[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fxqWHOQuDBQQxxpiBZ-KEcy1DMgZGiKVB_a3cr3vTFmI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":46,"crawl_stats":37,"alternatives":54,"analysis":144,"fingerprints":1006},"automatic-ban-ip","Automatic Ban IP","1.0.7","KaizenCoders","https:\u002F\u002Fprofiles.wordpress.org\u002Fkaizencoders\u002F","\u003Cp>Block IP addresses which are suspicious and try to post on your blog spam comments.\u003C\u002Fp>\n\u003Cp>This plugin need that you create an account on the Honey Pot Project (https:\u002F\u002Fwww.projecthoneypot.org, free api) or that you install the Spam Captcha plugin.\u003C\u002Fp>\n\u003Cp>In addition, if you want to geolocate the spammers your may create an account on (http:\u002F\u002Fipinfodb.com\u002F, free api). Thus, you may display a world map with the concentration of spammers.\u003C\u002Fp>\n\u003Cp>Spammers may be blocked either by PHP based restrictions (i.e. WordPress generates a 403 page for such identified users) or by Apache based restriction (using Deny from in .htaccess file).\u003C\u002Fp>\n\u003Cp>The Apache restriction is far more efficient when hundreds of hosts sent you spams in few minutes.\u003C\u002Fp>\n\u003Ch4>Multisite – WordPress MU\u003C\u002Fh4>\n\u003Ch4>Localization\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Afrikaans (South Africa) translation provided by SedLex, JanvanNiekerk\u003C\u002Fli>\n\u003Cli>English (United States), default language\u003C\u002Fli>\n\u003Cli>Japanese (Japan) translation provided by OsamuKudo\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features of the framework\u003C\u002Fh4>\n\u003Cp>This plugin uses the SL framework. This framework eases the creation of new plugins by providing tools and frames (see dev-toolbox plugin for more info).\u003C\u002Fp>\n\u003Cp>You may easily translate the text of the plugin and submit it to the developer, send a feedback, or choose the location of the plugin in the admin panel.\u003C\u002Fp>\n\u003Cp>Have fun !\u003C\u002Fp>\n","Block IP addresses which are suspicious and try to post on your blog spam comments.",30,5292,100,2,"2016-04-17T08:59:00.000Z","4.5.33","3.0","",[20,21,22,23,24],"automatic","ban","comments","ip","spam","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fautomatic-ban-ip\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fautomatic-ban-ip.zip",63,1,"2025-04-09 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":37},"CVE-2025-32632","automatic-ban-ip-reflected-cross-site-scripting","Automatic Ban IP \u003C= 1.0.7 - Reflected Cross-Site Scripting","The Automatic Ban IP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=1.0.7","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-04-15 14:13:23",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Facb4d5e7-25bf-4c06-ba0b-2404062dfbb8?source=api-prod",{"slug":47,"display_name":7,"profile_url":8,"plugin_count":48,"total_installs":49,"avg_security_score":50,"avg_patch_time_days":51,"trust_score":52,"computed_at":53},"kaizencoders",14,30550,87,153,70,"2026-04-04T17:27:42.712Z",[55,72,96,111,128],{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":63,"num_ratings":63,"last_updated":18,"tested_up_to":65,"requires_at_least":66,"requires_php":18,"tags":67,"homepage":69,"download_link":70,"security_score":13,"vuln_count":63,"unpatched_count":63,"last_vuln_date":37,"fetched_at":71},"spam-to-blacklist","Spam to blacklist","1.0","proninyaroslav","https:\u002F\u002Fprofiles.wordpress.org\u002Fproninyaroslav\u002F","\u003Cp>Adds IP from comment that marked as spam to standard WordPress blacklist. Comments already marked as spam are not added to the list.\u003C\u002Fp>\n","Adds IP from comment that marked as spam to standard WordPress blacklist.",0,1133,"4.9.29","4.9",[21,68,22,23,24],"blacklist","https:\u002F\u002Fgithub.com\u002Fproninyaroslav\u002Fspam-to-blacklist","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fspam-to-blacklist.1.0.zip","2026-03-15T10:48:56.248Z",{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":80,"downloaded":81,"rating":82,"num_ratings":83,"last_updated":84,"tested_up_to":85,"requires_at_least":86,"requires_php":18,"tags":87,"homepage":92,"download_link":93,"security_score":94,"vuln_count":28,"unpatched_count":63,"last_vuln_date":95,"fetched_at":30},"simple-ip-ban","IP Ban","1.3.0","Sandor Kovacs","https:\u002F\u002Fprofiles.wordpress.org\u002Falmos20\u002F","\u003Cp>UPDATE1: For the admin user the plugin it’s not active.\u003C\u002Fp>\n\u003Cp>UPDATE2: Added Ip Range feature for ip list.\u003C\u002Fp>\n\u003Cp>IP Ban is a security plugin, protects your site accessing from unwanted ip  addresses or user agents. You can add ip addresses or user agents creating your own black list.