[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fyBWZVBIiBZJPazBAosr2FLKJOEcuOhDXFo23UgZCjpI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":38,"analysis":136,"fingerprints":200},"lite-contact-form","Lite Contact Form","1.1.6","Beherit","https:\u002F\u002Fprofiles.wordpress.org\u002Fbeherit\u002F","\u003Cp>Lightweight and simple contact form with no additional user-unfriendly options. You can add the contact form to any page with a shortcode \u003Ccode>[contact_form]\u003C\u002Fcode>. Plugin is integrated with plugin \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fakismet\u002F\" rel=\"ugc\">Akismet\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgrecaptcha\u002F\" rel=\"ugc\">GreCAPTCHA\u003C\u002Fa> which protect against spam.\u003C\u002Fp>\n","Lightweight and simple contact form with no additional user-unfriendly options. Can be additionally protected against spam by using Akismet and Google &hellip;",100,5673,1,"2022-02-16T12:45:00.000Z","5.9.13","4.6","7.0",[19,20,21,22,23],"contact","contact-form","email","feedback","feedback-form","https:\u002F\u002Fbeherit.pl\u002Fen\u002Fwordpress\u002Flite-contact-form\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flite-contact-form.1.1.6.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":26,"computed_at":37},"beherit",7,420,87,30,"2026-04-04T02:43:52.391Z",[39,56,80,101,119],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":27,"downloaded":47,"rating":11,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":17,"tags":52,"homepage":54,"download_link":55,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"saksh-callback-request-form","Saksh Callback Request Form","1.0","susheelhbti","https:\u002F\u002Fprofiles.wordpress.org\u002Fsusheelhbti\u002F","\u003Cp>Have you seen the lead generation form on the company like zerodha, Kotek Mahidra bank, JIO fibre. I setup this plugin in tradition contact form.\u003C\u002Fp>\n\u003Cp>They focus on verify the data using email and sms so that they avoid garabase data. And also make simple form .\u003C\u002Fp>\n\u003Cp>Checkout these links\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fzerodha.com\u002Fopen-account\u003Cbr \u002F>\nhttps:\u002F\u002Fwww.kotak.com\u002F811-savingsaccount-ZeroBalanceAccount\u002F811\u002Fahome2.action\u003C\u002Fp>\n\u003Cp>They first ask mobile number, email id  and then send OTP on these and verify and then only they ask other details if user failed to verify then they ignore.\u003C\u002Fp>\n\u003Cp>Using wordpress ajax in whole process the page don’t get reload.\u003C\u002Fp>\n","Inspired by zerodha, Kotek Mahidra bank, JIO fibre lead generation form I setup this form it first ask users email ID and mobile number and then send  &hellip;",907,2,"2021-09-01T03:18:00.000Z","5.7.15","5.3",[19,20,21,23,53],"lead-generation","#","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsaksh-callback-request-form.zip",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":66,"num_ratings":67,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":71,"tags":72,"homepage":76,"download_link":77,"security_score":35,"vuln_count":78,"unpatched_count":27,"last_vuln_date":79,"fetched_at":29},"pirate-forms","Contact Form & SMTP Plugin for WordPress by PirateForms","2.6.1","Syed Balkhi","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmub\u002F","\u003Cp>\u003Cstrong>Pirate Forms is no longer under active development. We recommend using \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpforms-lite\u002F\" rel=\"friend ugc\">WPForms\u003C\u002Fa> because it is the most beginner-friendly WordPress contact form plugin in the market.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>In Sep 2018, \u003Ca href=\"https:\u002F\u002Fwpforms.com\u002Fwpforms-has-acquired-pirate-forms\u002F\" rel=\"friend nofollow ugc\">Pirate Forms was acquired by WPForms\u003C\u002Fa>. We’re retiring Pirate Forms in favor of the modern form builder by WPForms, so users can have access to best user experience and more powerful WordPress form features.\u003C\u002Fp>\n\u003Cp>Stay in touch with your visitors very easily. Pirate Contact Forms offers you a great and friendly contact form for your website.\u003Cbr \u002F>\nThis is an easy-to-use WordPress contact form with captcha plugin. To create a contact form you just need to use the [pirate_forms] shortcode or use the WordPress contact form widget.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Time-saving features available in the FULL WPForms version:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Unlimited Forms\u003C\u002Fli>\n\u003Cli>Email Marketing Integrations (MailChimp, AWeber, Constant Contact, and more)\u003C\u002Fli>\n\u003Cli>Payment Integrations (PayPal and Stripe)\u003C\u002Fli>\n\u003Cli>Surveys & Polls Addon\u003C\u002Fli>\n\u003Cli>Conditional Logic\u003C\u002Fli>\n\u003Cli>User Registration, Geo-location, File Uploads, Multi-Page Forms, and a whole lot more.