[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fblkRbHjvaOdq10ydE3ws-1UcNDzXwkwbNsWQpF6qVrA":3,"$fBiU9OZnvXFDEzhKbPfZY8yBXJ0ZHTzDSh7CjVjGCBaY":246,"$fDVtlBBYos1Ptit2_HfiHUObaFJKBesRiN-LRqQw-Zlc":251},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"discovery_status":31,"vulnerabilities":32,"developer":33,"crawl_stats":29,"alternatives":37,"analysis":135,"fingerprints":224},"sync-sugarcrm-users","Sync SugarCRM Users","2.3","sukum","https:\u002F\u002Fprofiles.wordpress.org\u002Fsukum\u002F","\u003Cp>This plugin pulls the user details from a given SugarCRM URL and if there are no corresponding users creates users in WordPress.\u003C\u002Fp>\n\u003Cp>Similarly it allows the user to sync selected WordPress users to SugarCRM as Accounts\u002FContacts\u002FUsers.\u003C\u002Fp>\n\u003Cp>Admin is logged in to SugarCRM transparently and can manage SugarCRM from WordPress.\u003C\u002Fp>\n\u003Cp>If ‘auto sync’ is checked, a user created in wordpress is automatically synced to SugarCRM as Accounts\u002FContacts\u002FUsers.\u003C\u002Fp>\n","Sync SugarCRM Users to WordPress and vice versa",10,2820,100,1,"2016-05-21T17:17:00.000Z","4.5.33","2.6","",[20,21,22,23,24],"accounts","contacts","crm","sugarcrm","users","http:\u002F\u002Fsukum.net\u002Fsync-sugarcrm-users\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsync-sugarcrm-users.2.3.zip",85,0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},30,84,"2026-05-20T01:17:43.649Z",[38,59,80,99,117],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":11,"downloaded":46,"rating":28,"num_ratings":28,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":18,"download_link":57,"security_score":58,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"users-to-crm-contacts","Users to CRM Contacts","1.6","Dipesh Patel","https:\u002F\u002Fprofiles.wordpress.org\u002Fdipesh_patel\u002F","\u003Cp>This plugin integrates your WordPress site with SugarCRM\u002FSuiteCRM, enabling smooth data exchange between your website users and SugarCRM\u002FSuiteCRM contacts.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Automatically sync WordPress users to SugarCRM\u002FSuiteCRM.\u003Cbr \u002F>\n– Map user meta fields to SugarCRM\u002FSuiteCRM contact fields.\u003Cbr \u002F>\n– Create and update SugarCRM\u002FSuiteCRM contacts directly from WordPress.\u003Cbr \u002F>\n– Handle duplicate records with robust conflict management.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Use Cases:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Simplify lead management by syncing website registrations to SugarCRM\u002FSuiteCRM.\u003Cbr \u002F>\n– Update SugarCRM\u002FSuiteCRM contacts when users modify their profiles.\u003Cbr \u002F>\n– Avoid duplicate records with a seamless email-based search.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why Use This Plugin?\u003C\u002Fstrong>\u003Cbr \u002F>\nWith this plugin, you can automate your workflow and enhance your CRM’s usability by keeping your user data in sync with SugarCRM\u002FSuiteCRM.\u003C\u002Fp>\n","Integrate WordPress with SugarCRM\u002FSuiteCRM to sync user data, simplify lead management, and improve user tracking",2685,"2024-12-15T07:23:00.000Z","6.7.5","5.6","7.4",[52,53,54,55,56],"synchronize-wp-users-with-sugarcrm-suitecrm","synchronize-wp-users-with-suitecrm","wordpress-users-to-crm-contacts","wordpress-with-crm","wp-users","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fusers-to-crm-contacts.1.6.zip",92,{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":69,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":18,"tags":74,"homepage":78,"download_link":79,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wc-password-strength-settings","Password Strength Settings for WooCommerce","3.0.1","Danny Santoro","https:\u002F\u002Fprofiles.wordpress.org\u002Fdanielsantoro\u002F","\u003Cp>Help secure your WooCommerce site by enforcing stronger passwords and taking additional control of your strength requirements.\u003C\u002Fp>\n\u003Ch3>What does this plugin do?