[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fkXIait4Y_iYynOCH9Bhe3UTBbGWMSvy5Bx2pWjaL2LM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":136,"fingerprints":271},"mighty-captcha","Mighty CAPTCHA","1.0","Sabaoh","https:\u002F\u002Fprofiles.wordpress.org\u002Fsabaoh\u002F","\u003Cp>This plugin will add some reCAPTCHA widget to login form, comment form, and user registration form. With this plugin, sites owners can avoid spam comment, user registration, and biting password.\u003C\u002Fp>\n\u003Cp>Mighty CAPTCHA uses a Google reCAPTCHA technology. To work, API key pair, issued Google, is necessary.\u003C\u002Fp>\n\u003Cp>For more information about key pair, please refer https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fintro\u002Findex.html .\u003C\u002Fp>\n\u003Cp>You can choose which form will be with reCAPTCHA widget or not. For login form and user registration form, a normal size widget is too wide. So you can choose compact widget. (but I do not like it.)\u003C\u002Fp>\n\u003Cp>Below is characteristic of new Google reCAPTCHA.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Easy for ordinary users. They only must check the “I’m not a robot”.\u003C\u002Fli>\n\u003Cli>When Google reCAPTCHA recognized an access was smell fishy, image authentication screen would appear.\u003C\u002Fli>\n\u003Cli>New image authentication screen is without deformed letters, with photo images instead of them.\u003C\u002Fli>\n\u003Cli>Photo images authentication is for example “choose all photos of a cat”. Easy to human and hard to robot.\u003C\u002Fli>\n\u003Cli>It’s easy to use with smart phone or tablet.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Why don’t you usher it into your site!\u003C\u002Fp>\n","Mighty-CAPTCHA add an authentication with Google reCAPTCHA technology to login, comment, and register form, with API keys which delivered by Google.",30,2329,0,"2015-10-09T00:57:00.000Z","4.3.34","4.3.1","",[19,20,21,22,23],"comments","login","register","spam","user","http:\u002F\u002Fwordpress.sabaoh.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmighty-captcha.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":26,"avg_patch_time_days":11,"trust_score":34,"computed_at":35},"sabaoh",2,50,84,"2026-04-04T11:54:19.271Z",[37,56,81,105,121],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":17,"tags":52,"homepage":54,"download_link":55,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"user-last-login","User Last Login","1.2","raj_prince","https:\u002F\u002Fprofiles.wordpress.org\u002Fraj_prince\u002F","\u003Cp>This plugin is specially created for manage the user last login time. The plugin shows the last login date & time of user in manage users view and also has function available to sort the column in ascending and descending order.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Links\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.online-advertisment.com\u002Fuser-last-login-plugin\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.online-advertisment.com\u002Fblog\u002Fuser-last-login\u002F\" rel=\"nofollow ugc\">Donate Us\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Shortcode\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>[user_last_login] \u003C\u002Fpre>\n\u003Cp>It will show you current user last login date time.\u003C\u002Fp>\n\u003Cp>You can also pass the parameters in shortcode\u003C\u002Fp>\n\u003Cpre>[user_last_login user_id='2' format='F j, Y g:i a']\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Widget\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>You can show user last login date time using widget “User Last Login”\u003C\u002Fp>\n","Displays login datetime in manage users screen and sorts users by last login time.",600,11074,100,9,"2017-02-27T05:50:00.000Z","4.7.32","4.0",[19,53,20,22,23],"last","http:\u002F\u002Fwww.online-advertisment.com\u002Fblog\u002Fuser-last-login\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-last-login.zip",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":66,"num_ratings":67,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":71,"tags":72,"homepage":17,"download_link":78,"security_score":79,"vuln_count":32,"unpatched_count":13,"last_vuln_date":80,"fetched_at":28},"captcha-code-authentication","Captcha