[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fdJMJptRhu6fa3K5JwXhUCszCv1LjemXA_sI6A4UfYxU":3,"$fOL2LlxJ8NGvEfofwITQQmlYoICsaYr9Imxupcs4scbw":166},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":21,"download_link":22,"security_score":13,"vuln_count":23,"unpatched_count":23,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":35,"analysis":64,"fingerprints":138},"take-the-lead","Take the Lead","1.0","Graham","https:\u002F\u002Fprofiles.wordpress.org\u002Faerin\u002F","\u003Cp>Can be added to any WordPress site where there is a need to capture leads. Works straight out the box – no fiddly setting up needed\u003C\u002Fp>\n\u003Cp>Bespoke versions available for Infusionsoft and Hubspot CRM\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Any number of steps\u003C\u002Fli>\n\u003Cli>You choose what goes in what step\u003C\u002Fli>\n\u003Cli>Homepage option with background image\u003C\u002Fli>\n\u003Cli>Simple styling options\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Developer’s plugin pages\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftake-the-lead.loanpaymentplugin.com\u002F\" rel=\"nofollow ugc\">take-the-lead.loanpaymentplugin.com\u003C\u002Fa>\u003C\u002Fp>\n","Multistep lead generating form. Simple for your visitors and easy to manage",30,1967,100,1,"2025-04-17T08:49:00.000Z","6.8.5","6.0","",[20],"loan-slider-jquery","http:\u002F\u002Ftake-the-lead.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftake-the-lead.zip",0,null,"2026-04-06T09:54:40.288Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"aerin",5,1550,88,154,71,"2026-04-10T14:12:06.242Z",[36,54],{"slug":37,"name":38,"version":39,"author":7,"author_profile":8,"description":40,"short_description":41,"active_installs":42,"downloaded":43,"rating":44,"num_ratings":45,"last_updated":46,"tested_up_to":47,"requires_at_least":17,"requires_php":18,"tags":48,"homepage":49,"download_link":50,"security_score":51,"vuln_count":29,"unpatched_count":52,"last_vuln_date":53,"fetched_at":25},"quick-interest-slider","Quick Interest Slider","3.1.5","\u003Cp>Ideal for payday loans, fixed fee payments, regular payments, savings, comparisons and pretty much anything else that gets calculated from a variable amount and term.\u003C\u002Fp>\n\u003Cp>GDPR compliant.\u003C\u002Fp>\n\u003Cp>Bespoke versions available for bank comparisons, quotes, full loan applications and so on.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Ultra lightweight – under 5kB\u003C\u002Fli>\n\u003Cli>Any currency\u003C\u002Fli>\n\u003Cli>Multiple interest rates: fixed, simple, compound and amortization\u003C\u002Fli>\n\u003Cli>Set the max, min, initial and step values on the sliders\u003C\u002Fli>\n\u003Cli>Set the term to days, weeks, months or years\u003C\u002Fli>\n\u003Cli>Set interest rate changes with period and amount tiggers\u003C\u002Fli>\n\u003Cli>Select from a range of different outputs\u003C\u002Fli>\n\u003Cli>Change the labels on all outputs\u003C\u002Fli>\n\u003Cli>Style borders, colors and backgrounds\u003C\u002Fli>\n\u003Cli>GDPR compliant\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Upgrade to Pro\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Application form and autoresponders with GDPR compliance\u003C\u002Fli>\n\u003Cli>Akismet validation\u003C\u002Fli>\n\u003Cli>Apply Now button for external processing\u003C\u002Fli>\n\u003Cli>Store, manage and download applications\u003C\u002Fli>\n\u003Cli>Annuity and amortization repayment calculations\u003C\u002Fli>\n\u003Cli>Additional layout options\u003C\u002Fli>\n\u003Cli>Currency selectors and foreign exchange\u003C\u002Fli>\n\u003Cli>Tooltips\u003C\u002Fli>\n\u003Cli>Downpayment calculation\u003C\u002Fli>\n\u003Cli>Interest rate sliders\u003C\u002Fli>\n\u003Cli>Application tracking\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Developer’s plugin pages\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Floanpaymentplugin.com\u002F\" rel=\"nofollow ugc\">loanpaymentplugin.com\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Floanpaymentplugin.com\u002Floan-repayment-form-examples\u002F\" rel=\"nofollow ugc\">Example forms\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Floanpaymentplugin.com\u002Fbespoke-versions\u002F\" rel=\"nofollow ugc\">Bespoke versions\u003C\u002Fa>\u003C\u002Fp>\n","A simple repayment calculator. Uses sliders to set the amount and term and displays a range of outputs",1000,61236,92,13,"2025-12-23T09:12:00.000Z","6.9.4",[20],"http:\u002F\u002Floanpaymentplugin.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fquick-interest-slider.3.1.5.zip",42,3,"2025-11-29 00:00:00",{"slug":55,"name":56,"version":6,"author":7,"author_profile":8,"description":57,"short_description":58,"active_installs":59,"downloaded":60,"rating":23,"num_ratings":23,"last_updated":61,"tested_up_to":47,"requires_at_least":17,"requires_php":18,"tags":62,"homepage":49,"download_link":63,"security_score":13,"vuln_count":23,"unpatched_count":23,"last_vuln_date":24,"fetched_at":25},"callback","Callback","\u003Cp>A simple callback, newsletter signup or lead generator form. There are just two basic fields: name and telephone\u002Femail.\u003C\u002Fp>\n\u003Cp>The shortcode to add the form is [callback] or you can use the callback block.