[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fIRELYNsm3ou687c7GJ8Pd8LsESCvLFhWx2MIGiOSiW4":3,"$fNVWvjyLiwKGofHksmoEOvyJZB5N--XyfgiIRa1VChIU":180,"$f7sfvleiGGp2sTXasfKJ-mgn4GNBvKPilfoSNSoUOVvs":184},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":6,"requires_php":17,"tags":18,"homepage":19,"download_link":20,"security_score":21,"vuln_count":22,"unpatched_count":22,"last_vuln_date":23,"fetched_at":24,"discovery_status":25,"vulnerabilities":26,"developer":27,"crawl_stats":23,"alternatives":33,"analysis":34,"fingerprints":137},"wp-simple-ajax-contact-form","wp simple ajax contact form","3.0","Arash Heidari","https:\u002F\u002Fprofiles.wordpress.org\u002Fpicorir\u002F","\u003Cp>After Activation the plugin , there will be a fixed green contact icon in left side of the theme and plugin also supports shortcode .\u003Cbr \u002F>\nافزونه فارسی ارسال فرم تماس\u003Cbr \u002F>\nFeatures:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>After Activation , there will be a fixed green contact icon in left side of the theme .\u003C\u002Fli>\n\u003Cli>Also use  [wp_simple_ajax_contact_form]  shortcode to show ajax contact form in the pages and posts.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Language Support:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>Persian (فارسی)\u003C\u002Fli>\n\u003C\u002Ful>\n","Have a simple ajax contact form in your wordoress theme and pages . افزونه تماس آجاکس",10,5922,96,4,"2018-04-03T21:26:00.000Z","4.9.29","",[],"http:\u002F\u002Fpicor.ir","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-simple-ajax-contact-form.zip",85,0,null,"2026-03-15T15:16:48.613Z","no_bundle",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":21,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},"picorir",2,30,84,"2026-05-20T11:56:39.024Z",[],{"attackSurface":35,"codeSignals":66,"taintFlows":122,"riskAssessment":123,"analyzedAt":136},{"hooks":36,"ajaxHandlers":52,"restRoutes":60,"shortcodes":61,"cronEvents":65,"entryPointCount":42,"unprotectedCount":29},[37,43,47],{"type":38,"name":39,"callback":40,"file":41,"line":42},"action","admin_menu","contact_setMenu","contact_menu_setup.php",3,{"type":38,"name":44,"callback":45,"file":46,"line":30},"wp_enqueue_scripts","wp_simple_ajax_contact_form_scripts","index.php",{"type":48,"name":49,"callback":50,"file":46,"line":51},"filter","wp_footer","contact",32,[53,57],{"action":54,"nopriv":55,"callback":54,"hasNonce":55,"hasCapCheck":55,"file":46,"line":56},"wp_simple_ajax_contact_form_send",false,142,{"action":54,"nopriv":58,"callback":54,"hasNonce":55,"hasCapCheck":55,"file":46,"line":59},true,143,[],[62],{"tag":63,"callback":63,"file":46,"line":64},"wp_simple_ajax_contact_form",86,[],{"dangerousFunctions":67,"sqlUsage":68,"outputEscaping":70,"fileOperations":22,"externalRequests":22,"nonceChecks":22,"capabilityChecks":22,"bundledLibraries":121},[],{"prepared":22,"raw":22,"locations":69},[],{"escaped":42,"rawEcho":71,"locations":72},24,[73,77,80,82,84,86,88,90,91,92,93,95,97,99,101,103,105,107,109,111,113,115,117,119],{"file":74,"line":75,"context":76},"contact_bugs.php",33,"raw output",{"file":78,"line":79,"context":76},"contact_packages.php",36,{"file":78,"line":81,"context":76},52,{"file":78,"line":83,"context":76},67,{"file":78,"line":85,"context":76},83,{"file":78,"line":87,"context":76},100,{"file":89,"line":79,"context":76},"contact_pluginsthemes.php",{"file":89,"line":81,"context":76},{"file":89,"line":83,"context":76},{"file":89,"line":85,"context":76},{"file":89,"line":94,"context":76},99,{"file":89,"line":96,"context":76},115,{"file":89,"line":98,"context":76},135,{"file":89,"line":100,"context":76},151,{"file":89,"line":102,"context":76},166,{"file":89,"line":104,"context":76},181,{"file":89,"line":106,"context":76},196,{"file":89,"line":108,"context":76},211,{"file":89,"line":110,"context":76},226,{"file":89,"line":112,"context":76},241,{"file":89,"line":114,"context":76},257,{"file":46,"line":116,"context":76},35,{"file":46,"line":118,"context":76},132,{"file":46,"line":120,"context":76},134,[],[],{"summary":124,"deductions":125},"The