\u003C\u002Fp>\n\u003Cp>It also good to protect your site from unwanted crawlers, which uses your resource and bandwidth. Just add an ip address or user agent and things will happened.\u003C\u002Fp>\n\u003Cp>After the plugin activation, in the SETTINGS menu you’ll see  the Simple IP BAN submenu. Here you have 3 textareas:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>Add ip address or range here.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Add user agents here.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Define external url . All spammers will be redirected to this url.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n","Simple IP Ban is a lightweight ip \u002F user agent ban plugin.",2000,48791,80,9,"2017-11-28T18:59:00.000Z","4.7.32","3.1.0",[88,89,90,91],"anti-spam","ip-ban","protection","user-agent-ban","http:\u002F\u002Fwww.sandorkovacs.ro\u002Fip-ban-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-ip-ban.1.3.0.zip",84,"2014-12-12 00:00:00",{"slug":89,"name":74,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":102,"downloaded":103,"rating":63,"num_ratings":63,"last_updated":104,"tested_up_to":105,"requires_at_least":17,"requires_php":18,"tags":106,"homepage":108,"download_link":109,"security_score":110,"vuln_count":63,"unpatched_count":63,"last_vuln_date":37,"fetched_at":30},"0.7","w3prodigy","https:\u002F\u002Fprofiles.wordpress.org\u002Fw3prodigy\u002F","\u003Cp>Returns ‘Page Not Found’ 404 error message for IP’s visiting your blog specified in the IP Ban option on the Discussion Options page.\u003C\u002Fp>\n","Returns 'Page Not Found' 404 error message for IP's visiting your blog specified in the IP Ban option on the Discussion Options page.",90,8808,"2010-11-01T20:13:00.000Z","3.0.5",[88,21,23,107],"privacy","http:\u002F\u002Fw3prodigy.com\u002Fwordpress-plugins\u002Fip-ban\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fip-ban.zip",85,{"slug":112,"name":113,"version":114,"author":115,"author_profile":116,"description":117,"short_description":118,"active_installs":119,"downloaded":120,"rating":63,"num_ratings":63,"last_updated":121,"tested_up_to":122,"requires_at_least":123,"requires_php":18,"tags":124,"homepage":126,"download_link":127,"security_score":110,"vuln_count":63,"unpatched_count":63,"last_vuln_date":37,"fetched_at":30},"block-spammers","Block Spammers","0.3","sander85","https:\u002F\u002Fprofiles.wordpress.org\u002Fsander85\u002F","\u003Cp>This plugin allows to block spammers with the following options:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Block spammers by IPs (supports wildcards).\u003C\u002Fli>\n\u003Cli>Block IPs that have posted comments marked as spam.\u003C\u002Fli>\n\u003Cli>Block comments that contain bad words.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Additional options:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>If comment contains bad words, add the spammers IP into the blacklist.\u003C\u002Fli>\n\u003Cli>When deleting spam, add IPs of spam comments into the blacklist.\u003C\u002Fli>\n\u003Cli>Similar entries in the blacklist are merged automatically.\u003C\u002Fli>\n\u003C\u002Ful>\n","Block spammers from submitting comments, by IPs or by bad words.",40,3157,"2018-10-25T20:44:00.000Z","5.0.25","3.5.1",[125,22,23,24],"blocking","https:\u002F\u002Fgithub.com\u002Fsander85\u002Fblock-spammers","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblock-spammers.zip",{"slug":129,"name":130,"version":131,"author":132,"author_profile":133,"description":134,"short_description":135,"active_installs":136,"downloaded":137,"rating":63,"num_ratings":63,"last_updated":138,"tested_up_to":139,"requires_at_least":18,"requires_php":18,"tags":140,"homepage":18,"download_link":143,"security_score":110,"vuln_count":63,"unpatched_count":63,"last_vuln_date":37,"fetched_at":30},"chronological-spam-removal","Chronological Spam Removal","1.0.4.0","skunkbad","https:\u002F\u002Fprofiles.wordpress.org\u002Fskunkbad\u002F","\u003Cp>PHP V5+ only! This plugin deletes spam from the comments table of the database. It does so by checking it for matches against the characters or words you have blacklisted in Settings->Discussion. Also on the Settings->Discussion page is a setting for the maximum allowed links that a comment can contain. This plugin will delete comments that have too many links. Spam can also be deleted if it has a url in the author url field. This is handy if you don’t have a author url form field in your comment form, and bots are submitting without using your form. Finally, spam can be deleted if there are any non US-en keyboard characters in any comment row. I don’t expect any foreign language characters on my blog, and while I know this setting may be a little harsh, it’s a spammy world out there, and sometimes ya gotta do what ya gotta do.