\u003C\u002Fh3>\n\u003Cp>WooCommerce has an integrated Password Strength Meter which forces users to use strong passwords. Sometimes this isn’t desirable – with this plugin, you can choose between five password levels ranging from “Anything Goes” to “Strong Passwords Only”. In addition, you can modify the colors and appearance of these custom messages, as well as modify or remove the password hint. For details on how the password strength is determined, \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FDanielSantoro\u002Fwc-password-strength-settings\u002Fwiki\u002FHow-Password-Strength-is-Determined\" rel=\"nofollow ugc\">please read the documentation here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>What’s New?\u003C\u002Fh4>\n\u003Cp>Version 3.0.0 is a bit of a rewrite to bring the plugin up to modern coding standards. Functionality should not be impacted, but if it is, please reach out on the support forums.\u003C\u002Fp>\n\u003Cp>Version 3.0.1 is simply a hotfix declaring compatibility with WooCommerce HPOS. Since this plugin doesn’t touch anything with the orders or order metadata, it shouldn’t be impacted at all. \u003Cem>However\u003C\u002Fem>, if you notice any issues then please reach out via the contact form on my website.\u003C\u002Fp>\n\u003Ch4>Notes\u003C\u002Fh4>\n\u003Cp>While this does allow for user accounts to have weaker passwords, it’s a good idea to still encourage strong password use – \u003Cem>especially\u003C\u002Fem> for administrators!\u003C\u002Fp>\n\u003Ch4>Planned Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Option to remove “- Please enter a stronger password.” that is added by WordPress.\u003C\u002Fli>\n\u003Cli>Nothing else at the moment, but let me know if you have any ideas.\u003C\u002Fli>\n\u003C\u002Ful>\n","Help secure your WooCommerce site by enforcing stronger passwords and taking additional control of your strength requirements.",10000,177306,90,24,"2023-10-11T20:51:00.000Z","6.3.8","5.8",[20,75,76,24,77],"passwords","security","woocommerce","https:\u002F\u002Fdanielsantoro.com\u002Fproject\u002Fwoocommerce-password-strength-settings-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwc-password-strength-settings.zip",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":34,"downloaded":88,"rating":89,"num_ratings":14,"last_updated":90,"tested_up_to":91,"requires_at_least":92,"requires_php":18,"tags":93,"homepage":97,"download_link":98,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"freshworks-crm","Freshworks CRM","1.0","joekurian","https:\u002F\u002Fprofiles.wordpress.org\u002Fjoekurian\u002F","\u003Cp>Accelerate revenue growth with the 360° CRM solution. Generate 10X more leads & opportunities and win deals with personalized customer conversations.\u003C\u002Fp>\n\u003Cp>Break down data silos and build a complete view of your customers across multiple touchpoints. Personalize customer interaction to deliver customer delight.\u003C\u002Fp>\n\u003Cp>Impact revenue growth in real-time and forecast with greater accuracy using ready-to-use, AI-powered contact scoring, pipeline management, and forecasting.\u003C\u002Fp>\n\u003Cp>With Freshworks CRM you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Attract visitors, convert them into leads, run campaigns, and turn your website into a lead generation machine.\u003C\u002Fli>\n\u003Cli>Build tailored campaigns and optimize them with real-time data for better engagement\u003C\u002Fli>\n\u003Cli>Get insights across the funnel from lead to revenue with multi-touch attribution.\u003C\u002Fli>\n\u003Cli>Nurture leads along the funnel with targeted campaigns, support customers with educational content, and build deeper relationships.