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwpforms.com\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=pirateformslite\" title=\"WPForms\" rel=\"friend nofollow ugc\">Learn more about WPForms Pro\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Why use our responsive WordPress Contact Form:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>It’s easy to use\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This Contact Form 7 or any form builder alternative is very easy to set up. You can quickly create an engaging contact form by using a shortcode and copying it where you want it to appear.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>It’s fully customizable\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This WordPress Contact Form plugin allows you to customize everything you want. You can change the field labels and decide what message to tell your visitors when an error shows up. You can also decide which fields are required and which are not.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Provides reCaptcha\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Avoid spam messages and make sure the e-mails you receive are entirely addressed to you.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Comes with SMTP\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Pirate Form comes with basic SMTP options, so you won’t miss any email from your visitors. The messages will be safely delivered from the source to your personal e-mail address.\u003C\u002Fp>\n\u003Cp>However for a more reliable SMTP solution, we recommend using \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-mail-smtp\u002F\" rel=\"ugc\">WP Mail SMTP by WPForms\u003C\u002Fa> which is the most popular WordPress SMTP solution being used by over 1 million websites.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Stores contacts in special databases\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can keep all the contacts in an archive by saving their e-mail addresses. Pirate Contact Form allows you to do that by providing contact databases.\u003C\u002Fp>\n\u003Cp>A simple to use contact form plugin for creating a clean contact form using the [pirate_forms] shortcode or the ‘Pirate Forms’ form widget.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Provides option to allow submitting the form using AJAX\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Standard contact forms work just fine, but you can make them nicer by using AJAX to submit the form data in the background.\u003C\u002Fp>\n\u003Cp>Pirate Forms allows you to take advantage of this great feature using the [pirate_forms ajax=”yes”] shortcode or the ‘Submit form using Ajax’ option in the Pirate Forms widget.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>What PirateForms isn’t for now\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This is not a form maker or drag & drop builder plugin nor “the best contact form plugin”. You cannot add new fields or create multiple forms (subscription forms, payment, order, feedback or quote) with Pirate Forms.\u003C\u002Fp>\n\u003Cp>This is why we recommend using \u003Ca href=\"https:\u002F\u002Fwpforms.com\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=pirateformslite\" title=\"WPForms\" rel=\"friend nofollow ugc\">WPForms\u003C\u002Fa> which is the most beginner friendly drag & drop WordPress form builder in the market.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Pirate Forms is no longer under active development\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Pirate Forms is no longer under active development. We recommend using \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpforms-lite\u002F\" rel=\"friend ugc\">WPForms\u003C\u002Fa> because it is the most beginner-friendly WordPress contact form plugin in the market.\u003C\u002Fp>\n\u003Cp>In Sep 2018, \u003Ca href=\"https:\u002F\u002Fwpforms.com\u002Fwpforms-has-acquired-pirate-forms\u002F\" rel=\"friend nofollow ugc\">Pirate Forms was acquired by WPForms\u003C\u002Fa>. We’re retiring Pirate Forms in favor of the moden form builder by WPForms, so users can have access to best user experience and more powerful WordPress form features.