[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fcy-zGfC1E-A_Nu8XU9Dsqko61PN5zWk9uw1qqmXrJ84":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":49,"crawl_stats":38,"alternatives":56,"analysis":159,"fingerprints":323},"login-recaptcha","Login No Captcha reCAPTCHA","1.7.3","Robert Peake","https:\u002F\u002Fprofiles.wordpress.org\u002Frobertpeake\u002F","\u003Cp>Adds a Google No Captcha ReCaptcha checkbox to your WordPress and Woocommerce login, forgot password, and user registration pages. Denies access to automated scripts while making it easy on humans to log in by checking a box. As Google says, it is “Tough on bots, easy on humans.”\u003C\u002Fp>\n","Adds a Google No Captcha ReCaptcha checkbox to your Wordpress and Woocommerce login, forgot password, and user registration pages.",60000,1369961,90,63,"2024-02-27T10:43:00.000Z","6.4.8","4.6","",[20,21,22,23,24],"google","login","nocaptcha","recaptcha","security","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flogin-recaptcha\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-recaptcha.1.7.3.zip",85,1,0,"2022-08-16 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2022-2913","login-no-captcha-recaptcha-captcha-bypass-via-whitelisted-ip-address-spoofing","Login No Captcha reCAPTCHA \u003C= 1.6.11 - CAPTCHA Bypass via Whitelisted IP Address Spoofing","The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.6.11. This is due to the whitelisted IP address functionality relying on user-supplied IP addresses from an HTTP Header. If an attacker can gain access to a whitelisted IP address they can spoof the request to come from one of those IP addresses using an HTTP header which would bypass any restrictions.",null,"\u003C=1.6.11","1.7","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Improper Authorization","2024-01-22 19:56:02",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc8c69fc2-e1bf-43e7-a80e-931dbb70d8da?source=api-prod",525,{"slug":50,"display_name":7,"profile_url":8,"plugin_count":51,"total_installs":52,"avg_security_score":53,"avg_patch_time_days":48,"trust_score":54,"computed_at":55},"robertpeake",3,61300,83,67,"2026-04-03T20:04:57.508Z",[57,81,99,116,132],{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":67,"num_ratings":51,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":71,"tags":72,"homepage":78,"download_link":79,"security_score":80,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"power-captcha-recaptcha","Power Captcha reCAPTCHA","1.1.0","Denis Alemán","https:\u002F\u002Fprofiles.wordpress.org\u002Fdenisaleman\u002F","\u003Cp>Protect your WordPress, WooCommerce, and Contact Form 7 forms from spam, brute-force attacks, and fake accounts using Google reCAPTCHA.\u003C\u002Fp>\n\u003Cp>Power Captcha reCAPTCHA supports 3 Google reCAPTCHA types integrated into 6 common WordPress forms, including login and comment forms, 7 WooCommerce forms, and Contact Form 7.\u003C\u002Fp>\n\u003Ch3>3 CAPTCHA Types\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Score-based (v3) CAPTCHA.\u003C\u002Fstrong> Seamless detection.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>“I’m not a robot” CAPTCHA checkbox.\u003C\u002Fstrong> Verification requests with a challenge.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Invisible reCAPTCHA.\u003C\u002Fstrong> Improved, challenge-based CAPTCHA without a checkbox.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>6 WordPress Forms\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Login form\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Register form\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Comment form\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lost password form\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reset password form\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Register form\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>7 WooCommerce Forms\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Login form\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Register form\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Checkout form\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Review form\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reset password form\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lost password form\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contact Form 7\u003C\u002Fh3>\n\u003Cp>As of version 1.0.7, Power Captcha reCAPTCHA integrates with Contact Form 7. You can easily add the Power Captcha reCAPTCHA field to your Contact Form 7 forms.