[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f_0rpBTVkp_QI7Z7sJ03068yvjAL9cQjs2KKINOAv06Q":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":38,"analysis":141,"fingerprints":187},"math-captcha-for-elementor-forms","Math Captcha for Elementor Forms","1.1.0","albanotoska","https:\u002F\u002Fprofiles.wordpress.org\u002Falbanotoska\u002F","\u003Cblockquote>\n\u003Cp>\n        \u003Cstrong>BS Math Captcha for Elementor Forms\u003C\u002Fstrong>\n    \u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>BS Math Captcha for Elementor Forms is a simple plugin that add a math captcha to every elementor forms you have on your site. You can just install the plugin, activate it and that’s it. The captcha will appear automatically on all your Elementor Forms. This is made possible by jquery plugin ebcaptcha. Special thanks to the developer.\u003Cbr \u002F>\n– Make sure to check also this other jQuery plugin which runs jquery when an element is visible, useful for popup forms \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fuzairfarooq\u002Farrive\" rel=\"nofollow ugc\"> arrive.js \u003C\u002Fa>\u003Cbr \u002F>\n\u003Cem>NOTICE\u003C\u002Fem> : You need to have Elementor Pro for this plugin to work\u003C\u002Fp>\n\u003Ch3>Quick Links\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Falbanotoska.com\u002Fbsbanners\u002Fbs-math-captcha-for-elementor-forms\u002F\" rel=\"nofollow ugc\">Demo (Features)\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Falbanotoska.com\u002F#contact\" rel=\"nofollow ugc\">Contact Us\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbs-banners\u002F\" rel=\"ugc\">My other plugin on WordPress.org\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cul>\n\u003Cli>Easy to use\u003C\u002Fli>\n\u003Cli>Lightweight plugin\u003C\u002Fli>\n\u003Cli>Elementor full Support\u003C\u002Fli>\n\u003Cli>Super easy Installation\u003C\u002Fli>\n\u003Cli>100% Responsive\u003C\u002Fli>\n\u003Cli>Easy and Fast to Setup\u003C\u002Fli>\n\u003Cli>All Major browser supported\u003C\u002Fli>\n\u003C\u002Ful>\n","Wordpress Plugin that will add a simple match captcha to your Elementor Forms.",3000,21120,80,13,"2021-10-08T09:54:00.000Z","5.8.13","3.5","",[20,21,22,23,24],"captcha","elementor","math-captcha","recaptcha","wordpress-plugin","https:\u002F\u002Falbanotoska.com\u002Fbsbanners\u002Fbs-math-captcha-for-elementor-forms\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmath-captcha-for-elementor-forms.1.1.0.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":27,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},2,3100,30,84,"2026-04-04T13:08:53.918Z",[39,59,83,100,124],{"slug":40,"name":41,"version":6,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":18,"download_link":58,"security_score":48,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"webart-login-shield-recaptcha","Web-Art Login Shield with reCAPTCHA","WEB-ART Creative Design","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebartdesigning\u002F","\u003Cp>Web-Art Login Shield with reCAPTCHA is a focused security plugin that protects WordPress authentication, Elementor Login widgets and Elementor Forms against automated attacks.\u003C\u002Fp>\n\u003Cp>It strengthens wp-login.php, Elementor Login and Elementor Forms by integrating Google reCAPTCHA v2 verification and optional IP-based rate limiting, without replacing or modifying WordPress core authentication logic.\u003C\u002Fp>\n\u003Cp>The plugin is intentionally lightweight and transparent:\u003Cbr \u002F>\n– no ads\u003Cbr \u002F>\n– no telemetry or analytics sent to the author\u003Cbr \u002F>\n– no third-party dashboards provided by the plugin\u003Cbr \u002F>\n– no all-in-one security suite overhead\u003C\u002Fp>\n\u003Cp>All login protection modules (reCAPTCHA, Login Protect, Advanced login URL) are opt-in and disabled by default.\u003C\u002Fp>\n\u003Cp>Additionally, the plugin can apply a small XML-RPC hardening rule-set (disables a few high-risk XML-RPC methods) to reduce common abuse vectors. This does not disable XML-RPC completely. XML-RPC hardening is applied only when Login Protect is enabled and “Protect XML-RPC logins” is enabled.\u003C\u002Fp>\n\u003Cp>Each module (reCAPTCHA, Login Protect, Advanced login URL) can be enabled independently. Elementor reCAPTCHA options require reCAPTCHA to be configured and verified.