[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fsZE_SUCEiBX4VAzsZacoHOR3-FoujKoF6ZPJfo7iXoM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":45,"crawl_stats":36,"alternatives":52,"analysis":150,"fingerprints":454},"ap-honeypot","AP HoneyPot WordPress Plugin","1.4","Denis V (Artprima)","https:\u002F\u002Fprofiles.wordpress.org\u002Fv-media\u002F","\u003Cp>AP HoneyPot WordPress Plugin, based on Jan Stępień’s http:BL, allows you\u003Cbr \u002F>\nto verify IP addresses of clients connecting to your blog against the Project\u003Cbr \u002F>\nHoney Pot database. Thanks to http:BL API you can quickly check whether your\u003Cbr \u002F>\nvisitor is an email harvester, a comment spammer or any other malicious\u003Cbr \u002F>\ncreature. Communication with verification server is done via DNS request\u003Cbr \u002F>\nmechanism, which makes the query and response even quicker. Now, thanks\u003Cbr \u002F>\nto AP HoneyPot WordPress Plugin any potentially harmful clients are denied\u003Cbr \u002F>\nfrom accessing your blog and therefore abusing it.\u003C\u002Fp>\n\u003Ch4>Your Feedback Matters\u003C\u002Fh4>\n\u003Cp>Bugs to report? Feature requests? Criticism? New ideas? We want to hear from\u003Cbr \u002F>\nyou! Do not hesitate. Get in touch with us and share your views.\u003C\u002Fp>\n","AP HoneyPot WordPress Plugin allows you to verify IP addresses of clients connecting to your blog against the Project Honey Pot database.",100,6621,94,3,"2013-12-04T14:22:00.000Z","3.7.41","2.9","",[20,21,22,23],"comments","honeypot","httpbl","spam","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fap-honeypot\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fap-honeypot.zip",63,1,"2025-09-05 00:00:00","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":36,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":36},"CVE-2025-58855","ap-honeypot-wordpress-plugin-cross-site-request-forgery","AP HoneyPot WordPress Plugin \u003C= 1.4 - Cross-Site Request Forgery","The AP HoneyPot WordPress Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.4","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-09-09 21:53:34",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F302c4eb3-d30e-4140-b674-e62b886d1618?source=api-prod",{"slug":46,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":47,"avg_security_score":48,"avg_patch_time_days":49,"trust_score":50,"computed_at":51},"v-media",140,78,30,79,"2026-04-04T18:08:22.218Z",[53,70,87,109,129],{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":61,"downloaded":62,"rating":63,"num_ratings":63,"last_updated":18,"tested_up_to":64,"requires_at_least":65,"requires_php":18,"tags":66,"homepage":18,"download_link":68,"security_score":11,"vuln_count":63,"unpatched_count":63,"last_vuln_date":36,"fetched_at":69},"simple-spam-blocker","Simple Spam Blocker","2.0.0","Awais","https:\u002F\u002Fprofiles.wordpress.org\u002Fawais300\u002F","\u003Cp>Simple Spam Blocker use honeypot technique which is fast and easy way to prevent spam. This plugin can stop spam comments, spam registration and also can be used to stop bots to try to login into admin panel. This plugin also provide option to stop spammers to get register via Ultimate Memeber Plugin’s registration from. You can also use shortcode [simple-spam-blocker] on any form to stop spammers.\u003C\u002Fp>\n","Simple Spam Blcoker stop spam comments and also can be used to stop bots to try to login into admin panel.",20,1364,0,"6.9.4","3.0.1",[20,21,67,23],"login","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-spam-blocker.zip","2026-03-15T10:48:56.248Z",{"slug":71,"name":72,"version":73,"author":74,"author_profile":75,"description":76,"short_description":77,"active_installs":63,"downloaded":78,"rating":63,"num_ratings":63,"last_updated":79,"tested_up_to":64,"requires_at_least":80,"requires_php":81,"tags":82,"homepage":18,"download_link":86,"security_score":11,"vuln_count":63,"unpatched_count":63,"last_vuln_date":36,"fetched_at":29},"tiny-comment-spam-blocker","Tiny Comment Spam Blocker","1.4.0","Kasuga","https:\u002F\u002Fprofiles.wordpress.org\u002Fkasuga16\u002F","\u003Cp>Tiny Comment Spam Blocker is a lightweight yet powerful plugin designed to protect your WordPress comments from spam. It employs five different techniques to detect and block unwanted comments:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>Nonce Verification\u003C\u002Fstrong> – Ensures that the comment form submission is genuine.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Submission Time Check\u003C\u002Fstrong> – Blocks comments submitted too quickly to prevent bots.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Honeypot Field\u003C\u002Fstrong> – Hidden field that traps automated spam bots.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User Agent Validation\u003C\u002Fstrong> – Detects suspicious User-Agent strings and blocks them.