\u003C\u002Fp>\n\u003Ch3>Activity Report\u003C\u002Fh3>\n\u003Cp>The Activity Report feature for the plugin provides users with a detailed overview of captcha interactions. It tracks and displays the number of solved, failed, and empty captchas, offering a daily breakdown to monitor performance trends. Stay informed with clear insights into your captcha performance.\u003C\u002Fp>\n","Protect WordPress\u002FWooCommerce\u002FContact Form 7 forms from spam, brute-force attacks, fake comments, accounts, or registrations with Google reCAPTCHA.",1000,6098,100,"2025-03-09T01:27:00.000Z","6.8.0","5.0","5.5",[73,74,75,76,77],"anti-spam-security","captcha","comment-form","google-recaptcha","login-security","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpower-captcha-recaptcha\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpower-captcha-recaptcha.1.1.0.zip",92,{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":89,"downloaded":90,"rating":29,"num_ratings":29,"last_updated":91,"tested_up_to":92,"requires_at_least":70,"requires_php":93,"tags":94,"homepage":97,"download_link":98,"security_score":80,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"jkm-checkout-captcha-for-woo","Checkout Captcha for WooCommerce","1.0.1","Mohammed Jamsheed KM","https:\u002F\u002Fprofiles.wordpress.org\u002Fjamsheedkm\u002F","\u003Cp>\u003Cstrong>Checkout Captcha for WooCommerce\u003C\u002Fstrong> enhances your WooCommerce checkout, WordPress login, registration, and password reset forms by integrating reCAPTCHA verification, helping to prevent spam and bot transactions.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Multi-Form Support:\u003C\u002Fstrong> Seamlessly integrates reCAPTCHA in WooCommerce checkout, as well as WordPress login, registration, and password reset forms.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Guest Checkout Compatibility:\u003C\u002Fstrong> Offers the option to enable or disable reCAPTCHA for guest checkouts, enhancing user experience while maintaining security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Payment Method Flexibility:\u003C\u002Fstrong> Skip reCAPTCHA verification for specific payment methods, enhancing the checkout experience and improving conversion rates (ideal for compatibility with \u003Ccode>Express Checkout\u003C\u002Fcode> plugin).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Positioning:\u003C\u002Fstrong> Users can select different positions for displaying the reCAPTCHA on the checkout page, offering flexibility to suit various store layouts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Additional Filters for Customization:\u003C\u002Fstrong> Provides hooks and filters to allow users to customize the positioning and functionality of the reCAPTCHA in their checkout process.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Google reCAPTCHA Configuration:\u003C\u002Fstrong> Easily configure reCAPTCHA using Google’s v2 by providing both the site key and secret key.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Test Functionality:\u003C\u002Fstrong> Test the reCAPTCHA setup directly from the admin panel after entering your API keys, ensuring everything works correctly before going live.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>1. Multi-Form Integration:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Add reCAPTCHA to WooCommerce checkout, WordPress login, registration, and password reset forms to enhance security.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>2. Guest Checkout Option:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Configure reCAPTCHA to be optional for guest checkouts, balancing security and convenience.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>3. Payment Method Customization:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Skip reCAPTCHA for selected payment methods, streamlining the checkout process for quicker transactions.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>4. Flexible Positioning:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Choose the display position of reCAPTCHA on the checkout page, ensuring it fits seamlessly into your store’s layout.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>5. Advanced Filters and Hooks:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Utilize additional hooks and filters for advanced customization, allowing developers to extend functionality easily.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>6. Google reCAPTCHA Setup:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Configure reCAPTCHA using Google’s API by entering the site key and secret key, and validate the setup from the admin dashboard.