[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$flBE7tZTwyAa2yth7RbZhOkMEfOV8odcbnvZoyiq8smI":3,"$fHuBhCB63feDdyM2hg4Cz-_wKHF7LU6GpnZbiq1lqG1c":203,"$fJKBWH1wweXWPwpKOWM-LRmfuP8Y9Wzm25xR2DB1oBhU":208},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":16,"download_link":21,"security_score":22,"vuln_count":11,"unpatched_count":11,"last_vuln_date":23,"fetched_at":24,"discovery_status":25,"vulnerabilities":26,"developer":27,"crawl_stats":23,"alternatives":33,"analysis":140,"fingerprints":184},"secure-login-captcha","Login Captcha","1.0","sach3932","https:\u002F\u002Fprofiles.wordpress.org\u002Fsach3932\u002F","\u003Cp>This plugin used to apply\u002Fadd login captcha field to wordpress login form.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>Extremely easy to use\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Secure\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>No Admin Settings.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin used to apply\u002Fadd login captcha field to wordpress login form.",0,959,"2019-10-09T11:25:00.000Z","5.2.24","4.9","",[18,19,20],"captcha","login","security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecure-login-captcha.1.0.zip",85,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":22,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},3,120,30,84,"2026-05-19T22:53:55.574Z",[34,59,80,103,121],{"slug":35,"name":36,"version":37,"author":38,"author_profile":39,"description":40,"short_description":41,"active_installs":42,"downloaded":43,"rating":44,"num_ratings":45,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":16,"tags":49,"homepage":53,"download_link":54,"security_score":55,"vuln_count":56,"unpatched_count":11,"last_vuln_date":57,"fetched_at":58},"siteguard","SiteGuard WP Plugin","1.7.9","jp-secure","https:\u002F\u002Fprofiles.wordpress.org\u002Fjp-secure\u002F","\u003Cp>You can find docs, FAQ and more detailed information on \u003Ca href=\"https:\u002F\u002Fwww.jp-secure.com\u002Fsiteguard_wp_plugin_en\u002F\" rel=\"nofollow ugc\">English Page\u003C\u002Fa> \u003Ca href=\"https:\u002F\u002Fwww.jp-secure.com\u002Fsiteguard_wp_plugin\u002F\" rel=\"nofollow ugc\">Japanese Page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Simply install the SiteGuard WP Plugin, WordPress security is improved.\u003Cbr \u002F>\nThis plugin is a security plugin that specializes in the login attack of brute force, such as protection and management capabilities.\u003C\u002Fp>\n\u003Cp>Notes\u003C\u002Fp>\n\u003Cul>\n\u003Cli>It does not support the multisite function of WordPress.\u003C\u002Fli>\n\u003Cli>It only supports Apache 1.3, 2.x for Web servers.\u003C\u002Fli>\n\u003Cli>To use the CAPTCHA function, the expansion library “mbstring” and “gd” should be installed on php.\u003C\u002Fli>\n\u003Cli>To use the management page filter function and login page change function, “mod_rewrite” should be loaded on Apache.\u003C\u002Fli>\n\u003Cli>To use the WAF Tuning Support, WAF ( SiteGuard Server Edition ) should be installed on Apache.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>There are the following functions.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Admin Page IP Filter\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function for the protection against the attack to the management page (under wp-admin.)\u003Cbr \u002F>\nTo the access from the connection source IP address which does not login to the management page, 404 (Not Found) is returned.\u003Cbr \u002F>\nAt the login, the connection source IP address is recorded and the access to that page is allowed.\u003Cbr \u002F>\nThe connection source IP address which does not login for more than 24 hours is sequentially deleted.\u003Cbr \u002F>\nThe URL (under wp-admin) where this function is excluded can be specified.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Rename Login\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to decrease the vulnerability against an illegal login attempt attack such as a brute force attack or a password list attack.\u003Cbr \u002F>\nThe login page name (wp-login.php) is changed. The initial value is “login_\u003C5 random digits>” but it can be changed to a favorite name.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>CAPTCHA\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to decrease the vulnerability against an illegal login attempt attack such as a brute force attack or a password list attack,\u003Cbr \u002F>\nor to receive less comment spam. For the character of CAPTCHA, hiragana and alphanumeric characters can be selected.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Login Lock\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to decrease the vulnerability against an illegal login attempt attack such as a brute force attack or a password list attack.