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Forbidden Word Filtering\u003C\u002Fstrong> – Blocks submissions containing words or phrases from a configurable list within the \u003Cstrong>comment body, email address, or IP address.\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>JavaScript-Based Human Interaction Detection\u003C\u002Fstrong> – Sets a verification token when mouse movement, scrolling, or touch interaction is detected.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>(Option) Block Non-Japanese Comments\u003C\u002Fstrong> – Blocks comments that do not contain Japanese characters (Hiragana, Katakana, or Han\u002FKanji), primarily targeting machine-translated or foreign spam.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>These filters are applied in order: if a comment passes the first check, it proceeds to the second, and so on, until all checks are applied or the comment is blocked.\u003C\u002Fp>\n\u003Cp>Additional features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Option to log detected spam in a local log file (up to 1.0 MB).\u003C\u002Fli>\n\u003Cli>Optional email notifications when spam is detected.\u003C\u002Fli>\n\u003Cli>Easy settings page in the WordPress admin panel.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Settings\u003C\u002Fh3>\n\u003Cp>The plugin provides the following settings in the WordPress admin panel:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Enable Spam Protection\u003C\u002Fstrong> – Toggle the spam protection on or off. When disabled, all anti-spam checks are skipped.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Save Spam Detection Log\u003C\u002Fstrong> – Enable or disable logging of detected spam. Logs are saved in a local file up to 1.0 MB within the WordPress uploads directory.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Notification Email Address\u003C\u002Fstrong> – Enter an email address to receive notifications when spam is detected. Leave blank to disable email notifications.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Minimum Submission Time (seconds)\u003C\u002Fstrong> – Set the minimum allowed time between loading the comment form and submitting a comment. Comments submitted faster than this threshold are considered spam.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Forbidden Words List\u003C\u002Fstrong> – Enter one forbidden word, phrase, or IP address per line. Submissions containing these entries in the comment body, \u003Cstrong>email address\u003C\u002Fstrong>, or \u003Cstrong>IP address\u003C\u002Fstrong> will be blocked. \u003Cstrong>Case is insensitive.\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>\u003Cstrong>Example:\u003C\u002Fstrong>\u003Cbr \u002F>\nviagra\u003Cbr \u002F>\nonline pharmacy\u003Cbr \u002F>\nspam@email.com\u003Cbr \u002F>\n164.138.205.72\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Block No Japanese Comments\u003C\u002Fstrong> – If enabled, this becomes the final check: Comments that contain Japanese characters (Hiragana, Katakana, or Kanji) will be automatically accepted after passing other security checks. \u003Cstrong>Comments without Japanese characters will be blocked.\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Arbitrary Section\u003C\u002Fh3>\n\u003Cp>This plugin is designed to be lightweight and fast, ensuring minimal impact on site performance while providing robust protection against comment spam.\u003C\u002Fp>\n","A simple and lightweight yet rock-solid plugin that blocks comment spam using multiple automatic detection methods.",411,"2026-01-30T09:21:00.000Z","6.3","7.4",[83,20,21,84,85],"anti-spam","security","spam-protection","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftiny-comment-spam-blocker.1.4.0.zip",{"slug":88,"name":89,"version":90,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":95,"downloaded":96,"rating":13,"num_ratings":97,"last_updated":98,"tested_up_to":64,"requires_at_least":99,"requires_php":100,"tags":101,"homepage":104,"download_link":105,"security_score":106,"vuln_count":107,"unpatched_count":63,"last_vuln_date":108,"fetched_at":29},"akismet","Akismet Anti-spam: Spam Protection","5.6","Automattic","https:\u002F\u002Fprofiles.wordpress.org\u002Fautomattic\u002F","\u003Cp>The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.\u003C\u002Fp>\n\u003Cp>Akismet checks your comments and contact form submissions against our global database of spam to prevent your site from publishing malicious content. You can review the comment spam it catches on your blog’s “Comments” admin screen.\u003C\u002Fp>\n\u003Cp>Major features in Akismet include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatically checks all comments and filters out the ones that look like spam.