\u003C\u002Fp>\n\u003Cp>This plugin adds a menu item in the Settings section of the admin area. Currently only three options are available:\u003C\u002Fp>\n\u003Cp>1) The frequency to run the automated process of removing spam. Default is twice a day.\u003C\u002Fp>\n\u003Cp>2) Whether or not to remove spam that has been submitted with the website field. Default is NO (unchecked).\u003C\u002Fp>\n\u003Cp>3) Whether or not to remove spam that has non US-en keyboard characters. Default is NO (unchecked).\u003C\u002Fp>\n","Plugin removes comments from the comments table that match blacklisted items, have too many links, or contain a author url (not default), or have non  &hellip;",10,2891,"2012-02-26T02:40:00.000Z","3.3.2",[20,22,141,142,24],"database","removal","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchronological-spam-removal.zip",{"attackSurface":145,"codeSignals":270,"taintFlows":774,"riskAssessment":986,"analyzedAt":1005},{"hooks":146,"ajaxHandlers":240,"restRoutes":266,"shortcodes":267,"cronEvents":268,"entryPointCount":269,"unprotectedCount":269},[147,153,157,160,165,168,171,174,179,182,185,188,192,194,198,201,204,207,209,211,216,220,223,227,231,236],{"type":148,"name":149,"callback":150,"file":151,"line":152},"action","init","_button_editor","core.class.php",50,{"type":148,"name":154,"callback":155,"priority":28,"file":151,"line":156},"parse_request","create_js_for_tinymce",51,{"type":148,"name":158,"callback":158,"file":151,"line":159},"admin_menu",53,{"type":161,"name":162,"callback":163,"priority":136,"file":151,"line":164},"filter","plugin_row_meta","plugin_actions",54,{"type":161,"name":166,"callback":166,"priority":136,"file":151,"line":167},"plugin_action_links",55,{"type":148,"name":149,"callback":169,"file":151,"line":170},"init_textdomain",56,{"type":148,"name":149,"callback":172,"file":151,"line":173},"update_plugin",58,{"type":148,"name":175,"callback":176,"priority":177,"file":151,"line":178},"wp_enqueue_scripts","javascript_front",5,61,{"type":148,"name":175,"callback":180,"priority":177,"file":151,"line":181},"css_front",62,{"type":148,"name":175,"callback":183,"file":151,"line":184},"_public_js_load",64,{"type":148,"name":175,"callback":186,"file":151,"line":187},"_public_css_load",67,{"type":148,"name":175,"callback":189,"priority":190,"file":151,"line":191},"flush_js",10000000,69,{"type":148,"name":175,"callback":193,"priority":190,"file":151,"line":52},"flush_css",{"type":148,"name":195,"callback":196,"priority":177,"file":151,"line":197},"admin_enqueue_scripts","javascript_admin",73,{"type":148,"name":195,"callback":199,"priority":177,"file":151,"line":200},"css_admin",74,{"type":148,"name":195,"callback":202,"file":151,"line":203},"_admin_js_load",76,{"type":148,"name":195,"callback":205,"file":151,"line":206},"_admin_css_load",79,{"type":148,"name":195,"callback":189,"priority":190,"file":151,"line":208},81,{"type":148,"name":195,"callback":193,"priority":190,"file":151,"line":210},82,{"type":161,"name":212,"callback":213,"priority":214,"file":151,"line":215},"the_content","the_content_SL",1000,99,{"type":161,"name":217,"callback":218,"priority":219,"file":151,"line":13},"get_the_excerpt","the_excerpt_SL",1000000,{"type":161,"name":217,"callback":221,"priority":14,"file":151,"line":222},"the_excerpt_ante_SL",101,{"type":148,"name":224,"callback":225,"file":151,"line":226},"activated_plugin","save_error_on_activation",104,{"type":161,"name":228,"callback":229,"file":151,"line":230},"mce_external_plugins","add_custom_button",702,{"type":161,"name":232,"callback":233,"priority":234,"file":151,"line":235},"mce_buttons","register_custom_button",999,703,{"type":161,"name":237,"callback":238,"file":151,"line":239},"tiny_mce_version","my_refresh_mce",704,[241,244,247,249,252,255,259,263],{"action":242,"nopriv":243,"callback":242,"hasNonce":243,"hasCapCheck":243,"file":151,"line":110},"translate_add",false,{"action":245,"nopriv":243,"callback":245,"hasNonce":243,"hasCapCheck":243,"file":151,"line":246},"translate_modify",86,{"action":248,"nopriv":243,"callback":248,"hasNonce":243,"hasCapCheck":243,"file":151,"line":50},"translate_create",{"action":250,"nopriv":243,"callback":250,"hasNonce":243,"hasCapCheck":243,"file":151,"line":251},"send_translation",88,{"action":253,"nopriv":243,"callback":253,"hasNonce":243,"hasCapCheck":243,"file":151,"line":254},"update_summary",89,{"action":256,"nopriv":243,"callback":257,"hasNonce":243,"hasCapCheck":243,"file":151,"line":258},"del_param","del_param_callback",92,{"action":260,"nopriv":243,"callback":261,"hasNonce":243,"hasCapCheck":243,"file":151,"line":262},"add_param","add_param_callback",93,{"action":264,"nopriv":243,"callback":264,"hasNonce":243,"hasCapCheck":243,"file":151,"line":265},"send_feedback",96,[],[],[],8,{"dangerousFunctions":271,"sqlUsage":292,"outputEscaping":326,"fileOperations":184,"externalRequests":14,"nonceChecks":63,"capabilityChecks":14,"bundledLibraries":773},[272,277,280,283,287,290],{"fn":273,"file":274,"line":275,"context":276},"unserialize","automatic-ban-ip.php",191,"$rus = @unserialize($r->geolocate_state) ;",{"fn":273,"file":274,"line":278,"context":279},584,"$reason = @unserialize($r->reason) ;",{"fn":273,"file":274,"line":281,"context":282},600,"$geo = @unserialize($r->geolocate_state) ;",{"fn":273,"file":284,"line":285,"context":286},"core\\otherplugins.class.php",48,"$plugins = unserialize(@file_get_contents(dirname(__FILE__).\"\u002Fdata\u002FSLFramework_OtherPlugins_\".date('",{"fn":273,"file":284,"line":288,"context":289},128,"$res = unserialize($request['body']);",{"fn":273,"file":284,"line":291,"context":289},176,{"prepared":136,"raw":48,"locations":293},[294,297,299,302,305,307,309,311,313,315,317,320,322,324],{"file":274,"line":295,"context":296},91,"$wpdb->query() with variable interpolation",{"file":274,"line":298,"context":296},95,{"file":274,"line":300,"context":301},184,"$wpdb->get_results() with variable interpolation",{"file":274,"line":303,"context":304},322,"$wpdb->get_var() with variable interpolation",{"file":274,"line":306,"context":296},326,{"file":274,"line":308,"context":296},344,{"file":274,"line":310,"context":296},374,{"file":274,"line":312,"context":301},389,{"file":274,"line":314,"context":304},549,{"file":274,"line":316,"context":301},576,{"file":318,"line":319,"context":296},"core\\templates\\my-plugin.php",106,{"file":318,"line":321,"context":296},110,{"file":151,"line":323,"context":304},180,{"file":151,"line":325,"context":304},211,{"escaped":327,"rawEcho":328,"locations":329},12,268,[330,333,335,337,339,341,343,345,347,349,351,353,355,357,359,361,363,366,368,369,371,373,375,377,378,380,382,384,386,388,390,392,394,396,398,399,400,401,402,403,404,405,406,407,408,409,410,411,413,414,415,416,417,418,419,420,421,422,423,424,426,428,431,432,434,436,438,439,440,441,442,443,444,446,447,449,450,451,452,453,455,457,459,461,463,464,465,466,467,469,471,474,475,477,478,479,481,482,483,485,486,488,489,490,491,492,494,495,496,498,500,502,504,506,508,510,512,514,516,517,519,520,521,522,523,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,542,545,546,548,549,551,553,555,556,557,559,561,563,565,567,569,571,573,575,577,579,581,583,585,588,590,592,594,596,598,600,602,603,604,605,607,609,611,612,614,616,618,620,622,624,626,628,630,632,634,635,637,639,641,643,645,647,649,651,653,655,657,659,661,663,665,667,669,671,673,675,677,679,681,683,685,687,689,691,693,695,697,699,701,702,703,705,707,709,711,712,713,714,715,717,718,720,722,724,725,727,729,730,731,732,733,735,737,739,741,743,745,747,748,750,752,754,756,757,758,760,762,763,764,765,767,769,771],{"file":274,"line":331,"context":332},194,"raw output",{"file":274,"line":334,"context":332},522,{"file":274,"line":336,"context":332},537,{"file":274,"line":338,"context":332},541,{"file":274,"line":340,"context":332},597,{"file":274,"line":342,"context":332},611,{"file":274,"line":344,"context":332},678,{"file":274,"line":346,"context":332},681,{"file":274,"line":348,"context":332},682,{"file":274,"line":350,"context":332},683,{"file":274,"line":352,"context":332},686,{"file":274,"line":354,"context":332},689,{"file":274,"line":356,"context":332},690,{"file":274,"line":358,"context":332},691,{"file":274,"line":360,"context":332},718,{"file":274,"line":362,"context":332},724,{"file":364,"line":365,"context":332},"core\\admin_table.class.php",182,{"file":364,"line":367,"context":332},189,{"file":364,"line":367,"context":332},{"file":364,"line":370,"context":332},192,{"file":364,"line":372,"context":332},193,{"file":364,"line":374,"context":332},212,{"file":364,"line":376,"context":332},219,{"file":364,"line":376,"context":332},{"file":364,"line":379,"context":332},222,{"file":364,"line":381,"context":332},223,{"file":364,"line":383,"context":332},224,{"file":364,"line":385,"context":332},225,{"file":364,"line":387,"context":332},226,{"file":364,"line":389,"context":332},227,{"file":364,"line":391,"context":332},261,{"file":364,"line":393,"context":332},277,{"file":364,"line":395,"context":332},295,{"file":364,"line":397,"context":332},364,{"file":364,"line":397,"context":332},{"file":364,"line":397,"context":332},{"file":364,"line":310,"context":332},{"file":364,"line":310,"context":332},{"file":364,"line":310,"context":332},{"file":364,"line":310,"context":332},{"file":364,"line":310