[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fET5n7VTcWdtG_ZRx3D2aqhDuFUBq2F0dvFNdQ2ja9M8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":46,"crawl_stats":37,"alternatives":51,"analysis":94,"fingerprints":197},"trusty-whistleblowing-solution","Trusty Whistleblowing Solution","1.5.4","Dejan Jasnic","https:\u002F\u002Fprofiles.wordpress.org\u002Ftrustyreport\u002F","\u003Cp>Trusty is an instantly available, customizable and secure web-based whistleblowing solution developed by compliance experts. It is hosted on the virtual server in Germany, complies with the EU and US whistleblowing regulations and supports multiple languages.\u003C\u002Fp>\n\u003Cp>The solution includes the front-end webpages, which are intended for potential whistleblowers. You will receive your individual link to these web pages after signing up. We suggest that you publish the link on your web-site.\u003C\u002Fp>\n\u003Cp>On these webpages whistleblowers can submit reports, enter their inboxes and find answers to the most common questions. When submitting reports, whistleblowers are led through questions, asking them to provide the most relevant information. If you allow for anonymous reporting, whistleblowers do not need to identify themselves to submit their reports.\u003C\u002Fp>\n\u003Cp>Once a report is submitted, an inbox is generated for every whistleblower, so they can stay in touch with you and follow their reports in a secure and confidential way. The log in credentials for the inboxes are shown on the screen so whistleblowers can write them down.\u003C\u002Fp>\n\u003Cp>The solution also includes a powerful case management tool. There, you will be able to categorize the reports, set retention periods, write notes and follow up activities, upload files, securely communicate with whistleblowers and use numerous other features which are intuitive and easy to use.\u003C\u002Fp>\n\u003Cp>Sign up and test it out. No upfront commitments nor credit cards required. Just a couple of minutes of your time.\u003C\u002Fp>\n","Trusty is an instantly available, customizable and secure web-based whistleblowing solution developed by compliance experts.",500,7053,100,15,"2025-11-19T14:52:00.000Z","6.8.5","5.6","7.1",[20,21,22,23,24],"hinweisgeberlosung","hinweisgebersystem","whistleblower","whistleblowing","whistleblowing-solution","https:\u002F\u002Fwww.trusty.report","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftrusty-whistleblowing-solution.1.5.4.zip",78,1,"2025-06-23 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":37},"CVE-2025-52818","trusty-whistleblowing-missing-authorization","Trusty Whistleblowing \u003C= 1.5.2 - Missing Authorization","The Trusty Whistleblowing Solution plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.5.2. This makes it possible for unauthenticated attackers to perform an unauthorized action.",null,"\u003C=1.5.2","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2025-07-01 14:33:41",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fcb8fdb10-7b7f-4ba7-a324-5daeb872498e?source=api-prod",{"slug":47,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":48,"trust_score":49,"computed_at":50},"trustyreport",30,79,"2026-04-05T16:24:02.265Z",[52,72],{"slug":53,"name":54,"version":55,"author":56,"author_profile":57,"description":58,"short_description":59,"active_installs":13,"downloaded":60,"rating":13,"num_ratings":28,"last_updated":61,"tested_up_to":62,"requires_at_least":63,"requires_php":64,"tags":65,"homepage":69,"download_link":70,"security_score":13,"vuln_count":71,"unpatched_count":71,"last_vuln_date":37,"fetched_at":30},"whistleblowing-system","Whistleblowing & Contact Form – Secure, Anonymous, Drag & Drop Builder","1.5.0","Whistleblowing Form Team","https:\u002F\u002Fprofiles.wordpress.org\u002Fpokhar\u002F","\u003Cp>\u003Cstrong>Secure Contact & Whistleblowing Form\u003C\u002Fstrong> is the ultimate WordPress plugin for building contact or anonymous reporting forms β€” fully GDPR-compliant, mobile-friendly, and packed with powerful security features.