[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fpru6FBBHPPhWGDfpVm_CtcgYbBOCMAu71hmyxiaUXO0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":63,"crawl_stats":38,"alternatives":70,"analysis":184,"fingerprints":297},"email-address-encoder","Email Address Encoder","1.0.24","Till Krüss","https:\u002F\u002Fprofiles.wordpress.org\u002Ftillkruess\u002F","\u003Cp>A lightweight plugin that protects plain email addresses and mailto links from email-harvesting robots, by encoding them into decimal and hexadecimal entities. Has an effect on the posts, pages, comments, excerpts, text widgets and other filtered content. Works without JavaScript — just simple spam protection.\u003C\u002Fp>\n\u003Cp>To see whether all your email addresses are properly protected, use the free \u003Ca href=\"https:\u002F\u002Fencoder.till.im\u002Fscanner?utm_source=wp-plugin&utm_medium=readme\" rel=\"nofollow ugc\">page scanner\u003C\u002Fa> tool.\u003C\u002Fp>\n\u003Cp>Other content (like phone numbers) can be protected using \u003Ccode>[encode]\u003C\u002Fcode> shortcode:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[encode]+1 (555) 123-4567[\u002Fencode]\n[encode link=\"tel:+15551234567\"]+1 (555) 123-4567[\u002Fencode]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Premium Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Full-page protection\u003C\u002Fstrong> that catches all email addresses\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hardened protection\u003C\u002Fstrong> using JavaScript and CSS techniques\u003C\u002Fli>\n\u003Cli>Improved \u003Cstrong>phone number\u003C\u002Fstrong> protection\u003C\u002Fli>\n\u003Cli>Built-in plugin support for \u003Cstrong>ACF\u003C\u002Fstrong>, \u003Cstrong>Jetpack\u003C\u002Fstrong>, \u003Cstrong>WooCommerce\u003C\u002Fstrong> and many others\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Check out the \u003Ca href=\"https:\u002F\u002Fencoder.till.im\u002Fdownload?utm_source=wp-plugin&utm_medium=readme\" rel=\"nofollow ugc\">Premium\u003C\u002Fa> version of Email Address Encoder.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fcoderisk.com\u002Fwp\u002Fplugin\u002Femail-address-encoder\u002FRIPS-r0bJqKvBws\" rel=\"nofollow ugc\">\u003C\u002Fa>\u003C\u002Fp>\n","A lightweight plugin that protects email addresses from email-harvesting robots, by encoding them into decimal and hexadecimal entities.",100000,1552799,84,160,"2025-01-20T21:35:00.000Z","6.7.5","2.0","5.3",[20,21,22,23,24],"block","crawler","encryption","protection","spam","https:\u002F\u002Fencoder.till.im\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femail-address-encoder.1.0.24.zip",91,2,0,"2024-08-26 00:00:00","2026-03-15T15:16:48.613Z",[33,48],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2024-43927","email-address-encoder-cross-site-request-forgery-via-eaeclearcaches","Email Address Encoder \u003C= 1.0.23 - Cross-Site Request Forgery via eae_clear_caches()","The Email Address Encoder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.23. This is due to missing or incorrect nonce validation on the eae_clear_caches() function. This makes it possible for unauthenticated attackers to flush page caches via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.0.23","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2024-09-04 19:53:21",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff00ca075-cbf0-428b-a53b-dc723889f69b?source=api-prod",10,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":38,"affected_versions":53,"patched_in_version":54,"severity":40,"cvss_score":55,"cvss_vector":56,"vuln_type":57,"published_date":58,"updated_date":59,"references":60,"days_to_patch":62},"CVE-2023-48765","email-address-encoder-authenticated-contributor-stored-cross-site-scripting","Email Address Encoder 1.0.22 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Email Address Encoder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's eae_shortcode shortcode in version 1.0.22 due to insufficient input sanitization and output escaping on the 'link' user supplied attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",">=1.0.22 \u003C=1.0.22","1.0.23",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2023-11-28 00:00:00","2024-01-22 