Code","3.3","WebFactory","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebfactory\u002F","\u003Cp>Adds GDPR compatible captcha code anti-spam protection to WordPress forms – comments form, registration form, lost password form, and login form. In order to post comments or register, users have to type in the code shown on the image. This prevents spam from automated bots & adds security. No external services (like Google ReCaptcha) are used. No API keys are needed, and no user-identifiable data is used so it’s GDPR compatible.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Captcha position – comments form, login form, registration form, or lost password form.\u003C\u002Fli>\n\u003Cli>Letters type – capital letters, small letters, or captial & small letters.\u003C\u002Fli>\n\u003Cli>Captcha type – alphanumeric, alphabets or numbers.\u003C\u002Fli>\n\u003Cli>Translation enabled.\u003C\u002Fli>\n\u003C\u002Fol>\n","GDPR compatible captcha anti-spam protection for login form, comments form, registration form & lost password form. Eliminate spam with captcha.",100000,678917,76,34,"2025-12-03T18:21:00.000Z","6.9.4","3.0","5.2",[73,74,75,76,77],"captcha","comments-spam","form-captcha","login-captcha","recaptcha","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcaptcha-code-authentication.3.3.zip",99,"2023-11-24 00:00:00",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":47,"downloaded":89,"rating":90,"num_ratings":91,"last_updated":92,"tested_up_to":93,"requires_at_least":94,"requires_php":95,"tags":96,"homepage":100,"download_link":101,"security_score":102,"vuln_count":103,"unpatched_count":13,"last_vuln_date":104,"fetched_at":28},"wp-front-end-profile","WP Frontend Profile","1.3.9","Glowlogix","https:\u002F\u002Fprofiles.wordpress.org\u002Fglowlogix\u002F","\u003Cp>WP Frontend Profile gives you the ability to add a extensible user profile section to the frontend of your WordPress website. By default the plugin adds two tabs to the frontend profile. One of these tabs, titled profile, allows a user to edit their user data including email, first and last names, URL and bio (description). The password tab allows a user to change their password for the site.\u003C\u002Fp>\n\u003Ch4>Plugin Extensibility\u003C\u002Fh4>\n\u003Cp>As the frontend profile is rendered with tabs you can easily add your own tabs with your own fields to store user meta data. Tabs and fields are added through filters and all the saving of the data is taken care of for you.\u003C\u002Fp>\n\u003Cp>You can add the following field types:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WYSIWYG\u003C\u002Fli>\n\u003Cli>Select\u003C\u002Fli>\n\u003Cli>Multi Select\u003C\u002Fli>\n\u003Cli>Radio\u003C\u002Fli>\n\u003Cli>Text Area\u003C\u002Fli>\n\u003Cli>Checkbox\u003C\u002Fli>\n\u003Cli>Password\u003C\u002Fli>\n\u003Cli>Email\u003C\u002Fli>\n\u003Cli>Text\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>See FAQs for how to add our own fields and tabs.\u003C\u002Fp>\n\u003Ch4>Profile Output\u003C\u002Fh4>\n\u003Cp>To output the frontend profile feature you can use the following shortcodes in editor:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Profile page \u003Ccode>[wpfep-profile]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Edit profile \u003Ccode>[wpfep]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Register page \u003Ccode>[wpfep-register]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Login page \u003Ccode>[wpfep-login]\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Added Login Widget\u003C\u002Fli>\n\u003Cli>Addon for Mailchimp\u003C\u002Fli>\n\u003Cli>Added Content Restriction feature for paid members.