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Ch4>reCAPTCHA v2 integration\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>reCAPTCHA v2 checkbox for wp-login.php (when enabled and IP is not allowlisted)\u003C\u002Fli>\n\u003Cli>server-side token verification for WordPress login and Elementor Forms validation\u003C\u002Fli>\n\u003Cli>reCAPTCHA must be verified before enabling protection\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Elementor reCAPTCHA options\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>automatic frontend injection for Elementor Login widgets (when enabled)\u003C\u002Fli>\n\u003Cli>optional frontend injection for Elementor Forms (Elementor Pro) (when enabled)\u003C\u002Fli>\n\u003Cli>Custom Alignment: Ability to set Left, Center, or Right alignment for reCAPTCHA in both Elementor Login and Elementor Forms directly from plugin settings.\u003C\u002Fli>\n\u003Cli>Elementor frontend scripts inject reCAPTCHA only when they detect relevant widgets\u002Fforms in the DOM (supports dynamically loaded content, popups, AJAX, etc.)\u003C\u002Fli>\n\u003Cli>Google reCAPTCHA scripts are not loaded for allowlisted IPs\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Whitelist IPs (reCAPTCHA)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>reCAPTCHA IP allowlist (allowlisted IPs bypass reCAPTCHA checks on wp-login.php, Elementor Login and Elementor Forms; Login Protect may still apply)\u003C\u002Fli>\n\u003Cli>reCAPTCHA allowlist accepts one entry per line (exact IP match only)\u003C\u002Fli>\n\u003Cli>optional note format supported: IP | reason (reason is ignored for matching)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Login Protect (IP-based lockouts)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>failed login attempt counting per IP address\u003C\u002Fli>\n\u003Cli>timed lockouts after a configurable threshold\u003C\u002Fli>\n\u003Cli>blocked IP list (lockouts expire automatically after the configured lockout time)\u003C\u002Fli>\n\u003Cli>recent security event log (stored locally)\u003C\u002Fli>\n\u003Cli>wp-login.php lockout UX: countdown notice and temporary submit blocking during an active lockout\u003C\u002Fli>\n\u003Cli>Login Protect is independent of reCAPTCHA (can be enabled and used without reCAPTCHA enabled)\u003C\u002Fli>\n\u003Cli>three practical protection modes:\n\u003Cul>\n\u003Cli>MODE 1 – reCAPTCHA only\u003C\u002Fli>\n\u003Cli>MODE 2 – reCAPTCHA + Login Protect\u003C\u002Fli>\n\u003Cli>MODE 3 – Login Protect only\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Trusted IPs (Login Protect)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>separate allowlists for reCAPTCHA and Login Protect (exact IP match only)\u003C\u002Fli>\n\u003Cli>Login Protect allowlist accepts one entry per line (exact IP match only)\u003C\u002Fli>\n\u003Cli>optional note format supported: IP | reason (reason is ignored for matching)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>REST API and XML-RPC protection (optional)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>optional protection for authentication attempts via XML-RPC and REST API (applies only when the corresponding checkbox is enabled; Login Protect must be enabled)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>XML-RPC hardening (optional)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>optionally disables a small set of high-risk XML-RPC methods commonly abused by attackers:\n\u003Cul>\n\u003Cli>pingback.ping\u003C\u002Fli>\n\u003Cli>pingback.extensions.getPingbacks\u003C\u002Fli>\n\u003Cli>system.multicall\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>XML-RPC hardening is applied only when Login Protect is enabled and “Protect XML-RPC logins” is enabled\u003Cbr \u002F>\nThis reduces abuse without disabling XML-RPC entirely.