WP-Safety

EZ Anti-Spam Comments with reCAPTCHA Security & Risk Analysis

wordpress.org/plugins/comment-testimonials

A simple yet effective Spam Filter. A Widget and Shortcode to display Comments with Good Karma as Testimonials. Plus the ability to Move comments and …

300 active installs v2.24.10 PHP + WP 2.6+ Updated Oct 15, 2025
anti-spamcommentkarmaspamtestimonial
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is EZ Anti-Spam Comments with reCAPTCHA Safe to Use in 2026?

Generally Safe

Score 100/100

EZ Anti-Spam Comments with reCAPTCHA has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago
Risk Assessment

The "comment-testimonials" plugin version 2.24.10 exhibits a generally good security posture based on the provided static analysis. The absence of known CVEs and critical taint flows is a significant strength. The use of prepared statements for all SQL queries and the presence of capability checks on entry points are positive security practices. However, there are areas for improvement that warrant attention.

A concern arises from the relatively low percentage (42%) of properly escaped output. This indicates a potential for cross-site scripting (XSS) vulnerabilities if user-supplied data is not handled with sufficient care before being displayed. The plugin also lacks nonce checks, which, while not directly tied to any discovered vulnerabilities in this analysis, is a standard WordPress security measure that can help mitigate CSRF attacks, especially on any form submissions or actions that might exist within the plugin's functionality.

Overall, the plugin appears to be developed with a degree of security awareness, particularly in its database interactions. The lack of past vulnerabilities is encouraging. However, the output escaping and the absence of nonce checks are weaknesses that could be exploited. The current risk is considered moderate, with the primary concern being the potential for XSS due to insufficient output sanitization.

Key Concerns

  • Low output escaping percentage (42%)
  • 0 Nonce checks present
Vulnerabilities
None known

EZ Anti-Spam Comments with reCAPTCHA Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

EZ Anti-Spam Comments with reCAPTCHA Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
12 prepared
Unescaped Output
7
5 escaped
Nonce Checks
0
Capability Checks
2
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared12 total queries

Output Escaping

42% escaped12 total outputs
Data Flows
All sanitized

Data Flow Analysis

1 flows
<index> (index.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

EZ Anti-Spam Comments with reCAPTCHA Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[TESTIMONIALS] index.php:70
WordPress Hooks 11
filtercomment_form_field_commentindex.php:77
filterpreprocess_commentindex.php:124
actionwp_enqueue_scriptsindex.php:138
actioninitindex.php:140
actionadmin_initindex.php:175
actioncomment_formindex.php:210
actionwidgets_initindex.php:264
actionadmin_headindex.php:277
filtercomment_row_actionsindex.php:296
filterplugin_action_linksindex.php:303
filterplugin_row_metaindex.php:310
Maintenance & Trust

EZ Anti-Spam Comments with reCAPTCHA Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedOct 15, 2025
PHP min version
Downloads8K

Community Trust

Rating100/100
Number of ratings2
Active installs300
Alternatives

EZ Anti-Spam Comments with reCAPTCHA Alternatives

Akismet Anti-spam: Spam Protection

Akismet Anti-spam: Spam Protection

akismet

A
99

The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.

6.0M 2 CVEs
Antispam Bee

Antispam Bee

antispam-bee

A
100

Sophisticated antispam plugin for effective daily comment and trackback spam-fighting. Built with data protection and privacy in mind.

700K 1 CVE
WP Armour – Honeypot Anti Spam

WP Armour – Honeypot Anti Spam

honeypot

A
98

Fastest growing Anti Spam plugin. No API calls, subscriptions, captcha or puzzle. Full GDPR complaint. For comments, contact form, login, registration

300K 2 CVEs
Comment Link Remove and Other Comment Tools

Comment Link Remove and Other Comment Tools

comment-link-remove

A
100

Remove Comment Author Link & Links from Comments, Unlink, Disable Comments, Delete All Pending Comments. AI Auto Comment Reply, Voice, Attachments

8K 1 CVE
Spam Destroyer

Spam Destroyer

spam-destroyer

A
100

Kills spam dead in it's tracks. Be gone evil demon spam!

6K No CVEs
Developer Profile

EZ Anti-Spam Comments with reCAPTCHA Developer Profile

Eli

9 plugins · 101K total installs

72
trust score
Avg Security Score
90/100
Avg Patch Time
782 days
View full developer profile
Detection Fingerprints

How We Detect EZ Anti-Spam Comments with reCAPTCHA

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/comment-testimonials/css/EZ-CAT.css/wp-content/plugins/comment-testimonials/js/EZ-CAT.js
Script Paths
https://www.google.com/recaptcha/api/js/recaptcha_ajax.js
Version Parameters
comment-testimonials/css/EZ-CAT.css?ver=comment-testimonials/js/EZ-CAT.js?ver=

HTML / DOM Fingerprints

CSS Classes
EZ-CAT-Commentcommentheading
HTML Comments
<!-- EZ Testimonials Main Plugin FileCopyright © 2012-2024 Eli Scheetz (email: wordpress@ieonly.com)This program is free software; you can redistribute itLicense as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.+4 more
Data Attributes
onfocus="CAT_sign_comment_post_ID
JS Globals
CAT_recaptcha_api_keyEZ-CAT
Shortcode Output
<h3 class="commentheading"><ul id="comments" class="EZ-CAT-Testimonials commentlist">
FAQ

Frequently Asked Questions about EZ Anti-Spam Comments with reCAPTCHA