[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f1yHUeQyykoR9g96NJ_MtRG7Y2IAkmkxea7eJqh3FIrs":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":7,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":142,"fingerprints":237},"logical-captcha","Logical Captcha","1.0.3","","https:\u002F\u002Fprofiles.wordpress.org\u002Flioncourt\u002F","\u003Cp>Logical Captcha takes advantage of the TextCaptcha.com service, which provides logic-based textual questions instead of distorted images or audio to validate that the entity registering is a real live human being, and not a spam bot. It will provide protection against false registrations and the dreaded spam comments, etc.\u003C\u002Fp>\n\u003Cp>An example of such a question might be:\u003C\u002Fp>\n\u003Cp>Question:\u003Cbr \u002F>\nOut of a truck, a lion, the color purple, and the number forty-two, which has a door?\u003C\u002Fp>\n\u003Cp>Answer:\u003Cbr \u002F>\ntruck\u003C\u002Fp>\n\u003Cp>Textual logic-based captchas mean that your registration process will be accessible to everyone, including visually\u002Fhearing impaired visitors who use access technology to surf the web. It requires a free API key from \u003Ca href=\"http:\u002F\u002FTextCaptcha.com\" rel=\"nofollow ugc\">TextCaptcha.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This plugin was developed by Josh de Lioncourt of \u003Ca href=\"http:\u002F\u002Fmaccessibility.net\" rel=\"nofollow ugc\">the Mac-cessibility Network\u003C\u002Fa>, a site dedicated to blind and visually impaired users of the Mac OS X operating system, the iPhone OS, and other Apple Inc. products and services. Josh de Lioncourt, the Mac-cessibility Network, and related sites are not in anyway affiliated with TextCaptcha.com\u003C\u002Fp>\n","Integrates a logic captcha to verify that the registrant is a human and not a spam bot instead of using distorted images or audio.",10,2211,0,"2009-08-24T23:37:00.000Z","2.8.4","2.7.1",[18,19,20,21,22],"captcha","register","registration","spam","users","http:\u002F\u002Fmaccessibility.net","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogical-captcha.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":30,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"lioncourt",1,30,84,"2026-04-04T15:08:47.023Z",[36,58,81,103,124],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":56,"download_link":57,"security_score":46,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"users-registered-list","Users Registration Date","1.0.1","Slava Abakumov","https:\u002F\u002Fprofiles.wordpress.org\u002Fslaffik\u002F","\u003Cp>The “Users Registration Date” plugin adds a new sortable “Registered” column to the users lists that you can see in wp-admin area.r\u003C\u002Fp>\n\u003Cp>You can sort users by this date in ascending (to see the oldest users first) and descending (the latest users first) order.\u003C\u002Fp>\n\u003Cp>The plugin honors global site date and time formats that you set on the Settings > General page.\u003C\u002Fp>\n\u003Ch3>Languages\u003C\u002Fh3>\n\u003Cp>You can translate the plugin into your language.\u003C\u002Fp>\n","New sortable \"Registered\" date column on the Users page in wp-admin area to see when each user has registered on a site.",2000,9143,100,4,"2025-12-30T09:39:00.000Z","6.9.4","3.3","5.6",[53,20,54,22,55],"registered-date","sort","users-list","https:\u002F\u002Fovirium.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fusers-registered-list.1.0.1.zip",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":68,"num_ratings":69,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":73,"tags":74,"homepage":7,"download_link":80,"security_score":68,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"disable-wp-registration-page-spam","Disable WP Registration Page Spam","1.0.2","Subodh Ghulaxe","https:\u002F\u002Fprofiles.wordpress.org\u002Fsubodhghulaxe\u002F","\u003Cp>Easily disable default WordPress registration page, remove register link and stop all spam registrations, without disabling the actual registration functionality. You may still want to accept user registration using membership or registration plugin.\u003C\u002Fp>\n\u003Cp>This plugin works great with popular registration plugins, you can have the registration form on a separate page at the same time disable the default registration of WordPress and protect the spam account creation by bots.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Stop spam \u002F fake registrations in WordPress.\u003C\u002Fli>\n\u003Cli>Disable default WordPress registration page.\u003C\u002Fli>\n\u003Cli>Remove register link from login page.\u003C\u002Fli>\n\u003Cli>Remove register link from forgot password page.\u003C\u002Fli>\n\u003Cli>Disable registration page but allows user registration.