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Advanced login URL (optional)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>single toggle enables Advanced login behavior\u003C\u002Fli>\n\u003Cli>custom login endpoint (rewrites requests to the standard WordPress login handler without altering core authentication logic)\u003C\u002Fli>\n\u003Cli>when Advanced is enabled, wp-login.php and wp-admin are protected for non-authenticated visitors\u003C\u002Fli>\n\u003Cli>protection behavior is configured via two required fields:\n\u003Cul>\n\u003Cli>Custom login URL slug (example: “secure-login-1234”)\u003C\u002Fli>\n\u003Cli>Default redirect slug (recommended: “404” to display the active theme’s 404 page)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>both fields are required when Advanced is enabled (saving is blocked if any field is empty)\u003C\u002Fli>\n\u003Cli>if fields are empty when enabling Advanced, the plugin auto-generates a secure random login slug and sets the redirect slug to the recommended default\u003C\u002Fli>\n\u003Cli>protection applies only to non-authenticated users (logged-in users can still access wp-admin and wp-login.php)\u003C\u002Fli>\n\u003Cli>safe fallback handling to avoid logout loops (wp-login.php?action=logout remains accessible)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>IP Blocking (Site-wide)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>single toggle enables site-wide IP blocking\u003C\u002Fli>\n\u003Cli>permanently blocks selected IP addresses from accessing the entire site (returns HTTP 403)\u003C\u002Fli>\n\u003Cli>blocklist accepts one entry per line (exact IP match only)\u003C\u002Fli>\n\u003Cli>optional note format supported: IP | reason (reason is ignored for matching)\u003C\u002Fli>\n\u003Cli>recommended use cases: persistent abuse, scraping, hostile bots, repeated attacks not covered by login-only protection\u003C\u002Fli>\n\u003Cli>warning: do not add your own IP address unless you have alternative access (hosting panel \u002F WP-CLI \u002F database access) to remove the entry\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Technical Design Principles\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>Fail-closed security model (scoped)\u003Cbr \u002F>\nIf reCAPTCHA verification cannot be completed and reCAPTCHA protection is enabled for the given login or form, the request is rejected to reduce the risk of automated bypass.\u003Cbr \u002F>\nAdministrators can always regain access by disabling the feature in plugin settings or by deactivating the plugin via hosting or FTP.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Non-intrusive defaults\u003Cbr \u002F>\nLogin protection modules remain disabled until explicitly enabled by an administrator.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Conflict awareness\u003Cbr \u002F>\nIf another plugin injects reCAPTCHA into login or form flows, it should be disabled to avoid duplicate widgets or verification conflicts.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Emergency config kill-switches (wp-config.php)\u003Cbr \u002F>\nFor recovery scenarios (e.g. accidental lockouts), selected modules can be force-disabled via wp-config.php constants. This does not bypass security rules; it disables the module logic before it runs. Remove the constant to restore normal behavior.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin integrates with Google reCAPTCHA v2, an external service provided by Google LLC.\u003C\u002Fp>\n\u003Cp>reCAPTCHA features are disabled by default. The plugin does not load reCAPTCHA scripts or send verification requests unless an administrator enables reCAPTCHA protection and\u002For uses the “Verify reCAPTCHA” test in the plugin settings.\u003C\u002Fp>\n\u003Cp>Google’s reCAPTCHA JavaScript (https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fapi.js) may be loaded on:\u003Cbr \u002F>\n– wp-login.php (when reCAPTCHA is enabled and the visitor IP is not allowlisted)\u003Cbr \u002F>\n– the frontend (when Elementor Login protection is enabled and a non-allowlisted visitor loads the page; injection occurs only if Elementor Login widgets are detected in the DOM)\u003Cbr \u002F>\n– the frontend (when Elementor Forms protection is enabled and a non-allowlisted visitor loads the page; injection occurs only for Elementor Forms)\u003Cbr \u002F>\n– the plugin settings page only when an administrator runs the “Verify reCAPTCHA” test (if provided in the UI)\u003C\u002Fp>\n\u003Cp>When a visitor (or admin during verification) completes the reCAPTCHA challenge:\u003Cbr \u002F>\n– a verification token (g-recaptcha-response) is generated in the browser\u003Cbr \u002F>\n– during server-side verification on your website, the token and the configured Secret Key are sent to:\u003Cbr \u002F>\n  https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fapi\u002Fsiteverify\u003Cbr \u002F>\n– the visitor’s IP address is sent to Google as the remoteip parameter when it is available on the server\u003C\u002Fp>\n\u003Cp>The plugin sends the g-recaptcha-response token to Google only when the protected form is submitted (login attempt \u002F form submission) or when an administrator runs the “Verify reCAPTCHA” test.