[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f2TcL8ueOS_d6pCMZLeWLKDytyf6NJP-zFuwvxUCk7UQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":37,"analysis":124,"fingerprints":652},"ultimate-captcha","Ultimate Captcha reCAPTCHA Plugin for WordPress","1.0.5","ExpressTech Systems","https:\u002F\u002Fprofiles.wordpress.org\u002Fexpresstech\u002F","\u003Cp>\u003Ca href='https:\u002F\u002Fultimatecaptcha.com\u002F' rel=\"nofollow ugc\">Ultimate Captcha\u003C\u002Fa> helps you to protect your website by controlling fake accounts, spam comments. This plugin prevents brute force logins on your WordPress website, also you can avoid fake accounts created by robots.\u003C\u002Fp>\n\u003Cp>The plugin uses reCAPTCHA and it’s totally free. You can protect the following pages:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress Login Page\u003C\u002Fli>\n\u003Cli>WordPress Registration Page\u003C\u002Fli>\n\u003Cli>WordPress Password Reset Page\u003C\u002Fli>\n\u003Cli>WooCommerce Login Page\u003C\u002Fli>\n\u003Cli>WooCommerce Registration Page\u003C\u002Fli>\n\u003Cli>WooCommerce Password Reset Page\u003C\u002Fli>\n\u003Cli>Post Comments\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>DOCUMENTATION\u003C\u002Fh4>\n\u003Cp>\u003Ca href='http:\u002F\u002Fdocs.ultimatecaptcha.com\u002Finstalling-recaptcha\u002F' rel=\"nofollow ugc\">CLICK HERE\u003C\u002Fa> to check the documentation.\u003C\u002Fp>\n\u003Ch4>GET SUPPORT AND PRO FEATURES\u003C\u002Fh4>\n\u003Cp>Get professional support from our experts and pro features to take your site’s security to the next level with \u003Ca href='https:\u002F\u002Fultimatecaptcha.com\u002Findex.php#pricing-comparasion' rel=\"nofollow ugc\">Ultimate Captcha WordPress Security\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>PRO FEATURES\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Please note:\u003C\u002Fstrong> Using Ultimate Captcha is free, reCAPTCHA is a Google product, we’re not charging for the integration with reCAPTCHA. The following features are improvements and they’re optional.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href='https:\u002F\u002Fultimatecaptcha.com\u002Fextensions\u002Fpassword-strength\u002F' rel=\"nofollow ugc\">Password Strength\u003C\u002Fa> – This add-on helps you to protect your users’ accounts by managing and monitoring the strength of their passwords.\u003C\u002Fli>\n\u003Cli>\u003Ca href='https:\u002F\u002Fultimatecaptcha.com\u002Fextensions\u002Faweber\u002F' rel=\"nofollow ugc\">AWeber\u003C\u002Fa> – This will help you to start with your e-mail marketing campaign. It will add a checkbox to the registration form and ask users to register for your newsletter\u002Fe-mail list.\u003C\u002Fli>\n\u003Cli>\u003Ca href='https:\u002F\u002Fultimatecaptcha.com\u002Fextensions\u002Fcustom-pages\u002F' rel=\"nofollow ugc\">Custom Registration & Login Pages\u003C\u002Fa> – This allows you to create custom registration, login and password reset pages. You can also override the default WP pages.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>CUSTOM REGISTRATION AND LOGIN PAGES\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href='https:\u002F\u002Fultimatecaptcha.com\u002Ftesting\u002Fregistration-page\u002F' rel=\"nofollow ugc\">WordPress Custom Registration Page\u003C\u002Fa> – You can take additional information from your users, even you can ask them to input a password.\u003C\u002Fli>\n\u003Cli>\u003Ca href='https:\u002F\u002Fultimatecaptcha.com\u002Ftesting\u002Flogin-page\u002F' rel=\"nofollow ugc\">WordPress Custom Login Page\u003C\u002Fa> – This is a custom login page which can be used to override the default WordPress login page.