Does Comment Blacklist Updater have any unpatched vulnerabilities?

No. All known vulnerabilities in Comment Blacklist Updater have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Comment Blacklist Updater compatible with WordPress 6.3.8?

According to WordPress.org data, Comment Blacklist Updater 1.2.2 has been tested up to WordPress 6.3.8. Check the plugin's changelog for the latest compatibility information.

Is Comment Blacklist Updater compatible with PHP 5.6+?

Comment Blacklist Updater requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Comment Blacklist Updater updated?

Comment Blacklist Updater was last updated on Sep 26, 2023. Frequent updates are generally a positive security signal.

What is Comment Blacklist Updater's security score?

Comment Blacklist Updater has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Comment Blacklist Updater Security & Risk Analysis

wordpress.org/plugins/comment-blacklist-updater

Update "Comment Blacklist" spam terms to manage spam in forms and comments

1K active installs v1.2.2 PHP 5.6+ WP 4.0.1+ Updated Sep 26, 2023

blacklistcommentscontact-form-7form-spamspam

A · Safe

CVEs total1

Unpatched0

Last CVESep 23, 2023

Plugin page Download

Safety Verdict

Is Comment Blacklist Updater Safe to Use in 2026?

Generally Safe

Score 85/100

Comment Blacklist Updater has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Sep 23, 2023Updated 2yr ago

Risk Assessment

The "comment-blacklist-updater" plugin v1.2.2 exhibits a generally positive security posture with no identified critical or high-severity vulnerabilities in its static analysis and taint flow examinations. The plugin diligently uses prepared statements for all SQL queries, has a robust nonce check, and includes capability checks, indicating good development practices in these areas. However, a significant concern arises from the low percentage of properly escaped output (31%), suggesting a potential for cross-site scripting (XSS) vulnerabilities, especially given the five external HTTP requests that could potentially interact with user-supplied data or be manipulated.

The vulnerability history, while showing no currently unpatched CVEs, reveals a past medium-severity vulnerability attributed to Cross-Site Request Forgery (CSRF). The presence of a previous CSRF vulnerability, combined with the unescaped output, points to areas where attackers might find an entry point. The absence of an attack surface and taint analysis findings are strengths, but the output escaping issue represents a notable weakness that could be exploited, particularly if the external HTTP requests are triggered by user-manipulated data.

Key Concerns

Low percentage of properly escaped output
Previous medium severity CSRF vulnerability
Multiple external HTTP requests

Vulnerabilities

Comment Blacklist Updater Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-44147medium · 5.4Cross-Site Request Forgery (CSRF)

Comment Blacklist Updater <= 1.1.0 - Cross-Site Request Forgery via update_blacklist_manual

Sep 23, 2023 Patched in 1.2.0 (122d)

Code Analysis

Analyzed Mar 16, 2026

Comment Blacklist Updater Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

10 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

31% escaped32 total outputs

Attack Surface

Comment Blacklist Updater Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 6

actionadmin_enqueue_scriptscomment-blacklist-updater.php:35

actionplugins_loadedcomment-blacklist-updater.php:45

actionadmin_initcomment-blacklist-updater.php:46

actionadmin_initcomment-blacklist-updater.php:47

actionadmin_initcomment-blacklist-updater.php:48

actionadmin_noticescomment-blacklist-updater.php:49

Maintenance & Trust

Comment Blacklist Updater Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8

Last updatedSep 26, 2023

PHP min version5.6

Downloads10K

Community Trust

Rating96/100

Number of ratings4

Active installs1K

Alternatives

Comment Blacklist Updater Alternatives

Spam Protect for Contact Form 7

wp-contact-form-7-spam-blocker

100

Spam Protect for Contact-Form7 protects from spam and bots. Customize defense strategies and monitor blocked attempts. Protect your time effectively!

10K No CVEs

Block List Updater

blacklist-updater

100

Automatic updating of the comment block list in WordPress with antispam keys from GitHub.

4K No CVEs

Comment Blacklist Manager

comment-blacklist-manager

100

Remotely add terms to the WordPress Disallowed Comment Keys field to manage spam.

600 No CVEs

Exact Match Disallowed Comment & Contact Forms

exact-match-disallowed-comment-contact-forms

100

Change the default WordPress comment blocklist functionality to exact match and save entries marked as spam for review.

100 No CVEs

Back List

back-list

100

Adds Whitelist and Blacklist options for Trackbacks and Pingbacks

10 No CVEs

Developer Profile

Comment Blacklist Updater Developer Profile

apasionados

28 plugins · 61K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

326 days

View full developer profile

Detection Fingerprints

How We Detect Comment Blacklist Updater

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/comment-blacklist-updater/comment-blacklist-updater.php

HTML / DOM Fingerprints

CSS Classes

comment-blacklist-updater-sourcecomment-blacklist-updater-localcomment-blacklist-updater-exclude

Data Attributes

apa_comment_blacklist_updater_nonceapa_comment_blacklist_updater_action

FAQ