\u003Cbr \u002F>\nThe plugin does not send usernames, passwords, email addresses, or any form field contents to Google – only the reCAPTCHA token, the configured Secret Key, and the visitor IP address (remoteip) when available.\u003C\u002Fp>\n\u003Cp>The plugin does not store or process any data returned by Google beyond the verification result, and it does not send any telemetry, analytics, or usage data to the plugin author.\u003C\u002Fp>\n\u003Cp>Note: Google reCAPTCHA may set cookies and collect additional device and usage data in the visitor’s browser, as described in Google’s privacy policy and terms. Site owners are responsible for disclosing this in their site privacy policy and obtaining consent where required by applicable law.\u003C\u002Fp>\n\u003Cp>Google privacy policies apply:\u003Cbr \u002F>\n– https:\u002F\u002Fpolicies.google.com\u002Fprivacy\u003Cbr \u002F>\n– https:\u002F\u002Fpolicies.google.com\u002Fterms\u003C\u002Fp>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>This plugin does not send telemetry, analytics or usage data to the plugin author or any third party.\u003C\u002Fp>\n\u003Cp>Local data stored by the plugin (for security purposes only):\u003Cbr \u002F>\n– IP addresses related to login attempts \u002F lockouts (Login Protect)\u003Cbr \u002F>\n– timestamps of failed attempts and lockouts\u003Cbr \u002F>\n– last username associated with a locked IP (Login Protect)\u003Cbr \u002F>\n– recent security event log entries (the plugin stores up to the last 30 events; entries rotate automatically)\u003Cbr \u002F>\n– last reCAPTCHA configuration or HTTP error (for admin diagnostics)\u003Cbr \u002F>\n– permanent site-wide IP blocklist entries (optional notes stored; notes are not used for matching)\u003C\u002Fp>\n\u003Cp>Data retention:\u003Cbr \u002F>\n– security event log keeps only the most recent entries (up to 30; automatic rotation)\u003Cbr \u002F>\n– Login Protect state is stored locally and is automatically pruned (e.g. stale non-locked entries are removed over time and the list is capped)\u003Cbr \u002F>\n– permanent site-wide IP blocklist entries are retained until removed by an administrator\u003Cbr \u002F>\n– plugin data can be removed during uninstall if the uninstall cleanup option is enabled\u003C\u002Fp>\n\u003Cp>All data is stored locally in the WordPress database and is used solely to enforce security rules and display administrative information.\u003C\u002Fp>\n\u003Ch3>Legal\u003C\u002Fh3>\n\u003Cp>reCAPTCHA is a trademark of Google LLC.\u003Cbr \u002F>\nElementor is a trademark of Elementor Ltd.\u003Cbr \u002F>\nThis plugin is not affiliated with, endorsed by, or sponsored by Google LLC or Elementor Ltd.\u003C\u002Fp>\n","Protect WordPress logins and Elementor Login\u002FForms using Google reCAPTCHA v2 and optional IP-based lockouts.",60,448,100,4,"2026-02-12T20:41:00.000Z","6.9.4","5.8","7.4",[55,21,56,23,57],"brute-force","login","security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwebart-login-shield-recaptcha.1.1.0.zip",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":69,"num_ratings":70,"last_updated":71,"tested_up_to":51,"requires_at_least":72,"requires_php":73,"tags":74,"homepage":78,"download_link":79,"security_score":80,"vuln_count":81,"unpatched_count":28,"last_vuln_date":82,"fetched_at":30},"advanced-google-recaptcha","Advanced Google reCAPTCHA","1.31","WebFactory","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebfactory\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fgetwpcaptcha.com\u002F\" rel=\"nofollow ugc\">Advanced Google reCAPTCHA\u003C\u002Fa> protects your WordPress site from spam comments & brute force login attacks using captcha. This captcha plugin, quickly adds Google reCAPTCHA and other captcha tests to WordPress comment form, login form, and other forms.\u003C\u002Fp>\n\u003Cp>Using Advanced Google reCAPTCHA (most popular captcha on the market), you’ll be safe from spam comments and protect user accounts, WooCommerce, Easy Digital Downloads, BuddyPress and other forms from brute-force login attacks.