\u003C\u002Fp>\n\u003Ch4>What’s Next\u003C\u002Fh4>\n\u003Cp>You may also want to consider checking out our other projects:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpforms.com\u002F\" title=\"WPForms\" rel=\"friend nofollow ugc\">WPForms\u003C\u002Fa> – Best WordPress Contact Form Plugin\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Foptinmonster.com\u002F\" title=\"OptinMonster\" rel=\"friend nofollow ugc\">OptinMonster\u003C\u002Fa> – Get More Email Subscribers\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.monsterinsights.com\u002F\" title=\"MonsterInsights\" rel=\"friend nofollow ugc\">MonsterInsights\u003C\u002Fa> – Best Google Analytics Plugin for WordPress\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Visit \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002F\" title=\"WPBeginner\" rel=\"friend nofollow ugc\">WPBeginner\u003C\u002Fa> to learn from our \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002Fcategory\u002Fwp-tutorials\u002F\" title=\"WordPress Tutorials\" rel=\"friend nofollow ugc\">WordPress Tutorials\u003C\u002Fa> and find out about other \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002Fcategory\u002Fplugins\u002F\" title=\"Best WordPress Plugins\" rel=\"friend nofollow ugc\">best WordPress plugins\u003C\u002Fa>, \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002Fwordpress-hosting\u002F\" rel=\"friend nofollow ugc\">best WordPress hosting solutions\u003C\u002Fa>, and see our step by step guide on \u003Ca href=\"https:\u002F\u002Fwww.wpbeginner.com\u002Fstart-a-wordpress-blog\u002F\" rel=\"friend nofollow ugc\">how to start a blog\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Notes\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Pirate Forms was acquired by WPForms and is no longer being actively maintained.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>WPForms is absolutely, positively the most \u003Ca href=\"https:\u002F\u002Fwpforms.com\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=liteversion\" title=\"Best WordPress contact form plugin\" rel=\"friend nofollow ugc\">beginner friendly WordPress contact form plugin\u003C\u002Fa> on the market. It is both easy and powerful.\u003C\u002Fp>\n\u003Cp>We took the pain out of creating online forms and made it easy. Check out all \u003Ca href=\"https:\u002F\u002Fwpforms.com\u002Ffeatures\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=liteversion\" rel=\"friend nofollow ugc\">WPForms features\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Also, I’m the founder of \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002F\" rel=\"friend nofollow ugc\">WPBeginner\u003C\u002Fa>, the largest WordPress resource site for beginners. It was a huge priority for me to make a WordPress contact form plugin that beginners can use without any training.\u003C\u002Fp>\n\u003Cp>I feel that we have done that here. I hope you enjoy using WPForms.\u003C\u002Fp>\n\u003Cp>Thank you\u003C\u002Fp>\n\u003Cp>Syed Balkhi\u003C\u002Fp>\n","A simple and effective WordPress contact form & SMTP plugin. Compatible with best themes out there, is both a secure and responsive contact form p &hellip;",30000,3808223,94,223,"2025-01-20T14:45:00.000Z","6.7.5","5.5","5.6",[20,23,73,74,75],"forms","smtp","subscribe-form","http:\u002F\u002Fthemeisle.com\u002Fplugins\u002Fpirate-forms\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpirate-forms.2.6.1.zip",4,"2025-03-03 00:00:00",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":66,"num_ratings":90,"last_updated":91,"tested_up_to":92,"requires_at_least":71,"requires_php":93,"tags":94,"homepage":97,"download_link":98,"security_score":99,"vuln_count":48,"unpatched_count":27,"last_vuln_date":100,"fetched_at":29},"clean-and-simple-contact-form-by-meg-nicholas","Contact Form Clean and Simple","4.12.2","fullworks","https:\u002F\u002Fprofiles.wordpress.org\u002Ffullworks\u002F","\u003Cp>A clean and simple AJAX contact form with Google reCAPTCHA, flexible CSS framework support, spam filtering, and REST API support for headless WordPress implementations.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Clean\u003C\u002Fstrong>: all user inputs are stripped in order to avoid cross-site scripting (XSS) vulnerabilities.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Simple\u003C\u002Fstrong>: AJAX enabled validation and submission for immediate response and guidance for your users (can be switched off).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Flexible Styling\u003C\u002Fstrong>: Choose your CSS framework – Bootstrap (default), Theme Native (inherits your theme’s styles), or Minimal (semantic classes for complete custom styling).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>REST API Support\u003C\u002Fstrong>: Enable headless WordPress implementations to submit forms via authenticated REST API endpoints.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Accessible\u003C\u002Fstrong>: Built with accessibility in mind – proper ARIA attributes, keyboard navigation, screen reader support, and WCAG AA compliant color contrast.