\u003C\u002Fli>\n\u003C\u002Ful>\n","Disable default WordPress registration page, remove register link and stop registration spam, without disabling user registration.",1000,11398,92,5,"2024-06-23T11:50:00.000Z","6.5.8","3.1.0","5.2.4",[75,76,77,78,79],"anti-spam","disable-wordpress-registration-page","registration-page-spam","remove-register-link","security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-wp-registration-page-spam.1.0.2.zip",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":66,"downloaded":89,"rating":90,"num_ratings":91,"last_updated":92,"tested_up_to":93,"requires_at_least":94,"requires_php":7,"tags":95,"homepage":98,"download_link":99,"security_score":100,"vuln_count":101,"unpatched_count":31,"last_vuln_date":102,"fetched_at":27},"user-spam-remover","User Spam Remover","1.1","Joel","https:\u002F\u002Fprofiles.wordpress.org\u002Fjoelhardi\u002F","\u003Cp>User Spam Remover is a plugin for WordPress that automatically removes spam user registrations and other old, never-used user accounts. It also blocks the notification e-mail that WordPress normally sends to the administrator whenever a new user registers (annoying when that registration is spam!) and logs it instead.\u003C\u002Fp>\n\u003Cp>The plugin adds a configuration panel so that all of these options can be turned on or off, and it logs and fully backs up all user accounts that it deletes, so that you can restore them if you need to.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Automatically deletes user registration spam and other orphaned, never-used accounts.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Very simple, enable and go! Doesn’t interfere with the normal user registration process in any way. So, it doesn’t add captchas or activation or anything else — you’re free to use it alongside a plugin that does, if you like.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Blocks notification e-mail that WordPress normally sends to the administrator every time a new user registers (instead, logs this event).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Fully configurable, with grace period for new accounts and optional username whitelist.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Fully logs all actions and backs up all user accounts that it deletes so that you can seamlessly restore them if you ever need to.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please see requirements and installation instructions below, or online \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fofficial-installation-instructions-and-what-to-do-about-errors\u002F\" rel=\"ugc\">in the WordPress support forum\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>For more information, please go to: \u003Ca href=\"https:\u002F\u002Flyncd.com\u002Fuser-spam-remover\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Flyncd.com\u002Fuser-spam-remover\u002F\u003C\u002Fa>\u003C\u002Fp>\n","Automatically removes spam user registrations and other old, unused user accounts. Blocks annoying e-mail to administrator after new registrations.",55653,82,18,"2024-03-03T19:20:00.000Z","6.4.8","3.9",[96,20,21,97,22],"admin","user","http:\u002F\u002Flyncd.com\u002Fuser-spam-remover\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-spam-remover.zip",61,2,"2025-12-04 00:00:00",{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":46,"downloaded":111,"rating":112,"num_ratings":47,"last_updated":113,"tested_up_to":114,"requires_at_least":115,"requires_php":7,"tags":116,"homepage":122,"download_link":123,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"wm-simple-captcha","WM Simple Captcha","2.0.3","Web Mumbai","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebmumbai\u002F","\u003Cp>WM Simple Captcha for registration page, customize captcha image according to your theme. Change image width, height, background color, set possible characters, add space between two characters, adjust font size, change form label, add your custom css, enable\u002Fdisable refresh button, change refresh button. Many think more on customization.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Enable\u002FDisable Captcha for wordpress registration page\u003C\u002Fli>\n\u003Cli>Set the captcha image with\u003C\u002Fli>\n\u003Cli>Set  the captcha image height\u003C\u002Fli>\n\u003Cli>Set the captcha possible characters length\u003C\u002Fli>\n\u003Cli>Adjust font size\u003C\u002Fli>\n\u003Cli>Enable space between characters\u003C\u002Fli>\n\u003Cli>Change font\u003C\u002Fli>\n\u003Cli>Set possible letters\u003C\u002Fli>\n\u003Cli>Set random Dots\u003C\u002Fli>\n\u003Cli>Set random Line\u003C\u002Fli>\n\u003Cli>Set text color\u003C\u002Fli>\n\u003Cli>Set dots color\u003C\u002Fli>\n\u003Cli>Set line color\u003C\u002Fli>\n\u003Cli>Change form label\u003C\u002Fli>\n\u003Cli>Enable captcha border\u003C\u002Fli>\n\u003Cli>Set captcha border color\u003C\u002Fli>\n\u003Cli>Enable\u002FDisable refresh button\u003C\u002Fli>\n\u003Cli>Change refresh images as your theme\u003C\u002Fli>\n\u003Cli>Not case sensitive\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>In Short you can change captcha image style as your theme style.