[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f1ZqwdoVaSx7ay4R5nISzJGx5B7c_6RtOgQVYJxus_nY":3,"$f57Phqt9cKXPVrM35abGT4gaDcpWevgTqnzEU3y393jM":219,"$fqM8EFFgYjJ4q2DZfhiJQck0UrAhq5uHPtAXAbRqH35U":224},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":20,"download_link":21,"security_score":22,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":24,"discovery_status":25,"vulnerabilities":26,"developer":27,"crawl_stats":23,"alternatives":32,"analysis":94,"fingerprints":195},"nossl-protect-your-website","NoSSL – protect your website","1.1","smartinmedia","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmartinmedia\u002F","\u003Cp>NoSSL is an open-source software to encrypt the data sent between browser and webserver to protect it from hackers, internet service providers and spies.\u003Cbr \u002F>\nAs a WordPress plugin, i0t will protect your login forms, contact forms and posts.\u003C\u002Fp>\n\u003Cp>While NoSSL is not a replacement for SSL-certificates it is a lot better than using no SSL \u002F security at all.\u003C\u002Fp>\n\u003Cp>Millions of great websites do not provide any protection for their login or contact forms. When website visitors enter confidential information like names, e-mail addresses and passwords, these informations are transmitted openly between web browsers and web servers. Anyone with a connection on the same network could grab these informations and impersonate the user not only on this website but sometimes on other websites, too as many people use the same passwords for multiple websites. Even simple contact forms can offer valuable information to criminals.\u003C\u002Fp>\n\u003Cp>SSL is a good way to encrypt the data between the web browser and web server. However, SSL certificates come with some disadvantages like tedious installation, high yearly costs and the need for an individual IP address.\u003C\u002Fp>\n\u003Cp>NoSSL offers a simple way to protect the traffic between browser and server by using strong encryption protocols. The setup for the protection of your website forms is easy and done in a few well-documented steps. You can download NoSSL for free here and try the beta-version for free. However, you cannot use the beta-version in productive websites yet as there may still be a lot of bugs and security flaws.\u003C\u002Fp>\n","NoSSL encrypts the logins and all forms of your WordPress.",10,1366,0,"2014-09-21T17:31:00.000Z","3.4.2","3.0.1","",[19],"none","http:\u002F\u002Fwww.nossl.net\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnossl-protect-your-website.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":11,"avg_security_score":22,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},1,30,84,"2026-05-20T00:03:22.660Z",[33,53,75],{"slug":34,"name":35,"version":36,"author":37,"author_profile":38,"description":39,"short_description":40,"active_installs":13,"downloaded":41,"rating":13,"num_ratings":13,"last_updated":42,"tested_up_to":43,"requires_at_least":44,"requires_php":45,"tags":46,"homepage":50,"download_link":51,"security_score":52,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":24},"formular-af-citizenone-journalsystem","Formular af CitizenOne journalsystem","1.4.0","AWORK Group A\u002FS","https:\u002F\u002Fprofiles.wordpress.org\u002Fawbot123\u002F","\u003Cul>\n\u003Cli>Customizable embed forms with color matching\u003C\u002Fli>\n\u003Cli>Real-time lead submission to CitizenOne dashboard\u003C\u002Fli>\n\u003Cli>Shortcode & Gutenberg block implementation\u003C\u002Fli>\n\u003Cli>“Formular af CitizenOne – Journalsystem med alt inklusiv” branding\u003C\u002Fli>\n\u003Cli>Mobile-responsive design\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin utilizes the following third-party services to enhance functionality:\u003C\u002Fp>\n\u003Ch3>hCaptcha\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: Optional spam protection for contact forms\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Sent\u003C\u002Fstrong>: User interaction data through hCaptcha’s API\u003C\u002Fli>\n\u003Cli>\u003Cstrong>When\u003C\u002Fstrong>: Only when site administrator has configured hCaptcha keys in plugin settings\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms\u003C\u002Fstrong>: https:\u002F\u002Fhcaptcha.com\u002Fterms\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy Policy\u003C\u002Fstrong>: https:\u002F\u002Fhcaptcha.com\u002Fprivacy\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>CitizenOne API\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: Processing form submissions and generating authentication tokens\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Sent\u003C\u002Fstrong>: Form submission data (as provided by users) and authentication