[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fmspG6EtkIhzqDJZpcGWLRWcvJUzRec5ZTXMKdl6v_QM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":39,"analysis":144,"fingerprints":235},"simple-login-captcha","Simple Login Captcha","1.3.6","Nikolay Nikolov","https:\u002F\u002Fprofiles.wordpress.org\u002Fnnikolov\u002F","\u003Cp>A simple captcha for the WordPress login form. To be able to login, the user is required to enter a random 3-digit number in a text field.\u003C\u002Fp>\n\u003Cp>The correct number is displayed above the field by a small JavaScript code. Compatible with the WooCommerce login form. Compatible with multisite.\u003C\u002Fp>\n\u003Ch4>Demo\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fnikolaydev.com\u002Fwp-login.php\" rel=\"nofollow ugc\">https:\u002F\u002Fnikolaydev.com\u002Fwp-login.php\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Simple\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>No complicated features\u003C\u002Fli>\n\u003Cli>No settings\u003C\u002Fli>\n\u003Cli>No image generation\u003C\u002Fli>\n\u003Cli>No API\u003C\u002Fli>\n\u003Cli>No sessions\u003C\u002Fli>\n\u003Cli>No cookies\u003C\u002Fli>\n\u003Cli>No IP address detection\u003C\u002Fli>\n\u003Cli>No personal data collection\u003C\u002Fli>\n\u003Cli>No vulnerabilities in the programming code\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Recommendation\u003C\u002Fh4>\n\u003Cp>Bots can also try to login with the XML-RPC feature of WordPress! Very rarely plugins also need this (like the Jetpack plugin). But if you don’t use it, I recommend that you disable it. You can use the super simple one-line plugin \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-xml-rpc\u002F\" rel=\"ugc\">Disable XML-RPC\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Notice\u003C\u002Fh4>\n\u003Cp>This is a simple plugin designed to protect against random bots that try to login on your site. But if a person actually looks at the code of this plugin and specifically designs a new bot that targets this plugin, this bot would be able to bypass the protection.\u003C\u002Fp>\n","Adds a simple 3-digit number captcha on the login form.",10000,74617,78,17,"2025-12-04T15:24:00.000Z","6.9.4","3.5","5.2",[20,21,22,23,24],"captcha","login","security","simple","spam","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-login-captcha.1.3.6.zip",100,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":27,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"nnikolov",2,16000,30,94,"2026-04-04T15:59:30.040Z",[40,63,80,100,128],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":27,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":54,"tags":55,"homepage":60,"download_link":61,"security_score":62,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"power-captcha-recaptcha","Power Captcha reCAPTCHA","1.1.0","Denis Alemán","https:\u002F\u002Fprofiles.wordpress.org\u002Fdenisaleman\u002F","\u003Cp>Protect your WordPress, WooCommerce, and Contact Form 7 forms from spam, brute-force attacks, and fake accounts using Google reCAPTCHA.\u003C\u002Fp>\n\u003Cp>Power Captcha reCAPTCHA supports 3 Google reCAPTCHA types integrated into 6 common WordPress forms, including login and comment forms, 7 WooCommerce forms, and Contact Form 7.\u003C\u002Fp>\n\u003Ch3>3 CAPTCHA Types\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Score-based (v3) CAPTCHA.\u003C\u002Fstrong> Seamless detection.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>“I’m not a robot” CAPTCHA checkbox.\u003C\u002Fstrong> Verification requests with a challenge.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Invisible reCAPTCHA.\u003C\u002Fstrong> Improved, challenge-based CAPTCHA without a checkbox.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>6 WordPress Forms\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Login form\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Register form\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Comment form\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lost password form\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reset password form\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Register form\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>7 WooCommerce Forms\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Login form\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Register form\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Checkout form\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Review form\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reset password form\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lost password form\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contact Form 7\u003C\u002Fh3>\n\u003Cp>As of version 1.0.7, Power Captcha reCAPTCHA integrates with Contact Form 7. You can easily add the Power Captcha reCAPTCHA field to your Contact Form 7 forms.