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>7. Admin Testing Feature:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Test reCAPTCHA functionality in the admin area to confirm proper integration before your customers encounter it.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>8. Dynamic Theme Compatibility:\u003C\u002Fstrong>\u003Cbr \u002F>\n– reCAPTCHA will be displayed in both light and dark themes as users select, providing an adaptive visual experience.\u003Cbr \u002F>\n– Users can choose the captcha theme (dark or light) to match their preferences.\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Google reCAPTCHA\u003C\u002Fstrong>\u003Cbr \u002F>\nThis plugin integrates with Google reCAPTCHA to provide CAPTCHA verification during the checkout process, enhancing security and reducing spam.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>What the service is used for:\u003C\u002Fstrong>\u003Cbr \u002F>\nGoogle reCAPTCHA is used to verify human users and prevent automated bots from completing the checkout process.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>What data is sent and when:\u003C\u002Fstrong>\u003Cbr \u002F>\nWhen the CAPTCHA verification is triggered (e.g., during form submission or checkout), the plugin sends the following data to Google reCAPTCHA’s servers:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The CAPTCHA response token generated by the user’s interaction with the CAPTCHA widget (\u003Ccode>response\u003C\u002Fcode>).\u003C\u002Fli>\n\u003Cli>The secret key associated with your Google reCAPTCHA account (\u003Ccode>secret\u003C\u002Fcode>).\u003C\u002Fli>\n\u003Cli>Additional details such as locale settings may be included in the API call for displaying the CAPTCHA in the user’s preferred language.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Service Provider Details:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Google reCAPTCHA API: \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fterms\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fprivacy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Domains involved:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fapi\u002Fsiteverify\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fapi.js\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>By using this plugin, you agree to the terms and policies outlined by Google reCAPTCHA.\u003C\u002Fp>\n","Adds reCAPTCHA verification to WooCommerce checkout, login, registration, and password reset forms to prevent spam and bot transactions.",40,1050,"2025-01-25T17:44:00.000Z","6.7.5","5.6",[74,95,96,76,4],"checkout-captcha","checkout-security","https:\u002F\u002Fgithub.com\u002Fkmjamsheed0\u002Fjkm-checkout-captcha-for-woo","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjkm-checkout-captcha-for-woo.1.0.1.zip",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":89,"downloaded":107,"rating":29,"num_ratings":29,"last_updated":108,"tested_up_to":109,"requires_at_least":71,"requires_php":18,"tags":110,"homepage":114,"download_link":115,"security_score":67,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"thinkcaptcha","ThinkCaptcha – Login Captcha, Register Captcha & Checkout reCAPTCHA","1.1.6","ThinkPlugin","https:\u002F\u002Fprofiles.wordpress.org\u002Fthinkplugin\u002F","\u003Cp>\u003Cstrong>Enhance Your Website’s Login Security with the Power of Google reCAPTCHA\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Are you tired of spam registrations, brute-force login attacks, and junk form submissions?\u003Cbr \u002F>\nThinkCaptcha is the definitive \u003Cstrong>Google reCAPTCHA\u003C\u002Fstrong> plugin for WordPress, designed to provide maximum \u003Cstrong>login security\u003C\u002Fstrong> with a simple and modern interface.\u003Cbr \u002F>\nThinkCaptcha allows you to easily add a \u003Cstrong>login captcha\u003C\u002Fstrong>, \u003Cstrong>register captcha\u003C\u002Fstrong>, and password reset captcha to your most vulnerable forms using Google’s user-friendly “I’m not a robot” checkbox (reCAPTCHA v2).\u003Cbr \u002F>\nThis is the ultimate \u003Cstrong>spam protection\u003C\u002Fstrong> and \u003Cstrong>bot protection\u003C\u002Fstrong> your site needs.\u003Cbr \u002F>\n\u003Cstrong>Free Features for Essential Security:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>WordPress Login Captcha\u003C\u002Fstrong>: Implement a secure \u003Cstrong>login captcha\u003C\u002Fstrong> on your \u003Ccode>\u002Fwp-login.php\u003C\u002Fcode> page to stop brute-force attacks and enhance \u003Cstrong>login security\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce Login Captcha\u003C\u002Fstrong>: Protect your customer accounts by adding a \u003Cstrong>WooCommerce captcha\u003C\u002Fstrong> to the login form.