\u003C\u002Fli>\n\u003C\u002Ful>\n","WP Frontend Profile allows users to edit\u002Fview their profile and register\u002Flogin without going into the dashboard to do so.",22187,86,8,"2026-02-21T21:44:00.000Z","6.8.5","4.0.1","5.2.17",[20,97,21,98,99],"profile","user-meta","users","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-front-end-profile\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-front-end-profile.1.3.9.zip",83,5,"2026-03-06 11:21:23",{"slug":106,"name":107,"version":108,"author":109,"author_profile":110,"description":111,"short_description":112,"active_installs":11,"downloaded":113,"rating":13,"num_ratings":13,"last_updated":114,"tested_up_to":69,"requires_at_least":115,"requires_php":116,"tags":117,"homepage":119,"download_link":120,"security_score":47,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"user-mail-only-register","Multibyte CAPTCHA login and Mail only register","4.03","Katsushi Kawamori","https:\u002F\u002Fprofiles.wordpress.org\u002Fkatsushi-kawamori\u002F","\u003Ch4>Login form with Multibyte CAPTCHA\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Anti-Bot measures with original CAPTCHA.\u003C\u002Fli>\n\u003Cli>WordPress : \u003Ccode>wp-login.php\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>WordPress : \u003Ccode>wp-login.php?action=register\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>WordPress : \u003Ccode>wp-login.php?action=lostpassword\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Register\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Register only email address.\u003C\u002Fli>\n\u003Cli>Can check the terms of use agreement for user register.\u003C\u002Fli>\n\u003Cli>Anti-Bot measures with original CAPTCHA.\u003C\u002Fli>\n\u003Cli>WordPress : \u003Ccode>wp-login.php?action=register\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>shortcode : \u003Ccode>[umorregister]\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Filter for shortcode form\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>\u002F** ==================================================\n * Filter for message.\n *\n *\u002F\nadd_filter( 'umor_register_success_msg', function(){ return 'Message for register success.'; }, 10, 1 );\nadd_filter( 'umor_login_success_login_msg', function(){ return 'Message for login success.'; }, 10, 1 );\nadd_filter( 'umor_register_error', function(){ return 'Message for register error.'; }, 10, 1 );\nadd_filter( 'umor_register_nomail', function(){ return 'Message for unentered mail.'; }, 10, 1 );\nadd_filter( 'umor_register_noterm', function(){ return 'Message for unentered term of use.'; }, 10, 1 );\nadd_filter( 'umor_register_form_label', function(){ return 'Message for form label.'; }, 10, 1 );\nadd_filter( 'umor_register_term_of_use', function(){ return 'Message for term of use.'; }, 10, 1 );\nadd_filter( 'umor_not_register_message', function(){ return 'Message for not register.'; }, 10, 1 );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cpre>\u003Ccode>\u002F** ==================================================\n * Filter for login form message.\n *\n *\u002F\nadd_filter(\n    'umor_login_message',\n    function( $message, $text ) {\n        $message = '\u003Cp class=\"myclass\">';\n        $message .= $text;\n        $message .= '\u003C\u002Fp>';\n        return $message;\n    },\n    10,\n    2\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cpre>\u003Ccode>\u002F** ==================================================\n * Filter for Term of use URL.\n *\n *\u002F\nadd_filter(\n    'umor_register_term_of_use_url',\n    function( $term_of_use_url ) {\n        if ( 'ja' === get_locale() ) {\n            $term_of_use_url = 'https:\u002F\u002Ftest.com\u002Fja\u002F';\n        }\n        return $term_of_use_url;\n    },\n    10,\n    1\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cpre>\u003Ccode>\u002F** ==================================================\n * Filter for input text size.\n *\n *\u002F\nadd_filter( 'umor_register_input_size', function(){ return 17; }, 10, 1 );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cpre>\u003Ccode>\u002F** ==================================================\n * Filter for class name.