\u003C\u002Fp>\n\u003Cp>reCaptcha works for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Login Form\u003C\u002Fli>\n\u003Cli>Registration Form\u003C\u002Fli>\n\u003Cli>Reset Password Form\u003C\u002Fli>\n\u003Cli>Comment Form\u003C\u002Fli>\n\u003Cli>BuddyPress Form\u003C\u002Fli>\n\u003Cli>WooCommerce Form\u003C\u002Fli>\n\u003Cli>Easy Digital Downloads (EDD) Login Form\u003C\u002Fli>\n\u003Cli>Easy Digital Downloads (EDD) Registration Form\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Captcha uses these 3rd party libs:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Chart.js, 2017 Nick Downie, MIT\u003C\u002Fli>\n\u003Cli>DataTables, 2008-2017 SpryMedia Ltd, MIT\u003C\u002Fli>\n\u003Cli>moment.js, Tim Wood, Iskren Chernev, MIT\u003C\u002Fli>\n\u003Cli>SweetAlert 2, github.com\u002FSweetalert2\u002FSweetalert2, MIT\u003C\u002Fli>\n\u003Cli>tooltipster, www.heteroclito.fr\u002Fmodules\u002Ftooltipster\u002F, MIT\u003C\u002Fli>\n\u003C\u002Ful>\n","Captcha protection against spam comments & brute force login attacks using Google reCAPTCHA.",200000,2435450,96,428,"2025-12-02T20:29:00.000Z","4.9","5.2",[20,75,76,77,23],"comment-recaptcha","google-recaptcha","login-recaptcha","https:\u002F\u002Fgetwpcaptcha.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-google-recaptcha.1.31.zip",98,3,"2025-03-27 19:32:14",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":67,"downloaded":91,"rating":48,"num_ratings":92,"last_updated":93,"tested_up_to":94,"requires_at_least":72,"requires_php":18,"tags":95,"homepage":18,"download_link":99,"security_score":48,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wpcf7-recaptcha","ReCaptcha v2 for Contact Form 7","1.4.9","IQComputing","https:\u002F\u002Fprofiles.wordpress.org\u002Fiqcomputing\u002F","\u003Cp>Contact Form 7 v5.1 dropped support for reCaptcha v2 along with the \u003Ccode>[recaptcha]\u003C\u002Fcode> tag December 2018. This plugin brings that functionality back from Contact Form 7 5.0.5 and re-adds the \u003Ccode>[recaptcha]\u003C\u002Fcode> tag.\u003C\u002Fp>\n\u003Cp>If this plugin is installed before updating Contact Form 7 from v5.0.5 to v5.1.1 then it will carry over your old API keys. At that point you will just need to head to this plugins settings page to tell the website to use reCaptcha v2.\u003C\u002Fp>\n\u003Cp>Once installed and configured it should be the same reCaptcha functionality you are used to in previous versions of Contact Form 7.\u003C\u002Fp>\n\u003Ch3>IQComputing\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Like us on \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fiqcomputing\u002F\" title=\"IQComputing on Facebook\" rel=\"nofollow ugc\">Facebook\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Follow us on \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fiqcomputing\u002F\" title=\"IQComputing on Twitter\" rel=\"nofollow ugc\">Twitter\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Fork on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FIQComputing\u002Fwpcf7-recaptcha\" title=\"IQComputing on Github\" rel=\"nofollow ugc\">Github\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Adds reCaptcha v2 from Contact Form 7 5.0.5 that was dropped on Contact Form 7 5.1",3905275,89,"2025-04-15T22:52:00.000Z","6.7.5",[96,97,23,98],"contact-form-7","contact-form-7-recaptcha","spam","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpcf7-recaptcha.1.4.9.zip",{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":108,"downloaded":109,"rating":110,"num_ratings":111,"last_updated":112,"tested_up_to":113,"requires_at_least":114,"requires_php":53,"tags":115,"homepage":119,"download_link":120,"security_score":121,"vuln_count":122,"unpatched_count":28,"last_vuln_date":123,"fetched_at":30},"advanced-nocaptcha-recaptcha","CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress","7.6.0","WPKube","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpkube\u002F","\u003Ch4>IMPORTANT NOTICE\u003C\u002Fh4>\n\u003Cp>CAPTCHA 4WP has been acquired by WPKube. \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fcaptcha-4-wp-plugin-acquired-by-wpkube\u002F\" rel=\"nofollow ugc\">Read the announcement\u003C\u002Fa> for more information.\u003Cbr \u002F>\nWe, at Melapress, would like to take this opportunity to thank everyone who has used and supported CAPTCHA 4WP.