[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fU2fJupLI-32vlKGzokXVb16vi9BrSiPPGdXSYS6070Y":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":36,"analysis":136,"fingerprints":184},"ai-spam-comment-detector","AI Spam Comment Detector","1.0","Md Rashed Hossain","https:\u002F\u002Fprofiles.wordpress.org\u002Fwprashed\u002F","\u003Cp>\u003Cstrong>Tired of traditional spam filters missing the mark or adding friction with CAPTCHAs?\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cstrong>AI Spam Comment Detector\u003C\u002Fstrong> uses OpenAI’s GPT-4 to intelligently analyze and flag spam comments \u003Cem>before\u003C\u002Fem> they get posted — and notifies users inline right on the comment form.\u003C\u002Fp>\n\u003Cp>🧠 \u003Cstrong>Smart Detection\u003C\u002Fstrong>: Uses context-aware GPT-4 language model\u003Cbr \u002F>\n🚫 \u003Cstrong>Auto-Block Spam\u003C\u002Fstrong>: Flags or blocks comments before submission\u003Cbr \u002F>\n🔔 \u003Cstrong>Inline Error Messaging\u003C\u002Fstrong>: Warns users above the comment form\u003Cbr \u002F>\n🔐 \u003Cstrong>Private & Secure\u003C\u002Fstrong>: Only comment content is sent to OpenAI\u003Cbr \u002F>\n🔧 \u003Cstrong>API Key Config\u003C\u002Fstrong>: Add your own OpenAI API key from plugin settings\u003C\u002Fp>\n\u003Cp>No more CAPTCHAs. No more bots. Just intelligent spam protection.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Detects spam comments in real time using GPT-4\u003C\u002Fli>\n\u003Cli>Automatically marks spam before submission\u003C\u002Fli>\n\u003Cli>Warns users with inline messages on the comment form\u003C\u002Fli>\n\u003Cli>Admin settings page to set the OpenAI API key\u003C\u002Fli>\n\u003Cli>Handles invalid API key or quota exceeded errors\u003C\u002Fli>\n\u003Cli>WordPress-standard and lightweight\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to OpenAI’s GPT-4 API to analyze and detect spam in WordPress comment submissions.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Service Name\u003C\u002Fstrong>: OpenAI (https:\u002F\u002Fopenai.com\u002F)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>What it is used for\u003C\u002Fstrong>: Analyzing comment content using the GPT-4 model to determine whether the comment is spam.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>What data is sent and when\u003C\u002Fstrong>: The content of each comment is sent to the API at the time of submission, for real-time analysis.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms of Service\u003C\u002Fstrong>: https:\u002F\u002Fopenai.com\u002Fterms\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy Policy\u003C\u002Fstrong>: https:\u002F\u002Fopenai.com\u002Fprivacy\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This connection is required for the plugin’s core spam detection functionality.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later.\u003C\u002Fp>\n","AI-powered comment spam detection using GPT-4. Blocks spam comments with inline user warnings—no CAPTCHA needed.",0,354,"2025-06-01T07:27:00.000Z","6.8.5","5.6","7.4",[18,19,20,21,22],"ai-moderation","antispam","comment-spam","openai","spam-blocker","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fai-spam-comment-detector.1.0.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"wprashed",4,10,30,94,"2026-04-05T02:07:58.408Z",[37,60,84,104,121],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":34,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":23,"tags":51,"homepage":55,"download_link":56,"security_score":57,"vuln_count":58,"unpatched_count":11,"last_vuln_date":59,"fetched_at":27},"ellipsis-human-presence-technology","Human Presence – Stop Form Spam Without ReCaptcha","3.4.51","humanpresence","https:\u002F\u002Fprofiles.wordpress.org\u002Fhumanpresence\u002F","\u003Cp>Human Presence is a fraud prevention and form protection service that uses multiple overlapping strategies to fight form spam including: protecting user registration and login forms, content creation forms, comments, contact forms, and more.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Human Presence Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Invisible to your users, Human Presence runs in the background to analyze site traffic in real time to protect against malicious and fraudulent activity.\u003C\u002Fli>\n\u003Cli>Eliminates annoying spam submissions and fake account creation.