\u003C\u002Fli>\n\u003Cli>Communicate across Phone, Email, Whatsapp, Chat\u003C\u002Fli>\n\u003C\u002Ful>\n","Accelerate revenue growth with the 360° CRM solution. Generate 10X more leads & opportunities and win deals with personalized customer conversatio …",1538,20,"2021-07-28T11:12:00.000Z","5.7.15","5.2",[94,95,96],"creating-contacts","freshworks","freshworks-crm-integration","https:\u002F\u002Fwww.freshworks.com\u002Fcrm\u002F?utm_source=wordpress_integration","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffreshworks-crm.1.0.zip",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":89,"downloaded":107,"rating":13,"num_ratings":14,"last_updated":108,"tested_up_to":109,"requires_at_least":110,"requires_php":49,"tags":111,"homepage":115,"download_link":116,"security_score":58,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"scuolasemplice-contacts","ScuolaSemplice Contacts","1.7","BluCloud Srl","https:\u002F\u002Fprofiles.wordpress.org\u002Fblucloudsrl\u002F","\u003Cp>This free plugin is provided together with the ScuolaSemplice educational activity management system and allows you to publish contact forms to acquire leads and student data that will be automatically imported into the software.\u003Cbr \u002F>\nThe plugin allows you to dynamically design the forms, also including custom fields defined in ScuolaSemplice, allowing you to create completely customizable contact formsThis free plugin is provided together with the ScuolaSemplice educational activity management system and allows you to publish contact forms to acquire leads and student data that will be automatically imported into the software.\u003Cbr \u002F>\nThe plugin allows you to dynamically design the forms, also including custom fields defined in ScuolaSemplice, allowing you to create completely customizable contact forms\u003C\u002Fp>\n\u003Ch3>\u003C\u002Fh3>\n\u003Ch3>ScuolaSemplice Contacts\u003C\u002Fh3>\n\u003Cp>Contributors: blucloud srl\u003Cbr \u002F>\nTags: ScuolaSemplice, crm, leads, contacts, dynamic forms\u003Cbr \u002F>\nRequires at least: 5.3\u003Cbr \u002F>\nTested up to: 5.3\u003Cbr \u002F>\nRequires PHP: 5.6\u003Cbr \u002F>\nStable tag: 0.1\u003Cbr \u002F>\nLicense: GPLv3\u003C\u002Fp>\n\u003Cp>Plugin that allows you to publish contact forms to acquire leads and student data that will be automatically imported into the ScuolaSemplice software\u003C\u002Fp>\n","Plugin that allows you to publish contact forms to acquire leads and student data that will be automatically imported into the ScuolaSemplice software",1414,"2024-12-06T22:54:00.000Z","5.3.21","5.3",[21,22,112,113,114],"dynamic-forms","leads","scuolasemplice","https:\u002F\u002Fwww.scuolasemplice.it\u002Fcontacts-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fscuolasemplice-contacts.zip",{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":11,"downloaded":125,"rating":28,"num_ratings":28,"last_updated":126,"tested_up_to":127,"requires_at_least":73,"requires_php":128,"tags":129,"homepage":133,"download_link":134,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"ajdg-user-cleaner","User Cleaner","1.1","Arnan","https:\u002F\u002Fprofiles.wordpress.org\u002Fadegans\u002F","\u003Cp>If you have a lot of people (or bots) registering on your site that end up doing nothing with their account they may as well be deleted.\u003Cbr \u002F>\n\u003Cstrong>AJdG User Cleaner\u003C\u002Fstrong> works on a daily schedule to check and delete unused accounts that registered 2 weeks before. This means that the new registrant has 2 weeks to do something with their account. Doing something means; post a comment, create a page or create a blogpost.\u003C\u002Fp>\n\u003Cp>Additionally \u003Cstrong>AJdG User Cleaner\u003C\u002Fstrong> supports WooCommerce and bbPress.\u003Cbr \u002F>\nIf the user creates an order in WooCommerce or a topic or reply in bbPress the account is not deleted.\u003Cbr \u002F>\nIf either WooCommerce or bbPress is not active those will not count towards deleting the users.\u003C\u002Fp>\n\u003Cp>This works very simple, \u003Cstrong>AJdG User Cleaner\u003C\u002Fstrong> checks applicable accounts for the required activities.\u003Cbr \u002F>\nThe simplicity of the plugin also means that no warning or notification is given when deleting accounts.\u003Cbr \u002F>\nAccounts are not placed in a trash bin. Deleting of accounts is permanent.\u003C\u002Fp>\n\u003Cp>The Administrator, Editor and Author roles are excempt from deletion.\u003C\u002Fp>\n\u003Cp>This plugin has no settings and works quietly in the background.