\n *\n *\u002F\nadd_filter( 'umor_register_notice_class_name', function(){ return 'mynotice'; }, 10, 1 );\nadd_filter( 'umor_register_form_class_name', function(){ return 'myform'; }, 10, 1 );\nadd_filter( 'umor_register_label_class_name', function(){ return 'mylabel'; }, 10, 1 );\nadd_filter( 'umor_register_input_class_name', function(){ return 'myinput'; }, 10, 1 );\nadd_filter( 'umor_register_check_form_class_name', function(){ return 'mycheckform'; }, 10, 1 );\nadd_filter( 'umor_register_check_class_name', function(){ return 'mycheck'; }, 10, 1 );\nadd_filter( 'umor_register_captcha_input_class_name', function(){ return 'mycaptcha_input'; }, 10, 1 );\nadd_filter( 'umor_register_submit_class_name', function(){ return 'mysubmit'; }, 10, 1 );\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Multibyte CAPTCHA login form and register users with mail only.",5650,"2025-12-02T23:22:00.000Z","4.7","8.0",[73,118,20,21,99],"email","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fuser-mail-only-register\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-mail-only-register.4.03.zip",{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":129,"downloaded":130,"rating":13,"num_ratings":13,"last_updated":17,"tested_up_to":69,"requires_at_least":131,"requires_php":17,"tags":132,"homepage":17,"download_link":134,"security_score":47,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":135},"simple-spam-blocker","Simple Spam Blocker","2.0.0","Awais","https:\u002F\u002Fprofiles.wordpress.org\u002Fawais300\u002F","\u003Cp>Simple Spam Blocker use honeypot technique which is fast and easy way to prevent spam. This plugin can stop spam comments, spam registration and also can be used to stop bots to try to login into admin panel. This plugin also provide option to stop spammers to get register via Ultimate Memeber Plugin’s registration from. You can also use shortcode [simple-spam-blocker] on any form to stop spammers.\u003C\u002Fp>\n","Simple Spam Blcoker stop spam comments and also can be used to stop bots to try to login into admin panel.",20,1364,"3.0.1",[19,133,20,22],"honeypot","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-spam-blocker.zip","2026-03-15T10:48:56.248Z",{"attackSurface":137,"codeSignals":194,"taintFlows":221,"riskAssessment":258,"analyzedAt":270},{"hooks":138,"ajaxHandlers":190,"restRoutes":191,"shortcodes":192,"cronEvents":193,"entryPointCount":13,"unprotectedCount":13},[139,145,149,153,157,160,162,165,169,173,178,182,186],{"type":140,"name":141,"callback":142,"file":143,"line":144},"action","admin_init","my_admin_init","mighty-captcha.php",54,{"type":140,"name":146,"callback":147,"file":143,"line":148},"admin_menu","my_admin_menu",57,{"type":140,"name":150,"callback":151,"file":143,"line":152},"admin_notices","my_admin_update_notice",61,{"type":140,"name":154,"callback":155,"file":143,"line":156},"wp_enqueue_scripts","add_enqueue_script",64,{"type":140,"name":158,"callback":155,"file":143,"line":159},"login_enqueue_scripts",65,{"type":140,"name":150,"callback":151,"file":143,"line":161},129,{"type":140,"name":150,"callback":163,"file":143,"line":164},"my_admin_error_notice",131,{"type":140,"name":166,"callback":167,"file":143,"line":168},"login_form","add_login_captcha",260,{"type":140,"name":170,"callback":171,"file":143,"line":172},"wp_authenticate","add_login_check",261,{"type":174,"name":175,"callback":176,"file":143,"line":177},"filter","comment_form_default_fields","add_comment_captcha",306,{"type":140,"name":179,"callback":180,"file":143,"line":181},"pre_comment_on_post","add_comment_check",307,{"type":140,"name":183,"callback":184,"file":143,"line":185},"register_form","add_sign_up_captcha",357,{"type":174,"name":187,"callback":188,"file":143,"line":189},"registration_errors","add_sign_up_check",358,[],[],[],[],{"dangerousFunctions":195,"sqlUsage":196,"outputEscaping":198,"fileOperations":13,"externalRequests":219,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":220},[],{"prepared":13,"raw":13,"locations":197},[],{"escaped":13,"rawEcho":48,"locations":199},[200,203,205,207,209,211,213,215,217],{"file":143,"line":201,"context":202},146,"raw