[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fmtRWvc2GaStFBybhThMTfHXi1xGW7po0xkpxW6TNV1E":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":19,"download_link":20,"security_score":21,"vuln_count":13,"unpatched_count":13,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":31,"analysis":32,"fingerprints":190},"wp-simple-forms","WP Simple Forms","0.1.4","delaney.p.brown","https:\u002F\u002Fprofiles.wordpress.org\u002Fdelaneypbrown\u002F","\u003Cp>WP Simple Forms is a hybrid between the Custom Contact Forms plugin already on WordPress and Google forms. The backend interface is very similar to the interface you see on Google forms, allowing you to easily create text, multiple choice, check box questions, textareas, and drop down menus. Questions can also be marked as required.\u003C\u002Fp>\n","Adding forms to a webpage has never been easier.  Quickly create dropdowns, checkboxes, multiple choice, and text questions for any page on your site.",20,2024,0,"2013-01-02T19:02:00.000Z","3.4.2","3.4","",[4],"http:\u002F\u002Fcrossdistinction.com\u002Fwp-simple-forms","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-simple-forms.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":26,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":11,"avg_security_score":21,"avg_patch_time_days":28,"trust_score":29,"computed_at":30},"delaneypbrown",1,30,84,"2026-04-05T09:07:00.822Z",[],{"attackSurface":33,"codeSignals":96,"taintFlows":159,"riskAssessment":177,"analyzedAt":189},{"hooks":34,"ajaxHandlers":51,"restRoutes":87,"shortcodes":88,"cronEvents":94,"entryPointCount":39,"unprotectedCount":95},[35,42,47],{"type":36,"name":37,"callback":38,"priority":39,"file":40,"line":41},"filter","plugin_action_links","wpsf_action_links",10,"functions.php",17,{"type":43,"name":44,"callback":45,"file":40,"line":46},"action","admin_menu","wpsf_admin_menu",27,{"type":43,"name":48,"callback":49,"file":40,"line":50},"admin_init","wpsf_admin_init",28,[52,58,61,65,69,71,75,79,83],{"action":53,"nopriv":54,"callback":55,"hasNonce":54,"hasCapCheck":54,"file":56,"line":57},"saveAnswers",false,"save_anwsers","ajax.php",4,{"action":53,"nopriv":59,"callback":55,"hasNonce":54,"hasCapCheck":54,"file":56,"line":60},true,5,{"action":62,"nopriv":54,"callback":63,"hasNonce":59,"hasCapCheck":54,"file":56,"line":64},"rearrange-elements","rearrange_elements",74,{"action":66,"nopriv":54,"callback":67,"hasNonce":59,"hasCapCheck":54,"file":56,"line":68},"get-saved-elements","get_saved_elements",116,{"action":66,"nopriv":59,"callback":67,"hasNonce":59,"hasCapCheck":54,"file":56,"line":70},117,{"action":72,"nopriv":54,"callback":73,"hasNonce":59,"hasCapCheck":54,"file":56,"line":74},"save-question-template","save_question_template",191,{"action":76,"nopriv":54,"callback":77,"hasNonce":59,"hasCapCheck":54,"file":56,"line":78},"save-custom-question","save_custom_question",218,{"action":80,"nopriv":54,"callback":81,"hasNonce":59,"hasCapCheck":54,"file":56,"line":82},"delete-custom-question","delete_custom_question",294,{"action":84,"nopriv":54,"callback":85,"hasNonce":59,"hasCapCheck":54,"file":56,"line":86},"delete-template","delete_template",330,[],[89],{"tag":90,"callback":91,"file":92,"line":93},"simpleform","wpsf_showform","shortcode.php",44,[],2,{"dangerousFunctions":97,"sqlUsage":98,"outputEscaping":122,"fileOperations":13,"externalRequests":13,"nonceChecks":157,"capabilityChecks":13,"bundledLibraries":158},[],{"prepared":99,"raw":100,"locations":101},12,8,[102,105,108,110,112,115,118,120],{"file":56,"line":103,"context":104},89,"$wpdb->get_row() with variable interpolation",{"file":56,"line":106,"context":107},146,"$wpdb->get_results() with variable interpolation",{"file":56,"line":109,"context":107},157,{"file":56,"line":111,"context":107},173,{"file":56,"line":113,"context":114},342,"$wpdb->get_col() with variable