\u003C\u002Fp>\n\u003Ch3>A free and easy-to-use CAPTCHA plugin for WordPress\u003C\u002Fh3>\n\u003Cp>Protect your WordPress forms and login pages from spam and automated attacks with \u003Ca href=\"https:\u002F\u002Fcaptcha4wp.com\u002F\" rel=\"nofollow ugc\">CAPTCHA 4WP\u003C\u002Fa>. Choose from multiple ReCAPTCHA versions and strike the right balance between security and user experience.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fcaptcha4wp.com\u002Ffeatures\u002F\" rel=\"nofollow ugc\">Features\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fcaptcha4wp.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">Get the Premium!\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fcaptcha4wp.com\u002Fdocs\u002Fgetting-started-with-captcha-4wp\u002F\" rel=\"nofollow ugc\">Getting Started\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Use the CAPTCHA 4WP plugin to add CAPTCHA checks to WordPress forms and logins. Choose from V2 (I’m not a robot), V2 Invisible, and V3 noCAPTCHA to ensure the best user experience at all times without compromosing security. Avoid false positives falling through the crack with V3 failover to ensure humans can still pass the test even if the result comes back below the passmark.\u003C\u002Fp>\n\u003Ch3>CAPTCHA 4WP key plugin features and capabilities\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Add CAPTCHA to WordPress native forms such as login pages, user registration and comments forms etc\u003C\u002Fli>\n\u003Cli>Supports multiple ReCAPTCHA versions\u003C\u002Fli>\n\u003Cli>User-friendly wizards for easy, hassle-free setup\u003C\u002Fli>\n\u003Cli>Set ReCAPTCHA V3 passmark score \u003C\u002Fli>\n\u003Cli>ReCAPTCHA failover configuration (ensure no prospect is incorrectly marked as spam)\u003C\u002Fli>\n\u003Cli>Plugin automatically detects visitors’ language and shows CAPTCHA in that language\u003C\u002Fli>\n\u003Cli>Much more\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Upgrade to CAPTCHA 4WP Premium and get even more\u003C\u002Fh3>\n\u003Cp>With the premium edition of CAPTCHA 4WP, you can choose from a wider range of CAPTCHA service providers, 1-click WooCommerce and other 3rd party plugin support, whitelisting, and much more.\u003C\u002Fp>\n\u003Ch3>Premium features list\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Everything in the free version\u003C\u002Fli>\n\u003Cli>Add CAPTCHA from hCaptcha and Cloudflare Turnstile on your websites, both free and GDPR compliant\u003C\u002Fli>\n\u003Cli>Add Geoblocking on forms and WordPress comments form (block \u002F limit form submissions or comment posting by country)\u003C\u002Fli>\n\u003Cli>Customization options for the CAPTCHA checks text, visual and position on the forms\u003C\u002Fli>\n\u003Cli>One-click integration with WooCommerce\u003C\u002Fli>\n\u003Cli>One-click integration with Contact Form 7, Gravity Forms, WPForms, BuddyPress & other plugins\u003C\u002Fli>\n\u003Cli>Much more\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Refer to the \u003Ca href=\"https:\u002F\u002Fcaptcha4wp.com\u002Ffeatures\u002F\" rel=\"nofollow ugc\">CAPTCHA 4WP plugin features and benefits page\u003C\u002Fa> to learn more about the benefits of upgrading to the Premium version of CAPTCHA 4WP.\u003C\u002Fp>\n\u003Ch3>Free and premium support\u003C\u002Fh3>\n\u003Cp>Support for CAPTCHA 4WP is free through the WordPress support forums.\u003C\u002Fp>\n\u003Cp>Premium support for paid customer support is provided via one-to-one email. Upgrade to Premium to benefit from premium support.\u003C\u002Fp>\n\u003Cp>For any other queries, feedback, or if you simply want to get in touch with us, please use our \u003Ca href=\"https:\u002F\u002Fcaptcha4wp.com\u002Fsubmit-ticket\u002F\" rel=\"nofollow ugc\">contact form\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>As featured on:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.wpbeginner.com\u002Fplugins\u002Fhow-to-add-captcha-in-wordpress-login-and-registration-form\u002F\" rel=\"nofollow ugc\">WP Beginner\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.elegantthemes.com\u002Fblog\u002Fwordpress\u002Fwordpress-captcha\" rel=\"nofollow ugc\">Elegant Themes\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.isitwp.com\u002Fbest-wordpress-captcha-plugins\u002F\" rel=\"nofollow