\u003C\u002Fli>\n\u003Cli>Each comment has a status history, so you can easily see which comments were caught or cleared by Akismet and which were spammed or unspammed by a moderator.\u003C\u002Fli>\n\u003Cli>URLs are shown in the comment body to reveal hidden or misleading links.\u003C\u002Fli>\n\u003Cli>Moderators can see the number of approved comments for each user.\u003C\u002Fli>\n\u003Cli>A discard feature that outright blocks the worst spam, saving you disk space and speeding up your site.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>PS: You’ll be prompted to get an Akismet.com API key to use it, once activated. Keys are free for personal blogs; paid subscriptions are available for businesses and commercial sites.\u003C\u002Fp>\n","The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.",6000000,386405930,1173,"2025-11-12T16:31:00.000Z","5.8","7.2",[83,102,20,103,23],"antispam","contact-form","https:\u002F\u002Fakismet.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fakismet.5.6.zip",99,2,"2015-10-13 00:00:00",{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":117,"downloaded":118,"rating":13,"num_ratings":119,"last_updated":120,"tested_up_to":64,"requires_at_least":121,"requires_php":90,"tags":122,"homepage":126,"download_link":127,"security_score":106,"vuln_count":27,"unpatched_count":63,"last_vuln_date":128,"fetched_at":29},"disable-comments","Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]","2.6.2","WPDeveloper","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpdevteam\u002F","\u003Ch4>Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]\u003C\u002Fh4>\n\u003Cp>Enable\u002FDisable comments on any WordPress content (Pages, Posts, or Media) to stop spammers. WP-CLI, XML-RPC & REST-API support to stop spam comments.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpdeveloper.com\u002Fplugins\u002Fdisable-comments\u002F\" rel=\"nofollow ugc\">More About Plugin\u003C\u002Fa> ◼️ \u003Ca href=\"https:\u002F\u002Fwpdeveloper.com\u002Fdocs-category\u002Fdisable-comments\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa> ◼️ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fdisable-comments\u002F\" rel=\"ugc\">Support Forum\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FEpuYs9Nf_nY?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>Take Global Control Over Your WordPress Site\u003C\u002Fh3>\n\u003Cp>Override all comments-related settings throughout your website & manage your comments just the way you want.\u003C\u002Fp>\n\u003Ch3>Disable Comments On Posts, Pages & Media\u003C\u002Fh3>\n\u003Cp>Choose which posts, pages or media should allow comments from site visitors & configure Disable Comments accordingly\u003C\u002Fp>\n\u003Ch3>Disallow Comments On Multi-Site Network\u003C\u002Fh3>\n\u003Cp>Have multiple websites? Get rid of irrelevant comments on the entire network using Disable Comments Plugin\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FJ9AteKzQpPs?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>KEY FEATURES OF DISABLE COMMENTS\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>All “Comments” links are hidden from the Admin Menu and Admin Bar.\u003C\u002Fli>\n\u003Cli>All comment-related sections (“Recent Comments”, “Discussion” etc.) are hidden from the WordPress Dashboard.\u003C\u002Fli>\n\u003Cli>All comment-related widgets are disabled (so your theme cannot use them).\u003C\u002Fli>\n\u003Cli>The “Discussion” settings page is hidden.\u003C\u002Fli>\n\u003Cli>All comment RSS\u002FAtom feeds are disabled (and requests for these will be redirected to the parent post).\u003C\u002Fli>\n\u003Cli>The X-Pingback HTTP header is removed from all pages.\u003C\u002Fli>\n\u003Cli>Outgoing pingbacks are disabled.\u003C\u002Fli>\n\u003Cli>Stop spam comments entirely from the site with one click.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[New]\u003C\u002Fstrong> Delete comments by type.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[New]\u003C\u002Fstrong> Disable comments via \u003Ca href=\"https:\u002F\u002Fwpdeveloper.com\u002Fdocs\u002Fhow-to-disable-comments-made-via-xml-rpc\u002F\" rel=\"nofollow ugc\">XML-RPC\u003C\u002Fa> & \u003Ca href=\"https:\u002F\u002Fwpdeveloper.com\u002Fdocs\u002Fhow-to-disable-comments-made-via-rest-api\u002F\" rel=\"nofollow ugc\">REST-API\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[New]\u003C\u002Fstrong> Fully Multi-site Network supported.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[New]\u003C\u002Fstrong> Manage multiple website network-specific subsites or entire network comments in advance.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[New]\u003C\u002Fstrong> Exclude Disable Comments Settings based on user roles.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FFBq3-W-p-DM?