Does BSK Forms Blacklist have any unpatched vulnerabilities?

No. All known vulnerabilities in BSK Forms Blacklist have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is BSK Forms Blacklist compatible with WordPress 6.8.5?

According to WordPress.org data, BSK Forms Blacklist 4.2 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is BSK Forms Blacklist updated?

BSK Forms Blacklist was last updated on Sep 1, 2025. Frequent updates are generally a positive security signal.

What is BSK Forms Blacklist's security score?

BSK Forms Blacklist has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BSK Forms Blacklist Security Review

Safety Verdict

Is BSK Forms Blacklist Safe to Use in 2026?

Generally Safe

Score 96/100

BSK Forms Blacklist has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Jan 3, 2025Updated 7mo ago

Risk Assessment

The bsk-gravityforms-blacklist plugin v4.2 presents a mixed security posture. While it demonstrates good practices by securing all identified entry points (AJAX handlers) and largely utilizing prepared statements for SQL queries, several areas raise concern. The presence of 4 instances of the dangerous 'unserialize' function is a significant red flag, as unserialization of untrusted input can lead to arbitrary code execution vulnerabilities. Furthermore, the taint analysis indicates 14 flows with unsanitized paths, although thankfully none were classified as critical or high severity. The plugin's vulnerability history reveals a concerning pattern with 5 previously disclosed CVEs, including a high-severity one, and a recent high-severity vulnerability reported in early 2025. This suggests a history of security weaknesses that, while currently patched, require diligent monitoring and timely updates.

Key Concerns

Dangerous function: unserialize found
Flows with unsanitized paths found
Previous high severity vulnerability
Total of 5 known CVEs
Only 26% of outputs properly escaped

Vulnerabilities

5

BSK Forms Blacklist Security Vulnerabilities

CVEs by Year

2 CVEs in 2023

2023

2 CVEs in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

1

Medium

4

5 total CVEs

CVE-2025-22347medium · 4.3Cross-Site Request Forgery (CSRF)

BSK Forms Blacklist <= 3.9 - Cross-Site Request Forgery

Jan 3, 2025 Patched in 4.0 (113d)

CVE-2024-47624medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BSK Forms Blacklist <= 3.8.1 - Reflected Cross-Site Scripting

Sep 30, 2024 Patched in 3.9 (11d)

CVE-2024-43233medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BSK Forms Blacklist <= 3.8 - Reflected Cross-Site Scripting

Aug 9, 2024 Patched in 3.8.1 (5d)

CVE-2023-5980medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BSK Forms Blacklist <= 3.6.3 - Authenticated (Admin+) Stored Cross-Site Scripting

Nov 28, 2023 Patched in 3.7 (56d)

CVE-2023-30872high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

BSK Forms Blacklist <= 3.6.2 - Authenticated (Administrator+) SQL Injection via 'order' and 'orderby'

Apr 24, 2023 Patched in 3.6.3 (274d)

Code Analysis

Analyzed Mar 16, 2026

BSK Forms Blacklist Code Analysis

Dangerous Functions

4

Raw SQL Queries

7

64 prepared

Unescaped Output

504

175 escaped

Nonce Checks

14

Capability Checks

9

File Operations

0

External Requests

5

Bundled Libraries

0

Dangerous Functions Found

unserialize$list_extra_array = unserialize( $hits_data[$field_ID]['list_extra'] );classes\dashboard\common.php:297

unserialize$ip_list_extra = unserialize( $list_obj_array[0]->extra );classes\dashboard\list.php:59

unserialize$extra_array = unserialize( $list->extra );classes\dashboard\lists.php:175

unserialize$list_extra_data = unserialize( $list_data_results[0]->extra );classes\submitting\common.php:74

SQL Query Safety

90% prepared71 total queries

Output Escaping

26% escaped679 total outputs

Data Flows

14 unsanitized

Data Flow Analysis

23 flows14 with unsanitized paths

display (classes\dashboard\dashboard-settings.php:18)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

BSK Forms Blacklist Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_bsk_gfblcv_wpforms_get_list_by_typeclasses\dashboard\wpforms\wpforms.php:18

authwp_ajax_bsk_gfblcv_ip_list_test_APIclasses\ip-country\ip-country.php:295

WordPress Hooks 52

actionadmin_enqueue_scriptsbsk-gravityforms-blacklist.php:94

actionwp_enqueue_scriptsbsk-gravityforms-blacklist.php:95

actioninitbsk-gravityforms-blacklist.php:96

actionplugins_loadedbsk-gravityforms-blacklist.php:98

actionplugins_loadedbsk-gravityforms-blacklist.php:99

actionwpcf7_editor_panelsclasses\dashboard\cf7\cf7.php:7

actionwpcf7_after_saveclasses\dashboard\cf7\cf7.php:8

actionbsk_gfblcv_save_general_settingsclasses\dashboard\dashboard-settings.php:13

actionbsk_gfblcv_save_blocked_data_settingsclasses\dashboard\dashboard-settings.php:14

actionbsk_gfblcv_save_sending_invitation_code_settingsclasses\dashboard\dashboard-settings.php:15

actionadmin_menuclasses\dashboard\dashboard.php:62

filterset-screen-optionclasses\dashboard\dashboard.php:64

actiongform_after_delete_formclasses\dashboard\dashboard.php:66

actionadmin_noticesclasses\dashboard\dashboard.php:68

actionfrm_entry_shared_sidebar_middleclasses\dashboard\formidable-forms\form-entry.php:7

actionfrm_after_field_optionsclasses\dashboard\formidable-forms\form-field.php:7

filterfrm_default_field_optsclasses\dashboard\formidable-forms\form-field.php:8

filterfrm_add_form_settings_sectionclasses\dashboard\formidable-forms\form-settings.php:10