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce Register Captcha\u003C\u002Fstrong>: Stop fake user sign-ups with a robust \u003Cstrong>register captcha\u003C\u002Fstrong> on your WooCommerce registration form.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Password Reset Captcha\u003C\u002Fstrong>: Secure both WordPress and WooCommerce password reset forms from bot abuse.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Optimized for Performance\u003C\u002Fstrong>: The Google reCAPTCHA script loads asynchronously and only on pages where it is needed.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>🚀 Upgrade to ThinkCaptcha Pro for Ultimate Form Security!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Spammers target every form on your site.\u003Cbr \u002F>\nThinkCaptcha Pro extends this powerful \u003Cstrong>reCAPTCHA\u003C\u002Fstrong> protection to create a comprehensive security shield.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>WooCommerce Checkout Captcha\u003C\u002Fstrong>: The best way to prevent fraudulent orders and spam.\u003Cbr \u002F>\nAdd a \u003Cstrong>checkout captcha\u003C\u002Fstrong> to your WooCommerce checkout page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Contact Form 7 reCAPTCHA\u003C\u002Fstrong>: Our most requested feature!\u003Cbr \u002F>\nAdd a \u003Cstrong>Contact Form 7 reCAPTCHA\u003C\u002Fstrong> to every contact form and eliminate junk mail forever.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WPForms Captcha\u003C\u002Fstrong>: Secure all forms created with WPForms with a powerful \u003Cstrong>WPForms captcha\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WordPress Register Captcha\u003C\u002Fstrong>: Block spambots from creating user accounts on your main WordPress registration form with a secure \u003Cstrong>register captcha\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fthinkplugin.com\u002Fthinkcaptcha-pro\u002F\" rel=\"nofollow ugc\">Secure your entire website today. Get ThinkCaptcha Pro Now!\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Third-Party Service Disclosure\u003C\u002Fh3>\n\u003Cp>This plugin connects to the Google reCAPTCHA service to protect forms from bots and spam.\u003Cbr \u002F>\n* \u003Cstrong>Service Used:\u003C\u002Fstrong> Google reCAPTCHA (a service provided by Google LLC).\u003Cbr \u002F>\n* \u003Cstrong>What Data is Sent:\u003C\u002Fstrong> To verify if a user is human, this service collects and sends hardware and software information, such as device and application data, to Google.\u003Cbr \u002F>\nThe user’s IP address is also collected.\u003Cbr \u002F>\n* \u003Cstrong>When Data is Sent:\u003C\u002Fstrong> This data is sent whenever a form protected by this plugin is displayed and submitted.\u003Cbr \u002F>\n* \u003Cstrong>Links to Policies:\u003C\u002Fstrong> The use of the Google reCAPTCHA service is subject to Google’s \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fprivacy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fterms\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa>.\u003C\u002Fp>\n","Secure WordPress & WooCommerce forms with Google reCAPTCHA. Stop spam, bots, and brute-force attacks effectively.",333,"2025-11-30T10:34:00.000Z","6.9.4",[76,111,112,24,113],"login-captcha","register-captcha","woocommerce-captcha","https:\u002F\u002Fthinkplugin.com\u002Fthinkcaptcha\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fthinkcaptcha.1.1.6.zip",{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":124,"downloaded":125,"rating":67,"num_ratings":28,"last_updated":126,"tested_up_to":127,"requires_at_least":128,"requires_php":18,"tags":129,"homepage":18,"download_link":131,"security_score":27,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"evg-google-recaptcha","Login With Google reCaptcha For WordPress And Woocomerce","1.00","evgeniypoznyak","https:\u002F\u002Fprofiles.wordpress.org\u002Fevgeniypoznyak\u002F","\u003Cp>This plugin is implements Google reCaptcha to WordPress\\Woocommerce Login page and hide user\u002Fpassword errors (optional).