WP-Safety

adCAPTCHA for WordPress Security & Risk Analysis

wordpress.org/plugins/adcaptcha

Secure your site. Elevate your brand. Boost Ad Revenue.

20 active installs v1.7.0 PHP 7.4+ WP 6.4.2+ Updated Apr 7, 2025
adcaptchaanti-spamblock-botssecurityspam
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is adCAPTCHA for WordPress Safe to Use in 2026?

Generally Safe

Score 92/100

adCAPTCHA for WordPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The 'adcaptcha' plugin version 1.7.0 exhibits a generally positive security posture based on the provided static analysis. The plugin has a very small attack surface with zero entry points detected, and critically, no AJAX handlers, REST API routes, shortcodes, or cron events that could be exploited. Furthermore, all SQL queries utilize prepared statements, and there are a reasonable number of nonce checks and file operations, indicating good development practices in these areas. The absence of any recorded vulnerabilities or CVEs in its history suggests a mature and well-maintained codebase.

However, there are a few areas that warrant attention. The presence of two flows with unsanitized paths, although not classified as critical or high severity by the taint analysis, is a potential concern. While the output escaping is mostly proper at 77%, this still leaves a portion of outputs unescaped, which could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is involved in those outputs. The plugin also makes two external HTTP requests, which, if not properly secured and validated, could be a vector for certain types of attacks.

In conclusion, 'adcaptcha' v1.7.0 appears to be a relatively secure plugin with minimal attack vectors and a clean vulnerability history. The primary areas for improvement lie in thoroughly sanitizing the identified unsanitized paths and ensuring all outputs are properly escaped to mitigate potential XSS risks. The external HTTP requests should also be reviewed for secure implementation. Overall, the strengths in code practices and lack of historical vulnerabilities outweigh the minor concerns identified.

Key Concerns

  • Flows with unsanitized paths identified
  • Output escaping not 100% proper
  • External HTTP requests made
Vulnerabilities
None known

adCAPTCHA for WordPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

adCAPTCHA for WordPress Release Timeline

v1.7.0Current
v1.6.0
v1.5.5
v1.5.4
v1.5.3
v1.5.2
v1.5.1
v1.5.0
v1.4.2
v1.4.1
v1.4.0
v1.3.1
v1.3.0
v1.2.2
v1.2.1
v1.2.0
v1.1.3
v1.1.2
v1.1.1
v1.1.0
Code Analysis
Analyzed Apr 16, 2026

adCAPTCHA for WordPress Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
14
47 escaped
Nonce Checks
3
Capability Checks
0
File Operations
0
External Requests
2
Bundled Libraries
0

Output Escaping

77% escaped61 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

6 flows2 with unsanitized paths
render_general_settings (src/Settings/General.php:26)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

