[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fOoyCYKLXd6pXO-39QRjsTP9UUiboMsw2aUcw27OunV4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":16,"tags":17,"homepage":16,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":33,"analysis":132,"fingerprints":201},"chronological-spam-removal","Chronological Spam Removal","1.0.4.0","skunkbad","https:\u002F\u002Fprofiles.wordpress.org\u002Fskunkbad\u002F","\u003Cp>PHP V5+ only! This plugin deletes spam from the comments table of the database. It does so by checking it for matches against the characters or words you have blacklisted in Settings->Discussion. Also on the Settings->Discussion page is a setting for the maximum allowed links that a comment can contain. This plugin will delete comments that have too many links. Spam can also be deleted if it has a url in the author url field. This is handy if you don’t have a author url form field in your comment form, and bots are submitting without using your form. Finally, spam can be deleted if there are any non US-en keyboard characters in any comment row. I don’t expect any foreign language characters on my blog, and while I know this setting may be a little harsh, it’s a spammy world out there, and sometimes ya gotta do what ya gotta do.\u003C\u002Fp>\n\u003Cp>This plugin adds a menu item in the Settings section of the admin area. Currently only three options are available:\u003C\u002Fp>\n\u003Cp>1) The frequency to run the automated process of removing spam. Default is twice a day.\u003C\u002Fp>\n\u003Cp>2) Whether or not to remove spam that has been submitted with the website field. Default is NO (unchecked).\u003C\u002Fp>\n\u003Cp>3) Whether or not to remove spam that has non US-en keyboard characters. Default is NO (unchecked).\u003C\u002Fp>\n","Plugin removes comments from the comments table that match blacklisted items, have too many links, or contain a author url (not default), or have non  &hellip;",10,2891,0,"2012-02-26T02:40:00.000Z","3.3.2","",[18,19,20,21,22],"automatic","comments","database","removal","spam","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchronological-spam-removal.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":24,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},2,30,84,"2026-04-04T05:32:03.730Z",[34,56,76,94,111],{"slug":35,"name":36,"version":37,"author":38,"author_profile":39,"description":40,"short_description":41,"active_installs":42,"downloaded":43,"rating":44,"num_ratings":45,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":16,"tags":49,"homepage":54,"download_link":55,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"wp-database-cleaner","WP Database Cleaner","1.0","wpmize","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpmize\u002F","\u003Cp>WP Database Cleaner is a easy to use WordPress plugin that allow users to quickly cleanup and optimize the WordPress database by removing all spam comments, trash comments, unused tags, post revisions, auto drafts, and much more.\u003C\u002Fp>\n\u003Cp>When you have a WordPress site that has a lot of visitors, and presumibly a lot of comments, you may find that a high number of comments will be placed in the spam folder. It is not good to have 10k spam comments saved in the database, because all of these comments can increase consistently the size of the mysql database backups.\u003C\u002Fp>\n\u003Cp>If you have a lot of published posts, you may have post revisions and auto-drafts saved in the database, that can slow down the database performances. All this data is considered junk and it should be cleaned frequently.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Delete post revisions\u003C\u002Fli>\n\u003Cli>Delete auto drafts\u003C\u002Fli>\n\u003Cli>Delete pending comments\u003C\u002Fli>\n\u003Cli>Delete spam comments\u003C\u002Fli>\n\u003Cli>Delete trash comments\u003C\u002Fli>\n\u003Cli>Delete tags with 0 posts associated\u003C\u002Fli>\n\u003Cli>Delete categories with 0 posts associated\u003C\u002Fli>\n\u003Cli>Delete trash posts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>More Information\u003C\u002Fh4>\n\u003Cp>For more details visit \u003Ca href=\"http:\u002F\u002Fwww.wpmize.com\u002Fwordpress-plugins\u002Foptimize-wordpress-database-wp-database-cleaner\u002F\" rel=\"nofollow ugc\">the official plugin URL\u003C\u002Fa>.