\u003C\u002Fp>\n","Extended WordPress\\Woocomerce Login With Google reCaptcha and hiding user\u002Fpassword errors",10,1675,"2017-06-05T18:03:00.000Z","4.7.32","3.1",[130,76,21,23,24],"admin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fevg-google-recaptcha.zip",{"slug":133,"name":134,"version":135,"author":136,"author_profile":137,"description":138,"short_description":139,"active_installs":124,"downloaded":140,"rating":29,"num_ratings":29,"last_updated":141,"tested_up_to":18,"requires_at_least":142,"requires_php":18,"tags":143,"homepage":156,"download_link":157,"security_score":27,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":158},"protect-ai-login","Protect Ai Login","1.0.0","anouny","https:\u002F\u002Fprofiles.wordpress.org\u002Fanouny\u002F","\u003Cp>Protect Ai Login changes default WordPress login URL to the url you define, denied brute force attacks, spam logins, and bot or automatic register. The plugin blocks access to default login url, generates a custom branded login panel, without creating a custom page on your website.\u003C\u002Fp>\n\u003Cp>The plugin offers protection with Google reCAPTCHA v2.\u003C\u002Fp>\n\u003Ch3>Plugin Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Define new login url easily from settings page.\u003C\u002Fli>\n\u003Cli>Protect against spam login, bot registration or signup, with the integration of Google reCaptcha.\u003C\u002Fli>\n\u003Cli>Secure AXS is compatible with any permalink setup including the default.\u003C\u002Fli>\n\u003Cli>Choose to allow users with the role “Editor” to access plugin settings.\u003C\u002Fli>\n\u003Cli>Fully branded login page with colors and login logo of your choice.\u003C\u002Fli>\n\u003Cli>Plugin doesn’t create new pages on your website for displaying the new login panel.\u003C\u002Fli>\n\u003Cli>Plugin is compatible with other major security & cache plugins.\u003C\u002Fli>\n\u003Cli>Test with wordpress 4.4.2\u003C\u002Fli>\n\u003C\u002Ful>\n","Change default login site to a custom URL, block spam, bot registration, and brute-force using Google reCAPTCHA.",1394,"2016-04-14T06:46:00.000Z","4.0",[144,145,146,147,148,149,74,150,21,151,22,23,152,153,24,154,155],"access","attack","axs","block","brute","brute-force-attack","force","no-captcha","register","secure","sign","spam","https:\u002F\u002Fwordpress.org\u002Fplugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprotect-ai-login.zip","2026-03-15T14:54:45.397Z",{"attackSurface":160,"codeSignals":241,"taintFlows":279,"riskAssessment":306,"analyzedAt":322},{"hooks":161,"ajaxHandlers":237,"restRoutes":238,"shortcodes":239,"cronEvents":240,"entryPointCount":29,"unprotectedCount":29},[162,168,172,176,179,183,186,190,194,197,200,205,208,211,215,218,221,224,227,230,232,235],{"type":163,"name":164,"callback":165,"file":166,"line":167},"action","plugins_loaded","load_textdomain","login-nocaptcha.php",21,{"type":163,"name":169,"callback":170,"file":166,"line":171},"admin_menu","register_menu_page",22,{"type":163,"name":173,"callback":174,"file":166,"line":175},"admin_init","register_settings",23,{"type":163,"name":177,"callback":177,"file":166,"line":178},"admin_notices",24,{"type":163,"name":180,"callback":181,"file":166,"line":182},"login_enqueue_scripts","enqueue_scripts_css",31,{"type":163,"name":184,"callback":181,"file":166,"line":185},"admin_enqueue_scripts",32,{"type":163,"name":187,"callback":188,"file":166,"line":189},"login_form","nocaptcha_form",35,{"type":163,"name":191,"callback":188,"priority":192,"file":166,"line":193},"register_form",99,36,{"type":163,"name":195,"callback":188,"priority":192,"file":166,"line":196},"signup_extra_fields",37,{"type":163,"name":198,"callback":188,"file":166,"line":199},"lostpassword_form",38,{"type":201,"name":202,"callback":203,"priority":124,"file":166,"line":204},"filter","registration_errors","authenticate",42,{"type":163,"name":206,"callback":203,"priority":124,"file":166,"line":207},"lostpassword_post",43,{"type":201,"name":203,"callback":203,"priority":209,"file":166,"line":210},30,44,{"type":201,"name":212,"callback":213,"file":166,"line":214},"shake_error_codes","add_shake_error_codes",45,{"type":163,"name":164,"callback":216,"file":166,"line":217},"action_plugins_loaded",46,{"type":163,"name":219,"callback":203,"file":166,"line":220},"woocommerce_register_post",53,{"type":163,"name":222,"callback":188,"file":166,"line":223},"woocommerce_register_form",54,{"type":163,"name":225,"callback":181,"file":166,"line":226},"wp_head",61,{"type":163,"name":228,"callback":188,"file":166,"line":229},"woocommerce_login_form",62,{"type":163,"name":231,"callback":188,"file":166,"line":14},"woocommerce_lostpassword_form",{"type":163,"name":219,"callback":233,"priority":124,"file":166,"line":234},"woo_authenticate",64,{"type":163,"name":222,"callback":188,"file":166,"line":236},65,[],[],[],[],{"dangerousFunctions":242,"sqlUsage":243,"outputEscaping":245,"fileOperations":29,"externalRequests":277,"nonceChecks":29,"capabilityChecks":29,"bundledLibraries":278},[],{"prepared":29,"raw":29,"locations":244},[],{"escaped":29,"rawEcho":246,"locations":247},15,[248,252,254,256,257,259,260,261,263,265,267,269,271,273,275],{"file":249,"line":250,"context":251},"admin.php",9,"raw