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This is a straightforward contact form for your WordPress site. There is very minimal set-up\u003Cbr \u002F>\nrequired. Simply install, activate, and then place the short code \u003Cstrong>[cscf-contact-form]\u003C\u002Fstrong> on your web page.\u003C\u002Fp>\n\u003Cp>A standard set of input boxes are provided, these include Email Address, Name, Message and a nice big ‘Send Message’ button.\u003C\u002Fp>\n\u003Cp>When your user has completed the form an email will be sent to you containing your user’s message.\u003Cbr \u002F>\nTo reply simply click the ‘reply’ button on your email client.\u003Cbr \u002F>\nThe email address used is the one you have set up in WordPress under ‘Settings’ -> ‘General’, so do check this is correct.\u003C\u002Fp>\n\u003Cp>To help prevent spam all data is scanned can be scanned with Fullworks Anti Spam Pro.\u003Cbr \u002F>\nFor this to work you must have the \u003Ca href=\"https:\u002F\u002Ffullworksplugins.com\u002Fproducts\u002Fanti-spam\u002F\" title=\"Fullworks Anti Spam Pro\" rel=\"nofollow ugc\">Fullworks Anti Spam Pro Plugin\u003C\u002Fa> installed and activated.\u003C\u002Fp>\n\u003Cp>Fullworks Anti Spam Pro will also log all your messages, categorized  as spam or not, automatically.\u003C\u002Fp>\n\u003Cp>For added piece of mind this plugin also allows you to add a ‘\u003Cstrong>reCAPTCHA\u003C\u002Fstrong>’.\u003Cbr \u002F>\nThis adds a picture of a couple of words to the bottom of the contact form.\u003Cbr \u002F>\nYour user must correctly type the words before the form can be submitted, and in so doing, prove that they are human.\u003C\u002Fp>\n\u003Ch4>Why Choose This Plugin?\u003C\u002Fh4>\n\u003Cp>Granted there are many plugins of this type in existence already. Why use this one in-particular?\u003C\u002Fp>\n\u003Cp>Here’s why:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Minimal setup. Simply activate the plugin and place the shortcode [cscf-contact-form] on any post or page.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Safe\u003C\u002Fstrong>. All input entered by your user  is stripped back to minimise as far as possible the likelihood of any\u003Cbr \u002F>\nmalicious user attempting to inject a script into your website.\u003Cbr \u002F>\nIf the Fullworks Anti Spam Pro plugin is activated all form data will be scanned for spam.\u003Cbr \u002F>\nYou can turn on reCAPTCHA to avoid your form being abused by bots, however Fullworks Anti Spam Pro will do this without reCAPTCHA.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Ajax enabled\u003C\u002Fstrong>. You have the option to turn on AJAX (client-side) validation and submission which gives your users an immediate response when completing the form without having to wait for the page to refresh.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>The form can \u003Cstrong>integrate seamlessly into your website\u003C\u002Fstrong>. Turn off the plugin’s default css style sheet so that your theme’s style sheet can be used instead.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Flexible CSS styling\u003C\u002Fstrong>: Choose from Bootstrap, Modern (with dark mode), Theme Native, or Minimal styling modes to match your site’s design.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>This plugin will only link in its jQuery file where it’s needed, it \u003Cstrong>will not impose\u003C\u002Fstrong> itself on every page of your whole site!\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Works with the \u003Cstrong>latest version of WordPress\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Original plugin written by an \u003Cstrong>experienced PHP programmer\u003C\u002Fstrong>, Megan Nicholas, the code is rock solid, safe, and rigorously tested as standard practice.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Headless WordPress ready\u003C\u002Fstrong>. REST API support allows you to submit forms from decoupled frontends, mobile apps, or any external application with proper authentication.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Hopefully this plugin will fulfil all your needs.\u003C\u002Fp>\n\u003Ch3>PHP 8 Ready\u003C\u002Fh3>\n\u003Cp>Tested on PHP 8.4\u003C\u002Fp>\n\u003Ch3>How to Use\u003C\u002Fh3>\n\u003Cp>Unless you want to change messages or add reCAPTCHA to your contact form then this plugin will work out of the box without any additional setup.\u003C\u002Fp>\n\u003Cp>Important: Check that you have an email address set-up in your WordPress ‘Settings’->’General’ page. This is the address that the plugin will use to send the contents of the contact form.