\u003C\u002Fli>\n\u003Cli>\u003Ca href='https:\u002F\u002Fultimatecaptcha.com\u002Ftesting\u002Fpassword-recover\u002F' rel=\"nofollow ugc\">Custom Password Reset Page\u003C\u002Fa> – You can also override the default WP reset link.\u003C\u002Fli>\n\u003C\u002Ful>\n","This is a free plugin to protect your WordPress website.",0,1409,"2021-10-05T16:56:00.000Z","5.8.13","3.0.1","",[18,19,20,21,22],"bots","captcha","recaptcha","registration","spam-control","https:\u002F\u002Fultimatecaptcha.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fultimate-captcha.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"expresstech",21,121720,94,560,75,"2026-04-04T06:21:06.863Z",[38,52,63,76,99],{"slug":39,"name":40,"version":41,"author":7,"author_profile":8,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":11,"num_ratings":11,"last_updated":46,"tested_up_to":47,"requires_at_least":15,"requires_php":16,"tags":48,"homepage":50,"download_link":51,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"easy-wp-members-recaptcha","Easy WP Members reCaptcha Add-on","1.0.1","\u003Cp>This is a free add-on for \u003Ca href='https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feasy-wp-members\u002F' rel=\"ugc\">Easy WP Members Plugin.\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>DOCUMENTATION\u003C\u002Fh4>\n\u003Cp>Click \u003Ca href='https:\u002F\u002Fdocs.easywpmembers.com\u002Finstalling-recaptcha\u002F' rel=\"nofollow ugc\">here\u003C\u002Fa> to check the installation guide\u003C\u002Fp>\n","This is a free add-on for Easy WP Members Plugin.",10,1178,"2019-09-01T14:33:00.000Z","5.2.24",[49,20,22],"members-registration","https:\u002F\u002Feasywpmembers.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-wp-members-recaptcha.zip",{"slug":53,"name":54,"version":41,"author":7,"author_profile":8,"description":55,"short_description":56,"active_installs":44,"downloaded":57,"rating":11,"num_ratings":11,"last_updated":58,"tested_up_to":59,"requires_at_least":15,"requires_php":16,"tags":60,"homepage":61,"download_link":62,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"users-ultra-pro-recaptcha","Users Ultra Pro reCaptcha 3.0 Add-on","\u003Cp>This is a free add-on for \u003Ca href='https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fusers-ultra\u002F' rel=\"ugc\">Users Ultra Pro 3.0 Plugin.\u003C\u002Fa>\u003C\u002Fp>\n","This is a free add-on for Users Ultra Pro 3.0 Plugin.",1377,"2020-12-18T00:24:00.000Z","5.6.17",[49,20,22],"https:\u002F\u002Fusersultra.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fusers-ultra-pro-recaptcha.zip",{"slug":64,"name":65,"version":41,"author":7,"author_profile":8,"description":66,"short_description":67,"active_installs":11,"downloaded":68,"rating":11,"num_ratings":11,"last_updated":16,"tested_up_to":69,"requires_at_least":15,"requires_php":16,"tags":70,"homepage":72,"download_link":73,"security_score":74,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":75},"wp-ticket-ultra-recaptcha","WP Ticket Ultra reCaptcha Add-on","\u003Cp>\u003Ca href='https:\u002F\u002Fwpticketultra.com\u002F' rel=\"nofollow ugc\">WP Ticket Ultra Recaptcha\u003C\u002Fa> offers a great suite of features that will help you to offer Top-Notch Customer Support.\u003C\u002Fp>\n\u003Cp>This plugin needs \u003Ca href='https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-ticket-ultra\u002F' rel=\"ugc\">WP Ticket Ultra\u003C\u002Fa> and it can be used to display a reCaptcha code on multiple pages such as Registration, Login and Password Reset links. Since spam and form abuse are two critical security related issues we’re offering this add-on for free.\u003C\u002Fp>\n\u003Ch4>Do you need to implement reCAPTCHA in your WordPress?\u003C\u002Fh4>\n\u003Cp>Check \u003Ca href='https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fultimate-captcha\u002F' rel=\"ugc\">Ultimate Captcha\u003C\u002Fa>, this plugin allows you to add reCAPTCHA on registration, login, password reset and comments form avoiding spam attacks.