output",{"file":143,"line":204,"context":202},152,{"file":143,"line":206,"context":202},155,{"file":143,"line":208,"context":202},193,{"file":143,"line":210,"context":202},202,{"file":143,"line":212,"context":202},226,{"file":143,"line":214,"context":202},227,{"file":143,"line":216,"context":202},322,{"file":143,"line":218,"context":202},323,3,[],[222,246],{"entryPoint":223,"graph":224,"unsanitizedCount":219,"severity":245},"my_admin_page (mighty-captcha.php:109)",{"nodes":225,"edges":241},[226,230,235,239],{"id":227,"type":228,"label":229,"file":143,"line":201},"n0","source","$_SERVER['REQUEST_URI']",{"id":231,"type":232,"label":233,"file":143,"line":201,"wp_function":234},"n1","sink","echo() [XSS]","echo",{"id":236,"type":228,"label":237,"file":143,"line":238},"n2","$_POST (x2)",119,{"id":240,"type":232,"label":233,"file":143,"line":204,"wp_function":234},"n3",[242,244],{"from":227,"to":231,"sanitized":243},false,{"from":236,"to":240,"sanitized":243},"medium",{"entryPoint":247,"graph":248,"unsanitizedCount":219,"severity":257},"\u003Cmighty-captcha> (mighty-captcha.php:0)",{"nodes":249,"edges":254},[250,251,252,253],{"id":227,"type":228,"label":229,"file":143,"line":201},{"id":231,"type":232,"label":233,"file":143,"line":201,"wp_function":234},{"id":236,"type":228,"label":237,"file":143,"line":238},{"id":240,"type":232,"label":233,"file":143,"line":204,"wp_function":234},[255,256],{"from":227,"to":231,"sanitized":243},{"from":236,"to":240,"sanitized":243},"low",{"summary":259,"deductions":260},"The \"mighty-captcha\" v1.0 plugin presents a mixed security posture.  While it boasts a zero attack surface for common entry points like AJAX handlers, REST API routes, and shortcodes, and utilizes prepared statements for all SQL queries, significant concerns arise from its output escaping and lack of capability checks.  The fact that 100% of its nine output operations are unescaped is a critical weakness, potentially exposing users to Cross-Site Scripting (XSS) vulnerabilities.  Furthermore, the complete absence of nonce and capability checks across all code signals a disregard for fundamental WordPress security practices, leaving it vulnerable to various unauthorized actions if an attack vector is discovered or created.\n\nThe taint analysis indicates that while no critical or high severity flows were found, there are two flows with unsanitized paths. This, combined with the unescaped output, suggests a potential for XSS or other injection vulnerabilities, especially if the data processed in these flows originates from user input.  The plugin's vulnerability history is clean, with no recorded CVEs. This is a positive indicator but should not be relied upon as a sole security measure, especially given the identified code weaknesses. The lack of recorded vulnerabilities may simply mean it hasn't been thoroughly audited or exploited yet.\n\nIn conclusion, \"mighty-captcha\" v1.0 has a low direct attack surface in terms of entry points and secure SQL practices. However, its severe lack of output sanitization and fundamental authentication\u002Fauthorization checks creates significant risks. The presence of unsanitized paths in the taint analysis further exacerbates these risks.  While the plugin has no known vulnerabilities, its internal code quality issues warrant caution and significant security improvements.",[261,263,265,267],{"reason":262,"points":91},"All output operations unescaped",{"reason":264,"points":103},"No nonce checks",{"reason":266,"points":103},"No capability checks",{"reason":268,"points":269},"Taint flows with unsanitized paths (2)",6,"2026-03-16T22:23:48.003Z",{"wat":272,"direct":281},{"assetPaths":273,"generatorPatterns":275,"scriptPaths":276,"versionParams":278},[274],"\u002Fwp-content\u002Fplugins\u002Fmighty-captcha\u002Fcss\u002Fadmin.css",[],[277],"\u002Fwp-content\u002Fplugins\u002Fmighty-captcha\u002Fjs\u002Fmighty-captcha.js",[279,280],"mighty-captcha\u002Fcss\u002Fadmin.css?ver=","mighty-captcha\u002Fjs\u002Fmighty-captcha.js?ver=",{"cssClasses":282,"htmlComments":284,"htmlAttributes":285,"restEndpoints":287,"jsGlobals":288,"shortcodeOutput":290},[283],"g-recaptcha",[],[286],"data-sitekey",[],[289],"grecaptcha",[]]