\u003C\u002Fp>\n\u003Cp>To add the contact form to your WordPress website simply place the shortcode [cscf-contact-form] on the post or page that you wish the form to appear on.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>If you have Jetpack plugin installed disable the contact form otherwise the wrong form might display.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Additional Settings\u003C\u002Fh3>\n\u003Cp>This plugin will work out of the box without any additional setup. You have the option to change the default messages that are displayed to your user and to add reCAPTCHA capabilities.\u003C\u002Fp>\n\u003Cp>Go to the settings screen for the contact form plugin.\u003C\u002Fp>\n\u003Cp>You will find a link to the setting screen against the entry of this plugin on the ‘Installed Plugins’ page.\u003C\u002Fp>\n\u003Cp>Here is a list of things that you can change\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Message\u003C\u002Fstrong>: The message displayed to the user at the top of the contact form.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Message Sent Heading\u003C\u002Fstrong>: The message heading or title displayed to the user after the message has been sent.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Message Sent Content\u003C\u002Fstrong>: The message content or body displayed to the user after the message has been sent.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>CSS Framework\u003C\u002Fstrong>: Choose how the form is styled:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Bootstrap (Default)\u003C\u002Fstrong>: Uses Bootstrap CSS classes for full Bootstrap compatibility. Best for themes already using Bootstrap.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Modern (Card style)\u003C\u002Fstrong>: A beautiful, opinionated modern design with card-style layout, large inputs, and CSS variables for easy customization. Includes automatic dark mode support.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Theme Native\u003C\u002Fstrong>: Uses minimal classes with WordPress’s wp-element-button for the submit button. The form inherits your theme’s native form styles.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Minimal\u003C\u002Fstrong>: Uses semantic CSS classes only (cscf-field, cscf-input, etc.) for complete custom styling control.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Use this plugin’s default stylesheet\u003C\u002Fstrong>: The plugin comes with a default style sheet to make the form look nice for your user. Untick this if you want to use your theme’s stylesheet instead. The default stylesheet will simply not be linked in. This option is most relevant when using the Bootstrap CSS framework.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Use client side validation (Ajax)\u003C\u002Fstrong>: When ticked the contact form will be validated and submitted on the client giving your user instant feedback if they have filled the form in incorrectly. If you wish the form to be validated and submitted only to the server then untick this option.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Use reCAPTCHA\u003C\u002Fstrong>: Tick this option if you wish your form to have a reCAPTCHA box. ReCAPTCHA helps to avoid spam bots using your form by checking that the form filler is actually a real person. To use reCAPTCHA you will need to get a some special keys from google https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fadmin\u002Fcreate. Once you have your keys enter them into the Public key and Private key boxes\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>reCAPTCHA Public Key\u003C\u002Fstrong>: Enter the public key that you obtained from here.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>reCAPTCHA Private Key\u003C\u002Fstrong>: Enter the private key that you obtained from here.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>reCAPTCHA Theme\u003C\u002Fstrong>: Here you can change the reCAPTCHA box theme so that it fits with the style of your website.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Recipient Emails\u003C\u002Fstrong>: The email address where you would like all messages to be sent.\u003Cbr \u002F>\nThis will default to the email address you have specified under ‘E-Mail Address’ in your WordPress General Settings.\u003Cbr \u002F>\nIf you want your mail sent to a different address then enter it here.\u003Cbr \u002F>\nYou may enter multiple email addresses by clicking the ‘+’ button.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Confirm Email Address\u003C\u002Fstrong>: Email confirmation is now optional. To force your user to re-type their email address tick ‘Confirm Email Address’.