ugc\">IsItWP\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwplift.com\u002Fbest-wordpress-captcha-plugins\" rel=\"nofollow ugc\">WPLift\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftesterwp.com\u002Fbest-free-captcha-wordpress-plugins\u002F\" rel=\"nofollow ugc\">TesterWP\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Related links and documentation:\u003C\u002Fh3>\n\u003Cp>You can find more detailed information about CAPTCHA tests and the benefits you can take advantage of, and the plugin in the links below:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcaptcha4wp.com\u002Fwhy-need-captcha-wordpress-website\u002F\" rel=\"nofollow ugc\">Why you need CAPTCHA on your WordPress website\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcaptcha4wp.com\u002Fdifferent-types-captcha-checks-wordpress\u002F\" rel=\"nofollow ugc\">The different types of CAPTCHA for websites\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcaptcha4wp.com\u002Fcaptcha-recaptcha-nocaptcha-differences\u002F\" rel=\"nofollow ugc\">What is the difference between CAPTCHA, ReCAPTCHA, and NoCAPTCHA?\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcaptcha4wp.com\u002Fdocs\u002Fgetting-started-with-captcha-4wp\u002F\" rel=\"nofollow ugc\">Getting started with CAPTCHA 4WP\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcaptcha4wp.com\u002Fdocs\u002Fhow-to-add-captcha-to-woocommerce-forms\u002F\" rel=\"nofollow ugc\">How to add CAPTCHA on WooCommerce forms\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcaptcha4wp.com\u002Fdocs\u002Fhow-to-add-captcha-on-wpforms-forms\u002F\" rel=\"nofollow ugc\">How to add CAPTCHA on WPForms\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcaptcha4wp.com\u002Fdocs\u002Fhow-to-add-captcha-on-gravity-forms-forms\u002F\" rel=\"nofollow ugc\">How to add CAPTCHA on Gravity Forms\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcaptcha4wp.com\u002Fdocs\u002Fhow-to-show-captcha-on-failed-logins\u002F\" rel=\"nofollow ugc\">How to show CAPTCHA on failed logins\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcaptcha4wp.com\u002F\" rel=\"nofollow ugc\">Official Melapress website\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Installing CAPTCHA 4WP\u003C\u002Fh3>\n\u003Ch3>From within WordPress\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Navigate to “Plugins”page and click the “Add New” button\u003C\u002Fli>\n\u003Cli>Search for “CAPTCHA 4WP”\u003C\u002Fli>\n\u003Cli>Cick install and after that activate the plugin\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Manually\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Download the plugin from the WordPress plugins repository\u003C\u002Fli>\n\u003Cli>Unzip the zip file and upload the folder to the \u002Fwp-content\u002Fplugins\u002F directory\u003C\u002Fli>\n\u003Cli>Activate CAPTCHA 4WP through the “Plugins” menu in WordPress\u003C\u002Fli>\n\u003C\u002Fol>\n","Use CAPTCHA to stop spam and allow customers & users to interact with your website easily. Block fake accounts and orders. Avoid false positives.",100000,3577096,64,268,"2025-06-11T07:53:00.000Z","6.8.5","5.5",[116,20,117,118,23],"antispam-protection","cloudflare-turnstile","hcaptcha","https:\u002F\u002Fcaptcha4wp.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-nocaptcha-recaptcha.7.6.0.zip",99,1,"2022-06-29 00:00:00",{"slug":125,"name":126,"version":127,"author":63,"author_profile":64,"description":128,"short_description":129,"active_installs":108,"downloaded":130,"rating":131,"num_ratings":132,"last_updated":133,"tested_up_to":51,"requires_at_least":134,"requires_php":73,"tags":135,"homepage":18,"download_link":139,"security_score":121,"vuln_count":33,"unpatched_count":28,"last_vuln_date":140,"fetched_at":30},"captcha-code-authentication","Captcha Code","3.3","\u003Cp>Adds GDPR compatible captcha code anti-spam protection to WordPress forms – comments form, registration form, lost password form, and login form. In order to post comments or register, users have to type in the code shown on the image. This prevents spam from automated bots & adds security. No external services (like Google ReCaptcha) are used. No API keys are needed, and no user-identifiable data is used so it’s GDPR compatible.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Captcha position – comments form, login form, registration form, or lost password form.