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>Please delete any existing comments on your site \u003Cstrong>before applying this setting\u003C\u002Fstrong>, otherwise (depending on your theme) those comments may still be displayed to visitors. You can use the \u003Cstrong>Delete Comments tool\u003C\u002Fstrong> to delete any existing comments on your site.\u003C\u002Fp>\n\u003Ch3>🌟 WHAT’S NEW WITH DISABLE COMMENTS 2.0\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>AMAZING USER FRIENDLY INTERFACE\u003C\u002Fstrong>\u003Cbr \u002F>\nEasily configure your comment-related settings with an amazing and attractive app-like user interface.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>WP-CLI COMMANDS TO DISABLE COMMENTS\u003C\u002Fstrong>\u003Cbr \u002F>\nUse \u003Ca href=\"https:\u002F\u002Fwpdeveloper.com\u002Fdocs\u002Fhow-to-use-disable-comments-plugin-with-wp-cli-command-line\u002F\" rel=\"nofollow ugc\">WP-CLI\u003C\u002Fa> control for comment-related settings to disable comments on posts, pages, attachments or everywhere on your website.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fmzi5uhKB9Zk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>GET STARTED WITH QUICK SETUP WIZARD\u003C\u002Fstrong>\u003Cbr \u002F>\nUse the quick setup wizard after activating the plugin to instantly configure comment-related settings for your WordPress website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>DISABLE COMMENTS ON DOCS\u003C\u002Fstrong>\u003Cbr \u002F>\nInstantly disable comments on your documentation pages or WordPress knowledge base with a single click.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Ft7BQ-7A4y4s?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>DELETE CERTAIN COMMENT TYPE(S)\u003C\u002Fstrong>\u003Cbr \u002F>\nPermanently delete certain comment types from your WordPress website including WooCommerce product reviews as well as generic comments.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FIzm_ihC-z10?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>DISABLE COMMENTS VIA XML-RPC And REST API\u003C\u002Fstrong>\u003Cbr \u002F>\nBlock any comments made on your WordPress website via XML-RPC specification and REST API.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Important note\u003C\u002Fstrong>: Use this plugin if you don’t want comments at all on your site (or on certain post types). Don’t use it if you want to selectively disable comments on individual posts – WordPress lets you do that anyway. If you don’t know how to disable comments on individual posts, there are instructions in \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-comments\u002F#faq\" rel=\"ugc\">the FAQ\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you come across any bugs or have suggestions, please use the plugin support forum. I can’t fix it if I don’t know it’s broken! Please check the \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-comments\u002F#faq\" rel=\"ugc\">FAQ\u003C\u002Fa>\u003C\u002Fstrong> for common issues.\u003C\u002Fp>\n\u003Cp>Want to contribute? Here’s the \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWPDevelopers\u002Fdisable-comments\" rel=\"nofollow ugc\">GitHub development repository\u003C\u002Fa>\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>A \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWPDevelopers\u002Fdisable-comments-mu\" rel=\"nofollow ugc\">must-use version\u003C\u002Fa> of the plugin is also available.\u003C\u002Fp>\n\u003Ch3>Advanced Configuration\u003C\u002Fh3>\n\u003Cp>Some of the plugin’s behavior can be modified by site administrators and plugin\u002Ftheme developers through code:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Define \u003Ccode>DISABLE_COMMENTS_REMOVE_COMMENTS_TEMPLATE\u003C\u002Fcode> and set it to \u003Ccode>false\u003C\u002Fcode> to prevent the plugin from replacing the theme’s comment template with an empty one.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Define \u003Ccode>DISABLE_COMMENTS_ALLOW_DISCUSSION_SETTINGS\u003C\u002Fcode> and set it to \u003Ccode>true\u003C\u002Fcode> to prevent the plugin from hiding the Discussion settings page.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>These definitions can be made either in your main \u003Ccode>wp-config.php\u003C\u002Fcode> or in your theme’s \u003Ccode>functions.php\u003C\u002Fcode> file.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>THIS PLUGIN IS NOW MAINTAINED BY THE TEAM\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwpdeveloper.com\u002F\" rel=\"nofollow ugc\">WPDeveloper\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>💙 LOVED DISABLE COMMENTS?