WP-Safety

WP Battle by Alex Lundin Security & Risk Analysis

wordpress.org/plugins/battle-by-alex-lundin

Here is a short description of the plugin. This should be no more than 150 characters. No markup here.

0 active installs v1.0.1 PHP + WP 5.6+ Updated Dec 6, 2022
commentsspam
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WP Battle by Alex Lundin Safe to Use in 2026?

Generally Safe

Score 85/100

WP Battle by Alex Lundin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The 'battle-by-alex-lundin' plugin v1.0.1 presents a mixed security posture. On the positive side, it demonstrates good practices regarding output escaping, with all outputs being properly sanitized. It also avoids dangerous functions, file operations, and external HTTP requests, which are common sources of vulnerabilities. The absence of any known CVEs, past or present, and no recorded common vulnerability types further suggest a generally stable codebase. However, a significant concern arises from the unprotected attack surface. A large proportion of the plugin's entry points, specifically all 6 REST API routes, lack proper permission callbacks, exposing them to potential unauthorized access and manipulation. Additionally, the complete absence of nonce checks is a critical oversight, especially when combined with unprotected entry points, as it leaves the plugin vulnerable to Cross-Site Request Forgery (CSRF) attacks. The 40% of SQL queries not using prepared statements also represent a potential risk for SQL injection vulnerabilities, though this is mitigated somewhat by the presence of capability checks for some operations.

Key Concerns

  • REST API routes without permission callbacks
  • Missing nonce checks
  • SQL queries without prepared statements
Vulnerabilities
None known

WP Battle by Alex Lundin Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

WP Battle by Alex Lundin Code Analysis

Dangerous Functions
0
Raw SQL Queries
18
12 prepared
Unescaped Output
0
9 escaped
Nonce Checks
0
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

40% prepared30 total queries

Output Escaping

100% escaped9 total outputs
Attack Surface
6 unprotected

WP Battle by Alex Lundin Attack Surface

Entry Points7
Unprotected6

REST API Routes 6

GET/wp-json/asl-battle/v1/battlesadmin\AslBattleAdmin.php:230
GET/wp-json/asl-battle/v1/battles/(?P<id>\d+)admin\AslBattleAdmin.php:242
GET/wp-json/asl-battle/v1/battles/(?P<id>\d+)/arguments/admin\AslBattleAdmin.php:260
GET/wp-json/asl-battle/v1/battles/(?P<post_id>\d+)/arguments/(?P<id>\d+)admin\AslBattleAdmin.php:272
GET/wp-json/asl-battle/v1/battles/(?P<id>\d+)/commentsadmin\AslBattleAdmin.php:290
GET/wp-json/asl-battle/v1/battles/(?P<post_id>\d+)/comments/(?P<id>\d+)admin\AslBattleAdmin.php:302

Shortcodes 1

[asl-battle] public\AslBattlePublic.php:60
WordPress Hooks 11
actionplugins_loadedincludes\AslBattleClass.php:148
actionadmin_enqueue_scriptsincludes\AslBattleClass.php:164
actionadmin_enqueue_scriptsincludes\AslBattleClass.php:165
actioninitincludes\AslBattleClass.php:167
actionadmin_menuincludes\AslBattleClass.php:168
actionrest_api_initincludes\AslBattleClass.php:169
actionadmin_menuincludes\AslBattleClass.php:170
actionwp_enqueue_scriptsincludes\AslBattleClass.php:184
actionwp_enqueue_scriptsincludes\AslBattleClass.php:185
actioninitincludes\AslBattleClass.php:186
actioninitincludes\AslBattleClass.php:187
Maintenance & Trust

WP Battle by Alex Lundin Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10
Last updatedDec 6, 2022
PHP min version
Downloads854

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

WP Battle by Alex Lundin Alternatives

Akismet Anti-spam: Spam Protection

Akismet Anti-spam: Spam Protection

akismet

A
99

The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.

6.0M 2 CVEs
Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]

Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]

disable-comments

A
99

Allows administrators to globally disable comments on their site. Comments can be disabled according to post type. Multisite friendly.

1.0M 1 CVE
Antispam Bee

Antispam Bee

antispam-bee

A
100

Sophisticated antispam plugin for effective daily comment and trackback spam-fighting. Built with data protection and privacy in mind.

700K 1 CVE
Spam protection, Honeypot, Anti-Spam by CleanTalk

Spam protection, Honeypot, Anti-Spam by CleanTalk

cleantalk-spam-protect

B
76

Blocks spam comments, fake users, contact form spam and more. No impact on SEO. Privacy focused. CAPTCHA free, premium Antispam plugin.

200K 13 CVEs
Captcha Code

Captcha Code

captcha-code-authentication

A
99

GDPR compatible captcha anti-spam protection for login form, comments form, registration form & lost password form. Eliminate spam with captcha.

100K 2 CVEs
Developer Profile

WP Battle by Alex Lundin Developer Profile

alexlundin

3 plugins · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WP Battle by Alex Lundin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/battle-by-alex-lundin/admin/frontend/build/index.css/wp-content/plugins/battle-by-alex-lundin/admin/frontend/build/index.js
Version Parameters
/battle-by-alex-lundin/admin/frontend/build/index.css?ver=/battle-by-alex-lundin/admin/frontend/build/index.js?ver=

HTML / DOM Fingerprints

Data Attributes
data-reactroot
JS Globals
asl_battles_admin
REST Endpoints
/wp-json/wp/v2/users
FAQ

Frequently Asked Questions about WP Battle by Alex Lundin