\u003Cbr \u002F>\nIt is recommended that you leave this option on. If you turn this option off your user will only have to enter their email address once,\u003Cbr \u002F>\nbut if they enter it incorrectly you will have no way of getting back to them!\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Email Subject\u003C\u002Fstrong>: This is the email subject that will appear on all messages. If you would like to set it to something different then enter it here.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Override ‘From’ Address\u003C\u002Fstrong>: If you tick this and then fill in the ‘From Address:’ box then all email will be sent from the given address NOT from the email address given by the form filler.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>**Option to allow enquiry to email themselves a copy of the message.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Contact consent\u003C\u002Fstrong>: This option allows you to be GDPR compliant by adding a ‘Consent to contact’ check box at the bottom of the form.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Enable REST API\u003C\u002Fstrong>: Turn on REST API support to allow headless WordPress implementations to submit forms.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Required User Capability\u003C\u002Fstrong>: Set the minimum WordPress user capability required to use the REST API (default: edit_posts).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>REST API for Headless WordPress\u003C\u002Fh3>\n\u003Cp>This plugin includes REST API support, making it perfect for headless WordPress implementations, mobile applications, and decoupled frontend frameworks like React, Vue.js, or Angular.\u003C\u002Fp>\n\u003Ch4>Enabling REST API\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Go to the plugin settings page\u003C\u002Fli>\n\u003Cli>Find the “REST API Settings” section\u003C\u002Fli>\n\u003Cli>Check “Enable REST API”\u003C\u002Fli>\n\u003Cli>Set the required user capability (default: edit_posts)\u003C\u002Fli>\n\u003Cli>Save your settings\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>API Endpoint\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>POST\u003C\u002Fstrong> \u003Ccode>\u002Fwp-json\u002Fcscf\u002Fv1\u002Fsubmit\u003C\u002Fcode>\u003C\u002Fp>\n\u003Ch4>Authentication\u003C\u002Fh4>\n\u003Cp>The REST API requires WordPress user authentication. Users must be logged in and have the capability specified in settings (default: edit_posts).\u003C\u002Fp>\n\u003Cp>For headless implementations, you can use:\u003Cbr \u002F>\n– Application Passwords (WordPress 5.6+)\u003Cbr \u002F>\n– JWT Authentication plugins\u003Cbr \u002F>\n– OAuth plugins\u003Cbr \u002F>\n– Basic Authentication (development only)\u003C\u002Fp>\n\u003Ch4>Request Format\u003C\u002Fh4>\n\u003Cp>Send a POST request with JSON body:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>`json\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>{\u003Cbr \u002F>\n  “name”: “John Doe”,\u003Cbr \u002F>\n  “email”: “john@example.com”,\u003Cbr \u002F>\n  “confirm_email”: “john@example.com”,\u003Cbr \u002F>\n  “message”: “Your message here”,\u003Cbr \u002F>\n  “phone_number”: “+1234567890”,\u003Cbr \u002F>\n  “contact_consent”: true,\u003Cbr \u002F>\n  “email_sender”: false,\u003Cbr \u002F>\n  “post_id”: 123\u003Cbr \u002F>\n}\u003Cbr \u002F>\n    `\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Required fields:\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Ccode>name\u003C\u002Fcode>: Sender’s name\u003Cbr \u002F>\n– \u003Ccode>email\u003C\u002Fcode>: Sender’s email address\u003Cbr \u002F>\n– \u003Ccode>message\u003C\u002Fcode>: The message content\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Optional fields:\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Ccode>confirm_email\u003C\u002Fcode>: Required if email confirmation is enabled in settings\u003Cbr \u002F>\n– \u003Ccode>phone_number\u003C\u002Fcode>: Required if phone number is set as mandatory in settings\u003Cbr \u002F>\n– \u003Ccode>contact_consent\u003C\u002Fcode>: Required if contact consent is enabled in settings\u003Cbr \u002F>\n– \u003Ccode>email_sender\u003C\u002Fcode>: Set to true to send a copy to the sender\u003Cbr \u002F>\n– \u003Ccode>post_id\u003C\u002Fcode>: The ID of the page\u002Fpost where the form would normally be displayed\u003C\u002Fp>\n\u003Ch4>Response Format\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Success Response (200):\u003C\u002Fstrong>\u003Cbr \u002F>\n    \u003Ccode>json\u003Cbr \u002F>\n{\u003Cbr \u002F>\n  \"success\": true,\u003Cbr \u002F>\n  \"message\": \"Message Sent\"\u003Cbr \u002F>\n}\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Validation Error Response (400):\u003C\u002Fstrong>\u003Cbr \u002F>\n    \u003Ccode>json\u003Cbr \u002F>\n{\u003Cbr \u002F>\n  \"code\": \"validation_failed\",\u003Cbr \u002F>\n  \"message\": \"Validation failed.