19:56:02",[61],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fab5b7dc4-113d-4f58-956e-2a9284e1e25e?source=api-prod",56,{"slug":64,"display_name":7,"profile_url":8,"plugin_count":65,"total_installs":66,"avg_security_score":27,"avg_patch_time_days":67,"trust_score":68,"computed_at":69},"tillkruess",5,411400,33,82,"2026-04-04T01:06:14.741Z",[71,94,120,144,163],{"slug":72,"name":73,"version":74,"author":75,"author_profile":76,"description":77,"short_description":78,"active_installs":79,"downloaded":80,"rating":68,"num_ratings":81,"last_updated":82,"tested_up_to":83,"requires_at_least":84,"requires_php":85,"tags":86,"homepage":90,"download_link":91,"security_score":92,"vuln_count":65,"unpatched_count":29,"last_vuln_date":93,"fetched_at":31},"zero-spam","Zero Spam for WordPress","5.7.7","Ben Marshall","https:\u002F\u002Fprofiles.wordpress.org\u002Fbmarshall511\u002F","\u003Cp>Protect your WordPress website seamlessly with Zero Spam for WordPress! Eliminate spam and malicious attacks that can harm your online presence. Our plugin integrates effortlessly with \u003Ca href=\"https:\u002F\u002Fwww.zerospam.org\" rel=\"nofollow ugc\">Zero Spam\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.stopforumspam.com\u002F\" rel=\"nofollow ugc\">Stop Forum Spam\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Fwww.projecthoneypot.org\u002F\" rel=\"nofollow ugc\">Project Honeypot\u003C\u002Fa> to offer a strong defense system.\u003C\u002Fp>\n\u003Cp>Rest easy knowing that we utilize multiple detection methods to swiftly identify and halt potential threats. Whether it’s pesky spam, devious trolls, or cunning hackers, Zero Spam is here to protect your website.\u003C\u002Fp>\n\u003Ch4>Worry-free, Powerful Protection at Your Fingertips\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>No captchas or moderation queues — no longer a admin’s problem.\u003C\u002Fli>\n\u003Cli>Our system dynamically blocks threats, keeping your site safe.\u003C\u002Fli>\n\u003Cli>Integration with global IP reputation providers for enhanced security.\u003C\u002Fli>\n\u003Cli>Block IPs temporarily or permanently, keep unwanted visitors out.\u003C\u002Fli>\n\u003Cli>Geolocation tracks origins of threats, providing valuable insights.\u003C\u002Fli>\n\u003Cli>Ability to block countries, regions, zip\u002Fpostal codes & cities.\u003C\u002Fli>\n\u003Cli>REST API for programmatic settings management — perfect for CI\u002FCD, staging syncs, and automation.\u003C\u002Fli>\n\u003Cli>Utilize \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsplorp\u002Fwordpress-comment-blacklist\" rel=\"nofollow ugc\">splorp’s Comment Blacklist\u003C\u002Fa> to strengthen your disallowed list.\u003C\u002Fli>\n\u003Cli>Block disposable & malicious email effortlessly with \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdisposable\" rel=\"nofollow ugc\">disposable\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Multiple techniques, including the renowned solution by \u003Ca href=\"https:\u002F\u002Fdavidwalsh.name\u002Fwordpress-comment-spam\" rel=\"nofollow ugc\">David Walsh\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Seamlessly integrates with popular plugins including:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">WooCommerce\u003C\u002Fa> — Secure customer registrations.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgivewp.com\u002Fref\u002F1118\u002F\" rel=\"nofollow ugc\">GiveWP\u003C\u002Fa> — Prevents attempts to test stolen credit cards.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-user-avatar\u002F\" rel=\"ugc\">ProfilePress\u003C\u002Fa> — Keeps registrations safe & secure.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmailchimp-for-wp\u002F\" rel=\"ugc\">Mailchimp for WordPress\u003C\u002Fa> — Protects sign-ups from abuse.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.gravityforms.com\u002F\" rel=\"nofollow ugc\">Gravity Forms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcontact-form-7\u002F\" rel=\"ugc\">Contact Form 7\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpforms-lite\u002F\" rel=\"ugc\">WPForms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fformidable\u002F\" rel=\"ugc\">Formidable Form Builder\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffluentform\u002F\" rel=\"ugc\">Fluent Forms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpdiscuz\u002F\" rel=\"ugc\">wpDiscuz\u003C\u002Fa> — Versatile form protection.