[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fECY95RuvtsLGrdGmUxV0kchICZ6zUIxAlCLColcq_RE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":36,"analysis":132,"fingerprints":228},"comment-redlist","Comment Redlist","1.0.9","skunkbad","https:\u002F\u002Fprofiles.wordpress.org\u002Fskunkbad\u002F","\u003Cp>\u003Ca href=\"http:\u002F\u002Fblog.skunkbad.com\u002Fwordpress\u002Fthe-comment-redlist-plugin\" rel=\"nofollow ugc\">Comment Redlist\u003C\u002Fa> is a WordPress plugin that blocks comment spam before it is inserted into your database.\u003C\u002Fp>\n\u003Cp>Manage your Comment Redlist settings on the Settings > Discussion page, or on the plugin’s dedicated options page, located in the Settings menu.\u003C\u002Fp>\n\u003Cp>For more information, check out \u003Ca href=\"http:\u002F\u002Fblog.skunkbad.com\u002Fwordpress\u002Fthe-comment-redlist-plugin\" rel=\"nofollow ugc\">http:\u002F\u002Fblog.skunkbad.com\u002Fwordpress\u002Fthe-comment-redlist-plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Comments blocked by word, character sequence, or IP address.\u003C\u002Fli>\n\u003Cli>Blocked comments can be logged for debugging or your general information.\u003C\u002Fli>\n\u003Cli>Optional javascript alert informs site visitor if Comment Redlist will detect their submission as spam.\u003C\u002Fli>\n\u003Cli>Optional setting provides spammer with zero feedback, instead of an error message.\u003C\u002Fli>\n\u003Cli>Optional form tokens use cookies (PHP session) to confirm a legitimate post.\u003C\u002Fli>\n\u003Cli>Optional setting restricts comments to US keyboard characters, or any regular expression.\u003C\u002Fli>\n\u003Cli>Optional setting removes your comment form’s Website field, and blocks any comment that contains one.\u003C\u002Fli>\n\u003C\u002Ful>\n","Easily block obvious spam before it is inserted into your database.",20,4175,100,3,"2018-03-11T03:17:00.000Z","4.9.29","",[19,20,21,22,23],"comment","comments","list","red","spam","http:\u002F\u002Fblog.skunkbad.com\u002Fwordpress\u002Fthe-comment-redlist-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomment-redlist.1.0.9.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},2,30,84,"2026-04-04T11:23:33.535Z",[37,59,81,98,114],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":57,"download_link":58,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"blacklist-updater","Block List Updater","1.0.2","pluginkollektiv","https:\u002F\u002Fprofiles.wordpress.org\u002Fpluginkollektiv\u002F","\u003Cp>Few users are familiar with the comment block list built into WordPress. Located in the WordPress admin area under “Settings”—“Discussion”, that block list for incoming comments accepts values (words) to identify spam by.\u003C\u002Fp>\n\u003Cp>Additionally to plugins like \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fantispam-bee\u002F\" rel=\"ugc\">Antispam Bee\u003C\u002Fa> in order to fight spam successfully a curated comment block list is recommendable. You can either update the list manually, or utilize a very detailed global \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsplorp\u002Fwordpress-comment-blacklist\" rel=\"nofollow ugc\">comment block list\u003C\u002Fa> that gets updated on a regular basis.\u003C\u002Fp>\n\u003Cp>Block List Updater has been developed to keep your comment block list in your WordPress installation up to speed with the curated global list on GitHub.\u003C\u002Fp>\n\u003Cp>The plugin will check the global comment block list on GitHub multiple times a day. Whenever new anti-spam values have been added to the global list, Block List Updater will read the global list and update your WordPress database accordingly. While the check-up process will run several times a day, the plugin will only update the database when it detects an actual change of the global comment block list on GitHub.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Community support via the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fblacklist-updater\" rel=\"ugc\">support forums on wordpress.org\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>We don’t handle support via e-mail, Twitter, GitHub issues etc.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contribute\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Active development of this plugin is handled \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpluginkollektiv\u002Fblacklist-updater\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Pull requests for documented bugs are highly appreciated.