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>For documentation and tutorials go to our \u003Ca href=\"https:\u002F\u002Fwpdeveloper.com\u002Fdocs-category\u002Fdisable-comments\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>For video tutorials go to our \u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=J9AteKzQpPs&list=PLWHp1xKHCfxD2_xOIR5dMAGf3wd4hv-8K\" rel=\"nofollow ugc\">YouTube Playlist\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Join our \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fgroups\u002Fwpdeveloper.net\u002F\" rel=\"nofollow ugc\">Facebook Group\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>If you love Disable Comments, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fdisable-comments\u002Freviews\u002F?filter=5\" rel=\"ugc\">rate us on WordPress\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>For more information about features, FAQs, and documentation, check out our website at \u003Ca href=\"https:\u002F\u002Fwpdeveloper.com\u002Fplugins\u002Fdisable-comments\u002F\" rel=\"nofollow ugc\">Disable Comments\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔥 GET FREEBIES FOR YOUR WORDPRESS SITE\u003C\u002Fh3>\n\u003Cp>Consider checking out our other WordPress solutions & boost your WordPress website:\u003C\u002Fp>\n\u003Cp>🔝 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fessential-addons-for-elementor-lite\u002F\" rel=\"ugc\">Essential Addons For Elementor\u003C\u002Fa>: Most popular Elementor addons with 2 million+ happy users & 95+ widgets & ready blocks\u003C\u002Fp>\n\u003Cp>🔔 \u003Ca href=\"https:\u002F\u002Fnotificationx.com\u002F\" rel=\"nofollow ugc\">NotificationX\u003C\u002Fa> – Best Social Proof & FOMO Marketing Solution to increase conversion rates.\u003C\u002Fp>\n\u003Cp>🔗 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbetterlinks\u002F\" rel=\"ugc\">BetterLinks\u003C\u002Fa>: Latest best WordPress link management plugin for link shortening, tracking & analyzing.\u003C\u002Fp>\n\u003Cp>📄 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fembedpress\u002F\" rel=\"ugc\">EmbedPress\u003C\u002Fa>: EmbedPress lets you embed anything including videos, images, posts, audio, maps and upload PDF, DOC, PPT etc.\u003C\u002Fp>\n\u003Cp>☁ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftemplately\u002F\" rel=\"ugc\">Templately\u003C\u002Fa>: 6000+ Free templates library for Elementor & Gutenberg along with the cloud collaboration for WordPress.\u003C\u002Fp>\n\u003Cp>📚 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbetterdocs\u002F\" rel=\"ugc\">BetterDocs\u003C\u002Fa>: Best Documentation & Knowledge Base Plugin for WordPress reduce manual support tickets & improve user experience.\u003C\u002Fp>\n\u003Cp>⏰ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-scheduled-posts\u002F\" rel=\"ugc\">SchedulePress\u003C\u002Fa>: Advanced editorial calendar with WordPress Post Scheduling, Social Sharing, Missed scheduled alerts, and more.\u003C\u002Fp>\n\u003Cp>⚡ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fflexia\u002F\" rel=\"ugc\">Flexia\u003C\u002Fa>: Most lightweight, customizable & multi purpose theme for WordPress.\u003C\u002Fp>\n\u003Cp>Visit \u003Ca href=\"https:\u002F\u002Fwpdeveloper.com\u002F\" rel=\"nofollow ugc\">WPDeveloper\u003C\u002Fa> to learn more about how to do better in WordPress with \u003Ca href=\"https:\u002F\u002Fwpdeveloper.com\u002Fblog\" rel=\"nofollow ugc\">Help Tutorial, Tips & Tricks\u003C\u002Fa>.\u003C\u002Fp>\n","Allows administrators to globally disable comments on their site. Comments can be disabled according to post type. Multisite friendly.",1000000,31676190,276,"2026-01-20T08:14:00.000Z","5.0",[123,110,124,85,125],"delete-comments","remove-comments","stop-spam","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-comments\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-comments.2.6.2.zip","2014-08-01 00:00:00",{"slug":130,"name":131,"version":132,"author":133,"author_profile":134,"description":135,"short_description":136,"active_installs":137,"downloaded":138,"rating":139,"num_ratings":140,"last_updated":141,"tested_up_to":142,"requires_at_least":143,"requires_php":144,"tags":145,"homepage":147,"download_link":148,"security_score":11,"vuln_count":27,"unpatched_count":63,"last_vuln_date":149,"fetched_at":29},"antispam-bee","Antispam Bee","2.11.8","pluginkollektiv","https:\u002F\u002Fprofiles.wordpress.org\u002Fpluginkollektiv\u002F","\u003Cp>Say Goodbye to comment spam on your WordPress blog or website. \u003Cem>Antispam Bee\u003C\u002Fem> blocks spam comments and trackbacks effectively, without captchas and without sending personal information to third party services. It is free of charge, ad-free and 100% GDPR compliant.\u003C\u002Fp>\n\u003Ch3>Feature\u002FSettings Overview\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Trust approved commenters.\u003C\u002Fli>\n\u003Cli>Trust commenters with a Gravatar.\u003C\u002Fli>\n\u003Cli>Consider the comment time.\u003C\u002Fli>\n\u003Cli>Allow comments only in a certain language.\u003C\u002Fli>\n\u003Cli>Block or allow commenters from certain countries.\u003C\u002Fli>\n\u003Cli>Treat BBCode links as spam.