\u003C\u002Fp>\n\u003Cp>It provides a user-friendly interface for creating secure, encrypted communication channels, including support for the EU Whistleblower Directive (2019\u002F1937). All submitted data is fully encrypted at rest, and uploaded files are stored in encrypted form on the physical server, ensuring maximum confidentiality and protection against unauthorized access.\u003C\u002Fp>\n\u003Cp>Whether you’re a company, school, NGO, or club, you can handle sensitive and confidential submissions with confidence, privacy, and legal compliance.\u003C\u002Fp>\n\u003Cp>The plugin also serves as a full-featured drag & drop form builder with multi-step forms, conditional logic, and unlimited submissions β€” all for free.\u003C\u002Fp>\n\u003Ch3>Short demo video\u003C\u002Fh3>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FawXnItCglX0?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>πŸ”‘ Key Features (Free Version)\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>πŸ”’ Full Data Encryption\u003C\u002Fstrong> – Encrypt submissions before storage for maximum confidentiality.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>πŸ•΅οΈ Anonymous Submissions\u003C\u002Fstrong> – Allow users to report anonymously or include contact details voluntarily. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>πŸ” Two-Way Anonymous Communication\u003C\u002Fstrong> – Secure, token-based messaging between reporter and admin. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>πŸ“± Mobile-Friendly & Responsive\u003C\u002Fstrong> – Works seamlessly on all devices. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>🧠 Conditional Logic (Free)\u003C\u002Fstrong> – Show or hide fields dynamically based on user input. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>πŸ›  Drag & Drop Form Builder\u003C\u002Fstrong> – Create forms visually without coding. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>♾️ Unlimited Whistleblowers & Submissions\u003C\u002Fstrong> – No restrictions on the number of reports or users. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>πŸ“§ Email Notification\u003C\u002Fstrong> – Send automatic notifications to one selected email address. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>πŸ“‘ Multiple Forms & Shortcodes\u003C\u002Fstrong> – Use for whistleblowing, feedback, or contact forms.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>πŸ’Ό Pro Plugin Features (Upgrade)\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>πŸ”’ Uploaded Files Full Encryption\u003C\u002Fstrong> – All uploaded files are fully encrypted and securely stored on the server.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>πŸ“€ File Uploads\u003C\u002Fstrong> – Receive supporting documents securely with file size and type restrictions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🧩 Multi-Step Forms\u003C\u002Fstrong> – Split long forms into logical steps for better usability. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>🎨 Customizable Themes\u003C\u002Fstrong> – Match your site’s design with advanced styling options. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>πŸ“Š Export to CSV\u003C\u002Fstrong> – Download and manage submissions offline. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>πŸ“§ Multi-Recipient Notifications\u003C\u002Fstrong> – Send alerts to multiple recipients or departments. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>πŸ”— Incoming Webhook\u003C\u002Fstrong> – Accept external data into your forms. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>πŸ”— Outgoing Webhook\u003C\u002Fstrong> – Send submissions to external services or integrations. \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Useful Links:\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwhistleblowing-form.de\u002Fen\u002F\" rel=\"nofollow ugc\">Website\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Use Cases\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Internal HR feedback systems\u003C\u002Fli>\n\u003Cli>GDPR-compliant contact forms\u003C\u002Fli>\n\u003Cli>School or university reporting tools\u003C\u002Fli>\n\u003Cli>Secure NGO communication\u003C\u002Fli>\n\u003Cli>Clubs and associations subject to EU regulations\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy Notices\u003C\u002Fh3>\n\u003Cp>Whistleblowing System plugin does not collect and store any data of your users on Whistleblowing-form’s end. All data submitted by your website visitors is stored in your website database. From this perspective, you may be subject to GDPR compliance.