\u003Cbr \u002F>\nFor more plugins and WordPress tips visit us at \u003Ca href=\"http:\u002F\u002Fwww.wpmize.com\u002F\" rel=\"nofollow ugc\">wpmize.com\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Author\u003C\u002Fh3>\n\u003Cp>WPMize.com\u003Cbr \u002F>\nhttp:\u002F\u002Fwww.wpmize.com\u003C\u002Fp>\n","Cleanup and optimize the database of WordPress sites.",200,24193,96,6,"2012-08-27T12:32:00.000Z","3.4.2","3.0",[50,20,51,52,53],"cleanup-database","optimize","optimize-database","remove-spam-comments","http:\u002F\u002Fwww.wpmize.com\u002Fwordpress-plugins\u002Foptimize-wordpress-database-wp-database-cleaner\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-database-cleaner.zip",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":66,"num_ratings":67,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":16,"tags":71,"homepage":74,"download_link":75,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"delete-spam-daily","Delete Spam Daily","1.0.2","brockangelo","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrockangelo\u002F","\u003Cp>This plugin schedules a daily event using wp_cron that deletes all comments marked “spam” in the database, then optimizes the comments table.\u003C\u002Fp>\n\u003Cp>Brief reason why I made such a low-tech plugin:\u003C\u002Fp>\n\u003Cp>Akismet catches all the spam, but when I was looking at the size of my backups one day,\u003Cbr \u002F>\nI noticed that there were large numbers of comment spam across several sites that were undeleted and they\u003Cbr \u002F>\nmade the databases fairly large. So I setup a cron job on my server that deletes the spam.\u003C\u002Fp>\n\u003Cp>Since I had never written a plugin, I thought this might be helpful for those who do not have\u003Cbr \u002F>\na dedicated server, shell access to their site, or the knowledge of (or interest in ) cron to set this up.\u003C\u002Fp>\n\u003Cp>Spam is not deleted until you start the schedule after the plugin is activated. I created buttons\u003Cbr \u002F>\nto start and stop the schedule if you need that layer of control. There is also a button for deleting all spam manually.\u003C\u002Fp>\n","Uses wp_cron to delete comments each day that are marked \"spam\" in the database.",80,9408,100,1,"2009-05-28T17:35:00.000Z","2.7.1","2.1.0",[19,72,20,73,22],"cron","delete","http:\u002F\u002Fbrockangelo.com\u002Fwordpress\u002Fplugins\u002Fdelete-spam-daily\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdelete-spam-daily.1.0.2.zip",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":30,"downloaded":84,"rating":66,"num_ratings":29,"last_updated":85,"tested_up_to":86,"requires_at_least":48,"requires_php":16,"tags":87,"homepage":90,"download_link":91,"security_score":92,"vuln_count":67,"unpatched_count":67,"last_vuln_date":93,"fetched_at":26},"automatic-ban-ip","Automatic Ban IP","1.0.7","KaizenCoders","https:\u002F\u002Fprofiles.wordpress.org\u002Fkaizencoders\u002F","\u003Cp>Block IP addresses which are suspicious and try to post on your blog spam comments.\u003C\u002Fp>\n\u003Cp>This plugin need that you create an account on the Honey Pot Project (https:\u002F\u002Fwww.projecthoneypot.org, free api) or that you install the Spam Captcha plugin.\u003C\u002Fp>\n\u003Cp>In addition, if you want to geolocate the spammers your may create an account on (http:\u002F\u002Fipinfodb.com\u002F, free api). Thus, you may display a world map with the concentration of spammers.\u003C\u002Fp>\n\u003Cp>Spammers may be blocked either by PHP based restrictions (i.e. WordPress generates a 403 page for such identified users) or by Apache based restriction (using Deny from in .htaccess file).\u003C\u002Fp>\n\u003Cp>The Apache restriction is far more efficient when hundreds of hosts sent you spams in few minutes.\u003C\u002Fp>\n\u003Ch4>Multisite – WordPress MU\u003C\u002Fh4>\n\u003Ch4>Localization\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Afrikaans (South Africa) translation provided by SedLex, JanvanNiekerk\u003C\u002Fli>\n\u003Cli>English (United States), default language\u003C\u002Fli>\n\u003Cli>Japanese (Japan) translation provided by OsamuKudo\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features of the framework\u003C\u002Fh4>\n\u003Cp>This plugin uses the SL framework. This framework eases the creation of new plugins by providing tools and frames (see dev-toolbox plugin for more info).