Does Dam Spam have any unpatched vulnerabilities?

No. All known vulnerabilities in Dam Spam have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Dam Spam compatible with WordPress 6.9.4?

According to WordPress.org data, Dam Spam 1.1.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Dam Spam updated?

Dam Spam was last updated on Mar 7, 2026. Frequent updates are generally a positive security signal.

What is Dam Spam's security score?

Dam Spam has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Dam Spam Security & Risk Analysis

wordpress.org/plugins/dam-spam

Comprehensive spam protection for WordPress registration, login, comments, and contact forms.

1K active installs v1.1.3 PHP + WP + Updated Mar 7, 2026

anti-spamno-spamsecurityspamspam-protection

A · Safe

CVEs total1

Unpatched0

Last CVEFeb 17, 2026

Plugin page Download

Safety Verdict

Is Dam Spam Safe to Use in 2026?

Generally Safe

Score 99/100

Dam Spam has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Feb 17, 2026Updated 27d ago

Risk Assessment

The "dam-spam" v1.1.3 plugin exhibits a generally strong security posture, with robust implementation of common security best practices. The plugin demonstrates a significant commitment to security by implementing nonce checks for 49 actions and capability checks for 31, indicating a conscious effort to prevent unauthorized access and actions. The overwhelming majority of SQL queries (97%) utilize prepared statements, and 93% of output is properly escaped, which significantly mitigates risks of SQL injection and cross-site scripting (XSS). Furthermore, all identified entry points appear to have proper authentication or permission checks, and there are no directly exploitable critical or high-severity taint flows.

However, the presence of two instances of the `unserialize` function warrants attention. While the static analysis doesn't flag these as immediately critical, `unserialize` is a notoriously dangerous function that can lead to Remote Code Execution (RCE) if used with untrusted input. The vulnerability history shows one past medium-severity CVE, which was a Cross-Site Request Forgery (CSRF). Although this vulnerability is patched, it suggests that the plugin has had exploitable weaknesses in the past. The fact that there are no currently unpatched vulnerabilities is positive, but the historical medium-severity issue and the use of `unserialize` are areas that require careful monitoring and potential mitigation.

In conclusion, "dam-spam" v1.1.3 is a well-developed plugin with many security strengths, particularly in its handling of SQL queries and output escaping. The lack of critical vulnerabilities and unpatched CVEs is reassuring. Nevertheless, the potential risks associated with `unserialize` and the past CSRF vulnerability mean that ongoing vigilance and potentially further code review around the `unserialize` functions are recommended to maintain a high level of security.

Key Concerns

Dangerous function 'unserialize' used
Past medium severity CVE (CSRF)

Vulnerabilities

Dam Spam Security Vulnerabilities

CVEs by Year

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2026-2112medium · 4.3Cross-Site Request Forgery (CSRF)

Dam Spam <= 1.0.8 - Cross-Site Request Forgery to Arbitrary Pending Comment Deletion

Feb 17, 2026 Patched in 1.0.9 (1d)

Code Analysis

Analyzed Mar 16, 2026

Dam Spam Code Analysis

Dangerous Functions

Raw SQL Queries

28 prepared

Unescaped Output

708 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserializeif ( is_serialized( $v ) && false !== @unserialize( $v ) ) {settings\cleanup.php:45

unserialize$v = @unserialize( $v );settings\cleanup.php:46

SQL Query Safety

97% prepared29 total queries

Output Escaping

93% escaped758 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

24 flows3 with unsanitized paths

dam_spam_admin_notice (dam-spam.php:47)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Dam Spam Attack Surface