\u003C\u002Fp>\n\u003Ch4>DOCUMENTATION\u003C\u002Fh4>\n\u003Cp>\u003Ca href='http:\u002F\u002Fdocs.wpticketultra.com\u002Finstalling-recaptcha\u002F' rel=\"nofollow ugc\">CLICK HERE\u003C\u002Fa> to check the documentation.\u003C\u002Fp>\n","This is a free add-on for WP Ticket Ultra Plugin.",982,"4.9.29",[20,21,22,71],"tickets","https:\u002F\u002Fwpticketultra.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-ticket-ultra-recaptcha.zip",100,"2026-03-15T10:48:56.248Z",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":84,"downloaded":85,"rating":86,"num_ratings":87,"last_updated":88,"tested_up_to":89,"requires_at_least":90,"requires_php":91,"tags":92,"homepage":97,"download_link":98,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"no-captcha-recaptcha","No CAPTCHA reCAPTCHA","1.3.4","Collins Agbonghama","https:\u002F\u002Fprofiles.wordpress.org\u002Fcollizo4sky\u002F","\u003Cp>A simple plugin for adding the new No CAPTCHA reCAPTCHA by Google to WordPress login, registration and comment system as well as BuddyPress registration form to protect against spam.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Option to activate CAPTCHA in login, registration, comment and BuddyPress registration forms.\u003C\u002Fli>\n\u003Cli>Choose a theme for the CAPTCHA.\u003C\u002Fli>\n\u003Cli>Auto-detects the user’s language.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Plugins you will like\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fno-captcha-recaptcha-for-woocommerce\u002F\" rel=\"ugc\">No CAPTCHA reCAPTCHA for WooCommerce\u003C\u002Fa>\u003C\u002Fstrong>: Protect WooCommerce login, registration and password reset form against spam using Google’s No CAPTCHA reCAPTCHA.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fppress\u002F\" rel=\"ugc\">ProfilePress\u003C\u002Fa>\u003C\u002Fstrong>: A shortcode based WordPress form builder that makes building custom login, registration and password reset forms stupidly simple. \u003Ca href=\"http:\u002F\u002Fprofilepress.net\" rel=\"nofollow ugc\">More info here\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmailoptin\u002F\" rel=\"ugc\">MailOptin\u003C\u002Fa>\u003C\u002Fstrong> – The best WordPress email optin forms, email automation & newsletters plugin in the market.\u003C\u002Fli>\n\u003C\u002Ful>\n","Protect WordPress login, registration, comment and BuddyPress registration forms with Google's No CAPTCHA reCAPTCHA.",5000,151171,86,69,"2020-04-15T16:05:00.000Z","5.4.19","4.0","5.4",[93,94,20,95,96],"comment-form","login","registration-form","security","http:\u002F\u002Fw3guy.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fno-captcha-recaptcha.1.3.4.zip",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":107,"downloaded":108,"rating":109,"num_ratings":110,"last_updated":111,"tested_up_to":112,"requires_at_least":113,"requires_php":114,"tags":115,"homepage":119,"download_link":120,"security_score":121,"vuln_count":122,"unpatched_count":11,"last_vuln_date":123,"fetched_at":27},"advanced-google-recaptcha","Advanced Google reCAPTCHA","1.31","WebFactory","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebfactory\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fgetwpcaptcha.com\u002F\" rel=\"nofollow ugc\">Advanced Google reCAPTCHA\u003C\u002Fa> protects your WordPress site from spam comments & brute force login attacks using captcha. This captcha plugin, quickly adds Google reCAPTCHA and other captcha tests to WordPress comment form, login form, and other forms.\u003C\u002Fp>\n\u003Cp>Using Advanced Google reCAPTCHA (most popular captcha on the market), you’ll be safe from spam comments and protect user accounts, WooCommerce, Easy Digital Downloads, BuddyPress and other forms from brute-force login attacks.