\u003Cbr \u002F>\nEspecially, it is the function to prevent an automated attack. The connection source IP address the number of login failure of which reaches\u003Cbr \u002F>\nthe specified number within the specified period is blocked for the specified time.\u003Cbr \u002F>\nEach user account is not locked.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Login Alert\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to make it easier to notice unauthorized login. E-mail will be sent to a login user when logged in.\u003Cbr \u002F>\nIf you receive an e-mail to there is no logged-in idea, please suspect unauthorized login.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Fail Once\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to decrease the vulnerability against a password list attack. Even is the login input is correct, the first login must fail.\u003Cbr \u002F>\nAfter 5 seconds and later within 60 seconds, another correct login input make login succeed. At the first login failure, the following error message is displayed.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable Pingback\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The pingback function is disabled and its abuse is prevented.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Block Author Query\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Prevents leakage of user names due to “\u002F?author=” access.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Updates Notify\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Basic of security is that always you use the latest version. If WordPress core, plugins, and themes updates are needed , sends email to notify administrators.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WAF Tuning Support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to create the rule to avoid the false detection in WordPress (including 403 error occurrence with normal access,)\u003Cbr \u002F>\nif WAF ( SiteGuard Server Edition ) by EG Secure Solutions is installed on a Web server. WAF prevents the attack from the outside against the Web server,\u003Cbr \u002F>\nbut for some WordPress or plugin functions, WAF may detect the attack which is actually not attack and block the function.\u003Cbr \u002F>\nBy creating the WAF exclude rule, the WAF protection function can be activated while the false detection for the specified function is prevented.\u003C\u002Fp>\n\u003Ch4>Translate\u003C\u002Fh4>\n\u003Cp>If you have created your own language pack, or have an update of an existing one, you can send \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FTranslating_WordPress\" rel=\"nofollow ugc\">gettext PO and MO files\u003C\u002Fa> to sgdev@jp-secure.com so that We can bundle it into SiteGuard WP Plugin. You can download the latest \u003Ca href=\"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsiteguard\u002Ftrunk\u002Flanguages\u002Fsiteguard.pot\" rel=\"nofollow ugc\">POT file\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsiteguard\u002Fbranches\u002Flanguages\u002F\" rel=\"nofollow ugc\">PO files in each language\u003C\u002Fa>.\u003C\u002Fp>\n","SiteGurad WP Plugin is the plugin specialized for the protection against the attack to the management page and login.",600000,5197886,86,15,"2026-04-16T06:35:00.000Z","7.0","3.9",[18,50,51,52,20],"login-alert","login-lock","pingback","http:\u002F\u002Fwww.jp-secure.com\u002Fcont\u002Fproducts\u002Fsiteguard_wp_plugin\u002Findex_en.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsiteguard.1.7.9.zip",98,2,"2026-02-23 00:00:00","2026-04-16T10:56:18.058Z",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":69,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":47,"tags":74,"homepage":16,"download_link":78,"security_score":79,"vuln_count":11,"unpatched_count":11,"last_vuln_date":23,"fetched_at":58},"wordfence-login-security","Wordfence Login Security","1.1.15","wfryan","https:\u002F\u002Fprofiles.wordpress.org\u002Fwfryan\u002F","\u003Ch3>WORDFENCE LOGIN SECURITY\u003C\u002Fh3>\n\u003Cp>Wordfence Login Security contains a subset of the functionality found in the full Wordfence plugin: Two-factor Authentication, XML-RPC Protection and Login Page CAPTCHA.\u003C\u002Fp>\n\u003Cp>Are you looking for comprehensive WordPress Security? \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwordfence\u002F\" rel=\"ugc\">Check out the full Wordfence plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>TWO-FACTOR AUTHENTICATION\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Two-factor authentication (2FA), one of the most secure forms of remote system authentication available.