\u003C\u002Fli>\n\u003Cli>Full integration with the most popular form plugins including:\n\u003Cul>\n\u003Cli>Gravity Forms\u003C\u002Fli>\n\u003Cli>Ninja Forms\u003C\u002Fli>\n\u003Cli>WP Forms\u003C\u002Fli>\n\u003Cli>Formidable Forms\u003C\u002Fli>\n\u003Cli>Contact Form 7\u003C\u002Fli>\n\u003Cli>WordPress Comments\u003C\u002Fli>\n\u003Cli>WooCommerce Reviews\u003C\u002Fli>\n\u003Cli>WS Form\u003C\u002Fli>\n\u003Cli>QuForm\u003C\u002Fli>\n\u003Cli>WeForms\u003C\u002Fli>\n\u003Cli>Fluent Forms\u003C\u002Fli>\n\u003Cli>Elementor Forms\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you are interested in learning more about Human Presence for WordPress, visit our website \u003Ca href=\"https:\u002F\u002Fwww.humanpresence.io\u002Fwordpress\u002F\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Join the elite web professionals who enjoy \u003Ca href=\"https:\u002F\u002Fwww.humanpresence.io\u002Fwordpress\u002F\" rel=\"nofollow ugc\">Human Presence Pro\u003C\u002Fa>!\u003C\u002Fp>\n\u003Cp>Note: You’ll need a Human Presence account, if you don’t already have one, to connect to the service. You can \u003Ca href=\"https:\u002F\u002Fhumanpresence.io\u002Fwordpress\u002F\" rel=\"nofollow ugc\">sign-up\u003C\u002Fa> for a free account on our website.\u003C\u002Fp>\n\u003Cp>Public support requests or issues with the plugin can be reported via the support tab of this listing or by emailing Human Presence directly at wpsupport@humanpresence.io.\u003C\u002Fp>\n\u003Cp>Usage of this plugin with a Human Presence account is subject to our \u003Ca href=\"https:\u002F\u002Fwww.humanpresence.io\u002Ftos\" rel=\"nofollow ugc\">terms of service\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Copyright\u003C\u002Fh3>\n\u003Cp>Copyright 2018 Ellipsis Technologies\u003C\u002Fp>\n\u003Cp>This software is distributed in the hope that it will be useful,\u003Cbr \u002F>\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\u003Cbr \u002F>\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\u003C\u002Fp>\n","The #1 Plugin for Blocking Form Spam on WordPress",1000,33165,15,"2024-02-23T13:46:00.000Z","6.4.8","3.0",[52,19,53,20,54],"anti-spam","captcha","form-spam","https:\u002F\u002Fwww.humanpresence.io\u002Fanti-spam-wordpress-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fellipsis-human-presence-technology.3.4.51.zip",84,1,"2019-09-11 00:00:00",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":34,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":74,"tags":75,"homepage":81,"download_link":82,"security_score":83,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"smart-attachment-page-remove","Smart Attachment Page Remove","4.0.5","Peter Raschendorfer","https:\u002F\u002Fprofiles.wordpress.org\u002Fpetersplugins\u002F","\u003Cp>The Smart Attachment Page Remove Plugin allows you to remove Attachment Pages automatically generated by WordPress\u003C\u002Fp>\n\u003Ch3>Retired Plugin\u003C\u002Fh3>\n\u003Cp>Development, maintenance and support of this plugin has been retired in october 2023. You can use this plugin as long as is works for you.\u003C\u002Fp>\n\u003Cp>There will be no more updates and I won’t answer any support questions. Thanks for your understanding.\u003C\u002Fp>\n\u003Cp>Feel free to fork this plugin.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>WordPress automatically generates a page for every file you upload to your Media Library. Even if you do not want to use these Pages and never link media files to their Attachment Page these pages exist and can be accessed by their automated generated URL. The Smart Attachment Page Remove Plugin blocks access to Attachment Pages and causes an 404 error (“page not found”).\u003C\u002Fp>\n\u003Cp>This ensures that Attachment Pages do not appear in the results of Search Engines unwanted.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Additionally this plugin prevents from comment spam\u003C\u002Fstrong> sent via this Attachment Pages because they are no longer accessible.\u003C\u002Fp>\n\u003Ch3>Settings\u003C\u002Fh3>\n\u003Cp>Optionally, a status code 410 can be sent instead of status code 404.\u003C\u002Fp>\n\u003Cp>HTTP status code 404 indicates that the requested URL could not be found. This is the default code always sent by WordPress when a URL can not be found. HTTP status 404 does not provide any further information why a URL was not found.