Entry Points9

Unprotected0

AJAX Handlers 2

authwp_ajax_dam_spam_sfs_subincludes\admins.php:30

authwp_ajax_dam_spam_sfs_processincludes\admins.php:31

Shortcodes 7

[dam-spam-contact-form] settings\advanced.php:1536

[dam-spam-login] settings\advanced.php:1635

[dam-spam-show-displayname-as] settings\advanced.php:1656

[dam-spam-show-fullname-as] settings\advanced.php:1666

[dam-spam-show-id-as] settings\advanced.php:1676

[dam-spam-show-level-as] settings\advanced.php:1686

[dam-spam-show-email-as] settings\advanced.php:1696

WordPress Hooks 96

filteradmin_body_classdam-spam.php:31

actionadmin_print_stylesdam-spam.php:40

actionadmin_noticesdam-spam.php:45

actionadmin_initdam-spam.php:65

actionadmin_noticesdam-spam.php:73

actionadmin_initdam-spam.php:94

actioninitdam-spam.php:121

filterdam_spam_addons_allowdam-spam.php:122

filterdam_spam_addons_blockdam-spam.php:123

filterdam_spam_addons_getdam-spam.php:124

filterpre_user_logindam-spam.php:127

actionakismet_spam_caughtdam-spam.php:128

actionuser_registerdam-spam.php:159

actionwp_logindam-spam.php:160

actiontemplate_redirectdam-spam.php:205

actiondam_spam_caughtdam-spam.php:206

actiondam_spam_okdam-spam.php:207

actionlogin_formdam-spam.php:210

actionregister_formdam-spam.php:213

actioncomment_form_after_fieldsdam-spam.php:216

actionuser_registerdam-spam.php:379

filterauthenticatedam-spam.php:680

filterregistration_errorsdam-spam.php:693

filterpre_comment_approveddam-spam.php:706

filterauthenticatedam-spam.php:723

actionwpdam-spam.php:776

actioninitdam-spam.php:972

filtermanage_users_columnsdam-spam.php:975

actionmanage_users_custom_columndam-spam.php:976

filtermanage_users_sortable_columnsdam-spam.php:977

filterrequestdam-spam.php:978

actionmu_rightnow_endincludes\admins.php:17

filterplugin_row_metaincludes\admins.php:19

filterwpmu_users_columnsincludes\admins.php:20

actionadmin_menuincludes\admins.php:22

actionrightnow_endincludes\admins.php:23

filtermanage_users_columnsincludes\admins.php:25

actionnetwork_admin_menuincludes\admins.php:28

filtercomment_row_actionsincludes\admins.php:29

actionmanage_users_custom_columnincludes\admins.php:32

actionadmin_enqueue_scriptsincludes\admins.php:34

actionadmin_initincludes\utilities.php:643

actionadmin_initsettings\advanced.php:317

actionadmin_noticessettings\advanced.php:330

actionadmin_noticessettings\advanced.php:446

actionadmin_initsettings\advanced.php:452

actionadmin_noticessettings\advanced.php:465

actionadmin_noticessettings\advanced.php:469

actionadmin_initsettings\advanced.php:474

actionadmin_initsettings\advanced.php:508

actionadmin_initsettings\advanced.php:535

actionadmin_noticessettings\advanced.php:549

actionadmin_noticessettings\advanced.php:556

actionadmin_initsettings\advanced.php:560

actionadmin_noticessettings\advanced.php:574

actionadmin_initsettings\advanced.php:578

actionadmin_initsettings\advanced.php:611

actionadmin_initsettings\advanced.php:659

actionadmin_noticessettings\advanced.php:759

actionadmin_initsettings\advanced.php:762

actionadmin_noticessettings\advanced.php:825

actionadmin_initsettings\advanced.php:828

actionadmin_noticessettings\advanced.php:850

actionadmin_noticessettings\advanced.php:855

filterwpcf7_form_elementssettings\advanced.php:866

filterwpcf7_spamsettings\advanced.php:879

actionbbp_theme_before_reply_form_submit_wrappersettings\advanced.php:894

actionbbp_theme_before_topic_form_submit_wrappersettings\advanced.php:895

actionbbp_new_reply_pre_extrassettings\advanced.php:905

actionbbp_new_topic_pre_extrassettings\advanced.php:906

actionelementor/widget/render_contentsettings\advanced.php:917

actionelementor_pro/forms/validationsettings\advanced.php:918

actioninitsettings\advanced.php:945

filteret_module_shortcode_outputsettings\advanced.php:969

filteret_contact_error_messagessettings\advanced.php:993

actionet_pb_newsletter_fieldam_spam_beforesettings\advanced.php:1006

filteruser_row_actionssettings\advanced.php:1462

actionadmin_initsettings\advanced.php:1487

actionadmin_noticessettings\advanced.php:1514

filterwidget_textsettings\advanced.php:1660

filterwidget_textsettings\advanced.php:1670

filterwidget_textsettings\advanced.php:1680

filterwidget_textsettings\advanced.php:1690

filterwidget_textsettings\advanced.php:1700

filterwidget_textsettings\advanced.php:1710

actiontemplate_redirectsettings\advanced.php:1712

actiondam_spam_cleanup_unverifiedsettings\advanced.php:1742

actiontemplate_redirectsettings\advanced.php:1776

filterlogin_urlsettings\advanced.php:1816

filterlogout_urlsettings\advanced.php:1824

filterwp_new_user_notification_emailsettings\advanced.php:1832

actioninitsettings\advanced.php:1843

actionadmin_head-nav-menus.phpsettings\advanced.php:1864

filterwp_setup_nav_menu_itemsettings\advanced.php:1871

filterwp_setup_nav_menu_itemsettings\advanced.php:1873

actionauthenticatesettings\advanced.php:1875

Scheduled Events 1

dam_spam_cleanup_unverified

Maintenance & Trust

Dam Spam Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 7, 2026

PHP min version

Downloads7K

Community Trust

Rating86/100

Number of ratings4

Active installs1K

Alternatives

Dam Spam Alternatives

Stop Spammers Classic

stop-spammer-registrations-plugin

A simplified, restored, and preserved version of the original Stop Spammers plugin.

30K 8 CVEs

Universal Honey Pot

universal-honey-pot

100

Universal Honey Pot is a powerful and user-friendly WordPress plugin that provides a plug-and-play solution for protecting your forms against unwanted …

1K No CVEs

SpamShieldX

automatic-break-iframes

100

SpamShieldX is the ultimate solution for protecting your WordPress website from spam and iframe abuse. Our plugin blocks malicious iframes and prevent …

10 No CVEs

Mathematical Captcha Applier

mathematical-captcha-applier

100

Apply a simple mathematical captcha to specific buttons by providing their CSS class or ID to prevent spamming.

0 No CVEs

Tiny Comment Spam Blocker

tiny-comment-spam-blocker

100

A simple and lightweight yet rock-solid plugin that blocks comment spam using multiple automatic detection methods.

0 No CVEs

Developer Profile

Dam Spam Developer Profile

Web Guy

30 plugins · 52K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

629 days

View full developer profile

Detection Fingerprints

How We Detect Dam Spam

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/dam-spam/assets/css/admin.css

Version Parameters

dam-spam/assets/css/admin.css?ver=

HTML / DOM Fingerprints

CSS Classes

dam-spam

HTML Comments

Thank you for helping us Dam Spam!DonateAskEmail+2 more

FAQ