that you can use to promote your links and collect emails anywhere – such as in your social media bio and posts and (why not) even on your t-shirt.\u003C\u002Fp>\n","Allow people to subscribe to your newsletter with just a slide. Works with any newsletter or website, extremely easy setup.",1242,"2020-03-01T18:34:00.000Z","5.3.21","3.1","5.2.4",[81,157,20,22,158],"form","newsletter","https:\u002F\u002Fslidetosubscribe.com\u002Fdashboard","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fslide-to-subscribe.zip","2026-03-15T14:54:45.397Z",{"attackSurface":163,"codeSignals":195,"taintFlows":207,"riskAssessment":236,"analyzedAt":247},{"hooks":164,"ajaxHandlers":191,"restRoutes":192,"shortcodes":193,"cronEvents":194,"entryPointCount":28,"unprotectedCount":28},[165,171,175,179,183,187],{"type":166,"name":167,"callback":168,"file":169,"line":170},"action","plugins_loaded","leadster_load_text_domain","leadster.php",216,{"type":166,"name":172,"callback":173,"file":169,"line":174},"admin_menu","leadster_admin_menu",218,{"type":166,"name":176,"callback":177,"file":169,"line":178},"admin_notices","leadster_admin_notices",221,{"type":166,"name":180,"callback":181,"file":169,"line":182},"admin_print_styles","leadster_admin_css",225,{"type":166,"name":184,"callback":185,"file":169,"line":186},"admin_post_leadster_script_code","leadster_script_code_action",227,{"type":166,"name":188,"callback":189,"file":169,"line":190},"wp_footer","leadster_add_widget_to_footer",229,[],[],[],[],{"dangerousFunctions":196,"sqlUsage":197,"outputEscaping":199,"fileOperations":28,"externalRequests":28,"nonceChecks":58,"capabilityChecks":28,"bundledLibraries":206},[],{"prepared":28,"raw":28,"locations":198},[],{"escaped":200,"rawEcho":58,"locations":201},13,[202],{"file":203,"line":204,"context":205},"views\\content.php",6,"raw output",[],[208,227],{"entryPoint":209,"graph":210,"unsanitizedCount":58,"severity":226},"leadster_script_code_action (leadster.php:101)",{"nodes":211,"edges":223},[212,217],{"id":213,"type":214,"label":215,"file":169,"line":216},"n0","source","$_POST",108,{"id":218,"type":219,"label":220,"file":169,"line":221,"wp_function":222},"n1","sink","update_option() [Settings Manipulation]",114,"update_option",[224],{"from":213,"to":218,"sanitized":225},false,"low",{"entryPoint":228,"graph":229,"unsanitizedCount":28,"severity":226},"\u003Cleadster> (leadster.php:0)",{"nodes":230,"edges":233},[231,232],{"id":213,"type":214,"label":215,"file":169,"line":216},{"id":218,"type":219,"label":220,"file":169,"line":221,"wp_function":222},[234],{"from":213,"to":218,"sanitized":235},true,{"summary":237,"deductions":238},"The 'leadster-marketing-conversacional' plugin version 1.3.2 exhibits a mixed security posture.  On the positive side, the static analysis reveals a very small attack surface with zero identified entry points and no exposed AJAX handlers, REST API routes, shortcodes, or cron events.  Furthermore, the code demonstrates good practices by using prepared statements for all SQL queries and having a high percentage of properly escaped output.  The presence of a nonce check is also a positive indicator.\n\nHowever, there are notable concerns. The taint analysis reveals a flow with an unsanitized path, which, while not classified as critical or high, still indicates a potential for malicious data to be processed without adequate cleaning.  The plugin's vulnerability history is also a significant point of concern, with two known medium-severity CVEs, both of which were reportedly Cross-Site Request Forgery (CSRF) vulnerabilities.  The fact that these were medium-severity and the plugin has historically had CSRF issues suggests a recurring pattern that needs attention, especially given that no unpatched CVEs are currently listed.\n\nIn conclusion, while the plugin demonstrates some strong security foundations, the presence of unsanitized paths in the taint analysis and the history of CSRF vulnerabilities, even if currently patched, warrant careful consideration. The absence of capability checks on potential (though currently non-existent) entry points is also a weakness that could become problematic if the attack surface expands in future versions.",[239,242,244],{"reason":240,"points":241},"Taint flow with unsanitized path detected",8,{"reason":243,"points":111},"History of 2 medium severity CVEs (CSRF)",{"reason":245,"points":246},"No capability checks on potential entry points",5,"2026-03-16T18:09:31.453Z",{"wat":249,"direct":255},{"assetPaths":250,"generatorPatterns":252,"scriptPaths":253,"versionParams":254},[251],"\u002Fwp-content\u002Fplugins\u002Fleadster-marketing-conversacional\u002Fassets\u002Fcss\u002Fstyle.css",[],[],[],{"cssClasses":256,"htmlComments":257,"htmlAttributes":258,"restEndpoints":259,"jsGlobals":260,"shortcodeOutput":261},[],[],[],[],[],[]]