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Daily delete unused accounts\u003C\u002Fli>\n\u003Cli>Check if the user has created a post or page\u003C\u002Fli>\n\u003Cli>Check if the user has replied to a post (eg. placed a comment)\u003C\u002Fli>\n\u003Cli>Supports WooCommerce checks if the account has orders\u003C\u002Fli>\n\u003Cli>Supports bbPress checks if topics and replies are posted by the account\u003C\u002Fli>\n\u003Cli>Sends an email to the administration email address with how many accounts were deleted that day\u003C\u002Fli>\n\u003C\u002Ful>\n","If an account is registered and nothing is done with it the account is deleted after two weeks.",3908,"2025-12-24T21:59:00.000Z","6.9.4","8.0",[20,130,131,132,24],"delete-accounts","delete-users","protection","https:\u002F\u002Fajdg.solutions\u002Fproduct\u002Fuser-cleaner\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fajdg-user-cleaner.1.1.zip",{"attackSurface":136,"codeSignals":152,"taintFlows":177,"riskAssessment":211,"analyzedAt":223},{"hooks":137,"ajaxHandlers":148,"restRoutes":149,"shortcodes":150,"cronEvents":151,"entryPointCount":28,"unprotectedCount":28},[138,144],{"type":139,"name":140,"callback":141,"file":142,"line":143},"action","admin_menu","sync_sugarcrm_users_ap","sync-sugarcrm-users.php",67,{"type":139,"name":145,"callback":146,"file":142,"line":147},"user_register","sync_sugarcrm_user_register",68,[],[],[],[],{"dangerousFunctions":153,"sqlUsage":154,"outputEscaping":156,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":176},[],{"prepared":28,"raw":28,"locations":155},[],{"escaped":28,"rawEcho":157,"locations":158},7,[159,163,166,168,170,173,174],{"file":160,"line":161,"context":162},"class\\Sync_SugarCRM_Users.php",256,"raw output",{"file":164,"line":165,"context":162},"view\\config.php",2,{"file":167,"line":165,"context":162},"view\\select-wp-users.php",{"file":167,"line":169,"context":162},11,{"file":171,"line":172,"context":162},"view\\sugarcrm.php",12,{"file":171,"line":172,"context":162},{"file":175,"line":165,"context":162},"view\\sync-users-to-wp.php",[],[178,195,203],{"entryPoint":179,"graph":180,"unsanitizedCount":14,"severity":194},"\u003Cconfig> (view\\config.php:0)",{"nodes":181,"edges":191},[182,186],{"id":183,"type":184,"label":185,"file":164,"line":165},"n0","source","$_SERVER['REQUEST_URI']",{"id":187,"type":188,"label":189,"file":164,"line":165,"wp_function":190},"n1","sink","echo() [XSS]","echo",[192],{"from":183,"to":187,"sanitized":193},false,"low",{"entryPoint":196,"graph":197,"unsanitizedCount":14,"severity":194},"\u003Cselect-wp-users> (view\\select-wp-users.php:0)",{"nodes":198,"edges":201},[199,200],{"id":183,"type":184,"label":185,"file":167,"line":165},{"id":187,"type":188,"label":189,"file":167,"line":165,"wp_function":190},[202],{"from":183,"to":187,"sanitized":193},{"entryPoint":204,"graph":205,"unsanitizedCount":14,"severity":194},"\u003Csync-users-to-wp> (view\\sync-users-to-wp.php:0)",{"nodes":206,"edges":209},[207,208],{"id":183,"type":184,"label":185,"file":175,"line":165},{"id":187,"type":188,"label":189,"file":175,"line":165,"wp_function":190},[210],{"from":183,"to":187,"sanitized":193},{"summary":212,"deductions":213},"The security posture of the \"sync-sugarcrm-users\" plugin v2.3 appears mixed, with some positive indicators but significant underlying concerns.  The absence of known CVEs and a clean vulnerability history are strengths, suggesting a generally stable codebase.  However, the static analysis reveals a critical weakness: 100% of outputs are not properly escaped.  This is a major security flaw that could lead to Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious code into the WordPress site through the plugin's output.  While the plugin has no external attack surface exposed through AJAX, REST API, shortcodes, or cron events, and all SQL queries use prepared statements, the lack of output escaping presents a direct and severe risk to users and site integrity.