wp-simple-ajax-contact-form v3.0 plugin presents a mixed security posture. While it demonstrates good practices in several areas, such as the absence of dangerous functions, raw SQL queries, file operations, external HTTP requests, and known vulnerabilities, significant concerns exist regarding its attack surface and output sanitization. The plugin exposes two AJAX handlers without any authentication checks, creating a direct entry point for attackers to potentially exploit. Furthermore, a large percentage of output is not properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is included in these outputs. The lack of any recorded historical vulnerabilities might suggest a low profile or diligent patching by developers, but it does not mitigate the immediate risks identified in the static analysis. Overall, the strengths in secure SQL handling and the absence of known CVEs are overshadowed by the critical weaknesses in authentication for AJAX endpoints and output escaping, demanding immediate attention.",[126,128,131,134],{"reason":127,"points":11},"AJAX handlers without auth checks",{"reason":129,"points":130},"Low percentage of properly escaped output",8,{"reason":132,"points":133},"No nonce checks on AJAX handlers",5,{"reason":135,"points":133},"No capability checks on AJAX handlers","2026-03-17T01:06:56.257Z",{"wat":138,"direct":148},{"assetPaths":139,"generatorPatterns":143,"scriptPaths":144,"versionParams":147},[140,141,142],"\u002Fwp-content\u002Fplugins\u002Fwp-simple-ajax-contact-form\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fwp-simple-ajax-contact-form\u002Fjs\u002Ffixed-icon.js","\u002Fwp-content\u002Fplugins\u002Fwp-simple-ajax-contact-form\u002Fjs\u002Fcontact-form.js",[],[145,146],"plugins\u002Fwp-simple-ajax-contact-form\u002Fjs\u002Ffixed-icon.js","plugins\u002Fwp-simple-ajax-contact-form\u002Fjs\u002Fcontact-form.js",[],{"cssClasses":149,"htmlComments":157,"htmlAttributes":158,"restEndpoints":169,"jsGlobals":170,"shortcodeOutput":172},[150,151,152,153,154,155,156],"slide-out-div","handle","wp-simple-ajax-contact-form-email-valid","wp-simple-ajax-contact-form-email-empty","wp-simple-ajax-contact-form-mgs-valid","wp-simple-ajax-contact-form-name-valid","sending",[],[159,160,161,162,163,164,165,166,167,168],"id=\"wp-simple-ajax-contact-form\"","name=\"wp_simple_ajax_contact_form_name\"","id=\"wp-simple-ajax-contact-form-name\"","name=\"wp_simple_ajax_contact_form_email\"","id=\"wp-simple-ajax-contact-form-email\"","name=\"wp_simple_ajax_contact_form_mgs\"","id=\"wp-simple-ajax-contact-form-mgs\"","id=\"wp-simple-ajax-contact-form-submit\"","id=\"wp-simple-ajax-contact-form-submit-success\"","id=\"mail-sent-success\"",[],[171],"wp_simple_ajax_contact_form_ajaxurl",[173,174,175,176,177,178,179],"\u003Cdiv id=\"wp-simple-ajax-contact-form\">","\u003Cform name=\"myform\" id=\"myform\" method=\"POST\">","\u003Cinput type=\"text\" name=\"wp_simple_ajax_contact_form_name\"","\u003Cinput type=\"text\" name=\"wp_simple_ajax_contact_form_email\"","\u003Ctextarea type=\"text\" name=\"wp_simple_ajax_contact_form_mgs\"","\u003Cdiv id=\"wp-simple-ajax-contact-form-submit\"","\u003Cdiv id=\"wp-simple-ajax-contact-form-submit-success\">",{"error":58,"url":181,"statusCode":182,"statusMessage":183,"message":183},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fwp-simple-ajax-contact-form\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":22,"versions":185},[]]