\u003C\u002Fp>\n\u003Ch3>Activity Report\u003C\u002Fh3>\n\u003Cp>The Activity Report feature for the plugin provides users with a detailed overview of captcha interactions. It tracks and displays the number of solved, failed, and empty captchas, offering a daily breakdown to monitor performance trends. Stay informed with clear insights into your captcha performance.\u003C\u002Fp>\n","Protect WordPress\u002FWooCommerce\u002FContact Form 7 forms from spam, brute-force attacks, fake comments, accounts, or registrations with Google reCAPTCHA.",1000,6098,3,"2025-03-09T01:27:00.000Z","6.8.0","5.0","5.5",[56,20,57,58,59],"anti-spam-security","comment-form","google-recaptcha","login-security","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpower-captcha-recaptcha\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpower-captcha-recaptcha.1.1.0.zip",92,{"slug":64,"name":65,"version":66,"author":67,"author_profile":68,"description":69,"short_description":70,"active_installs":71,"downloaded":72,"rating":27,"num_ratings":73,"last_updated":74,"tested_up_to":16,"requires_at_least":75,"requires_php":76,"tags":77,"homepage":25,"download_link":79,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"kaya-login-captcha","Kaya Login Captcha","1.0.2","Kaya Studio","https:\u002F\u002Fprofiles.wordpress.org\u002Fkayastudio\u002F","\u003Cp>\u003Cstrong>Why use “Kaya Login Captcha”?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin Adds a simple captcha on login form, register form and lost-password form.\u003C\u002Fp>\n\u003Cp>Easy install and use, captcha settings are fully customizable and you can choose the forms on which to display it. The blocked request HTTP status can be customized and the XML-RPC feature can be disabled.\u003C\u002Fp>\n\u003Cp>Captcha statistics are also available on the settings page, with the count of passed and blocked requests sorted by year and month.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Captcha available on the login form (Dashboard and WooCommerce).\u003C\u002Fli>\n\u003Cli>Captcha available on the lost-password form (Dashboard and WooCommerce).\u003C\u002Fli>\n\u003Cli>Captcha available on the register form (Dashboard and WooCommerce).\u003C\u002Fli>\n\u003Cli>Editable Captcha code length.\u003C\u002Fli>\n\u003Cli>Editable Captcha code format: numeric, alphabetic or alphanumeric.\u003C\u002Fli>\n\u003Cli>Random lines available in the background of the Captcha.\u003C\u002Fli>\n\u003Cli>Editable blocked request HTTP status.\u003C\u002Fli>\n\u003Cli>XML-RPC WordPress API deactivatable.\u003C\u002Fli>\n\u003Cli>Captcha statistics of passed and blocked requests sorted by year and month.\u003C\u002Fli>\n\u003Cli>Compatible with WordPress MultiSite and WooCommerce.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>“Kaya Login Captcha” is a professional login captcha system with fully customizable settings.\u003C\u002Fp>\n\u003Ch4>Privacy\u003C\u002Fh4>\n\u003Cp>This plugin does not collect or store any user data. It does not set any cookies and does not connect to any third-party applications. This plugin only generate a captcha code to verify human action for selected forms on your settings.\u003C\u002Fp>\n\u003Ch4>Available Languages\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>English.\u003C\u002Fli>\n\u003Cli>French.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Feedback\u003C\u002Fh4>\n\u003Cp>Any suggestions or feedback is welcome, thank you for using or trying one of my plugins. Please take the time to let me know about your experiences and rate this plugin.\u003C\u002Fp>\n","Adds a simple captcha on login form, register form and lost-password form.",200,2708,1,"2025-12-03T10:41:00.000Z","4.6.0","5.3",[78,20,21,59,24],"brute-force-protection","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkaya-login-captcha.1.0.2.zip",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":28,"num_ratings":28,"last_updated":90,"tested_up_to":91,"requires_at_least":92,"requires_php":25,"tags":93,"homepage":97,"download_link":98,"security_score":99,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"nf-captcha","NF Captcha","1.0","macnetic-labs","https:\u002F\u002Fprofiles.wordpress.org\u002Fmacnetic-labs\u002F","\u003Cp>NF Captcha adds really simple captcha elements to the Elements’ block. It also includes labels and custom classes for the element to allow for more styling. It ist a good alternative, if you don’t want use reCAPTCHA or Anti-Spam-Question.\u003C\u002Fp>\n\u003Cp>This plugin requires the Ninja Forms and Really Simple CAPTCHA plugin.