output",{"file":249,"line":253,"context":251},11,{"file":249,"line":255,"context":251},16,{"file":249,"line":167,"context":251},{"file":249,"line":258,"context":251},55,{"file":249,"line":229,"context":251},{"file":249,"line":14,"context":251},{"file":249,"line":262,"context":251},103,{"file":166,"line":264,"context":251},201,{"file":166,"line":266,"context":251},212,{"file":166,"line":268,"context":251},232,{"file":166,"line":270,"context":251},245,{"file":166,"line":272,"context":251},267,{"file":166,"line":274,"context":251},375,{"file":166,"line":276,"context":251},377,2,[],[280,298],{"entryPoint":281,"graph":282,"unsanitizedCount":28,"severity":297},"authenticate (login-nocaptcha.php:275)",{"nodes":283,"edges":294},[284,289],{"id":285,"type":286,"label":287,"file":166,"line":288},"n0","source","$_SERVER['PHP_SELF']",281,{"id":290,"type":291,"label":292,"file":166,"line":288,"wp_function":293},"n1","sink","update_option() [Settings Manipulation]","update_option",[295],{"from":285,"to":290,"sanitized":296},false,"low",{"entryPoint":299,"graph":300,"unsanitizedCount":28,"severity":297},"\u003Clogin-nocaptcha> (login-nocaptcha.php:0)",{"nodes":301,"edges":304},[302,303],{"id":285,"type":286,"label":287,"file":166,"line":288},{"id":290,"type":291,"label":292,"file":166,"line":288,"wp_function":293},[305],{"from":285,"to":290,"sanitized":296},{"summary":307,"deductions":308},"The login-recaptcha plugin version 1.7.3 exhibits a mixed security posture. On the positive side, the absence of AJAX handlers, REST API routes, shortcodes, and cron events with unprotected entry points is a significant strength, minimizing the direct attack surface. Furthermore, all identified SQL queries utilize prepared statements, which is excellent practice for preventing SQL injection vulnerabilities.\n\nHowever, several concerning findings emerge from the static analysis. The most critical is that 100% of output is not properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The taint analysis revealing two flows with unsanitized paths, although not classified as critical or high severity, warrants attention as these could potentially lead to unexpected behavior or further exploitation if not handled correctly. The plugin also makes external HTTP requests, which, while not inherently a vulnerability, can be a vector for certain types of attacks if the target endpoints are compromised or if data is transmitted insecurely.\n\nThe vulnerability history shows one past medium-severity CVE related to improper authorization, which was addressed. The fact that there are no currently unpatched vulnerabilities is positive, but the past occurrence of an authorization issue alongside the current lack of capability checks in the code analysis suggests that authorization mechanisms might not be consistently robust. The absence of nonce checks on any potential entry points (though none were identified as unprotected) is also a missed security control that could be relevant if new entry points were introduced or if current ones were implicitly exploitable in ways not immediately obvious from the static analysis.\n\nIn conclusion, while the plugin has a limited attack surface and uses prepared statements for SQL, the significant lack of output escaping presents a substantial risk of XSS. The past CVE and current lack of capability checks also highlight potential weaknesses in authorization handling. A thorough review and remediation of unescaped outputs are strongly recommended.",[309,312,315,318,320],{"reason":310,"points":311},"100% of outputs not properly escaped",20,{"reason":313,"points":314},"Taint analysis found 2 unsanitized paths",6,{"reason":316,"points":317},"Past medium vulnerability (Improper Authorization)",5,{"reason":319,"points":317},"No nonce checks",{"reason":321,"points":317},"No capability checks","2026-03-16T17:15:54.596Z",{"wat":324,"direct":334},{"assetPaths":325,"generatorPatterns":328,"scriptPaths":329,"versionParams":331},[326,327],"\u002Fwp-content\u002Fplugins\u002Flogin-recaptcha\u002Fcss\u002Flogin-recaptcha.css","\u002Fwp-content\u002Fplugins\u002Flogin-recaptcha\u002Fjs\u002Flogin-recaptcha.js",[],[330],"https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fapi.js",[332,333],"\u002Fwp-content\u002Fplugins\u002Flogin-recaptcha\u002Fcss\u002Flogin-recaptcha.css?ver=","\u002Fwp-content\u002Fplugins\u002Flogin-recaptcha\u002Fjs\u002Flogin-recaptcha.js?ver=",{"cssClasses":335,"htmlComments":336,"htmlAttributes":337,"restEndpoints":338,"jsGlobals":339,"shortcodeOutput":340},[],[],[],[],[],[]]