\u003C\u002Fli>\n\u003Cli>Use any TOTP-based authenticator app or service like Google Authenticator, Authy, 1Password or FreeOTP.\u003C\u002Fli>\n\u003Cli>Enable 2FA for any WordPress user role.\u003C\u002Fli>\n\u003Cli>Completely free to use, no limits or restrictions of any kind.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>LOGIN PAGE CAPTCHA\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easily enable Google ReCAPTCHA v3 on your login and registration pages.\u003C\u002Fli>\n\u003Cli>Stops bots from logging in without inconveniencing your site visitors.\u003C\u002Fli>\n\u003Cli>Robust protection against password guessing and credential stuffing attacks distributed across large IP pools\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>XML-RPC PROTECTION\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>XML-RPC is the biggest target for WordPress attacks, but is often overlooked.\u003C\u002Fli>\n\u003Cli>Protect XML-RPC with 2FA or disable it altogether if it’s not needed.\u003C\u002Fli>\n\u003C\u002Ful>\n","Secure your website with Wordfence Login Security, providing two-factor authentication, login and registration CAPTCHA, and XML-RPC protection.",70000,1246273,80,25,"2025-01-15T17:05:00.000Z","6.7.5","4.7",[75,18,76,20,77],"2fa","login-security","two-factor-authentication","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwordfence-login-security.1.1.15.zip",92,{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":90,"num_ratings":91,"last_updated":92,"tested_up_to":93,"requires_at_least":94,"requires_php":16,"tags":95,"homepage":99,"download_link":100,"security_score":22,"vuln_count":101,"unpatched_count":11,"last_vuln_date":102,"fetched_at":58},"login-recaptcha","Login No Captcha reCAPTCHA","1.7.3","Robert Peake","https:\u002F\u002Fprofiles.wordpress.org\u002Frobertpeake\u002F","\u003Cp>Adds a Google No Captcha ReCaptcha checkbox to your WordPress and Woocommerce login, forgot password, and user registration pages. Denies access to automated scripts while making it easy on humans to log in by checking a box. As Google says, it is “Tough on bots, easy on humans.”\u003C\u002Fp>\n","Adds a Google No Captcha ReCaptcha checkbox to your Wordpress and Woocommerce login, forgot password, and user registration pages.",60000,1371626,90,63,"2024-02-27T10:43:00.000Z","6.4.8","4.6",[96,19,97,98,20],"google","nocaptcha","recaptcha","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flogin-recaptcha\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-recaptcha.1.7.3.zip",1,"2022-08-16 00:00:00",{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":111,"downloaded":112,"rating":55,"num_ratings":113,"last_updated":114,"tested_up_to":47,"requires_at_least":115,"requires_php":47,"tags":116,"homepage":118,"download_link":119,"security_score":120,"vuln_count":11,"unpatched_count":11,"last_vuln_date":23,"fetched_at":58},"login-security-recaptcha","Login Security Captcha","1.8.7","ScriptsTown","https:\u002F\u002Fprofiles.wordpress.org\u002Fscriptstown\u002F","\u003Cp>\u003Cstrong>Login Security Captcha\u003C\u002Fstrong> is a security plugin for WordPress to add CAPTCHA or CAPTCHA-free services such as Cloudflare \u003Cstrong>Turnstile\u003C\u002Fstrong> and Google \u003Cstrong>reCAPTCHA\u003C\u002Fstrong> to the WordPress login, registration, lost password, and comment form. This is a fast and lightweight security plugin to place captcha on standard WordPress forms with minimal footprints. It can prevent spam comments and protect the login form against Brute-force attacks. It has simple settings to configure the plugin quickly.\u003C\u002Fp>\n\u003Cp>The plugin supports \u003Cstrong>Cloudflare Turnstile\u003C\u002Fstrong>, Google \u003Cstrong>reCAPTCHA\u003C\u002Fstrong> Version 2, and Version 3 with multiple options. This is the best WordPress captcha plugin for antispam protection to secure comment form and WordPress login page. It allows you to place different versions of reCAPTCHA and also Turnstile on different forms at the same time. This plugin comes with a set of simple options to quickly set up captcha validation on the common forms.