\u003C\u002Fli>\n\u003Cli>Use regular expressions.\u003C\u002Fli>\n\u003Cli>Search local spam database for commenters previously marked as spammers.\u003C\u002Fli>\n\u003Cli>Notify admins by e-mail about incoming spam.\u003C\u002Fli>\n\u003Cli>Delete existing spam after n days.\u003C\u002Fli>\n\u003Cli>Limit approval to comments\u002Fpings (will delete other comment types).\u003C\u002Fli>\n\u003Cli>Select spam indicators to send comments to deletion directly.\u003C\u002Fli>\n\u003Cli>Optionally exclude trackbacks and pingbacks from spam detection.\u003C\u002Fli>\n\u003Cli>Optionally spam-check comment forms on archive pages.\u003C\u002Fli>\n\u003Cli>Display spam statistics on the dashboard, including daily updates of spam detection rate and a total of blocked spam comments.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Community support via the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fantispam-bee\" rel=\"ugc\">support forums on wordpress.org\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Read \u003Ca href=\"https:\u002F\u002Fantispambee.pluginkollektiv.org\u002Fdocumentation\u002F\" rel=\"nofollow ugc\">the documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>We don’t handle support via e-mail, Twitter, GitHub issues etc.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contribute\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Active development of this plugin is handled \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpluginkollektiv\u002Fantispam-bee\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Pull requests for documented bugs are highly appreciated.\u003C\u002Fli>\n\u003Cli>If you think you’ve found a bug (e.g. you’re experiencing unexpected behavior), please post at the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fantispam-bee\" rel=\"ugc\">support forums\u003C\u002Fa> first.\u003C\u002Fli>\n\u003Cli>If you want to help us translate this plugin you can do so \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fantispam-bee\" rel=\"nofollow ugc\">on WordPress Translate\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Author: \u003Ca href=\"https:\u002F\u002Fsergejmueller.github.io\u002F\" rel=\"nofollow ugc\">Sergej Müller\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Maintainers: \u003Ca href=\"https:\u002F\u002Fpluginkollektiv.org\" rel=\"nofollow ugc\">pluginkollektiv\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Sophisticated antispam plugin for effective daily comment and trackback spam-fighting. Built with data protection and privacy in mind.",700000,10958057,96,225,"2025-07-22T11:23:00.000Z","6.8.5","4.6","5.2",[83,102,20,146,85],"spam-filter","https:\u002F\u002Fantispambee.pluginkollektiv.org\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fantispam-bee.2.11.8.zip","2023-11-27 00:00:00",{"attackSurface":151,"codeSignals":188,"taintFlows":269,"riskAssessment":435,"analyzedAt":453},{"hooks":152,"ajaxHandlers":184,"restRoutes":185,"shortcodes":186,"cronEvents":187,"entryPointCount":63,"unprotectedCount":63},[153,159,161,164,168,172,176,180],{"type":154,"name":155,"callback":156,"priority":27,"file":157,"line":158},"action","init","check_post_args","ap-honeypot.class.php",98,{"type":154,"name":155,"callback":160,"priority":27,"file":157,"line":106},"check_visitor",{"type":154,"name":162,"callback":163,"file":157,"line":11},"wp_footer","show_honeypot",{"type":154,"name":155,"callback":165,"priority":166,"file":157,"line":167},"get_stats",10,101,{"type":154,"name":169,"callback":170,"file":157,"line":171},"admin_menu","config_page",102,{"type":173,"name":174,"callback":174,"priority":166,"file":157,"line":175},"filter","plugin_action_links",103,{"type":154,"name":177,"callback":178,"file":157,"line":179},"wp_dashboard_setup","add_dashboard_widgets",107,{"type":154,"name":181,"callback":182,"file":157,"line":183},"admin_notices","plugin_not_active",111,[],[],[],[],{"dangerousFunctions":189,"sqlUsage":190,"outputEscaping":205,"fileOperations":63,"externalRequests":63,"nonceChecks":63,"capabilityChecks":63,"bundledLibraries":268},[],{"prepared":191,"raw":192,"locations":193},4,5,[194,196,198,200,202],{"file":157,"line":119,"context":195},"$wpdb->get_results() with variable interpolation",{"file":157,"line":197,"context":195},328,{"file":157,"line":199,"context":195},342,{"file":157,"line":201,"context":195},351,{"file":157,"line":203,"context":204},357,"$wpdb->query() with variable interpolation",{"escaped":192,"rawEcho":49,"locations":206},[207,210,212,214,216,218,220,222,224,226,228,230,232,234,236,238,240,242,244,246,248,250,252,254,256,258,260,262,264,266],{"file":157,"line":208,"context":209},154,"raw