\u003C\u002Fli>\n\u003Cli>Letters type – capital letters, small letters, or captial & small letters.\u003C\u002Fli>\n\u003Cli>Captcha type – alphanumeric, alphabets or numbers.\u003C\u002Fli>\n\u003Cli>Translation enabled.\u003C\u002Fli>\n\u003C\u002Fol>\n","GDPR compatible captcha anti-spam protection for login form, comments form, registration form & lost password form. Eliminate spam with captcha.",678917,76,34,"2025-12-03T18:21:00.000Z","3.0",[20,136,137,138,23],"comments-spam","form-captcha","login-captcha","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcaptcha-code-authentication.3.3.zip","2023-11-24 00:00:00",{"attackSurface":142,"codeSignals":166,"taintFlows":179,"riskAssessment":180,"analyzedAt":186},{"hooks":143,"ajaxHandlers":162,"restRoutes":163,"shortcodes":164,"cronEvents":165,"entryPointCount":28,"unprotectedCount":28},[144,150,154,158],{"type":145,"name":146,"callback":147,"file":148,"line":149},"action","wp_enqueue_scripts","bs_match_captcha_for_elementor_forms_scripts_style","bs_math_captcha_for_elementor.php",24,{"type":145,"name":151,"callback":152,"file":148,"line":153},"admin_init","bs_math_captcha_for_elementor_settings_register",37,{"type":145,"name":155,"callback":156,"file":148,"line":157},"admin_menu","bs_math_captcha_for_elementor_option_page",43,{"type":145,"name":159,"callback":160,"file":148,"line":161},"wp_head","bs_math_captcha_for_elementor_error_messages",126,[],[],[],[],{"dangerousFunctions":167,"sqlUsage":168,"outputEscaping":170,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":178},[],{"prepared":28,"raw":28,"locations":169},[],{"escaped":28,"rawEcho":81,"locations":171},[172,175,177],{"file":148,"line":173,"context":174},57,"raw output",{"file":148,"line":176,"context":174},113,{"file":148,"line":176,"context":174},[],[],{"summary":181,"deductions":182},"The 'math-captcha-for-elementor-forms' v1.1.0 plugin exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The complete absence of dangerous functions, SQL injection vulnerabilities (all queries use prepared statements), file operations, and external HTTP requests is highly positive. Furthermore, the lack of any recorded CVEs or historical vulnerabilities suggests a stable and secure codebase.\n\nHowever, a significant concern arises from the \"Output escaping: 3 total outputs, 0% properly escaped\" finding. This indicates that all three identified output points are vulnerable to cross-site scripting (XSS) attacks. Without proper escaping, user-supplied data displayed on the frontend could be maliciously crafted to execute arbitrary JavaScript in the user's browser, potentially leading to session hijacking, defacement, or other client-side attacks. The absence of taint analysis results is noted, but the direct finding of unescaped output is concrete evidence of risk.\n\nIn conclusion, while the plugin appears robust against common server-side attacks and has a clean vulnerability history, the lack of output escaping represents a critical weakness that must be addressed. This single vulnerability significantly undermines the otherwise positive security assessment.",[183],{"reason":184,"points":185},"Output is not properly escaped",8,"2026-03-16T18:20:24.286Z",{"wat":188,"direct":201},{"assetPaths":189,"generatorPatterns":194,"scriptPaths":195,"versionParams":196},[190,191,192,193],"\u002Fwp-content\u002Fplugins\u002Fmath-captcha-for-elementor-forms\u002Fassets\u002Fcss\u002Fmain.css","\u002Fwp-content\u002Fplugins\u002Fmath-captcha-for-elementor-forms\u002Fassets\u002Fjs\u002Farrive.min.js","\u002Fwp-content\u002Fplugins\u002Fmath-captcha-for-elementor-forms\u002Fassets\u002Fjs\u002Fjquery.ebcaptcha.js","\u002Fwp-content\u002Fplugins\u002Fmath-captcha-for-elementor-forms\u002Fassets\u002Fjs\u002Fmain.js",[],[193,192,191],[197,198,199,200],"math-captcha-for-elementor-forms\u002Fassets\u002Fcss\u002Fmain.css?ver=","math-captcha-for-elementor-forms\u002Fassets\u002Fjs\u002Fmain.js?ver=","math-captcha-for-elementor-forms\u002Fassets\u002Fjs\u002Fjquery.ebcaptcha.js?ver=","math-captcha-for-elementor-forms\u002Fassets\u002Fjs\u002Farrive.min.js?ver=",{"cssClasses":202,"htmlComments":204,"htmlAttributes":205,"restEndpoints":207,"jsGlobals":208,"shortcodeOutput":212},[203],"bs-submit-button-event",[],[206],"id=\"bs_ebcaptchainput\"",[],[209,210,211],"bs_math_captcha_plus_sign","bs_math_captcha_minus_sign","bs_math_captcha_multiply_sign",[]]