\u003C\u002Fp>\n\u003Cp>Using this security plugin, you can change the captcha theme to light or dark depending on your preferences for Cloudflare Turnstile and Google reCAPTCHA. You can also configure various other parameters like the score value for reCAPTCHA version 3. You can monitor the error logs and have the option to disable the captcha on the comment form for logged-in users. Also, you can adjust the captcha size to compact or normal for \u003Cstrong>Cloudflare Turnstile\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch3>Login Security Captcha Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Cloudflare \u003Cstrong>Turnstile\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Google reCAPTCHA v2\u003C\u002Fli>\n\u003Cli>Google reCAPTCHA v3\u003C\u002Fli>\n\u003Cli>Set reCAPTCHA v3 Position\u003C\u002Fli>\n\u003Cli>Captcha Theme and Size\u003C\u002Fli>\n\u003Cli>Secure Login Form\u003C\u002Fli>\n\u003Cli>Secure Registration Form\u003C\u002Fli>\n\u003Cli>Secure Lost Password Form\u003C\u002Fli>\n\u003Cli>Protect Comment Spam\u003C\u002Fli>\n\u003Cli>Monitor Error Logs\u003C\u002Fli>\n\u003Cli>Prevent Brute-force Attack\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Upgrade To Pro – \u003Ca href=\"https:\u002F\u002Fscriptstown.com\u002Fwordpress-plugins\u002Flogin-security-pro\u002F#pricing\" title=\"Upgrade To Pro\" rel=\"nofollow ugc\">Click Here\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Login Security Pro Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Limit Login Attempts\u003C\u002Fstrong> by IP Address\u003C\u002Fli>\n\u003Cli>Check and Monitor \u003Cstrong>Last Login\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Check Login History by Username\u003C\u002Fli>\n\u003Cli>Recent Login Dashboard Widget\u003C\u002Fli>\n\u003Cli>Cloudflare \u003Cstrong>Turnstile\u003C\u002Fstrong> Support\u003C\u002Fli>\n\u003Cli>Google \u003Cstrong>reCAPTCHA\u003C\u002Fstrong> v2 and v3\u003C\u002Fli>\n\u003Cli>Redirect after Login or Logout\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role-Based Redirection\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Secure Login and Registration Form\u003C\u002Fli>\n\u003Cli>Secure Lost Password Form\u003C\u002Fli>\n\u003Cli>Easy to Protect Comment Spam\u003C\u002Fli>\n\u003Cli>Login Form – \u003Cstrong>WooCommerce\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Lost Password Form – \u003Cstrong>WooCommerce\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Registration Form – \u003Cstrong>WooCommerce\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Secure \u003Cstrong>WooCommerce\u003C\u002Fstrong> Checkout Form\u003C\u002Fli>\n\u003Cli>Advanced Security and Much More\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Check Pro Plugin – \u003Ca href=\"https:\u002F\u002Fscriptstown.com\u002Fwordpress-plugins\u002Flogin-security-pro\u002F\" title=\"Check Pro Plugin\" rel=\"nofollow ugc\">Click Here\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n","Secure WordPress login, registration, and comment form with Google reCAPTCHA or Cloudflare Turnstile. Prevent Brute-force attacks and more.",10000,301909,20,"2026-04-13T10:51:00.000Z","5.0",[18,117,19,98,20],"cloudflare","https:\u002F\u002Fscriptstown.com\u002Fwordpress-plugins\u002Flogin-security-recaptcha\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-security-recaptcha.1.8.7.zip",100,{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":111,"downloaded":129,"rating":130,"num_ratings":131,"last_updated":132,"tested_up_to":133,"requires_at_least":134,"requires_php":135,"tags":136,"homepage":16,"download_link":139,"security_score":120,"vuln_count":11,"unpatched_count":11,"last_vuln_date":23,"fetched_at":58},"simple-login-captcha","Simple Login Captcha","1.3.6","Nikolay Nikolov","https:\u002F\u002Fprofiles.wordpress.org\u002Fnnikolov\u002F","\u003Cp>A simple captcha for the WordPress login form. To be able to login, the user is required to enter a random 3-digit number in a text field.\u003C\u002Fp>\n\u003Cp>The correct number is displayed above the field by a small JavaScript code. Compatible with the WooCommerce login form. Compatible with multisite.\u003C\u002Fp>\n\u003Ch4>Demo\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fnikolaydev.com\u002Fwp-login.php\" rel=\"nofollow ugc\">https:\u002F\u002Fnikolaydev.com\u002Fwp-login.php\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Simple\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>No complicated features\u003C\u002Fli>\n\u003Cli>No settings\u003C\u002Fli>\n\u003Cli>No image generation\u003C\u002Fli>\n\u003Cli>No API\u003C\u002Fli>\n\u003Cli>No sessions\u003C\u002Fli>\n\u003Cli>No cookies\u003C\u002Fli>\n\u003Cli>No IP address detection\u003C\u002Fli>\n\u003Cli>No personal data collection\u003C\u002Fli>\n\u003Cli>No vulnerabilities in the programming code\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Recommendation\u003C\u002Fh4>\n\u003Cp>Bots can also try to login with the XML-RPC feature of WordPress! Very rarely plugins also need this (like the Jetpack plugin). But if you don’t use it, I recommend that you disable it. You can use the super simple one-line plugin \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-xml-rpc\u002F\" rel=\"ugc\">Disable XML-RPC\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Notice\u003C\u002Fh4>\n\u003Cp>This is a simple plugin designed to protect against random bots that try to login on your site. But if a person actually looks at the code of this plugin and specifically designs a new bot that targets this plugin, this bot would be able to bypass the protection.