\u003C\u002Fp>\n\u003Cp>You may easily translate the text of the plugin and submit it to the developer, send a feedback, or choose the location of the plugin in the admin panel.\u003C\u002Fp>\n\u003Cp>Have fun !\u003C\u002Fp>\n","Block IP addresses which are suspicious and try to post on your blog spam comments.",5292,"2016-04-17T08:59:00.000Z","4.5.33",[18,88,19,89,22],"ban","ip","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fautomatic-ban-ip\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fautomatic-ban-ip.zip",63,"2025-04-09 00:00:00",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":11,"downloaded":102,"rating":13,"num_ratings":13,"last_updated":103,"tested_up_to":104,"requires_at_least":105,"requires_php":16,"tags":106,"homepage":16,"download_link":110,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"another-comments-cleaner","Another Comments Cleaner","0.8","CNHK SYSTEMS","https:\u002F\u002Fprofiles.wordpress.org\u002Fcnhk_systems\u002F","\u003Cp>The plugin periodically deletes or moves to trash comments based on the comment status. You can use one of the default WordPress CRON periods or use a custom hour and interval.\u003C\u002Fp>\n\u003Cp>The administartion page is under the \u003Cem>“Comments”\u003C\u002Fem> main menu\u003C\u002Fp>\n","Delete or trash automatically comments based on status using WP_Cron",1483,"2016-12-12T00:41:00.000Z","4.7.32","4.6",[107,19,108,22,109],"clean-database","comments-delete","spam-delete","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fanother-comments-cleaner.0.8.zip",{"slug":112,"name":113,"version":114,"author":115,"author_profile":116,"description":117,"short_description":118,"active_installs":13,"downloaded":119,"rating":13,"num_ratings":13,"last_updated":16,"tested_up_to":120,"requires_at_least":121,"requires_php":122,"tags":123,"homepage":129,"download_link":130,"security_score":66,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":131},"content-guard-pro","Content Guard Pro – Database Malware Scanner & Spam Detector","1.0.6","contentguardpro","https:\u002F\u002Fprofiles.wordpress.org\u002Fcontentguardpro\u002F","\u003Cp>Your file scanner says “all clear” — but Google just flagged your site for spam.\u003C\u002Fp>\n\u003Cp>Attackers don’t always hide in files. They inject spam links directly into your Gutenberg blocks, bury SEO poison in postmeta, and hide obfuscated scripts in custom fields. \u003Cstrong>Traditional security plugins don’t scan there. Content Guard Pro does.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Content Guard Pro is a database-first malware scanner that finds hidden threats in your WordPress content — the blind spot in your current security stack.\u003C\u002Fp>\n\u003Ch4>The Gap in Your WordPress Security\u003C\u002Fh4>\n\u003Cp>Most security plugins scan files. That’s essential — but it’s only half the picture.\u003C\u002Fp>\n\u003Cp>Malware and spam increasingly bypass file scanners by injecting directly into your database:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Post content\u003C\u002Fstrong> — Hidden pharma links and casino spam inside nested Gutenberg blocks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom fields (postmeta)\u003C\u002Fstrong> — SEO spam and malicious redirects buried in metadata\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Widget areas\u003C\u002Fstrong> — Injected scripts that survive every file scan\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Options table\u003C\u002Fstrong> — Persistent backdoors and cloaked content\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you’ve ever cleaned a hacked site only to have Google flag it again weeks later, database-resident threats are likely the reason. Content Guard Pro finds them.\u003C\u002Fp>\n\u003Ch4>How Content Guard Pro Protects Your Site\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Find what other security plugins miss.\u003C\u002Fstrong> Content Guard Pro scans your posts, pages, custom post types, and metadata — the places where WordPress actually stores your content.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Know exactly what to fix first.