adCAPTCHA for WordPress Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 103
actioncomment_formsrc/Plugin/Comments.php:22
actioncomment_formsrc/Plugin/Comments.php:23
filtercomment_form_submit_fieldsrc/Plugin/Comments.php:24
filterpre_comment_approvedsrc/Plugin/Comments.php:25
actionwp_enqueue_scriptssrc/Plugin/ContactForm7/Forms.php:19
actionwp_enqueue_scriptssrc/Plugin/ContactForm7/Forms.php:20
actionwp_enqueue_scriptssrc/Plugin/ContactForm7/Forms.php:21
actionwp_enqueue_scriptssrc/Plugin/ContactForm7/Forms.php:22
filterwpcf7_form_elementssrc/Plugin/ContactForm7/Forms.php:23
filterwpcf7_form_hidden_fieldssrc/Plugin/ContactForm7/Forms.php:24
filterwpcf7_spamsrc/Plugin/ContactForm7/Forms.php:25
filterwpcf7_display_messagesrc/Plugin/ContactForm7/Forms.php:37
filterelementor_pro/forms/field_typessrc/Plugin/Elementor/Forms.php:31
filterelementor_pro/forms/render/itemsrc/Plugin/Elementor/Forms.php:32
actionelementor/element/form/section_form_fields/after_section_endsrc/Plugin/Elementor/Forms.php:34
actionwp_enqueue_scriptssrc/Plugin/Elementor/Forms.php:40
actionwp_enqueue_scriptssrc/Plugin/Elementor/Forms.php:41
actionelementor/preview/enqueue_scriptssrc/Plugin/Elementor/Forms.php:42
actionwp_enqueue_scriptssrc/Plugin/Elementor/Forms.php:43
actionelementor_pro/forms/validationsrc/Plugin/Elementor/Forms.php:44
actionwp_enqueue_scriptssrc/Plugin/Elementor/Forms.php:79
actionwp_enqueue_scriptssrc/Plugin/FluentForms/AdCaptchaElements.php:31
actionwp_enqueue_scriptssrc/Plugin/FluentForms/AdCaptchaElements.php:32
actionplugins_loadedsrc/Plugin/FluentForms/Forms.php:15
actionfluentform/loadedsrc/Plugin/FluentForms/Forms.php:16
actionforminator_before_form_rendersrc/Plugin/Forminator/Forms.php:19
actionforminator_before_form_rendersrc/Plugin/Forminator/Forms.php:20
actionforminator_before_form_rendersrc/Plugin/Forminator/Forms.php:21
filterforminator_render_button_markupsrc/Plugin/Forminator/Forms.php:22
actionwp_enqueue_scriptssrc/Plugin/Forminator/Forms.php:23
filterforminator_cform_form_is_submittablesrc/Plugin/Forminator/Forms.php:24
actionwp_footersrc/Plugin/Forminator/Forms.php:49
actionwp_enqueue_scriptssrc/Plugin/GravityForms/Field.php:50
actionwp_enqueue_scriptssrc/Plugin/GravityForms/Field.php:51
filtergform_field_groups_form_editorsrc/Plugin/GravityForms/Field.php:52
filtergform_field_contentsrc/Plugin/GravityForms/Field.php:53
filtergform_validationsrc/Plugin/GravityForms/Field.php:54
actionadmin_headsrc/Plugin/GravityForms/Field.php:55
actionadmin_initsrc/Plugin/GravityForms/Field.php:56
actionadmin_footersrc/Plugin/GravityForms/Field.php:57
filtergform_pre_rendersrc/Plugin/GravityForms/Field.php:58
actiongform_preview_body_opensrc/Plugin/GravityForms/Field.php:59
actiongform_loadedsrc/Plugin/GravityForms/Forms.php:16
actionlogin_enqueue_scriptssrc/Plugin/Login.php:22
actionlogin_enqueue_scriptssrc/Plugin/Login.php:25
actionlogin_enqueue_scriptssrc/Plugin/Login.php:26
actionlogin_formsrc/Plugin/Login.php:27
actionwp_authenticate_usersrc/Plugin/Login.php:28
actionwp_enqueue_scriptssrc/Plugin/Mailchimp/Forms.php:27
actionwp_enqueue_scriptssrc/Plugin/Mailchimp/Forms.php:28
actionwp_enqueue_scriptssrc/Plugin/Mailchimp/Forms.php:29
filtermc4wp_form_contentsrc/Plugin/Mailchimp/Forms.php:30
actionadmin_enqueue_scriptssrc/Plugin/Mailchimp/Forms.php:31
filtermc4wp_form_errorssrc/Plugin/Mailchimp/Forms.php:32
filtermc4wp_form_messagessrc/Plugin/Mailchimp/Forms.php:33
actionplugins_loadedsrc/Plugin/NinjaForms/Forms.php:12
actionwp_enqueue_scriptssrc/Plugin/NinjaForms/Forms.php:13
actionwp_enqueue_scriptssrc/Plugin/NinjaForms/Forms.php:14
filterninja_forms_register_fieldssrc/Plugin/NinjaForms/Forms.php:15
filterninja_forms_field_template_file_pathssrc/Plugin/NinjaForms/Forms.php:16
filterninja_forms_localize_field_adcaptchasrc/Plugin/NinjaForms/Forms.php:17
filterninja_forms_localize_field_adcaptcha_previewsrc/Plugin/NinjaForms/Forms.php:18
actionlostpassword_formsrc/Plugin/PasswordReset.php:21
actionlostpassword_formsrc/Plugin/PasswordReset.php:22
actionlostpassword_formsrc/Plugin/PasswordReset.php:23
actionlostpassword_postsrc/Plugin/PasswordReset.php:24
actionregister_formsrc/Plugin/Registration.php:21
actionregister_formsrc/Plugin/Registration.php:22
actionregister_formsrc/Plugin/Registration.php:23
actionregistration_errorssrc/Plugin/Registration.php:24
actionplugins_loadedsrc/Plugin/WPForms/Forms.php:19
actionwp_enqueue_scriptssrc/Plugin/WPForms/Forms.php:21
actionwp_enqueue_scriptssrc/Plugin/WPForms/Forms.php:22
actionwp_enqueue_scriptssrc/Plugin/WPForms/Forms.php:23
actionadmin_enqueue_scriptssrc/Plugin/WPForms/Forms.php:25
filterwpforms_load_fieldssrc/Plugin/WPForms/Forms.php:34
filterwpforms_fieldssrc/Plugin/WPForms/Forms.php:39
actionwpforms_processsrc/Plugin/WPForms/Forms.php:45
actionwp_enqueue_scriptssrc/Plugin/Woocommerce/Checkout.php:20
actionwp_enqueue_scriptssrc/Plugin/Woocommerce/Checkout.php:21
actionwp_enqueue_scriptssrc/Plugin/Woocommerce/Checkout.php:22
actionwp_enqueue_scriptssrc/Plugin/Woocommerce/Checkout.php:24
actionwoocommerce_review_order_before_submitsrc/Plugin/Woocommerce/Checkout.php:26
actionwoocommerce_payment_completesrc/Plugin/Woocommerce/Checkout.php:27
actionwoocommerce_checkout_processsrc/Plugin/Woocommerce/Checkout.php:28
actionrest_api_initsrc/Plugin/Woocommerce/Checkout.php:30
actionwoocommerce_login_formsrc/Plugin/Woocommerce/Login.php:20
actionwoocommerce_login_formsrc/Plugin/Woocommerce/Login.php:21
actionwoocommerce_login_formsrc/Plugin/Woocommerce/Login.php:22
filterwoocommerce_process_login_errorssrc/Plugin/Woocommerce/Login.php:23
actionwoocommerce_lostpassword_formsrc/Plugin/Woocommerce/PasswordReset.php:19
actionwoocommerce_lostpassword_formsrc/Plugin/Woocommerce/PasswordReset.php:20
actionwoocommerce_lostpassword_formsrc/Plugin/Woocommerce/PasswordReset.php:21
actionwp_loadedsrc/Plugin/Woocommerce/PasswordReset.php:22
filterallow_password_resetsrc/Plugin/Woocommerce/PasswordReset.php:23
actionwoocommerce_register_formsrc/Plugin/Woocommerce/Registration.php:19
actionwoocommerce_register_formsrc/Plugin/Woocommerce/Registration.php:20
actionwoocommerce_register_formsrc/Plugin/Woocommerce/Registration.php:21
filterwoocommerce_registration_errorssrc/Plugin/Woocommerce/Registration.php:22
actionadmin_menusrc/Settings/Settings.php:7
actionadmin_enqueue_scriptssrc/Settings/Settings.php:8
filteradmin_footer_textsrc/Settings/Settings.php:9
filterupdate_footersrc/Settings/Settings.php:10
Maintenance & Trust