\u003C\u002Fp>\n\u003Cp>HTTP status code 410 on the other hand indicates that the requested URL is no longer available and will not be available again. If your Attachment Pages already have been indexed by search engines, HTTP status 410 informs them to immediately delete those pages from their index. This should speed up removal.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Regardless, in case of Attachment Pages it makes more sense to use HTTP status 410 anyway and it is recommendet to activate this option in any case.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This option is not activated by default only because it is not the usual behavior of WordPress. There are no negative effects in using HTTP 410.\u003C\u002Fp>\n\u003Ch3>Plugin Privacy Information\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>This plugin does not set cookies\u003C\u002Fli>\n\u003Cli>This plugin does not collect or store any data\u003C\u002Fli>\n\u003Cli>This plugin does not send any data to external servers\u003C\u002Fli>\n\u003C\u002Ful>\n","Completely remove Attachment Pages from your Blog",900,18323,13,"2024-04-17T20:17:00.000Z","6.3.8","4.0","7.0",[76,77,78,79,80],"antispam-comment-spam","attachment-page","attachment-pages","classicpress","spam","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsmart-attachment-page-remove\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsmart-attachment-page-remove.4.0.5.zip",92,{"slug":85,"name":86,"version":87,"author":88,"author_profile":89,"description":90,"short_description":91,"active_installs":92,"downloaded":93,"rating":94,"num_ratings":95,"last_updated":96,"tested_up_to":97,"requires_at_least":73,"requires_php":23,"tags":98,"homepage":101,"download_link":102,"security_score":103,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"wp-referrer-spam-blacklist","WP referrer spam blacklist (fight 2040+ Referrer Spammers in (Google\u002FMatomo) Analytics)","1.3.0","Umbrovskis.com","https:\u002F\u002Fprofiles.wordpress.org\u002Frolandinsh\u002F","\u003Cp>List of spammers in \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-referrer-spam-blacklist\u002Ffaq\u002F\" rel=\"ugc\">FAQ\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>No need for configuration! Plugin in background redirects referral spammer to blank page ( about:blank ). Redirect link can be altered via filter \u003Ccode>wp_referralblock_redirect_uri\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>NO auto update, as we see that as possible as security hole. We do not wan’t Your site to get hacked.\u003C\u002Fp>\n\u003Cp>Plugin is for sites that can’t edit their \u003Ccode>.htaccess\u003C\u002Fcode> or configure NGINX or Apache servers.\u003C\u002Fp>\n\u003Cp>Via \u003Ca href=\"http:\u002F\u002Fgo.mediabox.lv\u002F1LbSuKq\" rel=\"nofollow ugc\">my LinkedIN post\u003C\u002Fa>: Few months ago I started to collect referral spam pages in private file un bitbucket.org. Problem was that I did not know all spammers. Then, few weeks ago, I found that Matomo (Open source analytics) started their own “project”, and they did the same thing I did – collected referral spam sites to block them from Your website.\u003C\u002Fp>\n\u003Cp>On my own server I do that at server level, but some of my clients have hosting, where You can not edit server settings. This week I came up with another solution – WordPress plugin “WP referrer spam blacklist”. I will update list every week from \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmatomo-org\u002Freferrer-spam-blacklist\" rel=\"nofollow ugc\">Matomo’s community-contributed list of spammers\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>If You have WordPress site and no knowledge about or access to server settings, I made that for You!\u003C\u002Fp>\n\u003Cp>From \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FReferer_spam\" rel=\"nofollow ugc\">Wikipedia\u003C\u002Fa>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Referrer spam (also known as log spam or referrer \nbombing) is a kind of spamdexing (spamming aimed \nat search engines). The technique involves making \nrepeated web site requests using a fake referer URL \nto the site the spammer wishes to advertise. Sites that \npublish their access logs, including referer statistics, \nwill then inadvertently link back to the spammer's site. \nThese links will be indexed by search engines \nas they crawl the access logs. \n\nThis benefits the spammer because the free link improves \nthe spammer site's search engine ranking owing \nto link-counting algorithms that search engines use.