\",\u003Cbr \u002F>\n  \"data\": {\u003Cbr \u002F>\n    \"status\": 400,\u003Cbr \u002F>\n    \"errors\": {\u003Cbr \u002F>\n      \"email\": \"Please enter a valid email address.\",\u003Cbr \u002F>\n      \"message\": \"Please enter a message.\"\u003Cbr \u002F>\n    }\u003Cbr \u002F>\n  }\u003Cbr \u002F>\n}\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Authentication Error Response (401):\u003C\u002Fstrong>\u003Cbr \u002F>\n    \u003Ccode>json\u003Cbr \u002F>\n{\u003Cbr \u002F>\n  \"code\": \"rest_forbidden\",\u003Cbr \u002F>\n  \"message\": \"Authentication required.\",\u003Cbr \u002F>\n  \"data\": {\u003Cbr \u002F>\n    \"status\": 401\u003Cbr \u002F>\n  }\u003Cbr \u002F>\n}\u003C\u002Fcode>\u003C\u002Fp>\n\u003Ch4>Example Implementation\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>JavaScript (fetch API):\u003C\u002Fstrong>\u003Cbr \u002F>\n    `javascript\u003Cbr \u002F>\nconst formData = {\u003Cbr \u002F>\n  name: “John Doe”,\u003Cbr \u002F>\n  email: “john@example.com”,\u003Cbr \u002F>\n  confirm_email: “john@example.com”,\u003Cbr \u002F>\n  message: “This is a test message from the REST API”\u003Cbr \u002F>\n};\u003C\u002Fp>\n\u003Cp>fetch(‘https:\u002F\u002Fyoursite.com\u002Fwp-json\u002Fcscf\u002Fv1\u002Fsubmit’, {\u003Cbr \u002F>\n  method: ‘POST’,\u003Cbr \u002F>\n  headers: {\u003Cbr \u002F>\n    ‘Content-Type’: ‘application\u002Fjson’,\u003Cbr \u002F>\n    ‘Authorization’: ‘Bearer YOUR_AUTH_TOKEN’\u003Cbr \u002F>\n  },\u003Cbr \u002F>\n  body: JSON.stringify(formData)\u003Cbr \u002F>\n})\u003Cbr \u002F>\n.then(response => response.json())\u003Cbr \u002F>\n.then(data => {\u003Cbr \u002F>\n  if (data.success) {\u003Cbr \u002F>\n    console.log(‘Message sent successfully!’);\u003Cbr \u002F>\n  } else {\u003Cbr \u002F>\n    console.error(‘Validation errors:’, data.data.errors);\u003Cbr \u002F>\n  }\u003Cbr \u002F>\n});\u003Cbr \u002F>\n    `\u003C\u002Fp>\n\u003Ch4>Important Notes\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>REST API is disabled by default for security\u003C\u002Fli>\n\u003Cli>reCAPTCHA is bypassed for REST API submissions (authentication provides security)\u003C\u002Fli>\n\u003Cli>All other form validations and spam filtering still apply\u003C\u002Fli>\n\u003Cli>Form submissions via REST API are processed identically to regular submissions\u003C\u002Fli>\n\u003Cli>Email notifications work the same way as standard form submissions\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Demo\u003C\u002Fh3>\n\u003Cp>Demo site coming soon.\u003C\u002Fp>\n","A clean and simple contact form with flexible CSS framework support.",8000,546899,195,"2025-12-31T15:28:00.000Z","6.9.4","7.4",[95,19,20,23,96],"bootstrap","form","https:\u002F\u002Ffullworks.net\u002Fproducts\u002Fclean-and-simple-contact-form","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclean-and-simple-contact-form-by-meg-nicholas.4.12.2.zip",99,"2020-01-14 00:00:00",{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":66,"num_ratings":111,"last_updated":112,"tested_up_to":113,"requires_at_least":114,"requires_php":115,"tags":116,"homepage":117,"download_link":118,"security_score":11,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"more-mails-for-cf7","More Mails for CF7","1.2.1","Roy Orbitson","https:\u002F\u002Fprofiles.wordpress.org\u002Flev0\u002F","\u003Cp>By default, Contact Form 7 has a limit of two distinct mail messages per form, though each can have multiple recipients. This plugin allows you to add as many as you need. It’s relatively simple, so does not include the automatic configuration error detection that the default mails have.\u003C\u002Fp>\n\u003Cp>If you only wish to send the same message to multiple recipients, you won’t need this plugin; instead use the \u003Cstrong>To\u003C\u002Fstrong> field, or add \u003Cem>Cc\u003C\u002Fem>\u002F\u003Cem>Bcc\u003C\u002Fem> headers in the \u003Cstrong>Additional Headers\u003C\u002Fstrong> field as per \u003Ca href=\"https:\u002F\u002Fcontactform7.com\u002Fadding-cc-bcc-and-other-mail-headers\u002F\" rel=\"nofollow ugc\">Contact Form 7’s documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Tested up to v6.1.2 of Contact Form 7.