adCAPTCHA for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8
Last updatedApr 7, 2025
PHP min version7.4
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs20
Alternatives

adCAPTCHA for WordPress Alternatives

CloudSecure WP Security

CloudSecure WP Security

cloudsecure-wp-security

A
100

管理画面とログインURLをサイバー攻撃から守る、国産・日本語対応のセキュリティ対策プラグインです。 かんたんな設定を行うだけで、不正アクセスや不正ログインからあなたのWordPressを保護します。

100K No CVEs
reCaptcha by BestWebSoft

reCaptcha by BestWebSoft

google-captcha

A
98

Protect WordPress website forms from spam entries with Google reCAPTCHA.

100K 3 CVEs
Blackhole for Bad Bots

Blackhole for Bad Bots

blackhole-bad-bots

A
91

Blackhole is a WordPress security plugin that detects and traps bad bots in a virtual black hole, where they are denied access to your entire site.

30K 2 CVEs
Stop Spammers Classic

Stop Spammers Classic

stop-spammer-registrations-plugin

A
89

A simplified, restored, and preserved version of the original Stop Spammers plugin.

30K 8 CVEs
Spam Protect for Contact Form 7

Spam Protect for Contact Form 7

wp-contact-form-7-spam-blocker

A
96

Spam Protect for Contact-Form7 protects from spam and bots. Customize defense strategies and monitor blocked attempts. Protect your time effectively!

10K 2 CVEs
Developer Profile

adCAPTCHA for WordPress Developer Profile

adCAPTCHA

1 plugin · 20 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect adCAPTCHA for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/adcaptcha/build/adcaptcha.js/wp-content/plugins/adcaptcha/build/adcaptcha.css
Script Paths
/wp-content/plugins/adcaptcha/build/adcaptcha.js
Version Parameters
adcaptcha/build/adcaptcha.js?ver=adcaptcha/build/adcaptcha.css?ver=

HTML / DOM Fingerprints

CSS Classes
adcaptcha_successToken
Data Attributes
data-adcaptchaadcaptcha_successToken
JS Globals
window.adcap
Shortcode Output
<input type="hidden" class="adcaptcha_successToken" name="adcaptcha_successToken">
FAQ

Frequently Asked Questions about adCAPTCHA for WordPress