\u003C\u002Fli>\n\u003Cli>If you think you’ve found a bug (e.g. you’re experiencing unexpected behavior), please post at the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fblacklist-updater\" rel=\"ugc\">support forums\u003C\u002Fa> first.\u003C\u002Fli>\n\u003Cli>If you want to help us translate this plugin you can do so \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fblacklist-updater\" rel=\"nofollow ugc\">on WordPress Translate\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Author: \u003Ca href=\"https:\u002F\u002Fsergejmueller.github.io\u002F\" rel=\"nofollow ugc\">Sergej Müller\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Maintainers: \u003Ca href=\"https:\u002F\u002Fpluginkollektiv.org\u002F\" rel=\"nofollow ugc\">pluginkollektiv\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Automatic updating of the comment block list in WordPress with antispam keys from GitHub.",4000,31272,86,4,"2026-03-14T09:16:00.000Z","6.9.4","3.8","5.2",[54,55,56,20,23],"antispam","blacklist","blocklist","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fblacklist-updater\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblacklist-updater.1.0.2.zip",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":69,"num_ratings":48,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":73,"tags":74,"homepage":77,"download_link":78,"security_score":26,"vuln_count":79,"unpatched_count":27,"last_vuln_date":80,"fetched_at":29},"comment-blacklist-updater","Comment Blacklist Updater","1.2.2","apasionados","https:\u002F\u002Fprofiles.wordpress.org\u002Fapasionados\u002F","\u003Cp>Updates the “Comment Blacklist” in Settings \u002F Discussion with a list terms from a remote or local source. By default it get’s the data from Github \u003Cstrong>(“\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsplorp\u002Fwordpress-comment-blacklist\u002F\" rel=\"nofollow ugc\">wordpress-comment-blacklist\u003C\u002Fa>“)\u003C\u002Fstrong> by \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsplorp\" rel=\"nofollow ugc\">Grant Hutchinson\u003C\u002Fa>) but you can also get them \u003Cstrong>from any URL\u003C\u002Fstrong> or from a \u003Cstrong>local blacklist.txt file\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>This plugin is an enhanced version of the plugin \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcomment-blacklist-manager\u002F\" rel=\"ugc\">Comment Blacklist Manager\u003C\u002Fa>. We decided to create this enhanced version of the plugin, because we wanted to be able to add blacklists without using filters and directly from the WordPress administration. You can still use a filter to modify the blacklist sources if that is more convienient for you. And we also wanted to have more information about the plugin in SETTINGS \u002F DISCUSSION; for example when the blacklist was updated and when it will be updated next time, when the blacklist sources were updated, etc.\u003C\u002Fp>\n\u003Cp>You can configure three sources for your blacklists:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>Default blacklist\u003C\u002Fstrong> (which can be disabled): \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsplorp\u002Fwordpress-comment-blacklist\u002F\" rel=\"nofollow ugc\">wordpress-comment-blacklist\u003C\u002Fa> by \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsplorp\" rel=\"nofollow ugc\">Grant Hutchinson\u003C\u002Fa>). Please keep in mind that if there is no other blacklist source defined, this will be used as default, even if it\\’s not selected.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Blacklist from remote URL\u003C\u002Fstrong>: You paste the URL to the blacklist and if the file exists and can be accesed (must return code 200) it will be used as a blacklist source.\u003C\u002Fli>\n\u003Cli>If you want to include a \u003Cstrong>local blacklist\u003C\u002Fstrong> for the site, you can upload a blacklist.txt file to the UPLOADS folder and it will also be taken into account. The blacklist.txt file has to be in the root of the UPLOADS folder; it will not be recognized if it\\’s for example in \u002Fuploads\u002F2025\u002F12\u002F and the file has to be accesible via http\u002Fhttps (if the access to the file is protected it can\\’t be used).\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>And you can use the filter \u003Ccode>cblm_sources\u003C\u002Fcode> to replace all the blacklists or to add more. If you replace all blacklists with the filter, the settings done in the WordPress administration will be ignored. We decided to keep the same filter as used by “Comment Blacklist Manager” to make it easy to switch between both plugins.