\u003C\u002Fp>\n","Captcha image for registration page, customize according to your theme.",11782,76,"2016-01-03T07:34:00.000Z","4.4.34","3.6",[117,118,119,120,121],"custom-captcha-image","register-captcha-image","registration-captcha","simple-captcha","theme-my-captcha","http:\u002F\u002Fplugins.web-mumbai.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwm-simple-captcha.2.0.3.zip",{"slug":125,"name":126,"version":6,"author":127,"author_profile":128,"description":129,"short_description":130,"active_installs":32,"downloaded":131,"rating":13,"num_ratings":13,"last_updated":132,"tested_up_to":49,"requires_at_least":133,"requires_php":134,"tags":135,"homepage":140,"download_link":141,"security_score":46,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"fake-user-detector","Fake User Detector","PluginRx","https:\u002F\u002Fprofiles.wordpress.org\u002Fapos37\u002F","\u003Cp>Fake User Detector helps WordPress site owners identify and flag suspicious user accounts after they have already registered.\u003C\u002Fp>\n\u003Cp>This plugin does not prevent or block registrations. Instead, it analyzes user data post-registration to highlight accounts that appear automated, fake, or low-quality, making it easier to review and remove them manually.\u003C\u002Fp>\n\u003Cp>Fake User Detector is designed as a cleanup and review tool, not a registration firewall. It works well alongside other plugins that handle CAPTCHA, email verification, honeypots, or other signup prevention techniques.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Post-Registration Analysis:\u003C\u002Fstrong> Evaluates user accounts after creation to identify suspicious patterns.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Gibberish Detection:\u003C\u002Fstrong> Flags accounts with non-human patterns like too many uppercase letters, no vowels, or clusters of consonants.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Symbol and Number Filters:\u003C\u002Fstrong> Detects unnatural use of digits or special characters in names.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Detection Rules:\u003C\u002Fstrong> Enable or disable individual checks to suit your site’s user base.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flag for Review:\u003C\u002Fstrong> Suspicious accounts are flagged and marked for potential deletion.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Notice:\u003C\u002Fstrong> Quickly see how many flagged users exist from your admin area.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Scan Existing Users:\u003C\u002Fstrong> Scan the users admin list table for suspicious accounts so you can easily delete them.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Gravity Forms Integration:\u003C\u002Fstrong> If using Gravity Forms User Registration, the plugin optionally runs validation checks on registrations submitted via forms.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Hooks:\u003C\u002Fstrong> Add or customize detection logic with your own functions.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Detection Checks Include:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Manually flagged by admin\u003C\u002Fli>\n\u003Cli>Excessive uppercase letters (more than 5 in a name unless all caps)\u003C\u002Fli>\n\u003Cli>No vowels in names longer than 5 characters\u003C\u002Fli>\n\u003Cli>Six or more consecutive consonants in a name\u003C\u002Fli>\n\u003Cli>Presence of numbers in names\u003C\u002Fli>\n\u003Cli>Presence of special characters other than letters, numbers, and dashes\u003C\u002Fli>\n\u003Cli>Similarity between first and last name (exact match or one includes the other)\u003C\u002Fli>\n\u003Cli>Very short names (2 characters)\u003C\u002Fli>\n\u003Cli>Invalid or disposable email domains\u003C\u002Fli>\n\u003Cli>Excessive periods in email address (more than 3)\u003C\u002Fli>\n\u003Cli>Username containing URL patterns (\u003Ccode>http\u003C\u002Fcode>, \u003Ccode>https\u003C\u002Fcode>, or \u003Ccode>www\u003C\u002Fcode>)\u003C\u002Fli>\n\u003Cli>Known spam words in user bio or name\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Fake User Detector is ideal for membership sites, communities, forums, or any WordPress site that allows user registration and needs a practical way to review and clean up suspicious accounts that already exist.