\n\nThe taint analysis, while reporting no critical or high severity flows, is concerning in conjunction with the output escaping issue. The fact that 3 out of 3 analyzed flows have \"unsanitized paths\" is a red flag. While these might not have immediately exploitable paths to critical vulnerabilities based on the current analysis, it indicates potential weaknesses in how data is handled and could be combined with the unescaped output to form exploitable XSS vulnerabilities. The plugin also completely lacks nonce and capability checks, meaning that any actions the plugin performs, even if not directly exposed through an explicit attack surface, could potentially be triggered by unauthenticated or unauthorized users if an entry point were ever introduced or if a vulnerability elsewhere allowed interaction with its code.\n\nIn conclusion, while the plugin boasts a clean history and secure internal database interactions, the pervasive issue of unescaped output and the presence of unsanitized data flows create a significant XSS risk. The complete absence of capability and nonce checks further exacerbates this risk by leaving potential actions vulnerable.  Users should be highly cautious, and developers should prioritize addressing the output escaping and data sanitization issues immediately.",[214,216,219,221],{"reason":215,"points":89},"All outputs are unescaped",{"reason":217,"points":218},"Unsanitized paths in taint analysis",15,{"reason":220,"points":11},"No nonce checks",{"reason":222,"points":11},"No capability checks","2026-03-17T01:24:37.312Z",{"wat":225,"direct":234},{"assetPaths":226,"generatorPatterns":228,"scriptPaths":229,"versionParams":231},[227],"\u002Fwp-content\u002Fplugins\u002Fsync-sugarcrm-users\u002Fstyle\u002Fsync-sugarcrm-users.css",[],[230],"\u002Fwp-content\u002Fplugins\u002Fsync-sugarcrm-users\u002Fjs\u002Fsync-sugarcrm-users.js",[232,233],"sync-sugarcrm-users\u002Fstyle.css?ver=","sync-sugarcrm-users\u002Fjs\u002Fsync-sugarcrm-users.js?ver=",{"cssClasses":235,"htmlComments":236,"htmlAttributes":237,"restEndpoints":243,"jsGlobals":244,"shortcodeOutput":245},[],[],[238,239,240,241,242],"crm_url","crm_user_name","crm_user_hash","crm_auto_create_user","crm_auto_create_module",[],[],[],{"error":247,"url":248,"statusCode":249,"statusMessage":250,"message":250},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fsync-sugarcrm-users\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":252,"versions":253},4,[254,259,266,273],{"version":6,"download_url":26,"svn_tag_url":255,"released_at":29,"has_diff":193,"diff_files_changed":256,"diff_lines":29,"trac_diff_url":257,"vulnerabilities":258,"is_current":247},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsync-sugarcrm-users\u002Ftags\u002F2.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsync-sugarcrm-users%2Ftags%2F2.2&new_path=%2Fsync-sugarcrm-users%2Ftags%2F2.3",[],{"version":260,"download_url":261,"svn_tag_url":262,"released_at":29,"has_diff":193,"diff_files_changed":263,"diff_lines":29,"trac_diff_url":264,"vulnerabilities":265,"is_current":193},"2.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsync-sugarcrm-users.2.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsync-sugarcrm-users\u002Ftags\u002F2.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsync-sugarcrm-users%2Ftags%2F2.1&new_path=%2Fsync-sugarcrm-users%2Ftags%2F2.2",[],{"version":267,"download_url":268,"svn_tag_url":269,"released_at":29,"has_diff":193,"diff_files_changed":270,"diff_lines":29,"trac_diff_url":271,"vulnerabilities":272,"is_current":193},"2.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsync-sugarcrm-users.2.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsync-sugarcrm-users\u002Ftags\u002F2.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsync-sugarcrm-users%2Ftags%2F2.0&new_path=%2Fsync-sugarcrm-users%2Ftags%2F2.1",[],{"version":274,"download_url":275,"svn_tag_url":276,"released_at":29,"has_diff":193,"diff_files_changed":277,"diff_lines":29,"trac_diff_url":29,"vulnerabilities":278,"is_current":193},"2.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsync-sugarcrm-users.2.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsync-sugarcrm-users\u002Ftags\u002F2.0\u002F",[],[]]