\u003C\u002Fp>\n\u003Cp>reCaptcha works for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Login Form\u003C\u002Fli>\n\u003Cli>Registration Form\u003C\u002Fli>\n\u003Cli>Reset Password Form\u003C\u002Fli>\n\u003Cli>Comment Form\u003C\u002Fli>\n\u003Cli>BuddyPress Form\u003C\u002Fli>\n\u003Cli>WooCommerce Form\u003C\u002Fli>\n\u003Cli>Easy Digital Downloads (EDD) Login Form\u003C\u002Fli>\n\u003Cli>Easy Digital Downloads (EDD) Registration Form\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Captcha uses these 3rd party libs:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Chart.js, 2017 Nick Downie, MIT\u003C\u002Fli>\n\u003Cli>DataTables, 2008-2017 SpryMedia Ltd, MIT\u003C\u002Fli>\n\u003Cli>moment.js, Tim Wood, Iskren Chernev, MIT\u003C\u002Fli>\n\u003Cli>SweetAlert 2, github.com\u002FSweetalert2\u002FSweetalert2, MIT\u003C\u002Fli>\n\u003Cli>tooltipster, www.heteroclito.fr\u002Fmodules\u002Ftooltipster\u002F, MIT\u003C\u002Fli>\n\u003C\u002Ful>\n","Captcha protection against spam comments & brute force login attacks using Google reCAPTCHA.",200000,2435450,96,428,"2025-12-02T20:29:00.000Z","6.9.4","4.9","5.2",[19,116,117,118,20],"comment-recaptcha","google-recaptcha","login-recaptcha","https:\u002F\u002Fgetwpcaptcha.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-google-recaptcha.1.31.zip",98,3,"2025-03-27 19:32:14",{"attackSurface":125,"codeSignals":267,"taintFlows":485,"riskAssessment":640,"analyzedAt":651},{"hooks":126,"ajaxHandlers":241,"restRoutes":246,"shortcodes":247,"cronEvents":264,"entryPointCount":265,"unprotectedCount":266},[127,134,139,141,144,147,149,151,154,156,161,164,168,172,176,179,182,185,188,191,194,198,202,205,208,211,214,217,220,224,227,229,231,234,238],{"type":128,"name":129,"callback":130,"priority":131,"file":132,"line":133},"action","admin_menu","add_menu",11,"addons\\profiles\\admin\\admin.php",19,{"type":128,"name":135,"callback":136,"priority":137,"file":132,"line":138},"admin_enqueue_scripts","add_styles",9,20,{"type":128,"name":140,"callback":140,"priority":137,"file":132,"line":31},"admin_head",{"type":128,"name":142,"callback":142,"priority":137,"file":132,"line":143},"admin_init",22,{"type":128,"name":129,"callback":130,"priority":131,"file":145,"line":146},"classes\\ultimatecaptcha.class.php",38,{"type":128,"name":140,"callback":140,"priority":137,"file":145,"line":148},39,{"type":128,"name":142,"callback":142,"priority":137,"file":145,"line":150},40,{"type":128,"name":142,"callback":152,"priority":137,"file":145,"line":153},"do_valid_checks",41,{"type":128,"name":135,"callback":136,"priority":137,"file":145,"line":155},43,{"type":128,"name":157,"callback":158,"priority":159,"file":145,"line":160},"wp_enqueue_scripts","add_front_end_scripts",12,44,{"type":128,"name":157,"callback":162,"priority":159,"file":145,"line":163},"add_front_end_styles",45,{"type":128,"name":165,"callback":166,"priority":131,"file":145,"line":167},"ini","create_actions",46,{"type":128,"name":169,"callback":170,"priority":159,"file":145,"line":171},"plugins_loaded","add_front_recaptcha",48,{"type":128,"name":173,"callback":174,"file":145,"line":175},"comment_form_after_fields","get_recaptcha_on_natives",783,{"type":128,"name":177,"callback":174,"file":145,"line":178},"login_form",787,{"type":128,"name":180,"callback":174,"file":145,"line":181},"register_form",791,{"type":128,"name":183,"callback":174,"file":145,"line":184},"lostpassword_form",795,{"type":128,"name":186,"callback":174,"file":145,"line":187},"woocommerce_login_form",799,{"type":128,"name":189,"callback":174,"file":145,"line":190},"woocommerce_register_form",800,{"type":128,"name":192,"callback":174,"file":145,"line":193},"woocommerce_lostpassword_form",