tokens\u003C\u002Fli>\n\u003Cli>\u003Cstrong>When\u003C\u002Fstrong>: When users submit forms through the contact form\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms\u003C\u002Fstrong>: https:\u002F\u002Fcitizenone.dk\u002Fvilkaarogbetingelser\u002F\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy Policy\u003C\u002Fstrong>: https:\u002F\u002Fcitizenone.dk\u002Fprivatlivspolitik\u002F\u003C\u002Fli>\n\u003C\u002Ful>\n","Embed customizable contact forms from CitizenOne on any WordPress site.",267,"2026-01-05T06:19:00.000Z","6.9.4","5.8","7.4",[47,48,49],"citizenone","contacts","leads","https:\u002F\u002Fgithub.com\u002FAWORK-AS\u002Fcontact-form-app","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fformular-af-citizenone-journalsystem.1.4.0.zip",100,{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":13,"downloaded":61,"rating":13,"num_ratings":13,"last_updated":62,"tested_up_to":63,"requires_at_least":64,"requires_php":65,"tags":66,"homepage":72,"download_link":73,"security_score":22,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":74},"open-one-on-demand-delivery","Open One On Demand Delivery","2.1.3","openonetech","https:\u002F\u002Fprofiles.wordpress.org\u002Fopenonetech\u002F","\u003Cp>Open One On Demand Delivery is used to link a store developed in WooCommerce with the Open One API and in this way have a delivery system connected to your online store.\u003C\u002Fp>\n\u003Cp>If you have an online store, developed with woocommerce and you need to integrate it with Open One App, this plugin facilitates this task, you simply have to provide the keys provided by Open One and the plugin will do the rest for you, fully integrated with woocommerce orders and Open One App.\u003C\u002Fp>\n\u003Ch4>How does the plugin work?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Install and activate the plugin.\u003C\u002Fli>\n\u003Cli>Fill in all the fields requested by the plugin.\u003C\u002Fli>\n\u003Cli>Go to the Woocommerce configuration, in the Shipping tab.\u003C\u002Fli>\n\u003Cli>Add a shipping zone.\u003C\u002Fli>\n\u003Cli>Add a shipping method.\u003C\u002Fli>\n\u003Cli>In the list select Open One Shipping Method.\u003C\u002Fli>\n\u003Cli>NOTE: For the correct functioning of the plugin, make sure to assign a name to your timezone (New York for example). If you use UTC format it can cause problems. To edit your timezone you must go to Settings > General > Timezone\u003C\u002Fli>\n\u003C\u002Ful>\n","Open One On Demand Delivery is used to link a store developed in WooCommerce with the Open One API and in this way have a delivery system connected to …",1894,"2021-08-03T17:58:00.000Z","5.8.13","5.3","7.0",[67,68,69,70,71],"api","delivery","e-commerce","openone","woo","https:\u002F\u002Fopen1.app\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fopen-one-on-demand-delivery.2.2.zip","2026-04-06T09:54:40.288Z",{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":13,"downloaded":83,"rating":13,"num_ratings":13,"last_updated":84,"tested_up_to":85,"requires_at_least":16,"requires_php":86,"tags":87,"homepage":92,"download_link":93,"security_score":22,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":24},"sanremo-trails","Sanremo Trails","1.1.0","andreaduemetri","https:\u002F\u002Fprofiles.wordpress.org\u002Fandreaduemetri\u002F","\u003Cp>Plugin of Sanremo Outdoor about trails and outdoor\u003C\u002Fp>\n\u003Cp>This plugin contains shortcodes to add one of your pages for showing everyone the trails maintained in Sanremo by Bignone Outdoor.\u003C\u002Fp>\n","Here is a short description of the plugin.  This should be no more than 150 characters.  No markup here.",7943,"2021-08-03T19:27:00.000Z","5.7.15","4.0",[88,89,90,91],"bignone","outdoor","sanremo","trails","https:\u002F\u002Fbignoneoutdoor.it","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsanremo-trails.1.1.zip",{"attackSurface":95,"codeSignals":114,"taintFlows":172,"riskAssessment":173,"analyzedAt":194},{"hooks":96,"ajaxHandlers":110,"restRoutes":111,"shortcodes":112,"cronEvents":113,"entryPointCount":13,"unprotectedCount":13},[97,103,107],{"type":98,"name":99,"callback":100,"file":101,"line":102},"action","init","process_nossl","nossl.php",50,{"type":98,"name":104,"callback":105,"file":101,"line":106},"wp_enqueue_scripts","add_meta_files",51,{"type":98,"name":108,"callback":105,"file":101,"line":109},"login_enqueue_scripts",52,[],[],[],[],{"dangerousFunctions":115,"sqlUsage":139,"outputEscaping":141,"fileOperations":170,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":171},[116,121,126,131,134],{"fn":117,"file":118,"line":119,"context":120},"set_time_limit","nossl\u002Fgenerate-new-keypair.php",65,"set_time_limit (600); \u002F\u002FImportant: Time limit in seconds, else the script may time out with big keys",{"fn":122,"file":123,"line":124,"context":125},"unserialize","nossl\u002Fphpseclib\u002FCrypt\u002FRSA.php",565,"extract(unserialize($partial));",{"fn":127,"file":128,"line":129,"context":130},"ini_set","nossl\u002Fphpseclib\u002FCrypt\u002FRandom.php",143,"ini_set('session.use_cookies', 0);",{"fn":127,"file":128,"line":132,"context":133},167,"ini_set('session.use_cookies', $old_use_cookies);",{"fn":135,"file":136,"line":137,"context":138},"create_function","nossl\u002Fphpseclib\u002FCrypt\u002Fnot_in_use\u002FBase.php",1963,"return create_function('$_action, &$self, $_text', $init_crypt . 