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Please note: \u003Cstrong>After the September 2023 update only users with administrator privileges can use this plugin.\u003C\u002Fstrong> If you’re not an admin you will get following error: “You do not have sufficient permissions to access this page”.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>What can I do with this plugin?\u003C\u002Fh4>\n\u003Cp>The plugin updates the “Comment Blacklist” in Settings \u002F Discussion with a list terms from a remote or local source. By default it get’s the data from Github (“\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsplorp\u002Fwordpress-comment-blacklist\u002F\" rel=\"nofollow ugc\">wordpress-comment-blacklist\u003C\u002Fa> by \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsplorp\" rel=\"nofollow ugc\">Grant Hutchinson\u003C\u002Fa>) but you can also get them from any URL or from a local blacklist.txt file.\u003C\u002Fp>\n\u003Ch4>Why do I want to update the “Comment Blacklist” in Settings \u002F Discussion?\u003C\u002Fh4>\n\u003Cp>If you want to reduce spam received in your comment forms but also in your contact forms (for example when using Contact Form 7), using blacklisted terms can help.\u003C\u002Fp>\n\u003Cp>Contact Form 7 encourages to use: Akismet, reCaptcha and the comment blacklist to reduce contact form spam.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cem>Contact Form 7 supports spam-filtering with Akismet. Intelligent reCAPTCHA blocks annoying spambots. Plus, using comment blacklist, you can block messages containing specified keywords or those sent from specified IP addresses.\u003C\u002Fem>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>The best way to reduce the contact form 7 spam is to use a very extensive term database which is updated regulary with new spam terms. And this plugin does exactly this: Updating the blacklist regularly.\u003C\u002Fp>\n\u003Ch4>Why are you using the “Comment Blacklist for WordPress” from Grant Hutchinson as default source for the blacklist?\u003C\u002Fh4>\n\u003Cp>Since 2011 Grant Hutchinson has been identifying and compiling over 34,000 phrases, patterns, and keywords commonly used by spammers and comment bots in usernames, email addresses, link text, and URIs.\u003C\u002Fp>\n\u003Cp>His blacklist is very extensive and that’s why we love it.\u003C\u002Fp>\n\u003Cp>As with all compilations, this blacklist is a work in progress and it is updated more or less every month. And each of these updates will be included automatically with the update process that runs every 24 hours.\u003C\u002Fp>\n\u003Cp>\u003Cem>Sometimes simple is better.\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>If you know another source that is as extensive as this one, drop us a message and we will check if it’s interesting to add it also as a default.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>System requirements\u003C\u002Fh4>\n\u003Cp>PHP version 5.6 or greater.\u003C\u002Fp>\n\u003Ch4>Comment Blacklist Updater Plugin in your Language!\u003C\u002Fh4>\n\u003Cp>This first release is avaliable in English and Spanish. In the “languages” folder we have included the necessary files to translate this plugin.\u003C\u002Fp>\n\u003Cp>If you would like the plugin in your language and you’re good at translating, please drop us a line at \u003Ca href=\"https:\u002F\u002Fapasionados.es\u002Fcontacto\u002Findex.php?desde=wordpress-org-apa-comment-blacklist-updater-home\" rel=\"nofollow ugc\">Contact us\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Further Reading\u003C\u002Fh4>\n\u003Cp>You can access the description of the plugin in Spanish at: \u003Ca href=\"https:\u002F\u002Fapasionados.es\u002Fblog\u002F\" rel=\"nofollow ugc\">Actualizador lista negra de comentarios | WordPress Plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Contact\u003C\u002Fh3>\n\u003Cp>For further information please send us an \u003Ca href=\"https:\u002F\u002Fapasionados.es\u002Fcontacto\u002Findex.php?desde=wordpress-org-apa-comment-blacklist-updater\" rel=\"nofollow ugc\">email\u003C\u002Fa>.