\u003C\u002Fp>\n\u003Cp>Whistleblowing System imply interaction between website visitors and website owner. As such you may publish forms that require input of Private data. You need to get explicit consent from your users to comply with GDPR. Under GDPR your users may request access and\u002For erasure of their entry data at any time. Here you can find how to export and\u002For delete reports.\u003C\u002Fp>\n\u003Ch3>Notes\u003C\u002Fh3>\n\u003Cp>Whistleblowing system, with the variety of functions, is working to make your experience the best it can be. We’re one of the only form builders around that offers support for all users. With us you can make sure that your forms are safe, anonymous and designed as per your expectations.\u003C\u002Fp>\n\u003Cp>If you have any questions or suggestions, we’re always happy to hear from you. Our dedicated support team will help you with technical questions every Monday to Friday. We are also open for feedback. It helps us see what we lack and which direction to grow towards. It is the key to our success.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwhistleblowing-form.de\u002Fen\u002Fcontact-whistleblowing-system\u002F\" rel=\"nofollow ugc\">Contact us!\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>World Class Support\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>⏱ Quick responses – typically within a few hours\u003C\u002Fli>\n\u003Cli>πŸ§‘β€πŸ’» Resolutions in under 24 hours\u003C\u002Fli>\n\u003Cli>πŸ“£ Feedback-driven development\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Have questions or suggestions? Reach us anytime via \u003Ca href=\"https:\u002F\u002Fwhistleblowing-form.de\u002Fen\u002Fcontact-whistleblowing-system\u002F\" rel=\"nofollow ugc\">Contact Page\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Ch4>Deactivation Feedback Endpoint\u003C\u002Fh4>\n\u003Cp>This plugin optionally sends deactivation feedback when the user chooses to submit it during plugin deactivation.\u003Cbr \u002F>\n-Domain: https:\u002F\u002Fwhistleblowing-form.de\u002F\u003Cbr \u002F>\n-Purpose: To receive voluntary plugin deactivation feedback from the admin user.\u003Cbr \u002F>\n-Data Sent:\u003Cbr \u002F>\nAdmin email (or custom email provided in the feedback form)\u003Cbr \u002F>\nSelected deactivation reason\u003Cbr \u002F>\nOptional message entered by the user\u003Cbr \u002F>\nSite URL\u003Cbr \u002F>\n-Conditions:\u003Cbr \u002F>\nData is sent only if the user submits the feedback form.\u003Cbr \u002F>\nNo data is sent when the user clicks β€œSkip”.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwhistleblowing-form.de\u002Fen\u002Fterms-and-conditions\u002F\" rel=\"nofollow ugc\">Terms and conditions\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwhistleblowing-form.de\u002Fen\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Create anonymous whistleblowing or standard contact forms with free conditional logic and secure two-way messaging. GDPR-compliant and responsive.",9117,"2026-03-08T14:13:00.000Z","6.9.4","5.2","7.4",[66,67,68,22,23],"anonymous","form","secure-contact-form","https:\u002F\u002Fwhistleblowing-form.de","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhistleblowing-system.1.5.0.zip",0,{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":80,"downloaded":81,"rating":13,"num_ratings":28,"last_updated":82,"tested_up_to":62,"requires_at_least":83,"requires_php":17,"tags":84,"homepage":90,"download_link":91,"security_score":92,"vuln_count":28,"unpatched_count":71,"last_vuln_date":93,"fetched_at":30},"anonform-embedded-secure-form","ANON::form embedded secure form","1.8","Anonform Ab","https:\u002F\u002Fprofiles.wordpress.org\u002Fanonform\u002F","\u003Cp>This plugin allows you to embed \u003Ca href=\"https:\u002F\u002Fanonform.com\" rel=\"nofollow ugc\">ANON::form’s\u003C\u002Fa> E2EE (End-to-End Encrypted) secure and anonymized web forms into your website with an iframe and with a shortcode.