filterfrm_form_options_before_updateclasses\dashboard\formidable-forms\form-settings.php:11

actionadmin_menuclasses\dashboard\forminator\forminator.php:21

actionbsk_gfblcv_save_forminator_form_settingsclasses\dashboard\forminator\settings.php:17

actionbsk_gfblcv_save_forminator_field_settingsclasses\dashboard\forminator\settings.php:18

filtergform_entry_detail_meta_boxesclasses\dashboard\gravityforms\form-entry.php:8

filtergform_admin_pre_renderclasses\dashboard\gravityforms\form-field.php:10

actiongform_field_advanced_settingsclasses\dashboard\gravityforms\form-field.php:11

actiongform_editor_jsclasses\dashboard\gravityforms\form-field.php:12

filtergform_tooltipsclasses\dashboard\gravityforms\form-field.php:14

filtergform_form_settings_menuclasses\dashboard\gravityforms\form-settings.php:9

actiongform_form_settings_page_bsk_gfblcv_form_settingsclasses\dashboard\gravityforms\form-settings.php:11

actionbsk_gfblcv_save_listclasses\dashboard\list.php:9

actionbsk_gfblcv_save_itemclasses\dashboard\list.php:10

actionbsk_gfblcv_delete_itemclasses\dashboard\list.php:11

actionbsk_gfblcv_delete_list_by_idclasses\dashboard\list.php:12

actionadmin_noticesclasses\dashboard\list.php:728

actionadmin_noticesclasses\dashboard\list.php:755

actionwpforms_entry_details_sidebarclasses\dashboard\wpforms\form-entry.php:8

actionwpforms_field_options_bottom_advanced-optionsclasses\dashboard\wpforms\form-field.php:11

actionwpforms_field_options_bottom_advanced-optionsclasses\dashboard\wpforms\form-field.php:12

filterwpforms_builder_settings_sectionsclasses\dashboard\wpforms\form-settings.php:9

actionwpforms_form_settings_panel_contentclasses\dashboard\wpforms\form-settings.php:10

filterwpcf7_validateclasses\submitting\cf7.php:12

filterfrm_validate_entryclasses\submitting\formidable-forms.php:15

filterforminator_custom_form_submit_errorsclasses\submitting\forminator.php:14

filterforminator_render_form_markupclasses\submitting\forminator.php:17

filtergform_validationclasses\submitting\gravityforms.php:12

actionwpforms_process_validate_textclasses\submitting\wpforms.php:12

actionwpforms_process_validate_nameclasses\submitting\wpforms.php:13

actionwpforms_process_validate_emailclasses\submitting\wpforms.php:14

actionwpforms_process_validate_textareaclasses\submitting\wpforms.php:15

actionwpforms_process_validate_addressclasses\submitting\wpforms.php:16

actionwpforms_process_validate_phoneclasses\submitting\wpforms.php:17

actionwpforms_process_validate_urlclasses\submitting\wpforms.php:18

Maintenance & Trust

BSK Forms Blacklist Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedSep 1, 2025

PHP min version

Downloads35K

Community Trust

Rating86/100

Number of ratings12

Active installs1K

Alternatives

BSK Forms Blacklist Alternatives

Gravity Forms Email Blacklist

gravity-forms-email-blacklist

A

92

Add-on for Gravity Forms to create a Blacklisting of specific emails or domains for the Email input field to throw a validation error or mark as spam.

10K No CVEs

WP Contact Slider – Contact Form Slider Widget

wp-contact-slider

A

99

Helps you to show slide out contact form to display CF7, Gravity forms, Ninja Forms, WP Forms, display random text/HTML and support some other forms.

10K 2 CVEs

Gravity Forms Block Email Domains

gf-block-email-domains

A

92

Easily set a list of email domains to block on email fields in Gravity Forms.

1K No CVEs

WP Mautic Form Integrator

wp-mautic-form-integrator

A

85

Mautic is a marketing automation software and WP Mautic Form Integrator plugin is a bridge between Mautic and several highly used form plugins.

200 No CVEs

Blacklist Unwanted Email – Formidable Forms

block-email-formidable-form

A

85

This is a free add-on plugin for Formidable Forms , which validates the email field and restrict unwanted email submission as well as allowed only bus …

100 No CVEs

Developer Profile

BSK Forms Blacklist Developer Profile

bannersky

3 plugins · 8K total installs

75

trust score

Avg Security Score

94/100

Avg Patch Time

701 days

View full developer profile

Detection Fingerprints

How We Detect BSK Forms Blacklist

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bsk-gravityforms-blacklist/js/bsk-gfblcv-admin.js/wp-content/plugins/bsk-gravityforms-blacklist/css/bsk-gfblcv-admin.css/wp-content/plugins/bsk-gravityforms-blacklist/css/bsk-gfblcv-frontend.css/wp-content/plugins/bsk-gravityforms-blacklist/js/bsk-gfblcv-frontend.js

Script Paths

/wp-content/plugins/bsk-gravityforms-blacklist/js/bsk-gfblcv-admin.js/wp-content/plugins/bsk-gravityforms-blacklist/js/bsk-gfblcv-frontend.js

Version Parameters

bsk-gravityforms-blacklist/js/bsk-gfblcv-admin.js?ver=bsk-gravityforms-blacklist/css/bsk-gfblcv-admin.css?ver=bsk-gravityforms-blacklist/css/bsk-gfblcv-frontend.css?ver=bsk-gravityforms-blacklist/js/bsk-gfblcv-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

bsk-gfblcv-admin-wrapper

HTML Comments

+1 more

Data Attributes

data-bsk-gfblcv-admin-urldata-bsk-gfblcv-plugin-path

JS Globals

bsk_gfblcv_vars

FAQ

BSK Forms Blacklist Security & Risk Analysis