\u003C\u002Fp>\n","Detect and flag suspicious existing user accounts using simple checks to help clean up fake or low-quality registrations.",214,"2025-12-24T20:28:00.000Z","5.9","8.0",[136,137,138,21,139],"account-flagging","bot-detection","fake-users","user-registration","https:\u002F\u002Fpluginrx.com\u002Fplugin\u002Ffake-user-detector\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffake-user-detector.1.0.3.zip",{"attackSurface":143,"codeSignals":162,"taintFlows":179,"riskAssessment":228,"analyzedAt":236},{"hooks":144,"ajaxHandlers":158,"restRoutes":159,"shortcodes":160,"cronEvents":161,"entryPointCount":13,"unprotectedCount":13},[145,151,154],{"type":146,"name":147,"callback":148,"file":149,"line":150},"action","register_form","add_logical_captcha_fields","logical-captcha.php",33,{"type":146,"name":152,"callback":152,"priority":11,"file":149,"line":153},"register_post",34,{"type":146,"name":155,"callback":156,"file":149,"line":157},"admin_menu","logical_captcha_menu",35,[],[],[],[],{"dangerousFunctions":163,"sqlUsage":164,"outputEscaping":166,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":178},[],{"prepared":13,"raw":13,"locations":165},[],{"escaped":13,"rawEcho":69,"locations":167},[168,171,173,175,177],{"file":149,"line":169,"context":170},59,"raw output",{"file":149,"line":172,"context":170},127,{"file":149,"line":174,"context":170},128,{"file":149,"line":176,"context":170},130,{"file":149,"line":176,"context":170},[],[180,213],{"entryPoint":181,"graph":182,"unsanitizedCount":211,"severity":212},"logical_captcha_options (logical-captcha.php:101)",{"nodes":183,"edges":206},[184,189,195,198,202,204],{"id":185,"type":186,"label":187,"file":149,"line":188},"n0","source","$_POST",113,{"id":190,"type":191,"label":192,"file":149,"line":193,"wp_function":194},"n1","sink","update_option() [Settings Manipulation]",115,"update_option",{"id":196,"type":186,"label":197,"file":149,"line":172},"n2","$_SERVER['REQUEST_URI']",{"id":199,"type":191,"label":200,"file":149,"line":172,"wp_function":201},"n3","echo() [XSS]","echo",{"id":203,"type":186,"label":187,"file":149,"line":188},"n4",{"id":205,"type":191,"label":200,"file":149,"line":176,"wp_function":201},"n5",[207,209,210],{"from":185,"to":190,"sanitized":208},false,{"from":196,"to":199,"sanitized":208},{"from":203,"to":205,"sanitized":208},3,"medium",{"entryPoint":214,"graph":215,"unsanitizedCount":211,"severity":227},"\u003Clogical-captcha> (logical-captcha.php:0)",{"nodes":216,"edges":223},[217,218,219,220,221,222],{"id":185,"type":186,"label":187,"file":149,"line":188},{"id":190,"type":191,"label":192,"file":149,"line":193,"wp_function":194},{"id":196,"type":186,"label":197,"file":149,"line":172},{"id":199,"type":191,"label":200,"file":149,"line":172,"wp_function":201},{"id":203,"type":186,"label":187,"file":149,"line":188},{"id":205,"type":191,"label":200,"file":149,"line":176,"wp_function":201},[224,225,226],{"from":185,"to":190,"sanitized":208},{"from":196,"to":199,"sanitized":208},{"from":203,"to":205,"sanitized":208},"low",{"summary":229,"deductions":230},"The \"logical-captcha\" v1.0.3 plugin exhibits a generally strong security posture based on the static analysis provided. It effectively minimizes its attack surface, with no exposed AJAX handlers, REST API routes, shortcodes, or cron events. Furthermore, it demonstrates good practice by not utilizing dangerous functions or performing file operations and external HTTP requests. The use of prepared statements for all SQL queries is a significant strength, mitigating common SQL injection risks. However, a critical concern arises from the fact that 100% of the observed output is not properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The taint analysis also reveals two flows with unsanitized paths, which, while not classified as critical or high severity in this report, warrant attention due to the lack of sanitization. The plugin's vulnerability history is clean, with no recorded CVEs, which is positive but does not negate the risks identified in the static analysis. While the plugin has strengths in its limited attack surface and SQL handling, the lack of output escaping represents a substantial security weakness that requires immediate remediation.",[231,234],{"reason":232,"points":233},"Output not properly escaped",8,{"reason":235,"points":69},"Flows with unsanitized paths","2026-03-17T00:39:17.700Z",{"wat":238,"direct":243},{"assetPaths":239,"generatorPatterns":240,"scriptPaths":241,"versionParams":242},[],[],[],[],{"cssClasses":244,"htmlComments":245,"htmlAttributes":246,"restEndpoints":247,"jsGlobals":248,"shortcodeOutput":249},[],[],[],[],[],[250,251,252],"\u003Cp>You must answer the following question to proceed.\u003C\u002Fp>\n","\u003Cp>","\u003Cinput type=\"text\" name=\"logical_answer\" title=\"The Answer\" size=\"20\" \u002F>"]