\u003C\u002Fp>\n\u003Cp>The requirements for secure communication with secure forms and storage of sensitive information are steadily increasing, not least from authorities through GDPR and the protection of whistleblowers.\u003C\u002Fp>\n\u003Cp>Something that is often overlooked but directly affected by the new requirements is the web forms used on the web pages and websites to create contact or collect information, with email as transport.\u003C\u002Fp>\n\u003Cp>ANON::form is a complete, easy-to-implement and scalable solution for secure electronic web-based forms that meet all existing requirements for not only security but also anonymity and (un)traceability.\u003C\u002Fp>\n\u003Cp>\u003Ciframe loading=\"lazy\" title=\"Secure & Anonymous Web Forms – Whistleblower, Tip & Contact Forms #Whistleblower #Forms #Privacy\" width=\"563\" height=\"1000\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FIw1BmHT_aO8?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fp>\n\u003Ch4>Create a Whistleblower Channel using secure e-forms\u003C\u002Fh4>\n\u003Cp>ANON::form’s secure and anonymous e-forms meet the requirements of a secure whistleblowing channel. Simple and cost-effective (from €5\u002Fmonth), pay only for what you really need. \u003Ca href=\"https:\u002F\u002Fanonform.com\u002Fcreate-whistleblower-channel-with-wordpress-joomla-or-drupal-for-e5-per-month\u002F\" rel=\"nofollow ugc\">Read more\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>ANON::form is secure and anonymized\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Meets safety requirements\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>ANON::form is a service that meets the requirements for security according to the respective standard for:\u003Cbr \u002F>\nEU\u002FGDPR + EU\u002FSchrems II\u003Cbr \u002F>\nCH\u002FrevFADP\u003Cbr \u002F>\nUK\u002FFCA\u003Cbr \u002F>\nUS\u002FSOX\u003Cbr \u002F>\nPCI-DSS + HIPAA + NIST\u003Cbr \u002F>\nand receives the rating A+ from Qualsys SSL Labs and ImmuniWeb.\u003C\u002Fp>\n\u003Cp>ANON::form follows the Zero Trust framework for a secure infrastructure.\u003C\u002Fp>\n\u003Cp>All certificates are encrypted with SHA256\u002FRSA 2048 bits\u002FTLS 1.2 + 1.3.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Meets the requirement for Zero Access Encryption\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>ANON::form does not store form data and meets the requirement for Zero Access Encryption, suppliers who receive form data from ANON::form comply with Zero Access Encryption in that all data stored is encrypted via endpoints (E2EE) with personal keys.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Meets the requirement for privacy\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>ANON::form fulfills the requirement for anonymity in that no traffic, error or other logs are activated (No-Log Policy), all form data is sent encrypted directly to receiving systems without intermediaries.\u003C\u002Fp>\n\u003Cp>Nothing is saved in the computer or browser by the service, but the use of incognito windows, or even better Tor Browser, is recommended to prevent sensitive data from being saved by the browser’s own functions.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Protected against malicious code\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>ANON::form is protected against malicious code by cleaning up all form data before it is processed by the server system. We do not have any online editing of forms, everything is uploaded manually by us after virus and other security checks.\u003C\u002Fp>\n\u003Cp>All services are run on own servers in secure datacenters. The encryption software we use is open source (OpenPGP) which is constantly reviewed by a large community spread all over the world.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Spam protection\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>All forms have Captcha protection against robot-generated spam. The Captcha function is locally installed and does not download anything from external sources such as Google. The forms also support \u003Ca href=\"https:\u002F\u002Fwww.hcaptcha.com\u002F\" rel=\"nofollow ugc\">hCaptcha\u003C\u002Fa>, which offers better spam protection but poorer anonymity through increased traceability.