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Spam checker\u003C\u002Fli>\n\u003Cli>Choice of shortcode or block to add the form to your site\u003C\u002Fli>\n\u003Cli>Notification emails\u003C\u002Fli>\n\u003Cli>Callback manager\u003C\u002Fli>\n\u003Cli>Form completion tracking\u003C\u002Fli>\n\u003Cli>Mailchimp integration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Settings\u003C\u002Fh4>\n\u003Cp>To change the settings go to \u003Cstrong>Settings\u003C\u002Fstrong> > \u003Cstrong>Callback Form\u003C\u002Fstrong>. You can now change the form settings, labels and other options and add your mailchimp ID.\u003Cbr \u002F>\nTo manage callbacks click on the \u003Cstrong>Callbacks\u003C\u002Fstrong> link in your dasboard menu.\u003Cbr \u002F>\nCallback tracking is shown on your dashboard homepage.\u003C\u002Fp>\n\u003Cp>If you want to change the styling use your theme customiser or edit the callback.css file.\u003C\u002Fp>\n","A simple callback, newsletter signup or lead generator form. There are just two basic fields: name and telephone\u002Femail.",70,2839,"2025-12-23T09:10:00.000Z",[20],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcallback.1.1.zip",{"attackSurface":65,"codeSignals":112,"taintFlows":125,"riskAssessment":126,"analyzedAt":137},{"hooks":66,"ajaxHandlers":91,"restRoutes":100,"shortcodes":101,"cronEvents":110,"entryPointCount":75,"unprotectedCount":111},[67,72,76,79,83,88],{"type":68,"name":69,"callback":70,"file":71,"line":52},"action","init","takethelead_settings_init","settings.php",{"type":68,"name":73,"callback":74,"file":71,"line":75},"admin_menu","takethelead_page_init",4,{"type":68,"name":77,"callback":78,"file":71,"line":29},"admin_notices","takethelead_admin_notice",{"type":68,"name":80,"callback":81,"file":71,"line":82},"admin_enqueue_scripts","takethelead_scripts_init",6,{"type":68,"name":84,"callback":85,"file":86,"line":87},"wp_enqueue_scripts","takethelead_scripts","takethelead.php",18,{"type":68,"name":69,"callback":89,"file":86,"line":90},"takethelead_block_init",105,[92,97],{"action":93,"nopriv":94,"callback":95,"hasNonce":94,"hasCapCheck":94,"file":86,"line":96},"ajax_submit",false,"takethelead_ajax_submit",19,{"action":93,"nopriv":98,"callback":95,"hasNonce":94,"hasCapCheck":94,"file":86,"line":99},true,20,[],[102,106],{"tag":103,"callback":104,"file":86,"line":105},"takethelead","takethelead_page",15,{"tag":107,"callback":108,"file":86,"line":109},"taketheleadhomepage","takethelead_homepage",16,[],2,{"dangerousFunctions":113,"sqlUsage":114,"outputEscaping":116,"fileOperations":23,"externalRequests":23,"nonceChecks":75,"capabilityChecks":23,"bundledLibraries":124},[],{"prepared":23,"raw":23,"locations":115},[],{"escaped":29,"rawEcho":52,"locations":117},[118,121,123],{"file":71,"line":119,"context":120},341,"raw output",{"file":71,"line":122,"context":120},443,{"file":86,"line":59,"context":120},[],[],{"summary":127,"deductions":128},"The \"take-the-lead\" v1.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by avoiding dangerous functions, file operations, and external HTTP requests.  Its SQL queries are all properly prepared, and it includes nonce checks, indicating an awareness of common WordPress security vulnerabilities.  The complete lack of recorded vulnerabilities in its history is also a strong indicator of past security diligence.\n\nHowever, significant concerns arise from the attack surface analysis. Two AJAX handlers are exposed without any authentication checks, creating a direct entry point for unauthenticated users to interact with the plugin's backend functionality. This is a critical oversight that could lead to unauthorized actions or data manipulation if these handlers perform sensitive operations. The absence of capability checks further exacerbates this risk, as it implies that any user, regardless of their WordPress role, could potentially trigger these unprotected AJAX endpoints.\n\nDespite the positive aspects like proper SQL usage and nonce checks, the unprotected AJAX handlers present the most immediate and substantial security risk. The plugin's historical lack of vulnerabilities is encouraging, but it does not negate the identified weaknesses in the current version.  A balanced conclusion suggests that while the plugin has a solid foundation in some security areas, the exposed AJAX endpoints require immediate attention to mitigate the risk of unauthorized access.",[129,132,135],{"reason":130,"points":131},"Unprotected AJAX handlers",10,{"reason":133,"points":134},"No capability checks on entry points",7,{"reason":136,"points":75},"Output escaping not fully implemented","2026-03-16T22:28:55.590Z",{"wat":139,"direct":150},{"assetPaths":140,"generatorPatterns":144,"scriptPaths":145,"versionParams":146},[141,142,143],"\u002Fwp-content\u002Fplugins\u002Ftake-the-lead\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Ftake-the-lead\u002Fjs\u002Ftakethelead.js","\u002Fwp-content\u002Fplugins\u002Ftake-the-lead\u002Fblock.js",[],[142,143],[147,148,149],"take-the-lead\u002Fcss\u002Fstyle.css?ver=","take-the-lead\u002Fjs\u002Ftakethelead.js?ver=","take-the-lead\u002Fblock.js?ver=",{"cssClasses":151,"htmlComments":156,"htmlAttributes":157,"restEndpoints":159,"jsGlobals":161,"shortcodeOutput":163},[108,104,152,153,154,155],"gridcontent","action-button","required","progressbar",[],[158],"data-validator",[160],"\u002Fwp-json\u002Ftakethelead\u002Fv1",[162],"takethelead_ajax_url",[164,165],"\u003Cdiv class=\"takethelead_homepage\">","\u003Cdiv class=\"takethelead_page\">",{"slug":4,"current_version":6,"total_versions":23,"versions":167},[]]