\u003C\u002Fp>\n","Update \"Comment Blacklist\" spam terms to manage spam in forms and comments",1000,10162,96,"2023-09-26T13:22:00.000Z","6.3.8","4.0.1","5.6",[55,20,75,76,23],"contact-form-7","form-spam","https:\u002F\u002Fapasionados.es\u002Fblog\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomment-blacklist-updater.1.2.2.zip",1,"2023-09-23 00:00:00",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":89,"downloaded":90,"rating":91,"num_ratings":92,"last_updated":93,"tested_up_to":50,"requires_at_least":73,"requires_php":94,"tags":95,"homepage":96,"download_link":97,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"comment-blacklist-manager","Comment Blacklist Manager","1.0.1","Andrew Norcross","https:\u002F\u002Fprofiles.wordpress.org\u002Fnorcross\u002F","\u003Cp>Comment Blacklist Manager retrieves a list of terms from a remote source and updates the \u003Ccode>disallowed_keys\u003C\u002Fcode> setting in WordPress. The plugin will automatically fetch a list of terms on a regular schedule and update the contents of the “Disallowed Comment Keys” field. Terms added manually via the “Local Blacklist” field will be retained during the scheduled updates. Terms added manually to the “Excluded Terms” field will be removed from the list.\u003C\u002Fp>\n\u003Cp>The default list of terms is fetched from a \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsplorp\u002Fwordpress-comment-blacklist\u002F\" title=\"Comment Blacklist for WordPress\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa> repository maintained by \u003Ca href=\"https:\u002F\u002Fsplorp.com\u002F\" title=\"Interface considerations. Gadget accumulation. Typography. Scotch.\" rel=\"nofollow ugc\">Grant Hutchinson\u003C\u002Fa>.\u003C\u002Fp>\n","Remotely add terms to the WordPress Disallowed Comment Keys field to manage spam.",600,8186,88,5,"2025-12-13T21:44:00.000Z","7.0",[55,20,23],"https:\u002F\u002Fgithub.com\u002Fnorcross\u002Fcomment-blacklist-manager","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomment-blacklist-manager.1.0.1.zip",{"slug":99,"name":100,"version":101,"author":17,"author_profile":102,"description":103,"short_description":104,"active_installs":105,"downloaded":106,"rating":27,"num_ratings":27,"last_updated":107,"tested_up_to":108,"requires_at_least":108,"requires_php":17,"tags":109,"homepage":112,"download_link":113,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"wp-antimat","WP-Антимат","0.7","https:\u002F\u002Fprofiles.wordpress.org\u002Flxx\u002F","\u003Cp>The plugin monitors uncensored russian words in comments and closes them by [censored]. Based on Anti Mate PHP Class from s1ayer.\u003Cbr \u002F>\nCatches as a popular classic word mats, and a number of modern (“Albanian”) words.\u003C\u002Fp>\n\u003Cp>Плагин отслеживает нецензурные выражения в комментариях и закрывает их надписью [censored]. Базируется на Anti Mate PHP Class от s1ayer (www.spg.arbse.net).\u003Cbr \u002F>\nОтлавливает как классические словоформы популярных матов, так и ряд современных (“албанских”) словоформ.\u003C\u002Fp>\n\u003Ch3>Development Blog\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"http:\u002F\u002F2lx.ru\u002F\" title=\"Блог помешанного программиста\" rel=\"nofollow ugc\">Maniac Programmer’s Blog\u003C\u002Fa>\u003C\u002Fp>\n","The plugin monitors uncensored russian words in comments and closes them by [censored].",50,8267,"2009-06-01T09:02:00.000Z","2.7",[110,20,111,23],"censored","mats","http:\u002F\u002F2lx.ru\u002F2009\u002F02\u002Fwp-antimat-filtr-mata-dlya-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-antimat.zip",{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":122,"downloaded":123,"rating":27,"num_ratings":27,"last_updated":17,"tested_up_to":124,"requires_at_least":125,"requires_php":17,"tags":126,"homepage":129,"download_link":130,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":131},"back-list","Back List","0.5","w3prodigy","https:\u002F\u002Fprofiles.wordpress.org\u002Fw3prodigy\u002F","\u003Cp>Adds Whitelist and Blacklist options for Trackbacks and Pingbacks as well as the option to auto-accept Trackbacks from your own blog. These options can be found on the Discussion Options page.