\u003C\u002Fp>\n\u003Ch4>EU\u002FEN 301549 and W3C\u002FWCAG 2.1 AA Compliance\u003C\u002Fh4>\n\u003Cp>All forms meet the accessibility requirements according to EU Directive 2016\u002F2102 and other corresponding directives in different countries according to WCAG 2.0\u002F2.1 AA and associated legislation.\u003C\u002Fp>\n\u003Ch4>Pre-built form templates\u003C\u002Fh4>\n\u003Cp>ANON::form comes with pre-built form templates, both embedded and stand-alone with or whitout attachment, to help you save time. You can add, remove, or re-arrange fields as necessary. Or create special forms for handling sensitive data such as sick leave.\u003C\u002Fp>\n\u003Cp>Pre-built form templates:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Contact form; a standard contact form\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Whistleblower forms; approved for use as a whistleblower channel, can also be used as a tip form for journalists etc\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Tip form; anonymous option for journalists, media and others who want to receive non-whistleblowing tips\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Sick leave form; a simple and quick way to report sickness absence with the mobile phone, pad or computer\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Currently available in 42 languages\u003C\u002Fh4>\n\u003Cp>ANON::form forms support Albanian, Arabic, Bosnian, Bulgarian, Catalan, Croatian, Czech, Danish, Dutch, English, Estonian, Filipino, Finnish, Frensh, German, Greek, Hindi, Hungarian, Icelandic, Indonesian, Irish, Italian, Latvian, Lithuanian, Malay, Maltese, Norwegian, Persian, Polish, Portuguese, Romanian, Russian, Serbian, Slovak, Slovenian, Spanish, Swahili, Swedish, Tamil, Thai, Turkish, Ukrainian\u003C\u002Fp>\n\u003Ch4>Mobile Ready and Optimized for Speed\u003C\u002Fh4>\n\u003Cp>ANON::form forms are 100% responsive and mobile-friendly by default. We also optimized both the frontend and the backend to ensure maximum speed.\u003C\u002Fp>\n\u003Ch4>How to use it\u003C\u002Fh4>\n\u003Cp>ANON::form E2EE forms are web forms where the form data is encrypted in the browser and then sent as email via an encrypted and anonymized channel established by ANON::form’s servers.\u003C\u002Fp>\n\u003Cp>The recipient can be any email client that can decrypt PGP, we recommend a free account with \u003Ca href=\"https:\u002F\u002Fproton.me\u002F\" rel=\"nofollow ugc\">Proton\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fanonform.com\u002Fsecure-forms-for-websites\u002F\" rel=\"nofollow ugc\">Read more\u003C\u002Fa>\u003C\u002Fp>\n","Embed ANON::form's End-to-End Encrypted secure and anonymized web forms into your website with an iframe and a shortcode.",10,2305,"2025-11-28T08:47:00.000Z","5.0",[85,86,87,88,89],"captcha","end-to-end-encryption","gdpr-compliance","secure-form","whistleblower-form","https:\u002F\u002Fanonform.com\u002Fen\u002Fdocs\u002Feasily-embed-with-our-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fanonform-embedded-secure-form.1.8.zip",99,"2025-06-19 00:00:00",{"attackSurface":95,"codeSignals":127,"taintFlows":147,"riskAssessment":181,"analyzedAt":196},{"hooks":96,"ajaxHandlers":110,"restRoutes":123,"shortcodes":124,"cronEvents":125,"entryPointCount":126,"unprotectedCount":126},[97,102,104,107],{"type":98,"name":99,"callback":66,"file":100,"line":101},"action","admin_enqueue_scripts","includes\\class-tr-free-whistleblowing-solution.php",128,{"type":98,"name":99,"callback":66,"file":100,"line":103},129,{"type":98,"name":105,"callback":66,"file":100,"line":106},"admin_menu",134,{"type":98,"name":108,"callback":66,"file":100,"line":109},"admin_init",135,[111,116,119,121],{"action":112,"nopriv":113,"callback":112,"hasNonce":114,"hasCapCheck":114,"file":100,"line":115},"post_form_info",true,false,141,{"action":117,"nopriv":113,"callback":117,"hasNonce":114,"hasCapCheck":114,"file":100,"line":118},"status_check",142,{"action":112,"nopriv":114,"callback":112,"hasNonce":114,"hasCapCheck":114,"file":100,"line":120},143,{"action":117,"nopriv":114,"callback":117,"hasNonce":114,"hasCapCheck":114,"file":100,"line":122},144,[],[],[],4,{"dangerousFunctions":128,"sqlUsage":129,"outputEscaping":131,"fileOperations":144,"externalRequests":145,"nonceChecks":71,"capabilityChecks":71,"bundledLibraries":146},[],{"prepared":71,"raw":71,"locations":130},[],{"escaped":132,"rawEcho":126,"locations":133},20,[134,137,139,142],{"file":100,"line":135,"context":136},225,"raw