'if ($_action == \"encrypt\") { ' . $",{"prepared":13,"raw":13,"locations":140},[],{"escaped":28,"rawEcho":11,"locations":142},[143,147,149,152,154,156,159,162,164,167],{"file":144,"line":145,"context":146},"nossl\u002FNoSSL.class.php",55,"raw output",{"file":118,"line":148,"context":146},122,{"file":150,"line":151,"context":146},"nossl\u002Fnossl_start.php",131,{"file":150,"line":153,"context":146},221,{"file":150,"line":155,"context":146},230,{"file":157,"line":158,"context":146},"nossl\u002Fphpseclib\u002FNet\u002Fnot_in_use\u002FSFTP\u002FStream.php",750,{"file":160,"line":161,"context":146},"nossl\u002Fphpseclib\u002FNet\u002Fnot_in_use\u002FSFTP.php",2063,{"file":160,"line":163,"context":146},2139,{"file":165,"line":166,"context":146},"nossl\u002Fphpseclib\u002FNet\u002Fnot_in_use\u002FSSH1.php",1519,{"file":168,"line":169,"context":146},"nossl\u002Fphpseclib\u002FNet\u002Fnot_in_use\u002FSSH2.php",2905,79,[],[],{"summary":174,"deductions":175},"The 'nossl-protect-your-website' plugin v1.1 exhibits a mixed security posture. On the positive side, it demonstrates no known CVEs, a clean vulnerability history, and no external HTTP requests, indicating a generally stable and low-profile plugin. The absence of AJAX handlers, REST API routes, shortcodes, and cron events, coupled with the fact that all SQL queries use prepared statements, significantly limits its attack surface and direct database manipulation risks.\n\nHowever, the static analysis reveals several concerning code signals. The presence of dangerous functions like `set_time_limit`, `unserialize`, `ini_set`, and `create_function` without any apparent authorization or capability checks presents potential risks. `unserialize` is particularly concerning as it can lead to Remote Code Execution (RCE) if used with untrusted input. The low percentage of properly escaped output (9%) suggests a high risk of Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts could be injected and executed in the user's browser.\n\nWhile the plugin has a clean vulnerability history, this can be misleading. The lack of detected issues might stem from a lack of in-depth analysis or testing rather than inherent security. The combination of dangerous functions and poor output sanitization, without any nonce or capability checks, creates a significant potential for exploitation. Therefore, despite its clean history, the plugin has inherent risks that require attention.",[176,179,181,184,187,190,192],{"reason":177,"points":178},"Dangerous function: unserialize without checks",15,{"reason":180,"points":11},"Dangerous function: create_function without checks",{"reason":182,"points":183},"Dangerous function: ini_set without checks",8,{"reason":185,"points":186},"Dangerous function: set_time_limit without checks",5,{"reason":188,"points":189},"Low percentage of properly escaped output",7,{"reason":191,"points":11},"No nonce checks",{"reason":193,"points":11},"No capability checks","2026-04-16T12:42:26.551Z",{"wat":196,"direct":205},{"assetPaths":197,"generatorPatterns":200,"scriptPaths":201,"versionParams":202},[198,199],"\u002Fwp-content\u002Fplugins\u002Fnossl-protect-your-website\u002Fnossl\u002Fstyle\u002Fnossl.css","\u002Fwp-content\u002Fplugins\u002Fnossl-protect-your-website\u002Fnossl\u002Fjavascript\u002Fnossl_start.min.js",[],[199],[203,204],"nossl-style?ver=","nossl-js?ver=",{"cssClasses":206,"htmlComments":207,"htmlAttributes":215,"restEndpoints":216,"jsGlobals":217,"shortcodeOutput":218},[],[208,209,208,210,211,212,208,213,214,208],"########################################################################################","## NoSSL V1.1 - Encryption between browser and server","## Copyright (C) 2013 - 2014 Smart In Media GmbH & Co. KG","##","## http:\u002F\u002Fwww.nossl.net","THIS PROGRAM IS LICENSED FOR PRIVATE USE UNDER THE GPL LICENSE","FOR COMMERCIAL USE, PLEASE INQUIRE THROUGH www.nossl.net",[],[],[],[],{"error":220,"url":221,"statusCode":222,"statusMessage":223,"message":223},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fnossl-protect-your-website\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":13,"versions":225},[]]