\u003C\u002Fp>\n","Adds a simple 3-digit number captcha on the login form.",75247,78,17,"2025-12-04T15:24:00.000Z","6.9.4","3.5","5.2",[18,19,20,137,138],"simple","spam","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-login-captcha.1.3.6.zip",{"attackSurface":141,"codeSignals":162,"taintFlows":171,"riskAssessment":172,"analyzedAt":183},{"hooks":142,"ajaxHandlers":158,"restRoutes":159,"shortcodes":160,"cronEvents":161,"entryPointCount":11,"unprotectedCount":11},[143,148,152],{"type":144,"name":145,"callback":146,"priority":101,"file":147,"line":45},"action","init","Captcha_Session_Start","login-captcha.php",{"type":144,"name":149,"callback":150,"file":147,"line":151},"login_form","Captcha_login_field",29,{"type":153,"name":154,"callback":155,"priority":156,"file":147,"line":157},"filter","authenticate","Captcha_Code_authenticate",10,33,[],[],[],[],{"dangerousFunctions":163,"sqlUsage":164,"outputEscaping":166,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":170},[],{"prepared":11,"raw":11,"locations":165},[],{"escaped":11,"rawEcho":101,"locations":167},[168],{"file":147,"line":31,"context":169},"raw output",[],[],{"summary":173,"deductions":174},"The \"secure-login-captcha\" v1.0 plugin exhibits a seemingly strong security posture based on the provided static analysis. There are no detected AJAX handlers, REST API routes, shortcodes, or cron events, resulting in zero identified entry points and thus no unprotected ones. The code also shows no usage of dangerous functions, no direct SQL queries (all use prepared statements), no file operations, and no external HTTP requests.  Furthermore, there are no recorded vulnerabilities in its history, suggesting a history of secure development or limited exposure.\n\nHowever, a significant concern arises from the complete absence of nonce and capability checks. While the attack surface is currently zero, if any entry points were to be introduced in future versions, this lack of authorization and validation mechanisms would leave them highly vulnerable. The fact that 100% of observed output is not properly escaped is also a notable weakness.  If any data were to be passed through these outputs, it could lead to cross-site scripting (XSS) vulnerabilities.  The taint analysis also shows zero flows, which, while positive, could be a result of limited code complexity or a lack of comprehensive taint analysis rather than absolute safety.\n\nIn conclusion, the plugin appears to have a minimal attack surface and no known historical vulnerabilities. The lack of dangerous functions and use of prepared statements are positive signs. Nevertheless, the complete omission of nonce and capability checks, coupled with unescaped output, represents significant potential security risks should the plugin's functionality evolve or if its current limited scope masks underlying vulnerabilities. The absence of any identified issues in the static analysis, especially regarding output escaping, warrants caution and suggests a need for further code review.",[175,178,181],{"reason":176,"points":177},"100% of outputs not properly escaped",6,{"reason":179,"points":180},"No nonce checks on any entry points",5,{"reason":182,"points":180},"No capability checks on any entry points","2026-04-16T13:20:53.729Z",{"wat":185,"direct":191},{"assetPaths":186,"generatorPatterns":188,"scriptPaths":189,"versionParams":190},[187],"\u002Fwp-content\u002Fplugins\u002Fsecure-login-captcha\u002Flogin-captcha.php",[],[],[],{"cssClasses":192,"htmlComments":194,"htmlAttributes":195,"restEndpoints":198,"jsGlobals":199,"shortcodeOutput":200},[193],"input",[],[196,197],"id=\"captcha_field\"","name=\"captcha_field\"",[],[],[201,202],"\u003Cp>\n        \u003Cstrong>Captcha Code : ","\u003C\u002Fstrong>\n        \u003Cinput type=\"text\" size=\"20\" value=\"\" class=\"input\" id=\"captcha_field\" name=\"captcha_field\">\u003C\u002Flabel>\n    \u003C\u002Fp>",{"error":204,"url":205,"statusCode":206,"statusMessage":207,"message":207},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fsecure-login-captcha\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":101,"versions":209},[210],{"version":6,"download_url":21,"svn_tag_url":211,"released_at":23,"has_diff":212,"diff_files_changed":213,"diff_lines":23,"trac_diff_url":23,"vulnerabilities":214,"is_current":204},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsecure-login-captcha\u002Ftags\u002F1.0\u002F",false,[],[]]