output",{"file":100,"line":138,"context":136},294,{"file":140,"line":141,"context":136},"templates\\form.tpl.php",24,{"file":140,"line":143,"context":136},108,2,3,[],[148,171],{"entryPoint":149,"graph":150,"unsanitizedCount":28,"severity":39},"post_form_info (includes\\class-tr-free-whistleblowing-solution.php:246)",{"nodes":151,"edges":168},[152,157,161],{"id":153,"type":154,"label":155,"file":100,"line":156},"n0","source","$_POST",276,{"id":158,"type":159,"label":160,"file":100,"line":156},"n1","transform","β†’ trWriteLog()",{"id":162,"type":163,"label":164,"file":165,"line":166,"wp_function":167},"n2","sink","file_put_contents() [File Write]","tr-free-whistleblowing-solution.php",88,"file_put_contents",[169,170],{"from":153,"to":158,"sanitized":114},{"from":158,"to":162,"sanitized":114},{"entryPoint":172,"graph":173,"unsanitizedCount":28,"severity":39},"\u003Cclass-tr-free-whistleblowing-solution> (includes\\class-tr-free-whistleblowing-solution.php:0)",{"nodes":174,"edges":178},[175,176,177],{"id":153,"type":154,"label":155,"file":100,"line":156},{"id":158,"type":159,"label":160,"file":100,"line":156},{"id":162,"type":163,"label":164,"file":165,"line":166,"wp_function":167},[179,180],{"from":153,"to":158,"sanitized":114},{"from":158,"to":162,"sanitized":114},{"summary":182,"deductions":183},"The trusty-whistleblowing-solution plugin exhibits a concerning security posture primarily due to its substantial attack surface lacking proper authorization checks. All four identified AJAX entry points are unprotected, representing a significant risk. While the plugin demonstrates good practices in SQL query handling with 100% prepared statements and a high rate of output escaping (83%), the absence of nonce and capability checks on its AJAX handlers is a critical oversight. The taint analysis reveals two flows with unsanitized paths, though no critical or high severity issues were identified in this specific analysis, suggesting potential for vulnerabilities if these paths are exploitable.\n\nThe vulnerability history, particularly the single medium-severity CVE marked as currently unpatched and a pattern of \"Missing Authorization\" vulnerabilities, strongly indicates a recurring weakness in how the plugin handles user permissions and access control. This history, combined with the static analysis findings, suggests a fundamental issue with securing entry points. While the plugin has strengths in its database interactions and output handling, the critical lack of authorization on its primary interaction points and a history of similar vulnerabilities paint a picture of a plugin that requires immediate attention to mitigate potential exploits.",[184,186,189,191,193],{"reason":185,"points":80},"Unprotected AJAX handlers",{"reason":187,"points":188},"Missing nonce checks",5,{"reason":190,"points":188},"Missing capability checks",{"reason":192,"points":14},"Unpatched CVE (medium severity)",{"reason":194,"points":195},"Flows with unsanitized paths",8,"2026-03-16T19:36:18.596Z",{"wat":198,"direct":207},{"assetPaths":199,"generatorPatterns":202,"scriptPaths":203,"versionParams":204},[200,201],"\u002Fwp-content\u002Fplugins\u002Ftr-free-whistleblowing-solution\u002Fpublic\u002Fcss\u002Ftr-free-whistleblowing-solution-public.css","\u002Fwp-content\u002Fplugins\u002Ftr-free-whistleblowing-solution\u002Fpublic\u002Fjs\u002Ftr-free-whistleblowing-solution-public.js",[],[201],[205,206],"tr-free-whistleblowing-solution-public.css?ver=","tr-free-whistleblowing-solution-public.js?ver=",{"cssClasses":208,"htmlComments":209,"htmlAttributes":210,"restEndpoints":211,"jsGlobals":212,"shortcodeOutput":213},[],[],[],[],[],[]]