[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f599myPzTROLdQPc1ao6Zl4Zp_a2V-hbT5VtZ5kOEewo":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":18,"download_link":19,"security_score":20,"vuln_count":11,"unpatched_count":11,"last_vuln_date":21,"fetched_at":22,"vulnerabilities":23,"developer":24,"crawl_stats":21,"alternatives":32,"analysis":33,"fingerprints":652},"ultimate-forms","Ultimate Forms","0.5","Rustaurius","https:\u002F\u002Fprofiles.wordpress.org\u002Frustaurius\u002F","\u003Cp>An easy-to-use plugin that you create forms for your visitors to fill out.\u003C\u002Fp>\n","Easily create forms which can be used to create emails or a database of form responses",0,1394,"2021-04-15T13:47:00.000Z","5.4.19","4.0.0","",[4],"http:\u002F\u002Fwww.EtoileWebDesign.com\u002Fplugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fultimate-forms.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":25,"display_name":7,"profile_url":8,"plugin_count":26,"total_installs":27,"avg_security_score":28,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},"rustaurius",21,65800,90,716,72,"2026-04-04T03:33:40.055Z",[],{"attackSurface":34,"codeSignals":131,"taintFlows":445,"riskAssessment":637,"analyzedAt":651},{"hooks":35,"ajaxHandlers":110,"restRoutes":124,"shortcodes":125,"cronEvents":129,"entryPointCount":130,"unprotectedCount":40},[36,43,48,52,57,61,65,70,73,78,81,84,88,92,95,99,103,106],{"type":37,"name":38,"callback":39,"priority":40,"file":41,"line":42},"filter","the_content","EWD_UFP_Add_Form_To_Page",3,"Functions\\EWD_UFP_Add_Form_To_Page.php",2,{"type":37,"name":44,"callback":45,"priority":46,"file":47,"line":42},"get_sample_permalink_html","EWD_UFP_Add_Review_Shortcode",10,"Functions\\EWD_UFP_Edit_Form_Page_Content.php",{"type":37,"name":44,"callback":49,"priority":50,"file":47,"line":51},"EWD_UFP_Add_Content_Editor_Toggle",11,14,{"type":53,"name":54,"callback":55,"file":47,"line":56},"action","add_meta_boxes","EWD_UFP_Add_Meta_Boxes",22,{"type":53,"name":58,"callback":59,"file":47,"line":60},"save_post","EWD_UFP_Save_Meta_Box_Data",633,{"type":53,"name":62,"callback":63,"priority":46,"file":64,"line":42},"init","EWD_UFP_Handle_Form_Submission","Functions\\EWD_UFP_Handle_Form_Submission.php",{"type":53,"name":66,"callback":67,"file":68,"line":69},"widgets_init","UFP_Register_Contact_Form","Functions\\EWD_UFP_Widgets.php",69,{"type":53,"name":62,"callback":71,"file":72,"line":42},"EWD_UFP_Create_Posttypes","Functions\\Register_EWD_UFP_Posts_Taxonomies.php",{"type":53,"name":74,"callback":75,"file":76,"line":77},"admin_head","EWD_UFP_Admin_Options","ultimate-forms.php",31,{"type":53,"name":66,"callback":79,"file":76,"line":80},"Update_EWD_UFP_Content",32,{"type":53,"name":74,"callback":82,"file":76,"line":83},"Add_EWD_UFP_Scripts",33,{"type":53,"name":85,"callback":86,"file":76,"line":87},"admin_notices","EWD_UFP_Error_Notices",34,{"type":53,"name":89,"callback":90,"file":76,"line":91},"admin_menu","EWD_UFP_Enable_Menu",51,{"type":53,"name":85,"callback":93,"file":76,"line":94},"EWD_UFP_Add_Header_Bar",93,{"type":53,"name":96,"callback":97,"file":76,"line":98},"after_setup_theme","EWD_UFP_localization_setup",99,{"type":53,"name":100,"callback":101,"file":76,"line":102},"wp_enqueue_scripts","Add_EWD_UFP_FrontEnd_Scripts",124,{"type":53,"name":100,"callback":104,"file":76,"line":105},"EWD_UFP_Add_Stylesheet",141,{"type":53,"