output",{"file":157,"line":211,"context":209},155,{"file":157,"line":213,"context":209},205,{"file":157,"line":215,"context":209},206,{"file":157,"line":217,"context":209},207,{"file":157,"line":219,"context":209},208,{"file":157,"line":221,"context":209},319,{"file":157,"line":223,"context":209},583,{"file":157,"line":225,"context":209},719,{"file":157,"line":227,"context":209},728,{"file":157,"line":229,"context":209},737,{"file":157,"line":231,"context":209},747,{"file":157,"line":233,"context":209},749,{"file":157,"line":235,"context":209},751,{"file":157,"line":237,"context":209},763,{"file":157,"line":239,"context":209},767,{"file":157,"line":241,"context":209},771,{"file":157,"line":243,"context":209},782,{"file":157,"line":245,"context":209},791,{"file":157,"line":247,"context":209},809,{"file":157,"line":249,"context":209},823,{"file":157,"line":251,"context":209},835,{"file":157,"line":253,"context":209},851,{"file":157,"line":255,"context":209},862,{"file":157,"line":257,"context":209},873,{"file":157,"line":259,"context":209},874,{"file":157,"line":261,"context":209},875,{"file":157,"line":263,"context":209},883,{"file":157,"line":265,"context":209},948,{"file":157,"line":267,"context":209},975,[],[270,287,297,381],{"entryPoint":271,"graph":272,"unsanitizedCount":27,"severity":38},"dashboard_log_configure (ap-honeypot.class.php:131)",{"nodes":273,"edges":284},[274,279],{"id":275,"type":276,"label":277,"file":157,"line":278},"n0","source","$_POST",139,{"id":280,"type":281,"label":282,"file":157,"line":211,"wp_function":283},"n1","sink","echo() [XSS]","echo",[285],{"from":275,"to":280,"sanitized":286},false,{"entryPoint":288,"graph":289,"unsanitizedCount":191,"severity":38},"dashboard_check_ip (ap-honeypot.class.php:187)",{"nodes":290,"edges":295},[291,294],{"id":275,"type":276,"label":292,"file":157,"line":293},"$_POST (x4)",189,{"id":280,"type":281,"label":282,"file":157,"line":213,"wp_function":283},[296],{"from":275,"to":280,"sanitized":286},{"entryPoint":298,"graph":299,"unsanitizedCount":379,"severity":380},"save_configuration (ap-honeypot.class.php:611)",{"nodes":300,"edges":367},[301,304,307,311,313,317,319,323,325,329,331,335,337,341,343,347,349,353,355,359,361,365],{"id":275,"type":276,"label":302,"file":157,"line":303},"$_POST['key']",614,{"id":280,"type":281,"label":305,"file":157,"line":303,"wp_function":306},"update_option() [Settings Manipulation]","update_option",{"id":308,"type":276,"label":309,"file":157,"line":310},"n2","$_POST['age_thres']",619,{"id":312,"type":281,"label":305,"file":157,"line":310,"wp_function":306},"n3",{"id":314,"type":276,"label":315,"file":157,"line":316},"n4","$_POST['threat_thres']",624,{"id":318,"type":281,"label":305,"file":157,"line":316,"wp_function":306},"n5",{"id":320,"type":276,"label":321,"file":157,"line":322},"n6","$_POST['threat_thres_s']",629,{"id":324,"type":281,"label":305,"file":157,"line":322,"wp_function":306},"n7",{"id":326,"type":276,"label":327,"file":157,"line":328},"n8","$_POST['threat_thres_h']",632,{"id":330,"type":281,"label":305,"file":157,"line":328,"wp_function":306},"n9",{"id":332,"type":276,"label":333,"file":157,"line":334},"n10","$_POST['threat_thres_c']",635,{"id":336,"type":281,"label":305,"file":157,"line":334,"wp_function":306},"n11",{"id":338,"type":276,"label":339,"file":157,"line":340},"n12","$_POST['white_listed_ips']",646,{"id":342,"type":281,"label":305,"file":157,"line":340,"wp_function":306},"n13",{"id":344,"type":276,"label":345,"file":157,"line":346},"n14","$_POST['hp']",649,{"id":348,"type":281,"label":305,"file":157,"line":346,"wp_function":306},"n15",{"id":350,"type":276,"label":351,"file":157,"line":352},"n16","$_POST['not_logged_ips']",662,{"id":354,"type":281,"label":305,"file":157,"line":352,"wp_function":306},"n17",{"id":356,"type":276,"label":357,"file":157,"line":358},"n18","$_POST['stats_pattern']",670,{"id":360,"type":281,"label":305,"file":157,"line":358,"wp_function":306},"n19",{"id":362,"type":276,"label":363,"file":157,"line":364},"n20","$_POST['stats_link']",673,{"id":366,"type":281,"label":305,"file":157,"line":364,"wp_function":306},"n21",[368,369,370,371,372,373,374,375,376,377,378],{"from":275,"to":280,"sanitized":286},{"from":308,"to":312,"sanitized":286},{"from":314,"to":318,"sanitized":286},{"from":320,"to":324,"sanitized":286},{"from":326,"to":330,"sanitized":286},{"from":332,"to":336,"sanitized":286},{"from":338,"to":342,"sanitized":286},{"from":344,"to":348,"sanitized":286},{"from":350,"to":354,"sanitized":286},{"from":356,"to":360,"sanitized":286},{"from":362,"to":366,"sanitized":286},11,"low",{"entryPoint":382,"graph":383,"unsanitizedCount":433,"severity":434},"\u003Cap-honeypot.class> (ap-honeypot.class.php:0)",{"nodes":384,"edges":419},[385,387,388,389,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,413,415,417],{"id":275,"type":276,"label":386,"file":157,"line":278},"$_POST (x5)",{"id":280,"type":281,"label":282,"file":157,"line":211,"wp_function":283},{"id":308,"type":276,"label":277,"file":157,"line":293},{"id":312,"type":281,"label":390,"file":157,"line":391,"wp_function":392},"query() [SQLi]",256,"query",{"id":314,"type":276,"label":302,"file":157,"line":303},{"id":318,"type":281,"label":305,"file":157,"line":303,"wp_function":306},{"id":320,"type":276,"label":309,"file":157,"line":310},{"id":324,"type":281,"label":305,"file":157,"line":310,"wp_function":306},{"id":326,"type":276,"label":315,"file":157,"line":316},{"id":330,"type":281,"label":305,"file":157,"line":316,"wp_function":306},{"id":332,"type":276,"label":321,"file":157,"line":322},{"id":336,"type":281,"label":305,"file":157,"line":322,"wp_function":306},{"id":338,"type":276,"label":327,"file":157,"line":328},{"id":342,"type":281,"label":305,"file":157,"line":328,"wp_function":306},{"id":344,"type":276,"label":333,"file":157,"line":334},{"id":348,"type":281,"label":305,"file":157,"line":334,"wp_function":306},{"id":350,"type":276,"label":339,"file":157,"line":340},{"id":354,"type":281,"label":305,"file":157,"line":340,"wp_function":306},{"id":356,"type":276,"label":345,"file":157,"line":346},{"id":360,"type":281,"label":305,"file":157,"line":346,"wp_function":306},{"id":362,"type":276,"label":351,"file":157,"line":352},{"id":366,"type":281,"label":305,"file":157,"line":352,"wp_function":306},{"id":412,"type":276,"label":357,"file":157,"line":358},"n22",{"id":414,"type":281,"label":305,"file":157,"line":358,"wp_function":306},"n23",{"id":416,"type":276,"label":363,"file":157,"line":364},"n24",{"id":418,"type":281,"label":305,"file":157,"line":364,"wp_function":306},"n25",[420,421,422,423,424,425,426,427,428,429,430,431,432],{"from":275,"to":280,"sanitized":286},{"from":308,"to":312,"sanitized":286},{"from":314,"to":318,"sanitized":286},{"from":320,"to":324,"sanitized":286},{"from":326,"to":330,"sanitized":286},{"from":332,"to":336,"sanitized":286},{"from":338,"to":342,"sanitized":286},{"from":344,"to":348,"sanitized":286},{"from":350,"to":354,"sanitized":286},{"from":356,"to":360,"sanitized":286},{"from":362,"to":366,"sanitized":286},{"from":412,"to":414,"sanitized":286},{"from":416,"to":418,"sanitized":286},17,"high",{"summary":436,"deductions":437},"The 'ap-honeypot' plugin version 1.4 exhibits a mixed security posture. On one hand, it demonstrates good practices by having a zero attack surface regarding AJAX handlers, REST API routes, shortcodes, and cron events, meaning there are no direct entry points for attackers to exploit through these common vectors without authentication. The absence of file operations and external HTTP requests also reduces potential risks. However, significant concerns arise from the code analysis. With only 14% of outputs properly escaped, there is a high risk of Cross-Site Scripting (XSS) vulnerabilities. The fact that 4 out of 4 analyzed taint flows have unsanitized paths, with one deemed high severity, points to critical vulnerabilities that could allow attackers to inject malicious code or data. Furthermore, the presence of raw SQL queries without prepared statements in 56% of cases increases the risk of SQL injection. The plugin's vulnerability history, including a medium severity Cross-Site Request Forgery (CSRF) vulnerability in the past and one currently unpatched CVE, indicates a pattern of security weaknesses that have not been fully addressed, suggesting potential recurring issues. While the plugin lacks a large attack surface and avoids certain risky functionalities, the high rate of unescaped output, unsanitized taint flows, and a history of vulnerabilities necessitate careful consideration before deployment.",[438,441,444,447,450],{"reason":439,"points":440},"Unpatched CVE",15,{"reason":442,"points":443},"High severity unsanitized taint flow",12,{"reason":445,"points":446},"Low proper output escaping",6,{"reason":448,"points":449},"Raw SQL queries without prepared statements",8,{"reason":451,"points":452},"Medium severity vulnerability history (CSRF)",7,"2026-03-16T21:01:31.745Z",{"wat":455,"direct":464},{"assetPaths":456,"generatorPatterns":459,"scriptPaths":460,"versionParams":461},[457,458],"\u002Fwp-content\u002Fplugins\u002Fap-honeypot\u002Fap-honeypot.css","\u002Fwp-content\u002Fplugins\u002Fap-honeypot\u002Fap-honeypot.js",[],[458],[462,463],"ap-honeypot.css?ver=","ap-honeypot.js?ver=",{"cssClasses":465,"htmlComments":467,"htmlAttributes":474,"restEndpoints":478,"jsGlobals":479,"shortcodeOutput":481},[466],"ap-honeypot-nag",[468,469,470,471,472,473],"TODO:\n * Use nonce in settings\n * Rewrite AP_HoneyPot::check_log_table() to work more effectively\n * Better WordPress MU support\n","consts ","vars ","Counting from the day of visit.","S - suspicious, H - harvester, C - comment spammer.","Go to plugin settings",[475,476,477],"id=\"ap-honeypot-nag\"","name=\"widget-ap-honeypot-log-entries[items]\"","id=\"log-entries-number\"",[],[480],"APHP_PLUGIN_SETTINGS_URL",[]]