interpolation",{"file":116,"line":117,"context":107},"Controller.php",256,{"file":116,"line":119,"context":107},270,{"file":116,"line":121,"context":107},286,{"escaped":13,"rawEcho":123,"locations":124},16,[125,128,130,132,134,136,138,140,142,143,145,147,149,151,154,155],{"file":56,"line":126,"context":127},68,"raw output",{"file":56,"line":129,"context":127},112,{"file":56,"line":131,"context":127},183,{"file":56,"line":133,"context":127},208,{"file":56,"line":135,"context":127},213,{"file":56,"line":137,"context":127},289,{"file":56,"line":139,"context":127},325,{"file":56,"line":141,"context":127},379,{"file":92,"line":11,"context":127},{"file":92,"line":144,"context":127},31,{"file":92,"line":146,"context":127},32,{"file":92,"line":148,"context":127},33,{"file":92,"line":150,"context":127},34,{"file":152,"line":153,"context":127},"wpsf_settings.php",23,{"file":152,"line":50,"context":127},{"file":152,"line":156,"context":127},103,6,[],[160],{"entryPoint":161,"graph":162,"unsanitizedCount":95,"severity":176},"\u003Cwpsf_settings> (wpsf_settings.php:0)",{"nodes":163,"edges":174},[164,169],{"id":165,"type":166,"label":167,"file":152,"line":168},"n0","source","$_POST (x2)",3,{"id":170,"type":171,"label":172,"file":152,"line":60,"wp_function":173},"n1","sink","update_option() [Settings Manipulation]","update_option",[175],{"from":165,"to":170,"sanitized":54},"low",{"summary":178,"deductions":179},"The \"wp-simple-forms\" v0.1.4 plugin exhibits a mixed security posture. While it boasts a clean vulnerability history with no recorded CVEs and avoids dangerous functions, file operations, and external HTTP requests, significant concerns arise from its static analysis results. A notable weakness is the complete lack of output escaping, meaning any data displayed to users could be vulnerable to injection attacks. Furthermore, the plugin has two AJAX handlers that lack authentication checks, creating direct entry points for unauthenticated users to potentially trigger unintended actions or expose sensitive information.\n\nThe taint analysis reveals one flow with an unsanitized path, although it is not categorized as critical or high severity. This suggests a potential for path traversal or file manipulation vulnerabilities, even if not immediately exploitable at a high level. The SQL query practices are moderately secure, with 60% using prepared statements, but the remaining 40% are potentially vulnerable to SQL injection if not properly sanitized.\n\nOverall, the absence of critical vulnerabilities in its history is a positive sign, suggesting responsible development practices. However, the identified weaknesses in output escaping and unprotected AJAX handlers present clear and present risks that should be addressed. The plugin's strengths lie in its avoidance of known dangerous patterns, but its unprotected entry points and unescaped output detract significantly from its security.",[180,183,185,187],{"reason":181,"points":182},"AJAX handlers without auth checks",7,{"reason":184,"points":157},"Output escaping missing",{"reason":186,"points":60},"Unsanitized path in taint analysis",{"reason":188,"points":57},"SQL queries without prepared statements (40%)","2026-03-16T22:49:45.385Z",{"wat":191,"direct":202},{"assetPaths":192,"generatorPatterns":198,"scriptPaths":199,"versionParams":200},[193,194,195,196,197],"\u002Fwp-content\u002Fplugins\u002Fwp-simple-forms\u002Fadmin-style.css","\u002Fwp-content\u002Fplugins\u002Fwp-simple-forms\u002Fplugins\u002Fdeletable.js","\u002Fwp-content\u002Fplugins\u002Fwp-simple-forms\u002Fjs\u002Fnotify.js","\u002Fwp-content\u002Fplugins\u002Fwp-simple-forms\u002Fjs\u002Fform.elements.js","\u002Fwp-content\u002Fplugins\u002Fwp-simple-forms\u002Fstyle.css",[],[194,195,196],[201],"wp-simple-forms\u002Fstyle.css?ver=",{"cssClasses":203,"htmlComments":205,"htmlAttributes":206,"restEndpoints":207,"jsGlobals":208,"shortcodeOutput":209},[204],"cd-error",[],[],[],[],[210],"\u003Cp class=\"cd-error\">Error: Please make sure all required fields are filled in.\u003C\u002Fp>"]