name":107,"callback":108,"file":76,"line":109},"activated_plugin","save_ufp_error",157,[111,117,120],{"action":112,"nopriv":113,"callback":114,"hasNonce":113,"hasCapCheck":113,"file":115,"line":116},"ewd_ufp_add_form_element",false,"EWD_UFP_AJAX_Add_Element_To_Form","Functions\\EWD_UFP_Process_Ajax.php",13,{"action":118,"nopriv":113,"callback":119,"hasNonce":113,"hasCapCheck":113,"file":115,"line":83},"ewd_ufp_clear_submissions","EWD_UFP_Clear_Form_Submissions",{"action":121,"nopriv":113,"callback":122,"hasNonce":113,"hasCapCheck":113,"file":115,"line":123},"ewd_ufp_get_submissions","EWD_UFP_GET_Form_Submissions",71,[],[126],{"tag":4,"callback":127,"file":128,"line":56},"EWD_UFP_Insert_Contact_Form","Shortcodes\\Insert_Contact_Form.php",[],4,{"dangerousFunctions":132,"sqlUsage":180,"outputEscaping":195,"fileOperations":437,"externalRequests":11,"nonceChecks":42,"capabilityChecks":42,"bundledLibraries":438},[133,138,141,145,149,152,155,159,162,166,170,173,177],{"fn":134,"file":135,"line":136,"context":137},"unserialize","Functions\\EWD_UFP_Export_Form_Submissions.php",40,"$Unserialized = unserialize($Response->Submission_Value);",{"fn":134,"file":115,"line":139,"context":140},46,"$Column_Element_IDs = unserialize($_POST['Column_Element_IDs']);",{"fn":134,"file":142,"line":143,"context":144},"PHPExcel\\Classes\\PHPExcel\\CachedObjectStorage\\APC.php",152,"$this->currentObject = unserialize($obj);",{"fn":134,"file":146,"line":147,"context":148},"PHPExcel\\Classes\\PHPExcel\\CachedObjectStorage\\DiscISAM.php",118,"$this->currentObject = unserialize(fread($this->fileHandle, $this->cellCache[$pCoord]['sz']));",{"fn":134,"file":150,"line":151,"context":144},"PHPExcel\\Classes\\PHPExcel\\CachedObjectStorage\\Memcache.php",156,{"fn":134,"file":153,"line":94,"context":154},"PHPExcel\\Classes\\PHPExcel\\CachedObjectStorage\\MemoryGZip.php","$this->currentObject = unserialize(gzinflate($this->cellCache[$pCoord]));",{"fn":134,"file":156,"line":157,"context":158},"PHPExcel\\Classes\\PHPExcel\\CachedObjectStorage\\MemorySerialized.php",91,"$this->currentObject = unserialize($this->cellCache[$pCoord]);",{"fn":134,"file":160,"line":161,"context":148},"PHPExcel\\Classes\\PHPExcel\\CachedObjectStorage\\PHPTemp.php",113,{"fn":134,"file":163,"line":164,"context":165},"PHPExcel\\Classes\\PHPExcel\\CachedObjectStorage\\SQLite.php",112,"$this->currentObject = unserialize($cellResult);",{"fn":134,"file":167,"line":168,"context":169},"PHPExcel\\Classes\\PHPExcel\\CachedObjectStorage\\SQLite3.php",144,"$this->currentObject = unserialize($cellData['value']);",{"fn":134,"file":171,"line":172,"context":144},"PHPExcel\\Classes\\PHPExcel\\CachedObjectStorage\\Wincache.php",154,{"fn":134,"file":174,"line":175,"context":176},"PHPExcel\\Classes\\PHPExcel\\Worksheet.php",2895,"$this->{$key} = unserialize(serialize($val));",{"fn":134,"file":178,"line":179,"context":176},"PHPExcel\\Classes\\PHPExcel.php",881,{"prepared":181,"raw":182,"locations":183},27,5,[184,187,189,190,193],{"file":185,"line":116,"context":186},"html\\DashboardPage.php","$wpdb->get_var() with variable interpolation",{"file":185,"line":188,"context":186},23,{"file":185,"line":83,"context":186},{"file":76,"line":191,"context":192},130,"$wpdb->get_results() with variable