\u003C\u002Fstrong> Every finding gets a confidence score from 0 to 100 and a severity level (Critical, Suspicious, or Review). No guesswork, no alert fatigue.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Scan without slowing down your site.\u003C\u002Fstrong> Background batch processing with auto-throttling means scans run smoothly even on shared hosting. Your visitors never notice.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Keep false positives low.\u003C\u002Fstrong> Accessibility-aware detection respects screen reader classes. Configurable allowlists let you whitelist trusted domains and patterns.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Maintain a complete audit trail.\u003C\u002Fstrong> Every scan, every finding, every action — tracked and timestamped for forensics and compliance.\u003C\u002Fp>\n\u003Ch4>What the Malware Scanner Detects\u003C\u002Fh4>\n\u003Cp>Content Guard Pro catches a wide range of database-resident threats:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Hidden spam links\u003C\u002Fstrong> — Cloaked content using \u003Ccode>display:none\u003C\u002Fcode>, \u003Ccode>visibility:hidden\u003C\u002Fcode>, \u003Ccode>opacity:0\u003C\u002Fcode>, \u003Ccode>font-size:0\u003C\u002Fcode>, and other CSS tricks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Suspicious external resources\u003C\u002Fstrong> — Unknown \u003Ccode>\u003Ciframe>\u003C\u002Fcode> and \u003Ccode>\u003Cscript>\u003C\u002Fcode> tags loading remote content\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SEO spam injections\u003C\u002Fstrong> — Pharma, casino, crypto, and gambling keyword stuffing\u003C\u002Fli>\n\u003Cli>\u003Cstrong>URL shorteners and redirectors\u003C\u002Fstrong> — bit.ly, t.co, cutt.ly, and other redirect services hiding malicious destinations\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Obfuscated JavaScript\u003C\u002Fstrong> — \u003Ccode>eval()\u003C\u002Fcode>, \u003Ccode>fromCharCode()\u003C\u002Fcode>, Base64-encoded scripts, and \u003Ccode>data:\u003C\u002Fcode> URIs\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Serialized PHP malware\u003C\u002Fstrong> — Threats hidden inside PHP arrays in postmeta, options, and page builder data\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cryptocurrency miners\u003C\u002Fstrong> — Coinhive, CryptoLoot, JSEcoin, and similar scripts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multi-layer encoded attacks\u003C\u002Fstrong> — Automatically peels back up to 3 layers of obfuscation: Base64 \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> URL encoding \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> ROT13 \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> hex \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> octal\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Works Alongside Your Existing Security Plugins\u003C\u002Fh4>\n\u003Cp>Content Guard Pro is designed to \u003Cstrong>complement\u003C\u002Fstrong> file-based security, not replace it.\u003C\u002Fp>\n\u003Cp>Already using Wordfence, Sucuri, iThemes Security, All-In-One Security, or MalCare? Great — those tools protect your files. Content Guard Pro covers the database layer they don’t scan. Together, you get complete WordPress security coverage.\u003C\u002Fp>\n\u003Ch4>Built for WordPress Professionals\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Agencies managing client sites\u003C\u002Fstrong> — Find database threats before clients or Google discover them. Use findings to demonstrate the value of your security retainer.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Freelancers and consultants\u003C\u002Fstrong> — Add content-layer scanning to your cleanup and maintenance workflow. Catch what file scanners leave behind.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>E-commerce site owners\u003C\u002Fstrong> — Protect product descriptions and category pages from SEO spam that damages your search rankings and revenue.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security professionals\u003C\u002Fstrong> — Fill the database gap in your security stack with specialized content-layer analysis.