Does Automatic Ban IP have any unpatched vulnerabilities?

Yes — Automatic Ban IP currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Automatic Ban IP compatible with WordPress 4.5.33?

According to WordPress.org data, Automatic Ban IP 1.0.7 has been tested up to WordPress 4.5.33. Check the plugin's changelog for the latest compatibility information.

How often is Automatic Ban IP updated?

Automatic Ban IP was last updated on Apr 17, 2016. Frequent updates are generally a positive security signal.

What is Automatic Ban IP's security score?

Automatic Ban IP has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Automatic Ban IP Security Review — Score 63/100 (use caution)

Safety Verdict

Is Automatic Ban IP Safe to Use in 2026?

Use With Caution

Score 63/100

Automatic Ban IP has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Apr 9, 2025Updated 9yr ago

Risk Assessment

The 'automatic-ban-ip' plugin v1.0.7 exhibits a concerning security posture, primarily due to a significant attack surface with numerous unprotected AJAX handlers. The static analysis reveals 8 AJAX handlers, all of which lack authentication checks, presenting a direct pathway for attackers to trigger potentially malicious actions. Furthermore, the code's handling of dangerous functions like 'unserialize' without apparent sanitization, coupled with 15 taint flows resulting in unsanitized paths, points to a high risk of various injection vulnerabilities. The plugin's track record of known vulnerabilities, including a recent medium-severity cross-site scripting issue that remains unpatched, reinforces these concerns. While the plugin does utilize prepared statements for some SQL queries and has a limited number of file operations and external HTTP requests, these strengths are heavily outweighed by the critical lack of security controls on its entry points and the evident weaknesses in input sanitization and output escaping.

Key Concerns

Unprotected AJAX handlers
Dangerous function 'unserialize' used
Taint flows with unsanitized paths
Unpatched CVE (medium severity)
Low percentage of properly escaped output
No nonce checks on AJAX handlers
Low percentage of prepared SQL statements

Vulnerabilities

1

Automatic Ban IP Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1

1 total CVE

CVE-2025-32632medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Automatic Ban IP <= 1.0.7 - Reflected Cross-Site Scripting

Apr 9, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Automatic Ban IP Code Analysis

Dangerous Functions

6

Raw SQL Queries

14

10 prepared

Unescaped Output

268

12 escaped

Nonce Checks

0

Capability Checks

2

File Operations

64

External Requests

2

Bundled Libraries

0

Dangerous Functions Found

unserialize$rus = @unserialize($r->geolocate_state) ;automatic-ban-ip.php:191

unserialize$reason = @unserialize($r->reason) ;automatic-ban-ip.php:584

unserialize$geo = @unserialize($r->geolocate_state) ;automatic-ban-ip.php:600

unserialize$plugins = unserialize(@file_get_contents(dirname(__FILE__)."/data/SLFramework_OtherPlugins_".date('core\otherplugins.class.php:48

unserialize$res = unserialize($request['body']);core\otherplugins.class.php:128

unserialize$res = unserialize($request['body']);core\otherplugins.class.php:176

SQL Query Safety

42% prepared24 total queries

Output Escaping

4% escaped280 total outputs

Data Flows

15 unsanitized

Data Flow Analysis

15 flows15 with unsanitized paths

geolocate (automatic-ban-ip.php:735)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

8 unprotected

Automatic Ban IP Attack Surface

Entry Points8

Unprotected8

AJAX Handlers 8

authwp_ajax_translate_addcore.class.php:85

authwp_ajax_translate_modifycore.class.php:86

authwp_ajax_translate_createcore.class.php:87

authwp_ajax_send_translationcore.class.php:88

authwp_ajax_update_summarycore.class.php:89

authwp_ajax_del_paramcore.class.php:92

authwp_ajax_add_paramcore.class.php:93

authwp_ajax_send_feedbackcore.class.php:96

WordPress Hooks 26

actioninitcore.class.php:50

actionparse_requestcore.class.php:51

actionadmin_menucore.class.php:53

filterplugin_row_metacore.class.php:54

filterplugin_action_linkscore.class.php:55

actioninitcore.class.php:56

actioninitcore.class.php:58

actionwp_enqueue_scriptscore.class.php:61

actionwp_enqueue_scriptscore.class.php:62

actionwp_enqueue_scriptscore.class.php:64

actionwp_enqueue_scriptscore.class.php:67

actionwp_enqueue_scriptscore.class.php:69

actionwp_enqueue_scriptscore.class.php:70

actionadmin_enqueue_scriptscore.class.php:73

actionadmin_enqueue_scriptscore.class.php:74

actionadmin_enqueue_scriptscore.class.php:76

actionadmin_enqueue_scriptscore.class.php:79

actionadmin_enqueue_scriptscore.class.php:81

actionadmin_enqueue_scriptscore.class.php:82

filterthe_contentcore.class.php:99

filterget_the_excerptcore.class.php:100

filterget_the_excerptcore.class.php:101

actionactivated_plugincore.class.php:104

filtermce_external_pluginscore.class.php:702

filtermce_buttonscore.class.php:703

filtertiny_mce_versioncore.class.php:704

Maintenance & Trust

Automatic Ban IP Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33

Last updatedApr 17, 2016

PHP min version

Downloads5K

Community Trust

Rating100/100

Number of ratings2

Active installs30

Alternatives

Automatic Ban IP Alternatives

Spam to blacklist

spam-to-blacklist

A

100

Adds IP from comment that marked as spam to standard WordPress blacklist.

0 No CVEs

IP Ban

simple-ip-ban

B

84

Simple IP Ban is a lightweight ip / user agent ban plugin.

2K 1 CVE

IP Ban

ip-ban

A

85

Returns 'Page Not Found' 404 error message for IP's visiting your blog specified in the IP Ban option on the Discussion Options page.

90 No CVEs

Block Spammers

block-spammers

A

85

Block spammers from submitting comments, by IPs or by bad words.

40 No CVEs

Chronological Spam Removal

chronological-spam-removal

A

85

Plugin removes comments from the comments table that match blacklisted items, have too many links, or contain a author url (not default), or have non …

10 No CVEs

Developer Profile

Automatic Ban IP Developer Profile

KaizenCoders

14 plugins · 31K total installs

70

trust score

Avg Security Score

87/100

Avg Patch Time

153 days

View full developer profile

Detection Fingerprints

How We Detect Automatic Ban IP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/automatic-ban-ip/js/jquery-jvectormap-1.2.2.min.js/wp-content/plugins/automatic-ban-ip/js/jquery-jvectormap-world-mill-en.js

HTML / DOM Fingerprints

JS Globals

gdpDataSpammer

FAQ

Automatic Ban IP Security & Risk Analysis

Is Automatic Ban IP Safe to Use in 2026?

Use With Caution

Key Concerns

Automatic Ban IP Security Vulnerabilities

CVEs by Year

Severity Breakdown

Automatic Ban IP Code Analysis

Dangerous Functions Found

SQL Query Safety

Output Escaping

Data Flow Analysis

Automatic Ban IP Attack Surface

AJAX Handlers 8

Automatic Ban IP Maintenance & Trust

Maintenance Signals

Community Trust

Automatic Ban IP Alternatives

Spam to blacklist

IP Ban

IP Ban

Block Spammers

Chronological Spam Removal

Automatic Ban IP Developer Profile

How We Detect Automatic Ban IP

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Automatic Ban IP