interpolation",{"file":76,"line":194,"context":192},133,{"escaped":168,"rawEcho":196,"locations":197},127,[198,202,204,206,208,210,212,214,216,218,220,222,224,226,228,230,232,234,236,238,239,240,242,244,246,248,250,252,254,256,258,260,262,264,266,268,270,272,274,276,278,280,282,284,286,288,290,292,294,296,298,300,302,303,305,306,307,309,311,313,314,316,317,318,319,321,322,324,325,327,329,331,333,335,336,337,338,339,341,343,345,347,349,351,354,355,358,361,363,365,367,369,370,371,372,373,375,377,379,380,381,383,385,387,389,391,393,395,397,399,402,404,407,409,412,415,417,419,421,423,425,427,428,430,431,432,435],{"file":199,"line":200,"context":201},"Functions\\Error_Notices.php",6,"raw output",{"file":199,"line":203,"context":201},7,{"file":47,"line":205,"context":201},100,{"file":47,"line":207,"context":201},101,{"file":47,"line":209,"context":201},102,{"file":47,"line":211,"context":201},103,{"file":47,"line":213,"context":201},104,{"file":47,"line":215,"context":201},122,{"file":47,"line":217,"context":201},171,{"file":47,"line":219,"context":201},172,{"file":47,"line":221,"context":201},173,{"file":47,"line":223,"context":201},174,{"file":47,"line":225,"context":201},175,{"file":47,"line":227,"context":201},176,{"file":47,"line":229,"context":201},180,{"file":47,"line":231,"context":201},198,{"file":47,"line":233,"context":201},226,{"file":47,"line":235,"context":201},232,{"file":47,"line":237,"context":201},239,{"file":47,"line":237,"context":201},{"file":47,"line":237,"context":201},{"file":47,"line":241,"context":201},249,{"file":47,"line":243,"context":201},256,{"file":47,"line":245,"context":201},261,{"file":47,"line":247,"context":201},267,{"file":47,"line":249,"context":201},285,{"file":47,"line":251,"context":201},291,{"file":47,"line":253,"context":201},297,{"file":47,"line":255,"context":201},303,{"file":47,"line":257,"context":201},326,{"file":47,"line":259,"context":201},332,{"file":47,"line":261,"context":201},339,{"file":47,"line":263,"context":201},345,{"file":47,"line":265,"context":201},351,{"file":47,"line":267,"context":201},357,{"file":47,"line":269,"context":201},370,{"file":47,"line":271,"context":201},371,{"file":47,"line":273,"context":201},372,{"file":47,"line":275,"context":201},373,{"file":47,"line":277,"context":201},374,{"file":47,"line":279,"context":201},380,{"file":47,"line":281,"context":201},381,{"file":47,"line":283,"context":201},382,{"file":47,"line":285,"context":201},383,{"file":47,"line":287,"context":201},386,{"file":47,"line":289,"context":201},387,{"file":47,"line":291,"context":201},388,{"file":47,"line":293,"context":201},389,{"file":47,"line":295,"context":201},391,{"file":47,"line":297,"context":201},393,{"file":47,"line":299,"context":201},396,{"file":47,"line":301,"context":201},684,{"file":115,"line":50,"context":201},{"file":115,"line":304,"context":201},67,{"file":68,"line":56,"context":201},{"file":68,"line":181,"context":201},{"file":68,"line":308,"context":201},28,{"file":68,"line":310,"context":201},42,{"file":68,"line":312,"context":201},43,{"file":68,"line":312,"context":201},{"file":68,"line":315,"context":201},45,{"file":68,"line":315,"context":201},{"file":185,"line":46,"context":201},{"file":185,"line":116,"context":201},{"file":185,"line":320,"context":201},20,{"file":185,"line":188,"context":201},{"file":185,"line":323,"context":201},30,{"file":185,"line":83,"context":201},{"file":185,"line":326,"context":201},41,{"file":185,"line":328,"context":201},56,{"file":185,"line":330,"context":201