\u003C\u002Fp>\n","Adds Whitelist and Blacklist options for Trackbacks and Pingbacks",10,2230,"3.0.5","3.0",[127,55,20,128],"anti-spam","security","http:\u002F\u002Fw3prodigy.com\u002Fwordpress-plugins\u002Fback-list\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fback-list.zip","2026-03-15T10:48:56.248Z",{"attackSurface":133,"codeSignals":177,"taintFlows":220,"riskAssessment":221,"analyzedAt":227},{"hooks":134,"ajaxHandlers":173,"restRoutes":174,"shortcodes":175,"cronEvents":176,"entryPointCount":27,"unprotectedCount":27},[135,141,145,148,152,156,160,165,169],{"type":136,"name":137,"callback":138,"file":139,"line":140},"action","comment_form","insert_form_token_field","comment-redlist.php",114,{"type":136,"name":142,"callback":143,"file":139,"line":144},"admin_init","register_settings",127,{"type":136,"name":142,"callback":146,"file":139,"line":147},"discussion_settings",128,{"type":136,"name":149,"callback":150,"file":139,"line":151},"admin_menu","dedicated_plugin_options",129,{"type":136,"name":153,"callback":154,"file":139,"line":155},"wp","check_is_singular",137,{"type":136,"name":157,"callback":158,"file":139,"line":159},"pre_comment_on_post","block_spam",141,{"type":161,"name":162,"callback":163,"priority":122,"file":139,"line":164},"filter","plugin_row_meta","settings_link",144,{"type":136,"name":166,"callback":167,"file":139,"line":168},"wp_footer","insert_jquery_redlist",150,{"type":161,"name":170,"callback":171,"file":139,"line":172},"comment_form_defaults","remove_website_field",374,[],[],[],[],{"dangerousFunctions":178,"sqlUsage":179,"outputEscaping":181,"fileOperations":32,"externalRequests":27,"nonceChecks":27,"capabilityChecks":79,"bundledLibraries":219},[],{"prepared":27,"raw":27,"locations":180},[],{"escaped":48,"rawEcho":182,"locations":183},17,[184,187,189,191,193,195,197,199,201,203,205,207,209,211,213,215,218],{"file":139,"line":185,"context":186},248,"raw output",{"file":139,"line":188,"context":186},249,{"file":139,"line":190,"context":186},250,{"file":139,"line":192,"context":186},251,{"file":139,"line":194,"context":186},252,{"file":139,"line":196,"context":186},253,{"file":139,"line":198,"context":186},254,{"file":139,"line":200,"context":186},255,{"file":139,"line":202,"context":186},256,{"file":139,"line":204,"context":186},257,{"file":139,"line":206,"context":186},258,{"file":139,"line":208,"context":186},259,{"file":139,"line":210,"context":186},260,{"file":139,"line":212,"context":186},599,{"file":214,"line":14,"context":186},"inc\\dedicated-options-page.php",{"file":216,"line":217,"context":186},"inc\\jquery-redlist.php",14,{"file":216,"line":11,"context":186},[],[],{"summary":222,"deductions":223},"The \"comment-redlist\" v1.0.9 plugin exhibits a generally strong security posture with a notably clean vulnerability history and no known CVEs. The static analysis indicates a small attack surface with zero identified entry points that lack authentication. Furthermore, all SQL queries are properly prepared, mitigating common injection risks, and there are no observed critical or high-severity taint flows. The presence of a capability check and no bundled libraries also contributes positively to its security. \n\nHowever, a significant concern arises from the low percentage of properly escaped output (19%). This suggests that a substantial number of output operations are not being properly sanitized, potentially leaving the plugin vulnerable to Cross-Site Scripting (XSS) attacks. While there are no detected direct vulnerabilities in the current analysis or history, this lack of output sanitization represents a latent risk that could be exploited if user-supplied data is not handled with extreme care by the plugin's developers. The absence of nonce checks on any potential AJAX handlers, though the count is zero, would be a concern if the attack surface were to grow.\n\nIn conclusion, the plugin has good foundational security practices in place, particularly regarding SQL and the limited attack surface. The primary weakness lies in the inadequate output escaping, which is a critical area for improvement to prevent potential XSS vulnerabilities. Until this is addressed, there remains a notable risk, despite the plugin's otherwise positive security indicators and history.",[224],{"reason":225,"points":226},"Low percentage of properly escaped output",15,"2026-03-16T22:52:14.590Z",{"wat":229,"direct":240},{"assetPaths":230,"generatorPatterns":234,"scriptPaths":235,"versionParams":236},[231,232,233],"\u002Fwp-content\u002Fplugins\u002Fcomment-redlist\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fcomment-redlist\u002Fjs\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Fcomment-redlist\u002Fjs\u002Ffrontend.js",[],[232,233],[237,238,239],"comment-redlist\u002Fcss\u002Fadmin.css?ver=","comment-redlist\u002Fjs\u002Fadmin.js?ver=","comment-redlist\u002Fjs\u002Ffrontend.js?ver=",{"cssClasses":241,"htmlComments":242,"htmlAttributes":243,"restEndpoints":244,"jsGlobals":245,"shortcodeOutput":247},[],[],[],[],[246],"comment_redlist",[]]