\u003C\u002Fp>\n","NF Captcha adds Really Simple CAPTCHA element for human check.",10,1426,"2016-02-04T05:47:00.000Z","4.4.34","3.9",[94,20,81,95,96,22,24],"antispam","ninja-forms","really-simple-captcha","http:\u002F\u002Fmacnetic-labs.de","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnf-captcha.zip",85,{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":88,"downloaded":108,"rating":28,"num_ratings":28,"last_updated":109,"tested_up_to":25,"requires_at_least":110,"requires_php":25,"tags":111,"homepage":125,"download_link":126,"security_score":99,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":127},"protect-ai-login","Protect Ai Login","1.0.0","anouny","https:\u002F\u002Fprofiles.wordpress.org\u002Fanouny\u002F","\u003Cp>Protect Ai Login changes default WordPress login URL to the url you define, denied brute force attacks, spam logins, and bot or automatic register. The plugin blocks access to default login url, generates a custom branded login panel, without creating a custom page on your website.\u003C\u002Fp>\n\u003Cp>The plugin offers protection with Google reCAPTCHA v2.\u003C\u002Fp>\n\u003Ch3>Plugin Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Define new login url easily from settings page.\u003C\u002Fli>\n\u003Cli>Protect against spam login, bot registration or signup, with the integration of Google reCaptcha.\u003C\u002Fli>\n\u003Cli>Secure AXS is compatible with any permalink setup including the default.\u003C\u002Fli>\n\u003Cli>Choose to allow users with the role “Editor” to access plugin settings.\u003C\u002Fli>\n\u003Cli>Fully branded login page with colors and login logo of your choice.\u003C\u002Fli>\n\u003Cli>Plugin doesn’t create new pages on your website for displaying the new login panel.\u003C\u002Fli>\n\u003Cli>Plugin is compatible with other major security & cache plugins.\u003C\u002Fli>\n\u003Cli>Test with wordpress 4.4.2\u003C\u002Fli>\n\u003C\u002Ful>\n","Change default login site to a custom URL, block spam, bot registration, and brute-force using Google reCAPTCHA.",1394,"2016-04-14T06:46:00.000Z","4.0",[112,113,114,115,116,117,20,118,21,119,120,121,122,123,22,124,24],"access","attack","axs","block","brute","brute-force-attack","force","no-captcha","nocaptcha","recaptcha","register","secure","sign","https:\u002F\u002Fwordpress.org\u002Fplugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprotect-ai-login.zip","2026-03-15T14:54:45.397Z",{"slug":129,"name":130,"version":103,"author":131,"author_profile":132,"description":133,"short_description":134,"active_installs":28,"downloaded":135,"rating":28,"num_ratings":28,"last_updated":136,"tested_up_to":16,"requires_at_least":137,"requires_php":25,"tags":138,"homepage":25,"download_link":143,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"cubemage-login-guard","CubeMage Login Guard","CubeMage","https:\u002F\u002Fprofiles.wordpress.org\u002Fcubemage\u002F","\u003Cp>\u003Cstrong>Login Guard by CubeMage\u003C\u002Fstrong> provides a security solution to protect your WordPress login, registration, and comment forms against spam and brute-force attacks.\u003C\u002Fp>\n\u003Cp>Instead of relying solely on password verification, this plugin integrates Cloudflare Turnstile to validate visitors before WordPress processes the authentication request. This approach helps reduce server load caused by automated bot attempts.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Cloudflare Turnstile Integration:\u003C\u002Fstrong> Uses a privacy-focused, GDPR-compliant alternative to CAPTCHA for bot verification.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Pre-Authentication Check:\u003C\u002Fstrong> Validates the Turnstile token before the database query occurs, saving server resources.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Limit Login Attempts:\u003C\u002Fstrong> Automatically blocks IP addresses after 5 consecutive failed login attempts within 15 minutes to prevent brute-force attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XML-RPC Protection:\u003C\u002Fstrong> Disables XML-RPC functionality to close a common attack vector often used for DDoS attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Form Support:\u003C\u002Fstrong> Adds protection to the Login form, Registration form, Lost Password form, and Comment section.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Performance:\u003C\u002Fstrong> Uses native WordPress Transients for tracking failed attempts, avoiding the creation of heavy custom database tables.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Configuration:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The plugin includes a setup interface to easily input your Cloudflare Site Key and Secret Key.