},60,{"file":185,"line":332,"context":201},64,{"file":185,"line":334,"context":201},97,{"file":185,"line":207,"context":201},{"file":185,"line":207,"context":201},{"file":185,"line":209,"context":201},{"file":185,"line":211,"context":201},{"file":340,"line":323,"context":201},"html\\OptionsPage.php",{"file":340,"line":342,"context":201},47,{"file":340,"line":344,"context":201},53,{"file":340,"line":346,"context":201},59,{"file":340,"line":348,"context":201},65,{"file":340,"line":350,"context":201},79,{"file":352,"line":353,"context":201},"PHPExcel\\Classes\\PHPExcel\\CalcEngine\\Logger.php",123,{"file":352,"line":353,"context":201},{"file":356,"line":357,"context":201},"PHPExcel\\Classes\\PHPExcel\\Chart\\Renderer\\jpgraph.php",865,{"file":359,"line":360,"context":201},"PHPExcel\\Classes\\PHPExcel\\Shared\\JAMA\\examples\\benchmark.php",35,{"file":359,"line":362,"context":201},36,{"file":359,"line":364,"context":201},37,{"file":359,"line":366,"context":201},38,{"file":359,"line":368,"context":201},39,{"file":359,"line":136,"context":201},{"file":359,"line":326,"context":201},{"file":359,"line":196,"context":201},{"file":359,"line":194,"context":201},{"file":359,"line":374,"context":201},139,{"file":359,"line":376,"context":201},145,{"file":359,"line":378,"context":201},151,{"file":359,"line":221,"context":201},{"file":359,"line":229,"context":201},{"file":359,"line":382,"context":201},188,{"file":359,"line":384,"context":201},195,{"file":359,"line":386,"context":201},203,{"file":359,"line":388,"context":201},210,{"file":359,"line":390,"context":201},218,{"file":359,"line":392,"context":201},225,{"file":359,"line":394,"context":201},233,{"file":359,"line":396,"context":201},240,{"file":359,"line":398,"context":201},246,{"file":400,"line":401,"context":201},"PHPExcel\\Classes\\PHPExcel\\Shared\\JAMA\\examples\\LagrangeInterpolation.php",58,{"file":403,"line":401,"context":201},"PHPExcel\\Classes\\PHPExcel\\Shared\\JAMA\\examples\\LagrangeInterpolation2.php",{"file":405,"line":406,"context":201},"PHPExcel\\Classes\\PHPExcel\\Shared\\JAMA\\examples\\LevenbergMarquardt.php",62,{"file":405,"line":408,"context":201},63,{"file":410,"line":411,"context":201},"PHPExcel\\Classes\\PHPExcel\\Shared\\JAMA\\examples\\LMQuadTest.php",94,{"file":413,"line":414,"context":201},"PHPExcel\\Classes\\PHPExcel\\Shared\\JAMA\\examples\\MagicSquareExample.php",120,{"file":413,"line":416,"context":201},125,{"file":413,"line":418,"context":201},131,{"file":413,"line":420,"context":201},135,{"file":413,"line":422,"context":201},140,{"file":413,"line":424,"context":201},153,{"file":413,"line":426,"context":201},162,{"file":413,"line":221,"context":201},{"file":429,"line":362,"context":201},"PHPExcel\\Classes\\PHPExcel\\Shared\\JAMA\\examples\\polyfit.php",{"file":429,"line":366,"context":201},{"file":429,"line":136,"context":201},{"file":433,"line":434,"context":201},"PHPExcel\\Classes\\PHPExcel\\Shared\\PCLZip\\pclzip.lib.php",3722,{"file":433,"line":436,"context":201},3733,189,[439,442],{"name":440,"version":21,"knownCves":441},"dompdf",[],{"name":443,"version":21,"knownCves":444},"TCPDF",[],[446,473,509,529,547,558,574,590,601,614],{"entryPoint":447,"graph":448,"unsanitizedCount":130,"severity":472},"EWD_UFP_AJAX_Add_Element_To_Form (Functions\\EWD_UFP_Process_Ajax.php:2)",{"nodes":449,"edges":468},[450,454,459,462,466],{"id":451,"type":452,"label":453,"file":115,"line":40},"n0","source","$_POST",{"id":455,"type":456,"label":457,"file":115,"line":50,"wp_function":458},"n1","sink","echo() [XSS]","echo",{"id":460,"type":452,"label":461,"file":115,"line":50},"n2","$_POST (x3)",{"id":463,"type":464,"label":465,"file":115,"line":50},"n3","transform","→ EWD_UFP_Add_Form_Element()",{"id":467,"type":456,"label":457,"file":47,"line":299,"wp_function":458},"n4",[469,470,471],{"from":451,"to":455,"sanitized":113},{"from":460,"to":463,"sanitized":113},{"from":463,"to":467,"sanitized":113},"medium",{"entryPoint":474,"graph":475,"unsanitizedCount":182,"severity":508},"EWD_UFP_UpdateOptions (Functions\\Update_EWD_UFP_Admin_Databases.php:4)",{"nodes":476,"edges":502},[477,480,483,485,486,489,491,495,497,500],{"id":451,"type":452,"label":478,"file":479,"line":182},"$_POST['custom_css']","Functions\\Update_EWD_UFP_Admin_Databases.php",{"id":455,"type":456,"label":481,"file":479,"line":182,"wp_function":482},"update_option() [Settings Manipulation]","update_option",{"id":460,"type":452,"label":484,"file":479,"line":203},"$_POST['submitted_successfully_label']",{"id":463,"type":456,"label":481,"file":479,"line":203,"wp_function":482},{"id":467,"type":452,"label":487,"file":479,"line":488},"$_POST['general_failure_label']",8,{"id":490,"type":456,"label":481,"file":479,"line":488,"wp_function":482},"n5",{"id":492,"type":452,"label":493,"file":479,"line":494},"n6","$_POST['email_failure_label']",9,{"id":496,"type":456,"label":481,"file":479,"line":494,"wp_function":482},"n7",{"id":498,"type":452,"label":499,"file":479,"line":46},"n8","$_POST['save_failure_label']",{"id":501,"type":456,"label":481,"file":479,"line":46,"wp_function":482},"n9",[503,504,505,506,507],{"from":451,"to":455,"sanitized":113},{"from":460,"to":463,"sanitized":113},{"from":467,"to":490,"sanitized":113},{"from":492,"to":496,"sanitized":113},{"from":498,"to":501,"sanitized":113},"low",{"entryPoint":510,"graph":511,"unsanitizedCount":182,"severity":508},"\u003CUpdate_EWD_UFP_Admin_Databases> (Functions\\Update_EWD_UFP_Admin_Databases.php:0)",{"nodes":512,"edges":523},[513,514,515,516,517,518,519,520,521,522],{"id":451,"type":452,"label":478,"file":479,"line":182},{"id":455,"type":456,"label":481,"file":479,"line":182,"wp_function":482},{"id":460,"type":452,"label":484,"file":479,"line":203},{"id":463,"type":456,"label":481,"file":479,"line":203,"wp_function":482},{"id":467,"type":452,"label":487,"file":479,"line":488},{"id":490,"type":456,"label":481,"file":479,"line":488,"wp_function":482},{"id":492,"type":452,"label":493,"file":479,"line":494},{"id":496,"type":456,"label":481,"file":479,"line":494,"wp_function":482},{"id":498,"type":452,"label":499,"file":479,"line":46},{"id":501,"type":456,"label":481,"file":479,"line":46,"wp_function":482},[524,525,526,527,528],{"from":451,"to":455,"sanitized":113},{"from":460,"to":463,"sanitized":113},{"from":467,"to":490,"sanitized":113},{"from":492,"to":496,"sanitized":113},{"from":498,"to":501,"sanitized":113},{"entryPoint":530,"graph":531,"unsanitizedCount":40,"severity":546},"EWD_UFP_Export_Form_Submissions (Functions\\EWD_UFP_Export_Form_Submissions.php:2)",{"nodes":532,"edges":543},[533,535,538,540],{"id":451,"type":452,"label":534,"file":135,"line":494},"$_GET",{"id":455,"type":456,"label":536,"file":135,"line":83,"wp_function":537},"get_results() [SQLi]","get_results",{"id":460,"type":452,"label":539,"file":135,"line":494},"$_GET (x2)",{"id":463,"type":456,"label":541,"file":135,"line":91,"wp_function":542},"header() [Header Injection]","header",[544,545],{"from":451,"to":455,"sanitized":113},{"from":460,"to":463,"sanitized":113},"high",{"entryPoint":548,"graph":549,"unsanitizedCount":40,"severity":546},"\u003CEWD_UFP_Export_Form_Submissions> (Functions\\EWD_UFP_Export_Form_Submissions.php:0)",{"nodes":550,"edges":555},[551,552,553,554],{"id":451,"type":452,"label":534,"file":135,"line":494},{"id":455,"type":456,"label":536,"file":135,"line":83,"wp_function":537},{"id":460,"type":452,"label":539,"file":135,"line":494},{"id":463,"type":456,"label":541,"file":135,"line":91,"wp_function":542},[556,557],{"from":451,"to":455,"sanitized":113},{"from":460,"to":463,"sanitized":113},{"entryPoint":559,"graph":560,"unsanitizedCount":573,"severity":546},"EWD_UFP_Handle_Form_Submission (Functions\\EWD_UFP_Handle_Form_Submission.php:3)",{"nodes":561,"edges":570},[562,564,566],{"id":451,"type":452,"label":453,"file":64,"line":563},57,{"id":455,"type":464,"label":565,"file":64,"line":563},"→ EWD_UFP_Save_To_Database()",{"id":460,"type":456,"label":567,"file":64,"line":568,"wp_function":569},"query() [SQLi]",81,"query",[571,572],{"from":451,"to":455,"sanitized":113},{"from":455,"to":460,"sanitized":113},1,{"entryPoint":575,"graph":576,"unsanitizedCount":573,"severity":546},"\u003CEWD_UFP_Handle_Form_Submission> (Functions\\EWD_UFP_Handle_Form_Submission.php:0)",{"nodes":577,"edges":585},[578,581,582,583,584],{"id":451,"type":452,"label":579,"file":64,"line":580},"$_POST (x2)",24,{"id":455,"type":456,"label":567,"file":64,"line":568,"wp_function":569},{"id":460,"type":452,"label":453,"file":64,"line":563},{"id":463,"type":464,"label":565,"file":64,"line":563},{"id":467,"type":456,"label":567,"file":64,"line":568,"wp_function":569},[586,588,589],{"from":451,"to":455,"sanitized":587},true,{"from":460,"to":463,"sanitized":113},{"from":463,"to":467,"sanitized":113},{"entryPoint":591,"graph":592,"unsanitizedCount":42,"severity":546},"EWD_UFP_Clear_Form_Submissions (Functions\\EWD_UFP_Process_Ajax.php:15)",{"nodes":593,"edges":598},[594,595,596,597],{"id":451,"type":452,"label":453,"file":115,"line":188},{"id":455,"type":456,"label":536,"file":115,"line":181,"wp_function":537},{"id":460,"type":452,"label":453,"file":115,"line":188},{"id":463,"type":456,"label":567,"file":115,"line":77,"wp_function":569},[599,600],{"from":451,"to":455,"sanitized":113},{"from":460,"to":463,"sanitized":113},{"entryPoint":602,"graph":603,"unsanitizedCount":42,"severity":546},"EWD_UFP_GET_Form_Submissions (Functions\\EWD_UFP_Process_Ajax.php:35)",{"nodes":604,"edges":611},[605,607,609,610],{"id":451,"type":452,"label":606,"file":115,"line":139},"$_POST['Column_Element_IDs']",{"id":455,"type":456,"label":608,"file":115,"line":139,"wp_function":134},"unserialize() [Object