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Gutenberg Block Editor Security\u003C\u002Fh4>\n\u003Cp>WordPress stores content as nested blocks — and attackers exploit this. Content Guard Pro includes a recursive Gutenberg block parser that inspects every layer of nested blocks, including reusable blocks and block patterns. It also scans content in the Classic Editor with a dedicated meta box for findings.\u003C\u002Fp>\n\u003Ch4>Serialized Data Inspector\u003C\u002Fh4>\n\u003Cp>Page builders like Elementor, Beaver Builder, and Divi store data as serialized PHP arrays. Content Guard Pro safely unserializes and recursively inspects these structures up to 10 levels deep, detecting malware hidden in keys like \u003Ccode>custom_css\u003C\u002Fcode>, \u003Ccode>custom_js\u003C\u002Fcode>, \u003Ccode>callback\u003C\u002Fcode>, \u003Ccode>raw_html\u003C\u002Fcode>, and more.\u003C\u002Fp>\n\u003Ch4>Performance You Can Trust\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Scans approximately 100 posts in 30–60 seconds on shared hosting\u003C\u002Fli>\n\u003Cli>Auto-throttling prevents timeouts and resource exhaustion\u003C\u002Fli>\n\u003Cli>Resumable scans survive server restarts\u003C\u002Fli>\n\u003Cli>Safe Mode activates automatically for large sites (over 2 million rows)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Developer-Friendly\u003C\u002Fh4>\n\u003Cp>Content Guard Pro provides hooks and filters for customization:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>content_guard_pro_loaded\u003C\u002Fcode> — Plugin initialization\u003C\u002Fli>\n\u003Cli>\u003Ccode>content_guard_pro_finding_saved\u003C\u002Fcode> — After a finding is stored\u003C\u002Fli>\n\u003Cli>\u003Ccode>content_guard_pro_detection_patterns\u003C\u002Fcode> — Modify or add detection rules\u003C\u002Fli>\n\u003Cli>\u003Ccode>content_guard_pro_allowlist_domains\u003C\u002Fcode> — Programmatic domain allowlisting\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>REST API available at \u003Ccode>\u002Fwp-json\u002Fcontent-guard-pro\u002Fv1\u002Ffindings\u003C\u002Fcode> for programmatic access (Premium Agency+ tiers).\u003C\u002Fp>\n\u003Ch4>External Services & Privacy\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>API Connection:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin connects to Content Guard Pro API (api.contentguardpro.com) for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Free tier activation tracking (site URL, WP version, PHP version, plugin version)\u003C\u002Fli>\n\u003Cli>License validation when a paid license key is entered\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>What is sent:\u003C\u002Fstrong> Site URL, site name, WordPress version, PHP version, plugin version, and admin email (free tier only). Sent once on activation via asynchronous, non-blocking request.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Privacy:\u003C\u002Fstrong> All data sent over HTTPS. No post content or scan data is ever transmitted. All scanning happens locally on your server.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Service provider:\u003C\u002Fstrong> Content Guard Pro Team\u003Cbr \u002F>\n\u003Cstrong>Terms:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fcontentguardpro.com\u002Fterms\" rel=\"nofollow ugc\">https:\u002F\u002Fcontentguardpro.com\u002Fterms\u003C\u002Fa>\u003Cbr \u002F>\n\u003Cstrong>Privacy Policy:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fcontentguardpro.com\u002Fprivacy\" rel=\"nofollow ugc\">https:\u002F\u002Fcontentguardpro.com\u002Fprivacy\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Documentation & Support\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Documentation:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fcontentguardpro.com\u002Fdocs\" rel=\"nofollow ugc\">https:\u002F\u002Fcontentguardpro.com\u002Fdocs\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Support Forum:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fcontent-guard-pro\u002F\" rel=\"ugc\">https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fcontent-guard-pro\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Bug Reports:\u003C\u002Fstrong> WordPress.org support forum\u003C\u002Fli>\n\u003C\u002Ful>\n","Scan your WordPress database for hidden malware, spam links, and SEO injections that file-based security plugins