,"context":332},{"file":364,"line":310,"context":332},{"file":364,"line":310,"context":332},{"file":364,"line":310,"context":332},{"file":364,"line":310,"context":332},{"file":364,"line":310,"context":332},{"file":364,"line":310,"context":332},{"file":364,"line":412,"context":332},378,{"file":364,"line":412,"context":332},{"file":364,"line":412,"context":332},{"file":364,"line":412,"context":332},{"file":364,"line":412,"context":332},{"file":364,"line":412,"context":332},{"file":364,"line":412,"context":332},{"file":364,"line":412,"context":332},{"file":364,"line":412,"context":332},{"file":364,"line":412,"context":332},{"file":364,"line":412,"context":332},{"file":364,"line":412,"context":332},{"file":425,"line":119,"context":332},"core\\box.class.php",{"file":425,"line":427,"context":332},43,{"file":429,"line":430,"context":332},"core\\feedback.class.php",39,{"file":429,"line":119,"context":332},{"file":429,"line":433,"context":332},41,{"file":429,"line":435,"context":332},44,{"file":429,"line":437,"context":332},45,{"file":429,"line":164,"context":332},{"file":429,"line":167,"context":332},{"file":429,"line":200,"context":332},{"file":429,"line":203,"context":332},{"file":429,"line":206,"context":332},{"file":429,"line":208,"context":332},{"file":429,"line":445,"context":332},177,{"file":429,"line":365,"context":332},{"file":284,"line":448,"context":332},52,{"file":284,"line":164,"context":332},{"file":284,"line":94,"context":332},{"file":284,"line":246,"context":332},{"file":284,"line":50,"context":332},{"file":284,"line":454,"context":332},109,{"file":284,"line":456,"context":332},147,{"file":284,"line":458,"context":332},148,{"file":284,"line":460,"context":332},150,{"file":284,"line":462,"context":332},179,{"file":284,"line":323,"context":332},{"file":284,"line":365,"context":332},{"file":284,"line":367,"context":332},{"file":284,"line":275,"context":332},{"file":284,"line":468,"context":332},197,{"file":284,"line":470,"context":332},206,{"file":472,"line":473,"context":332},"core\\parameters.class.php",767,{"file":472,"line":473,"context":332},{"file":472,"line":476,"context":332},781,{"file":472,"line":476,"context":332},{"file":472,"line":476,"context":332},{"file":472,"line":480,"context":332},790,{"file":472,"line":480,"context":332},{"file":472,"line":480,"context":332},{"file":472,"line":484,"context":332},877,{"file":472,"line":484,"context":332},{"file":472,"line":487,"context":332},894,{"file":472,"line":487,"context":332},{"file":472,"line":487,"context":332},{"file":472,"line":487,"context":332},{"file":472,"line":487,"context":332},{"file":472,"line":493,"context":332},898,{"file":472,"line":493,"context":332},{"file":472,"line":493,"context":332},{"file":472,"line":497,"context":332},902,{"file":472,"line":499,"context":332},917,{"file":472,"line":501,"context":332},918,{"file":472,"line":503,"context":332},928,{"file":472,"line":505,"context":332},938,{"file":472,"line":507,"context":332},944,{"file":472,"line":509,"context":332},951,{"file":472,"line":511,"context":332},957,{"file":472,"line":513,"context":332},964,{"file":515,"line":181,"context":332},"core\\popup.class.php",{"file":515,"line":191,"context":332},{"file":515,"line":518,"context":332},71,{"file":515,"line":200,"context":332},{"file":515,"line":203,"context":332},{"file":515,"line":206,"context":332},{"file":515,"line":262,"context":332},{"file":524,"line":525,"context":332},"core\\progress_bar.class.php",42,{"file":524,"line":525,"context":332},{"file":524,"line":427,"context":332},{"file":524,"line":427,"context":332},{"file":524,"line":427,"context":332},{"file":524,"line":427,"context":332},{"file":524,"line":435,"context":332},{"file":524,"line":435,"context":332},{"file":524,"line":435,"context":332},{"file":524,"line":435,"context":332},{"file":524,"line":437,"context":332},{"file":524,"line":437,"context":332},{"file":524,"line":437,"context":332},{"file":524,"line":437,"context":332},{"file":524,"line":437,"context":332},{"file":524,"line":541,"context":332},49,{"file":543,"line":544,"context":332},"core\\tabs.class.php",97,{"file":543,"line":544,"context":332},{"file":543,"line":547,"context":332},102,{"file":543,"line":319,"context":332},{"file":543,"line":550,"context":332},111,{"file":543,"line":552,"context":332},118,{"file":543,"line":554,"context":332},127,{"file":543,"line":554,"context":332},{"file":543,"line":554,"context":332},{"file":543,"line":558,"context":332},133,{"file":543,"line":560,"context":332},134,{"file":318,"line":562,"context":332},292,{"file":318,"line":564,"context":332},299,{"file":318,"line":566,"context":332},312,{"file":318,"line":568,"context":332},317,{"file":318,"line":570,"context":332},320,{"file":318,