\u003C\u002Fp>\n","Extends the ubiquitous Contact Form 7 plugin to allow three or more messages.",500,5518,6,"2025-10-28T04:44:00.000Z","6.8.5","4.9.0","5.6.0",[19,20,21,22,96],"","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmore-mails-for-cf7.1.2.1.zip",{"slug":120,"name":121,"version":122,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":127,"downloaded":128,"rating":27,"num_ratings":27,"last_updated":129,"tested_up_to":130,"requires_at_least":131,"requires_php":71,"tags":132,"homepage":134,"download_link":135,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"cf7-countries","Contact Form 7 Countries","1.0.0","Max Law","https:\u002F\u002Fprofiles.wordpress.org\u002Fatelierlabo\u002F","\u003Cp>Country drop-down menu for Contact Form 7. Install the plugin and you will get “countries drop down” Form tag in CF7. The countries list is the same countries list used by WooCommerce.\u003C\u002Fp>\n","Country drop-down menu for Contact Form 7.",400,6718,"2019-02-24T15:45:00.000Z","5.1.22","3.0.1",[19,20,133,21,22],"contact-form-7","http:\u002F\u002Fcf7-countries","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcf7-countries.1.0.zip",{"attackSurface":137,"codeSignals":185,"taintFlows":193,"riskAssessment":194,"analyzedAt":199},{"hooks":138,"ajaxHandlers":169,"restRoutes":170,"shortcodes":179,"cronEvents":184,"entryPointCount":48,"unprotectedCount":13},[139,145,151,154,157,160,164],{"type":140,"name":141,"callback":142,"file":143,"line":144},"action","rest_api_init","lcf_route_form_submit","includes\\core.php",19,{"type":146,"name":147,"callback":148,"priority":149,"file":143,"line":150},"filter","lcf_validate_name","lcf_validate_fields",10,112,{"type":146,"name":152,"callback":148,"priority":149,"file":143,"line":153},"lcf_validate_subject",113,{"type":146,"name":155,"callback":148,"priority":149,"file":143,"line":156},"lcf_validate_message",114,{"type":146,"name":158,"callback":158,"priority":149,"file":143,"line":159},"lcf_validate_email",141,{"type":146,"name":161,"callback":162,"priority":149,"file":143,"line":163},"lcf_validate","lcf_validate_akismet",169,{"type":140,"name":165,"callback":166,"file":167,"line":168},"wp_enqueue_scripts","lcf_enqueue_scripts","includes\\shortcode.php",38,[],[171],{"namespace":172,"route":173,"methods":174,"callback":176,"permissionCallback":177,"file":143,"line":178},"lite-contact-form\u002Fv1","\u002Fsubmit",[175],"POST","lcf_form_submit","__return_true",12,[180],{"tag":181,"callback":182,"file":167,"line":183},"contact_form","lcf_shortcode",118,[],{"dangerousFunctions":186,"sqlUsage":187,"outputEscaping":189,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":192},[],{"prepared":27,"raw":27,"locations":188},[],{"escaped":190,"rawEcho":27,"locations":191},5,[],[],[],{"summary":195,"deductions":196},"The \"lite-contact-form\" v1.1.6 plugin exhibits a generally good security posture based on the static analysis. The absence of dangerous functions, file operations, external HTTP requests, and the use of prepared statements for all SQL queries are positive indicators. Furthermore, all identified output points are properly escaped, and there is no recorded vulnerability history, suggesting a well-maintained and secure plugin. However, a significant concern arises from the presence of one unprotected REST API route, which represents a direct entry point into the application without any authentication or authorization checks. This could potentially be exploited by attackers to perform unintended actions or gain unauthorized access to data if the route's functionality is sensitive.\n\nThe static analysis highlights one unprotected REST API route as the primary security concern, contributing to a notable attack surface that lacks proper authorization. While the plugin demonstrates strong adherence to secure coding practices in other areas, this single unprotected entry point is a critical weakness. The absence of any recorded vulnerabilities in its history is a positive sign, but it does not negate the risk posed by the identified unprotected REST API endpoint. A balanced view shows a plugin with good internal coding but a critical external exposure that needs immediate attention.",[197],{"reason":198,"points":149},"Unprotected REST API route","2026-03-16T20:56:07.403Z",{"wat":201,"direct":211},{"assetPaths":202,"generatorPatterns":205,"scriptPaths":206,"versionParams":208},[203,204],"\u002Fwp-content\u002Fplugins\u002Flite-contact-form\u002Fcss\u002Fstyle.min.css","\u002Fwp-content\u002Fplugins\u002Flite-contact-form\u002Fjs\u002Fjs.lite-contact-form.min.js",[],[207],"lite-contact-form\u002Fjs\u002Fjs.lite-contact-form.min.js",[209,210],"lite-contact-form\u002Fcss\u002Fstyle.min.css?ver=","js.lite-contact-form.min.js?ver=",{"cssClasses":212,"htmlComments":217,"htmlAttributes":218,"restEndpoints":220,"jsGlobals":222,"shortcodeOutput":223},[213,214,215,216],"lcf","lcf-validate","lcf-tip","lcf-spinner",[],[219],"data-lcf-id",[221],"\u002Fwp-json\u002Flite-contact-form\u002Fv1\u002Fsubmit",[213],[224,225],"\u003Cform class=\"lcf\" method=\"post\" onsubmit=\"return false\">","\u003Cinput type=\"hidden\" name=\"_lcf\" value=\""]