Injection]",{"id":460,"type":452,"label":453,"file":115,"line":312},{"id":463,"type":456,"label":536,"file":115,"line":344,"wp_function":537},[612,613],{"from":451,"to":455,"sanitized":113},{"from":460,"to":463,"sanitized":113},{"entryPoint":615,"graph":616,"unsanitizedCount":488,"severity":546},"\u003CEWD_UFP_Process_Ajax> (Functions\\EWD_UFP_Process_Ajax.php:0)",{"nodes":617,"edges":630},[618,619,620,621,622,623,624,625,626,627,628],{"id":451,"type":452,"label":453,"file":115,"line":40},{"id":455,"type":456,"label":457,"file":115,"line":50,"wp_function":458},{"id":460,"type":452,"label":579,"file":115,"line":188},{"id":463,"type":456,"label":536,"file":115,"line":181,"wp_function":537},{"id":467,"type":452,"label":453,"file":115,"line":188},{"id":490,"type":456,"label":567,"file":115,"line":77,"wp_function":569},{"id":492,"type":452,"label":606,"file":115,"line":139},{"id":496,"type":456,"label":608,"file":115,"line":139,"wp_function":134},{"id":498,"type":452,"label":461,"file":115,"line":50},{"id":501,"type":464,"label":465,"file":115,"line":50},{"id":629,"type":456,"label":457,"file":47,"line":299,"wp_function":458},"n10",[631,632,633,634,635,636],{"from":451,"to":455,"sanitized":113},{"from":460,"to":463,"sanitized":113},{"from":467,"to":490,"sanitized":113},{"from":492,"to":496,"sanitized":113},{"from":498,"to":501,"sanitized":113},{"from":501,"to":629,"sanitized":113},{"summary":638,"deductions":639},"The 'ultimate-forms' plugin version 0.5 exhibits a concerning security posture due to a significant number of unprotected entry points, particularly AJAX handlers.  While the plugin utilizes prepared statements for the majority of its SQL queries and has a reasonable number of output escaping functions, the presence of 3 AJAX handlers without any authentication or capability checks presents a direct and serious risk. This means any unauthenticated user could potentially interact with these handlers, leading to unintended actions or information disclosure.  Furthermore, the taint analysis revealing 7 high-severity flows with unsanitized paths indicates potential for serious vulnerabilities, even if not yet cataloged as CVEs. The complete lack of recorded vulnerabilities in its history is positive, but it doesn't negate the risks identified in the static analysis. The presence of the `unserialize` function is also a red flag, especially when combined with potentially unsanitized input.",[640,643,645,647,649],{"reason":641,"points":642},"Unprotected AJAX handlers",15,{"reason":644,"points":642},"High severity taint flows",{"reason":646,"points":488},"Dangerous function: unserialize",{"reason":648,"points":182},"Low output escaping percentage",{"reason":650,"points":182},"Limited nonce\u002Fcapability checks","2026-03-17T06:42:54.108Z",{"wat":653,"direct":666},{"assetPaths":654,"generatorPatterns":657,"scriptPaths":658,"versionParams":663},[655,656],"\u002Fwp-content\u002Fplugins\u002Fultimate-forms\u002Fcss\u002Fewd-ufp-styles.css","\u002Fwp-content\u002Fplugins\u002Fultimate-forms\u002Fjs\u002Fewd-ufp-js.js",[],[659,660,661,662,656],"\u002Fwp-content\u002Fplugins\u002Fultimate-forms\u002Fjs\u002FAdmin.js","\u002Fwp-content\u002Fplugins\u002Fultimate-forms\u002Fjs\u002Fspectrum.js","\u002Fwp-content\u002Fplugins\u002Fultimate-forms\u002Fjs\u002Fbootstrap.min.js","\u002Fwp-content\u002Fplugins\u002Fultimate-forms\u002Fjs\u002Fjquery.confirm.min.js",[664,665],"ultimate-forms\u002Fjs\u002FAdmin.js?ver=","ultimate-forms\u002Fcss\u002FAdmin.css?ver=",{"cssClasses":667,"htmlComments":675,"htmlAttributes":676,"restEndpoints":678,"jsGlobals":679,"shortcodeOutput":681},[668,669,670,671,672,673,674],"EWD_UFP_Menu","ewd-ufp-dash-mobile-menu-open","MenuTab","ewd-ufp-dash-mobile-menu-down-caret","ewd-ufp-dash-mobile-menu-up-caret","nav-tab","nav-tab-active",[],[677],"data-selector-id",[],[680],"ewd_ufp_form_data",[]]