miss. Gutenberg-aware.",233,"6.9.4","6.1","8.0",[124,125,126,127,128],"database-security","malware-removal","malware-scanner","security-scanner","spam-detection","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcontent-guard-pro","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcontent-guard-pro.1.0.6.zip","2026-03-15T10:48:56.248Z",{"attackSurface":133,"codeSignals":165,"taintFlows":188,"riskAssessment":189,"analyzedAt":200},{"hooks":134,"ajaxHandlers":157,"restRoutes":158,"shortcodes":159,"cronEvents":160,"entryPointCount":13,"unprotectedCount":13},[135,141,146,149,153],{"type":136,"name":137,"callback":138,"file":139,"line":140},"action","init","plugin_init","chronological_spam_removal.php",17,{"type":142,"name":143,"callback":144,"file":139,"line":145},"filter","cron_schedules","add_custom_frequency",27,{"type":136,"name":147,"callback":148,"file":139,"line":30},"chronological_spam_removal","do_delete_spam",{"type":136,"name":150,"callback":151,"file":139,"line":152},"admin_menu","plugin_options",45,{"type":136,"name":154,"callback":155,"file":139,"line":156},"admin_init","register_settings",58,[],[],[],[161,163],{"hook":147,"callback":147,"file":139,"line":162},38,{"hook":147,"callback":147,"file":139,"line":164},72,{"dangerousFunctions":166,"sqlUsage":167,"outputEscaping":172,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":67,"bundledLibraries":187},[],{"prepared":13,"raw":67,"locations":168},[169],{"file":139,"line":170,"context":171},120,"$wpdb->get_col() with variable interpolation",{"escaped":13,"rawEcho":45,"locations":173},[174,177,179,181,183,185],{"file":139,"line":175,"context":176},185,"raw output",{"file":139,"line":178,"context":176},201,{"file":139,"line":180,"context":176},203,{"file":139,"line":182,"context":176},205,{"file":139,"line":184,"context":176},213,{"file":139,"line":186,"context":176},221,[],[],{"summary":190,"deductions":191},"The chronological-spam-removal plugin v1.0.4.0 exhibits a concerning security posture despite a clean vulnerability history. The static analysis reveals a significant lack of security best practices. Notably, 100% of SQL queries are not using prepared statements, posing a high risk of SQL injection vulnerabilities. Furthermore, none of the identified output operations are properly escaped, opening the door for cross-site scripting (XSS) attacks. The absence of nonce checks on any potential entry points, while the attack surface is currently minimal and appears to have capability checks on one entry point, remains a significant concern if the attack surface expands. The plugin's vulnerability history is currently clean, with no recorded CVEs, which is a positive indicator. However, this does not negate the inherent risks identified in the code's implementation. The current version of the plugin demonstrates a disregard for fundamental WordPress security principles, making it vulnerable to common web attacks. While its limited attack surface and lack of known vulnerabilities offer some reassurance, the identified code quality issues are substantial and require immediate attention.",[192,194,197],{"reason":193,"points":11},"100% of SQL queries not using prepared statements",{"reason":195,"points":196},"0% of output operations properly escaped",8,{"reason":198,"points":199},"No nonce checks on entry points",5,"2026-03-17T01:02:53.884Z",{"wat":202,"direct":207},{"assetPaths":203,"generatorPatterns":204,"scriptPaths":205,"versionParams":206},[],[],[],[],{"cssClasses":208,"htmlComments":213,"htmlAttributes":214,"restEndpoints":219,"jsGlobals":220,"shortcodeOutput":221},[209,210,211,212],"wrap","form-table","submit","button-primary",[],[215,216,217,218],"name=\"chronological_spam_removal[frequency]\"","name=\"chronological_spam_removal[no_author_url]\"","name=\"chronological_spam_removal[us-en_characters_only]\"","value=\"TRUE\"",[],[],[222,223,224,225,226,227],"\u003Ch2>Chronological Spam Removal Options\u003C\u002Fh2>","\u003Cth scope=\"row\">Frequency\u003C\u002Fth>","\u003Cth scope=\"row\">No URL Form Field\u003C\u002Fth>","\u003Cth scope=\"row\">US-en Characters Only\u003C\u002Fth>","\u003Cinput type=\"checkbox\" name=\"chronological_spam_removal[no_author_url]\" value=\"TRUE\"","\u003Cinput type=\"checkbox\" name=\"chronological_spam_removal[us-en_characters_only]\" value=\"TRUE\""]