801,{"type":128,"name":195,"callback":196,"file":145,"line":197},"init","ultimatecaptcha_check",803,{"type":128,"name":199,"callback":200,"file":145,"line":201},"preprocess_comment","ultimatecaptcha_verify",846,{"type":128,"name":203,"callback":200,"file":145,"line":204},"wp_authenticate_user",850,{"type":128,"name":206,"callback":200,"file":145,"line":207},"registration_errors",851,{"type":128,"name":209,"callback":200,"file":145,"line":210},"lostpassword_post",852,{"type":128,"name":212,"callback":200,"file":145,"line":213},"resetpass_post",853,{"type":128,"name":215,"callback":200,"file":145,"line":216},"woocommerce_register_post",855,{"type":128,"name":177,"callback":218,"priority":131,"file":145,"line":219},"display_captcha_wp_login_form_display",958,{"type":128,"name":221,"callback":222,"priority":143,"file":145,"line":223},"authenticate","login_check",962,{"type":128,"name":195,"callback":225,"file":226,"line":131},"profile_shortcodes","classes\\ultimatecaptcha.profile.php",{"type":128,"name":195,"callback":228,"file":226,"line":159},"handle_init",{"type":128,"name":157,"callback":162,"priority":131,"file":226,"line":230},13,{"type":128,"name":195,"callback":232,"priority":137,"file":226,"line":233},"remove_admin_bar",31,{"type":128,"name":195,"callback":235,"file":236,"line":237},"ultimatecaptcha_load_textdomain","index.php",42,{"type":128,"name":142,"callback":239,"file":236,"line":240},"ucaptcha_my_plugin_redirect",63,[242],{"action":243,"nopriv":244,"callback":243,"hasNonce":244,"hasCapCheck":244,"file":145,"line":245},"custom_fields_reset",false,65,[],[248,252,256,260],{"tag":249,"callback":250,"file":226,"line":251},"ultimatecaptcha_user_login","user_login",2046,{"tag":253,"callback":254,"file":226,"line":255},"ultimatecaptcha_user_recover_password","user_recover_password",2047,{"tag":257,"callback":258,"file":226,"line":259},"ultimatecaptcha_account","user_account",2048,{"tag":261,"callback":262,"file":226,"line":263},"ultimatecaptcha_user_signup","user_signup",2049,[],5,1,{"dangerousFunctions":268,"sqlUsage":269,"outputEscaping":271,"fileOperations":483,"externalRequests":483,"nonceChecks":266,"capabilityChecks":266,"bundledLibraries":484},[],{"prepared":122,"raw":11,"locations":270},[],{"escaped":272,"rawEcho":273,"locations":274},52,108,[275,278,280,282,284,287,289,291,293,296,298,300,302,304,306,308,310,312,314,316,318,320,322,324,326,328,330,332,334,335,337,339,341,343,345,347,348,349,351,353,355,357,359,361,363,365,367,369,371,373,374,375,377,379,381,383,385,386,388,390,392,394,395,397,399,401,403,405,406,408,410,412,414,416,418,420,423,425,427,429,431,433,435,436,438,440,442,444,446,448,451,453,455,456,458,460,461,462,464,465,467,469,471,473,475,477,479,481],{"file":132,"line":276,"context":277},134,"raw output",{"file":132,"line":279,"context":277},165,{"file":132,"line":281,"context":277},172,{"file":132,"line":283,"context":277},181,{"file":285,"line":286,"context":277},"admin\\tabs\\fields.php",66,{"file":285,"line":288,"context":277},67,{"file":285,"line":290,"context":277},79,{"file":285,"line":292,"context":277},213,{"file":294,"line":295,"context":277},"admin\\tabs\\mail.php",153,{"file":145,"line":297,"context":277},345,{"file":145,"line":299,"context":277},346,{"file":145,"line":301,"context":277},347,{"file":145,"line":303,"context":277},348,{"file":145,"line":305,"context":277},354,{"file":145,"line":307,"context":277},355,{"file":145,"line":309,"context":277},356,{"file":145,"line":311,"context":277},370,{"file":145,"line":313,"context":277},371,{"file":145,"line":315,"context":277},372,{"file":145,"line":317,"context":277},376,{"file":145,"line":319,"context":277},378,{"file":145,"line":321,"context":277},387,{"file":145,"line":323,"context":277},388,{"file":145,"line":325,"context":277},389,