\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Other plugins by author: \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fitempropwp\u002F\" rel=\"ugc\">itemprop WP for SERP\u002FSEO Rich snippets\u003C\u002Fa> – Add schema.org itemprop code to the (custom) post content for search engines and bots for better SERP results\u003C\u002Fp>\n","WordPress plugin to fight with 2040+ referrer spammers (like semalt, buttons-for-website and many more).",700,19667,86,3,"2020-12-27T20:57:00.000Z","5.6.17",[52,19,99,20,100],"comment-moderation","referral-spam","https:\u002F\u002Fsimplemediacode.com\u002F?utm_source=WPplugin%3Awp-referrer-spam-blacklist&utm_medium=wordpressplugin&utm_campaign=FreeWordPressPlugins&utm_content=v-1.2.201801281","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-referrer-spam-blacklist.1.3.0.zip",85,{"slug":105,"name":106,"version":107,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":112,"downloaded":113,"rating":83,"num_ratings":114,"last_updated":115,"tested_up_to":116,"requires_at_least":73,"requires_php":23,"tags":117,"homepage":119,"download_link":120,"security_score":83,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"astounding-spam-prevention","Astounding Spam Prevention","1.20","willjenkins","https:\u002F\u002Fprofiles.wordpress.org\u002Fwilljenkins\u002F","\u003Cp>Using the most effective features of other spam programs. Astounding Spam Prevention effectively guards against comment spam and registration spam without the use of a Captcha.\u003Cbr \u002F>\nThis is a fork of the original Stop Spammers Spam Prevention and uses some of the code, but it is greatly simplified so it is not as aggressive and will not prevent a user from logging in. It does not interfere with jetpack and does not know about WooCommerce so there are no conflicts. Unlike Stop Spammers it does not check logins, but only checks registrations and comments.\u003Cbr \u002F>\nIt also repairs many bugs that I found in the Stop Spammers plugin and has many new methods for detecting spam.\u003C\u002Fp>\n\u003Ch3>Donate\u003C\u002Fh3>\n\u003Cp>Please buy one of my books and give it a good review. I worked hard on these books, and they are worth reading.\u003Cbr \u002F>\nSee my books and contacts: https:\u002F\u002Flinktr.ee\u002Fkeithpgraham\u003C\u002Fp>\n\u003Cp>\u003C\u002Fp>\n","Very effective anti-spam plugin that eliminates comment spam, and registration spam. Combines many effective methods for identifying spammers and keep &hellip;",200,7498,9,"2024-07-14T17:50:00.000Z","6.5.8",[52,19,118,80,22],"block-spam","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fstop-spammer-registrations-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fastounding-spam-prevention.1.20.zip",{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":112,"downloaded":129,"rating":25,"num_ratings":95,"last_updated":130,"tested_up_to":131,"requires_at_least":73,"requires_php":74,"tags":132,"homepage":134,"download_link":135,"security_score":103,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"lh-zero-spam","LH Zero Spam","1.13","shawfactor","https:\u002F\u002Fprofiles.wordpress.org\u002Fshawfactor\u002F","\u003Cp>\u003Cstrong>Why should your users prove that they’re humans by filling out captchas? Let bots prove they’re not bots with the \u003Ca href=\"http:\u002F\u002Flhero.org\u002Fplugins\u002Flh-zero-spam\u002F\" rel=\"nofollow ugc\">LH Zero Spam plugin\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>LH Zero Spam blocks registration spam and spam in comments automatically without any config or setup. Zero Spam was initially built based on the work by \u003Ca href=\"http:\u002F\u002Fdavidwalsh.name\u002Fwordpress-comment-spam\" rel=\"nofollow ugc\">David Walsh\u003C\u002Fa>, but enhanced with simpler code base and unobtrusive JavaScript.