\u003C\u002Fp>\n","Integrates Cloudflare Turnstile, Limits Login Attempts, and Disables XML-RPC to protect WordPress forms.",123,"2025-12-13T14:03:00.000Z","5.8",[139,140,141,142,22],"anti-spam","cloudflare-turnstile","limit-login-attempts","recaptcha-alternative","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcubemage-login-guard.1.0.0.zip",{"attackSurface":145,"codeSignals":186,"taintFlows":195,"riskAssessment":223,"analyzedAt":234},{"hooks":146,"ajaxHandlers":182,"restRoutes":183,"shortcodes":184,"cronEvents":185,"entryPointCount":28,"unprotectedCount":28},[147,154,158,162,166,170,174,178],{"type":148,"name":149,"callback":150,"priority":151,"file":152,"line":153},"action","login_form","slc_login_form_captcha",9999999999,"simple-login-captcha.php",24,{"type":148,"name":155,"callback":156,"priority":151,"file":152,"line":157},"woocommerce_login_form","slc_woo_login_form_captcha",27,{"type":159,"name":160,"callback":161,"priority":151,"file":152,"line":36},"filter","login_form_middle","slc_add_to_wp_login_form",{"type":159,"name":163,"callback":164,"priority":88,"file":152,"line":165},"authenticate","slc_validate_login_form",33,{"type":148,"name":167,"callback":168,"file":152,"line":169},"login_enqueue_scripts","slc_register_captcha_style",36,{"type":148,"name":171,"callback":172,"file":152,"line":173},"wp_enqueue_scripts","slc_register_woo_captcha_style",39,{"type":159,"name":175,"callback":176,"priority":88,"file":152,"line":177},"plugin_action_links","slc_plugin_action_link_statistics",42,{"type":148,"name":179,"callback":180,"file":152,"line":181},"init","slc_load_the_languages",45,[],[],[],[],{"dangerousFunctions":187,"sqlUsage":188,"outputEscaping":191,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":194},[],{"prepared":189,"raw":28,"locations":190},4,[],{"escaped":192,"rawEcho":28,"locations":193},19,[],[],[196,215],{"entryPoint":197,"graph":198,"unsanitizedCount":73,"severity":214},"slc_validate_login_form (simple-login-captcha.php:178)",{"nodes":199,"edges":211},[200,205],{"id":201,"type":202,"label":203,"file":152,"line":204},"n0","source","$_POST",206,{"id":206,"type":207,"label":208,"file":152,"line":209,"wp_function":210},"n1","sink","get_row() [SQLi]",210,"get_row",[212],{"from":201,"to":206,"sanitized":213},false,"high",{"entryPoint":216,"graph":217,"unsanitizedCount":73,"severity":214},"\u003Csimple-login-captcha> (simple-login-captcha.php:0)",{"nodes":218,"edges":221},[219,220],{"id":201,"type":202,"label":203,"file":152,"line":204},{"id":206,"type":207,"label":208,"file":152,"line":209,"wp_function":210},[222],{"from":201,"to":206,"sanitized":213},{"summary":224,"deductions":225},"The plugin 'simple-login-captcha' v1.3.6 exhibits a generally strong security posture based on the static analysis. It demonstrates good practices by having no direct attack surface like AJAX handlers, REST API routes, or shortcodes that could be easily exploited. The code also shows adherence to secure coding principles with 100% of SQL queries using prepared statements and all output being properly escaped, which significantly mitigates common web vulnerabilities. The absence of file operations and external HTTP requests further reduces its potential risk profile.\n\nHowever, the taint analysis reveals two flows with unsanitized paths, flagged as high severity. While the static analysis doesn't point to specific CVEs or a history of vulnerabilities, these unsanitized paths are a significant concern. They suggest that user-supplied data might be processed in a way that could lead to path traversal or other file system-related attacks if a malicious actor can influence the input. The lack of capability checks and nonce checks, while potentially not an issue given the limited attack surface, means that if any entry points were to be discovered or introduced in future versions, there would be no built-in authorization or CSRF protection.\n\nIn conclusion, 'simple-login-captcha' v1.3.6 has a solid foundation with its adherence to secure coding for SQL and output handling, and a minimal attack surface. Nevertheless, the presence of high-severity taint flows involving unsanitized paths warrants immediate attention and remediation to ensure a truly secure plugin.",[226,229,232],{"reason":227,"points":228},"High severity unsanitized paths in taint flows",12,{"reason":230,"points":231},"Missing capability checks",5,{"reason":233,"points":231},"Missing nonce checks","2026-03-16T17:46:46.317Z",{"wat":236,"direct":243},{"assetPaths":237,"generatorPatterns":239,"scriptPaths":240,"versionParams":241},[238],"\u002Fwp-content\u002Fplugins\u002Fsimple-login-captcha\u002Fstyles\u002Flogin.css",[],[],[242],"simple-login-captcha\u002Fstyles\u002Flogin.css?ver=",{"cssClasses":244,"htmlComments":256,"htmlAttributes":257,"restEndpoints":260,"jsGlobals":261,"shortcodeOutput":263},[245,246,247,248,249,250,251,252,253,254,255],"slc-code-span","slc-code-paragraph","slc-label-span","slc-label","woocommerce-form-row","woocommerce-form-row--wide","form-row","form-row-wide","woocommerce-Input","woocommerce-Input--text","input-text",[],[258,259],"name=\"slc-captcha-request\"","name=\"slc-captcha-answer\"",[],[262],"answerPool",[]]