"line":572,"context":332},323,{"file":318,"line":574,"context":332},328,{"file":318,"line":576,"context":332},331,{"file":318,"line":578,"context":332},334,{"file":318,"line":580,"context":332},338,{"file":318,"line":582,"context":332},386,{"file":318,"line":584,"context":332},392,{"file":586,"line":587,"context":332},"core\\translation.class.php",139,{"file":586,"line":589,"context":332},151,{"file":586,"line":591,"context":332},152,{"file":586,"line":593,"context":332},158,{"file":586,"line":595,"context":332},166,{"file":586,"line":597,"context":332},190,{"file":586,"line":599,"context":332},218,{"file":586,"line":601,"context":332},221,{"file":586,"line":379,"context":332},{"file":586,"line":383,"context":332},{"file":586,"line":387,"context":332},{"file":586,"line":606,"context":332},230,{"file":586,"line":608,"context":332},257,{"file":586,"line":610,"context":332},341,{"file":586,"line":308,"context":332},{"file":586,"line":613,"context":332},345,{"file":586,"line":615,"context":332},348,{"file":586,"line":617,"context":332},350,{"file":586,"line":619,"context":332},353,{"file":586,"line":621,"context":332},357,{"file":586,"line":623,"context":332},583,{"file":586,"line":625,"context":332},588,{"file":586,"line":627,"context":332},594,{"file":586,"line":629,"context":332},747,{"file":586,"line":631,"context":332},764,{"file":586,"line":633,"context":332},765,{"file":586,"line":473,"context":332},{"file":586,"line":636,"context":332},768,{"file":586,"line":638,"context":332},772,{"file":586,"line":640,"context":332},773,{"file":586,"line":642,"context":332},775,{"file":586,"line":644,"context":332},776,{"file":586,"line":646,"context":332},796,{"file":586,"line":648,"context":332},798,{"file":586,"line":650,"context":332},805,{"file":586,"line":652,"context":332},1027,{"file":586,"line":654,"context":332},1028,{"file":586,"line":656,"context":332},1047,{"file":586,"line":658,"context":332},1048,{"file":586,"line":660,"context":332},1062,{"file":586,"line":662,"context":332},1145,{"file":586,"line":664,"context":332},1148,{"file":586,"line":666,"context":332},1149,{"file":586,"line":668,"context":332},1159,{"file":586,"line":670,"context":332},1162,{"file":586,"line":672,"context":332},1165,{"file":586,"line":674,"context":332},1170,{"file":586,"line":676,"context":332},1339,{"file":586,"line":678,"context":332},1340,{"file":586,"line":680,"context":332},1358,{"file":586,"line":682,"context":332},1359,{"file":586,"line":684,"context":332},1369,{"file":586,"line":686,"context":332},1451,{"file":586,"line":688,"context":332},1454,{"file":586,"line":690,"context":332},1455,{"file":586,"line":692,"context":332},1465,{"file":586,"line":694,"context":332},1468,{"file":586,"line":696,"context":332},1471,{"file":586,"line":698,"context":332},1476,{"file":700,"line":437,"context":332},"core\\tree.class.php",{"file":700,"line":152,"context":332},{"file":700,"line":187,"context":332},{"file":700,"line":704,"context":332},77,{"file":700,"line":706,"context":332},83,{"file":700,"line":708,"context":332},116,{"file":700,"line":710,"context":332},120,{"file":700,"line":323,"context":332},{"file":700,"line":325,"context":332},{"file":151,"line":597,"context":332},{"file":151,"line":372,"context":332},{"file":151,"line":716,"context":332},203,{"file":151,"line":383,"context":332},{"file":151,"line":719,"context":332},749,{"file":151,"line":721,"context":332},757,{"file":151,"line":723,"context":332},759,{"file":151,"line":723,"context":332},{"file":151,"line":726,"context":332},762,{"file":151,"line":728,"context":332},763,{"file":151,"line":631,"context":332},{"file":151,"line":633,"context":332},{"file":151,"line":640,"context":332},{"file":151,"line":640,"context":332},{"file":151,"line":734,"context":332},842,{"file":151,"line":736,"context":332},1059,{"file":151,"line":738,"context":332},1249,{"file":151,"line":740,"context":332},1267,{"file":151,"line":742,"context":332},1300,{"file":151,"line":744,"context":332},1306,{"file":151,"line":746,"context":332},1345,{"file":151,"line":684,"context":332},{"file":151,"line":749,"context":332},1379,{"file":151,"line":751,"context":332},1382,{"file":151,"line":753,"context":332},1426,{"file":151,"line":755,"context":332},1427,{"file":151,"line":755,"context":332},{"file":151,"line":755,"context":332},{"file":151,"line":759,"context":332},1438,{"file":151,"line":761,"context":332},1439,{"file":151,"line":761,"context":332},{"file":151,"line":761,"context":332},{"file":151,"line":761,"context":332},{"file":151,"line":766,"context":332},1446,{"file":151,"line":768,"context":332},1473,{"file":151,"line":770,"context":332},1475,{"file":151,"line":772,"context":332},1635,[],[775,792,803,812,822,842,870,883,892,908,918,933,951,960,970],{"entryPoint":776,"graph":777,"unsanitizedCount":28,"severity":39},"geolocate (automatic-ban-ip.php:735)",{"nodes":778,"edges":790},[779,784],{"id":780,"type":781,"label":782,"file":274,"line":783},"n0","source","$_SERVER",740,{"id":785,"type":786,"label":787,"file":274,"line":788,"wp_function":789},"n1","sink","file_get_contents() [SSRF\u002FLFI]",754,"file_get_contents",[791],{"from":780,"to":785,"sanitized":243},{"entryPoint":793,"graph":794,"unsanitizedCount":14,"severity":39},"flush (core\\admin_table.class.php:170)",{"nodes":795,"edges":801},[796,798],{"id":780,"type":781,"label":797,"file":364,"line":365},"$_SERVER['PHP_SELF'] (x2)",{"id":785,"type":786,"label":799,"file":364,"line":365,"wp_function":800},"echo() [XSS]","echo",[802],{"from":780,"to":785,"sanitized":243},{"entryPoint":804,"graph":805,"unsanitizedCount":28,"severity":39},"translate_add (core\\translation.class.php:178)",{"nodes":806,"edges":810},[807,809],{"id":780,"type":781,"label":808,"file":586,"line":300},"$_POST",{"id":785,"type":786,"label":799,"file":586,"line":383,"wp_function":800},[811],{"from":780,"to":785,"sanitized":243},{"entryPoint":813,"graph":814,"unsanitizedCount":14,"severity":39},"translate_modify (core\\translation.class.php:243)",{"nodes":815,"edges":820},[816,819],{"id":780,"type":781,"label":817,"file":586,"line":818},"$_POST (x2)",250,{"id":785,"type":786,"label":799,"file":586,"line":615,"wp_function":800},[821],{"from":780,"to":785,"sanitized":243},{"entryPoint":823,"graph":824,"unsanitizedCount":841,"severity":39},"translate_create (core\\translation.class.php:607)",{"nodes":825,"edges":838},[826,828,832,836],{"id":780,"type":781,"label":817,"file":586,"line":827},615,{"id":785,"type":786,"label":829,"file":586,"line":830,"wp_function":831},"fopen() [File Access]",652,"fopen",{"id":833,"type":781,"label":834,"file":586,"line":835},"n2","$_POST (x11)",612,{"id":837,"type":786,"label":799,"file":586,"line":629,"wp_function":800},"n3",[839,840],{"from":780,"to":785,"sanitized":243},{"from":833,"to":837,"sanitized":243},13,{"entryPoint":843,"graph":844,"unsanitizedCount":869,"severity":39},"\u003Ctranslation.class> (core\\translation.class.php:0)",{"nodes":845,"edges":864},[846,848,849,850,851,854,859,862],{"id":780,"type":781,"label":847,"file":586,"line":300},"$_POST (x21)",{"id":785,"type":786,"label":799,"file":586,"line":383,"wp_function":800},{"id":833,"type":781,"label":817,"file":586,"line":827},{"id":837,"type":786,"label":829,"file":586,"line":830,"wp_function":831},{"id":852,"type":781,"label":853,"file":586,"line":342},"n4","$_POST (x8)",{"id":855,"type":786,"label":856,"file":586,"line":857,"wp_function":858},"n5","file_put_contents() [File Write]",982,"file_put_contents",{"id":860,"type":781,"label":817,"file":586,"line":861},"n6",610,{"id":863,"type":786,"label":787,"file":586,"line":652,"wp_function":789},"n7",[865,866,867,868],{"from":780,"to":785,"sanitized":243},{"from":833,"to":837,"sanitized":243},{"from":852,"to":855,"sanitized":243},{"from":860,"to":863,"sanitized":243},33,{"entryPoint":871,"graph":872,"unsanitizedCount":177,"severity":882},"\u003Cadmin_table.class> (core\\admin_table.class.php:0)",{"nodes":873,"edges":879},[874,875,876,878],{"id":780,"type":781,"label":797,"file":364,"line":365},{"id":785,"type":786,"label":799,"file":364,"line":365,"wp_function":800},{"id":833,"type":781,"label":877,"file":364,"line":52},"$_GET (x3)",{"id":837,"type":786,"label":799,"file":364,"line":383,"wp_function":800},[880,881],{"from":780,"to":785,"sanitized":243},{"from":833,"to":837,"sanitized":243},"low",{"entryPoint":884,"graph":885,"unsanitizedCount":14,"severity":882},"\u003Cparameters.class> (core\\parameters.class.php:0)",{"nodes":886,"edges":890},[887,889],{"id":780,"type":781,"label":817,"file":472,"line":888},245,{"id":785,"type":786,"label":799,"file":472,"line":476,"wp_function":800},[891],{"from":780,"to":785,"sanitized":243},{"entryPoint":893,"graph":894,"unsanitizedCount":28,"severity":882},"del_param_callback (core.class.php:455)",{"nodes":895,"edges":905},[896,898,901],{"id":780,"type":781,"label":808,"file":151,"line":897},461,{"id":785,"type":899,"label":900,"file":151,"line":897},"transform","→ del_param()",{"id":833,"type":786,"label":902,"file":151,"line":903,"wp_function":904},"update_option() [Settings Manipulation]",441,"update_option",[906,907],{"from":780,"to":785,"sanitized":243},{"from":785,"to":833,"sanitized":243},{"entryPoint":909,"graph":910,"unsanitizedCount":14,"severity":882},"add_param_callback (core.class.php:477)",{"nodes":911,"edges":916},[912,914],{"id":780,"type":781,"label":817,"file":151,"line":913},480,{"id":785,"type":786,"label":902,"file":151,"line":915,"wp_function":904},508,[917],{"from":780,"to":785,"sanitized":243},{"entryPoint":919,"graph":920,"unsanitizedCount":28,"severity":882},"\u003Ccore.class> (core.class.php:0)",{"nodes":921,"edges":928},[922,924,925,926,927],{"id":780,"type":781,"label":923,"file":151,"line":913},"$_POST (x3)",{"id":785,"type":786,"label":902,"file":151,"line":915,"wp_function":904},{"id":833,"type":781,"label":808,"file":151,"line":897},{"id":837,"type":899,"label":900,"file":151,"line":897},{"id":852,"type":786,"label":902,"file":151,"line":903,"wp_function":904},[929,931,932],{"from":780,"to":785,"sanitized":930},true,{"from":833,"to":837,"sanitized":243},{"from":837,"to":852,"sanitized":243},{"entryPoint":934,"graph":935,"unsanitizedCount":949,"severity":950},"testIfBlocked (automatic-ban-ip.php:314)",{"nodes":936,"edges":946},[937,938,941,943],{"id":780,"type":781,"label":782,"file":274,"line":568},{"id":785,"type":786,"label":939,"file":274,"line":303,"wp_function":940},"get_var() [SQLi]","get_var",{"id":833,"type":781,"label":942,"file":274,"line":568},"$_SERVER (x3)",{"id":837,"type":786,"label":944,"file":274,"line":306,"wp_function":945},"query() [SQLi]","query",[947,948],{"from":780,"to":785,"sanitized":243},{"from":833,"to":837,"sanitized":243},4,"high",{"entryPoint":952,"graph":953,"unsanitizedCount":28,"severity":950},"blockIP (automatic-ban-ip.php:366)",{"nodes":954,"edges":958},[955,957],{"id":780,"type":781,"label":782,"file":274,"line":956},369,{"id":785,"type":786,"label":944,"file":274,"line":310,"wp_function":945},[959],{"from":780,"to":785,"sanitized":243},{"entryPoint":961,"graph":962,"unsanitizedCount":28,"severity":950},"configuration_page (automatic-ban-ip.php:514)",{"nodes":963,"edges":968},[964,966],{"id":780,"type":781,"label":782,"file":274,"line":965},621,{"id":785,"type":786,"label":944,"file":274,"line":967,"wp_function":945},625,[969],{"from":780,"to":785,"sanitized":243},{"entryPoint":971,"graph":972,"unsanitizedCount":985,"severity":950},"\u003Cautomatic-ban-ip> (automatic-ban-ip.php:0)",{"nodes":973,"edges":981},[974,975,976,978,979,980],{"id":780,"type":781,"label":782,"file":274,"line":568},{"id":785,"type":786,"label":939,"file":274,"line":303,"wp_function":940},{"id":833,"type":781,"label":977,"file":274,"line":568},"$_SERVER (x5)",{"id":837,"type":786,"label":944,"file":274,"line":306,"wp_function":945},{"id":852,"type":781,"label":782,"file":274,"line":783},{"id":855,"type":786,"label":787,"file":274,"line":788,"wp_function":789},[982,983,984],{"from":780,"to":785,"sanitized":243},{"from":833,"to":837,"sanitized":243},{"from":852,"to":855,"sanitized":243},7,{"summary":987,"deductions":988},"The 'automatic-ban-ip' plugin v1.0.7 exhibits a concerning security posture, primarily due to a significant attack surface with numerous unprotected AJAX handlers. The static analysis reveals 8 AJAX handlers, all of which lack authentication checks, presenting a direct pathway for attackers to trigger potentially malicious actions. Furthermore, the code's handling of dangerous functions like 'unserialize' without apparent sanitization, coupled with 15 taint flows resulting in unsanitized paths, points to a high risk of various injection vulnerabilities.  The plugin's track record of known vulnerabilities, including a recent medium-severity cross-site scripting issue that remains unpatched, reinforces these concerns. While the plugin does utilize prepared statements for some SQL queries and has a limited number of file operations and external HTTP requests, these strengths are heavily outweighed by the critical lack of security controls on its entry points and the evident weaknesses in input sanitization and output escaping.",[989,991,993,996,998,1001,1003],{"reason":990,"points":136},"Unprotected AJAX handlers",{"reason":992,"points":269},"Dangerous function 'unserialize' used",{"reason":994,"points":995},"Taint flows with unsanitized paths",15,{"reason":997,"points":995},"Unpatched CVE (medium severity)",{"reason":999,"points":1000},"Low percentage of properly escaped output",6,{"reason":1002,"points":136},"No nonce checks on AJAX handlers",{"reason":1004,"points":949},"Low percentage of prepared SQL statements","2026-03-16T22:33:28.163Z",{"wat":1007,"direct":1014},{"assetPaths":1008,"generatorPatterns":1011,"scriptPaths":1012,"versionParams":1013},[1009,1010],"\u002Fwp-content\u002Fplugins\u002Fautomatic-ban-ip\u002Fjs\u002Fjquery-jvectormap-1.2.2.min.js","\u002Fwp-content\u002Fplugins\u002Fautomatic-ban-ip\u002Fjs\u002Fjquery-jvectormap-world-mill-en.js",[],[],[],{"cssClasses":1015,"htmlComments":1016,"htmlAttributes":1017,"restEndpoints":1018,"jsGlobals":1019,"shortcodeOutput":1021},[],[],[],[],[1020],"gdpDataSpammer",[]]