\u003C\u002Fp>\n\u003Cp>Major features in LH Zero Spam include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>No captcha\u003C\u002Fstrong>, because spam is not users’ problem\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No moderation queues\u003C\u002Fstrong>, because spam is not administrators’ problem\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Blocks spam registrations & comments\u003C\u002Fstrong> with the use of JavaScript\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Blocks buddypress spam registrations\u003C\u002Fstrong> with the use of JavaScript\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Blocks woocommerce spam orders\u003C\u002Fstrong> with the use of JavaScript\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Like this plugin? Please consider \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Flh-zero-spam\u002F\" rel=\"ugc\">leaving a 5-star review\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Love this plugin or want to help the LocalHero Project? Please consider \u003Ca href=\"https:\u002F\u002Flhero.org\u002Fportfolio\u002Flh-zero-spam\u002F\" rel=\"nofollow ugc\">making a donation\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n","Zero Spam makes blocking spam comments and registrations easy.",7543,"2022-10-14T04:12:00.000Z","6.0.11",[52,19,20,133,80],"comments","https:\u002F\u002Flhero.org\u002Fportfolio\u002Flh-zero-spam\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flh-zero-spam.zip",{"attackSurface":137,"codeSignals":162,"taintFlows":170,"riskAssessment":171,"analyzedAt":183},{"hooks":138,"ajaxHandlers":158,"restRoutes":159,"shortcodes":160,"cronEvents":161,"entryPointCount":11,"unprotectedCount":11},[139,145,148,151,154],{"type":140,"name":141,"callback":142,"priority":58,"file":143,"line":144},"action","init","closure","ai-spam-comment-detector.php",17,{"type":140,"name":146,"callback":142,"file":143,"line":147},"admin_menu",24,{"type":140,"name":149,"callback":142,"file":143,"line":150},"admin_init",35,{"type":140,"name":152,"callback":142,"file":143,"line":153},"comment_form_before",69,{"type":155,"name":156,"callback":142,"priority":32,"file":143,"line":157},"filter","pre_comment_approved",79,[],[],[],[],{"dangerousFunctions":163,"sqlUsage":164,"outputEscaping":166,"fileOperations":11,"externalRequests":58,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":169},[],{"prepared":11,"raw":11,"locations":165},[],{"escaped":167,"rawEcho":11,"locations":168},11,[],[],[],{"summary":172,"deductions":173},"The \"ai-spam-comment-detector\" v1.0 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of dangerous functions, proper SQL statement preparation, and complete output escaping are significant strengths.  Furthermore, the plugin's vulnerability history is clear, with no recorded CVEs, indicating a potentially well-maintained and secure codebase.\n\nHowever, there are areas for concern that warrant attention. The most notable is the lack of nonce checks and capability checks, which are crucial for securing AJAX handlers and other potential entry points. While the current attack surface appears small and unprotected entry points are reported as zero, this could change with future updates or if the plugin evolves. The single external HTTP request also represents a potential risk if not handled securely, as it could be a vector for data exfiltration or other vulnerabilities.  The plugin's focus on sanitization appears minimal, with zero taint flows analyzed, which, while good that none were found, doesn't guarantee the absence of subtle vulnerabilities.\n\nIn conclusion, while the plugin demonstrates good foundational security practices like prepared statements and output escaping, the lack of robust authorization and sanitization checks for its entry points is a notable weakness. The clean vulnerability history is positive, but the absence of comprehensive taint analysis leaves some uncertainty.  Prioritizing the implementation of nonce and capability checks on any potential entry points would significantly improve its overall security resilience.",[174,176,178,180],{"reason":175,"points":32},"Missing nonce checks on AJAX\u002Fentry points",{"reason":177,"points":32},"Missing capability checks on entry points",{"reason":179,"points":95},"Potential risk from external HTTP request",{"reason":181,"points":182},"No taint analysis performed",2,"2026-03-17T06:21:37.777Z",{"wat":185,"direct":190},{"assetPaths":186,"generatorPatterns":187,"scriptPaths":188,"versionParams":189},[],[],[],[],{"cssClasses":191,"htmlComments":192,"htmlAttributes":193,"restEndpoints":194,"jsGlobals":196,"shortcodeOutput":197},[],[],[],[195],"https:\u002F\u002Fapi.openai.com\u002Fv1\u002Fchat\u002Fcompletions",[],[]]