{"file":145,"line":327,"context":277},390,{"file":145,"line":329,"context":277},399,{"file":145,"line":331,"context":277},400,{"file":145,"line":333,"context":277},401,{"file":145,"line":333,"context":277},{"file":145,"line":336,"context":277},412,{"file":145,"line":338,"context":277},413,{"file":145,"line":340,"context":277},414,{"file":145,"line":342,"context":277},415,{"file":145,"line":344,"context":277},422,{"file":145,"line":346,"context":277},424,{"file":145,"line":346,"context":277},{"file":145,"line":346,"context":277},{"file":145,"line":350,"context":277},439,{"file":145,"line":352,"context":277},440,{"file":145,"line":354,"context":277},441,{"file":145,"line":356,"context":277},463,{"file":145,"line":358,"context":277},464,{"file":145,"line":360,"context":277},465,{"file":145,"line":362,"context":277},500,{"file":145,"line":364,"context":277},501,{"file":145,"line":366,"context":277},502,{"file":145,"line":368,"context":277},526,{"file":145,"line":370,"context":277},527,{"file":145,"line":372,"context":277},529,{"file":145,"line":372,"context":277},{"file":145,"line":372,"context":277},{"file":145,"line":376,"context":277},535,{"file":145,"line":378,"context":277},538,{"file":145,"line":380,"context":277},556,{"file":145,"line":382,"context":277},557,{"file":145,"line":384,"context":277},559,{"file":145,"line":384,"context":277},{"file":145,"line":387,"context":277},580,{"file":145,"line":389,"context":277},585,{"file":145,"line":391,"context":277},587,{"file":145,"line":393,"context":277},683,{"file":145,"line":393,"context":277},{"file":145,"line":396,"context":277},686,{"file":145,"line":398,"context":277},693,{"file":145,"line":400,"context":277},700,{"file":145,"line":402,"context":277},704,{"file":145,"line":404,"context":277},715,{"file":145,"line":404,"context":277},{"file":145,"line":407,"context":277},726,{"file":145,"line":409,"context":277},732,{"file":145,"line":411,"context":277},872,{"file":145,"line":413,"context":277},1249,{"file":145,"line":415,"context":277},1594,{"file":145,"line":417,"context":277},1648,{"file":145,"line":419,"context":277},1664,{"file":421,"line":422,"context":277},"classes\\ultimatecaptcha.common.php",99,{"file":421,"line":424,"context":277},110,{"file":421,"line":426,"context":277},119,{"file":421,"line":428,"context":277},124,{"file":421,"line":430,"context":277},128,{"file":421,"line":432,"context":277},135,{"file":421,"line":434,"context":277},140,{"file":421,"line":295,"context":277},{"file":421,"line":437,"context":277},157,{"file":421,"line":439,"context":277},167,{"file":421,"line":441,"context":277},173,{"file":421,"line":443,"context":277},185,{"file":421,"line":445,"context":277},190,{"file":421,"line":447,"context":277},195,{"file":449,"line":450,"context":277},"classes\\ultimatecaptcha.messaging.php",174,{"file":449,"line":452,"context":277},258,{"file":226,"line":454,"context":277},320,{"file":226,"line":303,"context":277},{"file":226,"line":457,"context":277},361,{"file":226,"line":459,"context":277},620,{"file":226,"line":404,"context":277},{"file":226,"line":407,"context":277},{"file":226,"line":463,"context":277},731,{"file":226,"line":409,"context":277},{"file":226,"line":466,"context":277},733,{"file":226,"line":468,"context":277},734,{"file":226,"line":470,"context":277},735,{"file":226,"line":472,"context":277},775,{"file":226,"line":474,"context":277},942,{"file":226,"line":476,"context":277},1049,{"file":226,"line":478,"context":277},1085,{"file":226,"line":480,"context":277},1195,{"file":226,"line":482,"context":277},2741,2,[],[486,503,516,540,549,562,573,583,592,602,612,622],{"entryPoint":487,"graph":488,"unsanitizedCount":150,"severity":502},"reload_field_to_edit (classes\\ultimatecaptcha.class.php:294)",{"nodes":489,"edges":500},[490,495],{"id":491,"type":492,"label":493,"file":145,"line":494},"n0","source","$_POST (x40)",299,{"id":496,"type":497,"label":498,"file":145,"line":297,"wp_function":499},"n1","sink","echo() [XSS]","echo",[501],{"from":491,"to":496,"sanitized":244},"medium",{"entryPoint":504,"graph":505,"unsanitizedCount":266,"severity":502},"ultimatecaptcha_verify (classes\\ultimatecaptcha.class.php:808)",{"nodes":506,"edges":514},[507,510],{"id":491,"type":492,"label":508,"file":145,"line":509},"$_POST",814,{"id":496,"type":497,"label":511,"file":145,"line":512,"wp_function":513},"wp_remote_get() [SSRF]",817,"wp_remote_get",[515],{"from":491,"to":496,"sanitized":244},{"entryPoint":517,"graph":518,"unsanitizedCount":539,"severity":502},"\u003Cultimatecaptcha.class> (classes\\ultimatecaptcha.class.php:0)",{"nodes":519,"edges":535},[520,522,526,529,531,533],{"id":491,"type":492,"label":521,"file":145,"line":25},"$_POST (x7)",{"id":496,"type":497,"label":523,"file":145,"line":524,"wp_function":525},"update_option() [Settings Manipulation]",116,"update_option",{"id":527,"type":492,"label":528,"file":145,"line":494},"n2","$_POST (x47)",{"id":530,"type":497,"label":498,"file":145,"line":297,"wp_function":499},"n3",{"id":532,"type":492,"label":508,"file":145,"line":509},"n4",{"id":534,"type":497,"label":511,"file":145,"line":512,"wp_function":513},"n5",[536,537,538],{"from":491,"to":496,"sanitized":244},{"from":527,"to":530,"sanitized":244},{"from":532,"to":534,"sanitized":244},55,{"entryPoint":541,"graph":542,"unsanitizedCount":266,"severity":502},"confirm_update_email_user (classes\\ultimatecaptcha.profile.php:1092)",{"nodes":543,"edges":547},[544,546],{"id":491,"type":492,"label":508,"file":226,"line":545},1099,{"id":496,"type":497,"label":498,"file":226,"line":480,"wp_function":499},[548],{"from":491,"to":496,"sanitized":244},{"entryPoint":550,"graph":551,"unsanitizedCount":266,"severity":502},"handle_redir_success (classes\\ultimatecaptcha.profile.php:1449)",{"nodes":552,"edges":560},[553,556],{"id":491,"type":492,"label":554,"file":226,"line":555},"$_COOKIE",1458,{"id":496,"type":497,"label":557,"file":226,"line":558,"wp_function":559},"wp_redirect() [Open Redirect]",1479,"wp_redirect",[561],{"from":491,"to":496,"sanitized":244},{"entryPoint":563,"graph":564,"unsanitizedCount":266,"severity":502},"login_registration_afterlogin (classes\\ultimatecaptcha.profile.php:1971)",{"nodes":565,"edges":571},[566,569],{"id":491,"type":492,"label":567,"file":226,"line":568},"$_SERVER",1998,{"id":496,"type":497,"label":557,"file":226,"line":570,"wp_function":559},2013,[572],{"from":491,"to":496,"sanitized":244},{"entryPoint":574,"graph":575,"unsanitizedCount":266,"severity":502},"get_errors (classes\\ultimatecaptcha.profile.php:2160)",{"nodes":576,"edges":581},[577,579],{"id":491,"type":492,"label":567,"file":226,"line":578},2191,{"id":496,"type":497,"label":557,"file":226,"line":580,"wp_function":559},2193,[582],{"from":491,"to":496,"sanitized":244},{"entryPoint":584,"graph":585,"unsanitizedCount":266,"severity":591},"sort_fileds_list (classes\\ultimatecaptcha.class.php:73)",{"nodes":586,"edges":589},[587,588],{"id":491,"type":492,"label":508,"file":145,"line":25},{"id":496,"type":497,"label":523,"file":145,"line":524,"wp_function":525},[590],{"from":491,"to":496,"sanitized":244},"low",{"entryPoint":593,"graph":594,"unsanitizedCount":483,"severity":591},"delete_profile_field (classes\\ultimatecaptcha.class.php:121)",{"nodes":595,"edges":600},[596,598],{"id":491,"type":492,"label":597,"file":145,"line":430},"$_POST (x2)",{"id":496,"type":497,"label":523,"file":145,"line":599,"wp_function":525},149,[601],{"from":491,"to":496,"sanitized":244},{"entryPoint":603,"graph":604,"unsanitizedCount":483,"severity":591},"add_new_custom_profile_field (classes\\ultimatecaptcha.class.php:158)",{"nodes":605,"edges":610},[606,608],{"id":491,"type":492,"label":597,"file":145,"line":607},175,{"id":496,"type":497,"label":523,"file":145,"line":609,"wp_function":525},218,[611],{"from":491,"to":496,"sanitized":244},{"entryPoint":613,"graph":614,"unsanitizedCount":483,"severity":591},"save_fields_settings (classes\\ultimatecaptcha.class.php:225)",{"nodes":615,"edges":620},[616,618],{"id":491,"type":492,"label":597,"file":145,"line":617},242,{"id":496,"type":497,"label":523,"file":145,"line":619,"wp_function":525},285,[621],{"from":491,"to":496,"sanitized":244},{"entryPoint":623,"graph":624,"unsanitizedCount":11,"severity":591},"\u003Cultimatecaptcha.profile> (classes\\ultimatecaptcha.profile.php:0)",{"nodes":625,"edges":635},[626,629,630,631,632,634],{"id":491,"type":492,"label":627,"file":226,"line":628},"$_POST (x4)",536,{"id":496,"type":497,"label":498,"file":226,"line":463,"wp_function":499},{"id":527,"type":492,"label":554,"file":226,"line":555},{"id":530,"type":497,"label":557,"file":226,"line":558,"wp_function":559},{"id":532,"type":492,"label":633,"file":226,"line":568},"$_SERVER (x2)",{"id":534,"type":497,"label":557,"file":226,"line":570,"wp_function":559},[636,638,639],{"from":491,"to":496,"sanitized":637},true,{"from":527,"to":530,"sanitized":637},{"from":532,"to":534,"sanitized":637},{"summary":641,"deductions":642},"The \"ultimate-captcha\" v1.0.5 plugin presents a mixed security posture.  While it demonstrates good practices in terms of SQL query security by exclusively using prepared statements and has no recorded vulnerabilities or CVEs, there are significant areas of concern.  The static analysis reveals a notable vulnerability in its attack surface, with one AJAX handler lacking authentication checks. This unprotected entry point could potentially be exploited by unauthenticated users.\n\nFurther analysis of the code signals indicates potential issues with output sanitization, as only 33% of outputs are properly escaped. Additionally, the taint analysis shows a high number of flows with unsanitized paths (11 out of 12), though thankfully none reached critical or high severity.  This pattern suggests a potential for cross-site scripting (XSS) vulnerabilities if user-supplied data is not properly handled before being displayed.  The absence of historical vulnerabilities is a positive sign, suggesting a potentially stable codebase, but this must be considered alongside the identified code weaknesses.\n\nOverall, the plugin has a moderate security risk. The lack of authentication on an AJAX handler and the prevalence of unsanitized output flows are the primary concerns that require attention.  The plugin's strength lies in its secure SQL handling and clean vulnerability history. Addressing the identified vulnerabilities and improving output sanitization would significantly enhance its security posture.",[643,646,648],{"reason":644,"points":645},"Unprotected AJAX handler",7,{"reason":647,"points":265},"Low percentage of properly escaped output",{"reason":649,"points":650},"High number of unsanitized taint flows",4,"2026-03-17T06:33:43.206Z",{"wat":653,"direct":662},{"assetPaths":654,"generatorPatterns":657,"scriptPaths":658,"versionParams":659},[655,656],"\u002Fwp-content\u002Fplugins\u002Fultimate-captcha\u002Fassets\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fultimate-captcha\u002Fassets\u002Fjs\u002Fadmin.js",[],[656],[660,661],"ultimate-captcha\u002Fassets\u002Fcss\u002Fadmin.css?ver=","ultimate-captcha\u002Fassets\u002Fjs\u002Fadmin.js?ver=",{"cssClasses":663,"htmlComments":666,"htmlAttributes":667,"restEndpoints":668,"jsGlobals":669,"shortcodeOutput":672},[664,665],"ultimatecaptcha-admin","ultimatecaptcha-admin-contain",[],[],[],[670,671],"ultimatecaptcha_ajax_url","ultimatecaptcha_nonce",[]]