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>With Zero Spam for WordPress, you not only get exceptional protection but also a reliable support that ensures your peace of mind.\u003C\u002Fp>\n\u003Ch4>Enhance Detection with Optional 3rd-Party Integrations\u003C\u002Fh4>\n\u003Cp>Zero Spam for WordPress can integrate optional services for enhanced spam detection. Before using these, we recommend reviewing their terms and privacy policies.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.zerospam.org\u002F\" rel=\"nofollow ugc\">Zero Spam\u003C\u002Fa>\u003C\u002Fstrong> – Utilize our real-time IP reputation analysis. Take a look at our \u003Ca href=\"https:\u002F\u002Fwww.zerospam.org\u002Fprivacy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.zerospam.org\u002Fterms\u002F\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> for more details.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fipbase.com\u002F\" rel=\"nofollow ugc\">ipbase.com\u003C\u002Fa>\u003C\u002Fstrong> – Access detailed geolocation information of attackers. Familiarize yourself with their \u003Ca href=\"https:\u002F\u002Fipbase.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> & \u003Ca href=\"https:\u002F\u002Fwww.iubenda.com\u002Fterms-and-conditions\u002F41661719\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fipinfo.io\u002F\" rel=\"nofollow ugc\">ipinfo.io\u003C\u002Fa>\u003C\u002Fstrong> – Gather geolocation details of malicious users. Refer to their \u003Ca href=\"https:\u002F\u002Fipinfo.io\u002Fprivacy-policy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> & \u003Ca href=\"https:\u002F\u002Fipinfo.io\u002Fterms-of-service\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> for further information.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fipstack.com\u002F\" rel=\"nofollow ugc\">ipstack\u003C\u002Fa>\u003C\u002Fstrong> – Obtain extensive geolocation insights. Review their \u003Ca href=\"https:\u002F\u002Fwww.ideracorp.com\u002FLegal\u002FAPILayer\u002FPrivacyStatement\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> & \u003Ca href=\"https:\u002F\u002Fipstack.com\u002Fterms\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> to learn more.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.stopforumspam.com\u002F\" rel=\"nofollow ugc\">Stop Forum Spam\u003C\u002Fa>\u003C\u002Fstrong> – Verify if visitors’ IPs have been reported. Explore their \u003Ca href=\"https:\u002F\u002Fwww.stopforumspam.com\u002Fprivacy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.stopforumspam.com\u002Flegal\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> for additional details.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.projecthoneypot.org\u002F\" rel=\"nofollow ugc\">Project Honeypot\u003C\u002Fa>\u003C\u002Fstrong> – Check if visitors’ IPs have been flagged. Refer to their \u003Ca href=\"https:\u002F\u002Fwww.projecthoneypot.org\u002Fprivacy_policy.php\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.projecthoneypot.org\u002Fterms_of_use.php\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> for more information.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Fmaps\" rel=\"nofollow ugc\">Google Maps\u003C\u002Fa>\u003C\u002Fstrong> – Plot attack locations on Google Maps. Please review their \u003Ca href=\"https:\u002F\u002Fwww.ideracorp.com\u002FLegal\u002FAPILayer\u002FPrivacyStatement\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> & \u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Fterms\u002Fsite-terms\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> for complete details.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Additionally, you have the option to contribute to Zero Spam’s improvement by enabling the sharing of detection information. For further information on the shared data, kindly refer to our \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FHighfivery\u002Fzero-spam-for-wordpress\u002Fwiki\u002FFAQ\" rel=\"nofollow ugc\">FAQ\u003C\u002Fa>.\u003C\u002Fp>\n","No spam, no scams, just seamless experiences with Zero Spam for WordPress - the shield your site deserves.",20000,1423449,142,"2026-03-12T13:51:00.000Z","6.9.4","6.9","8.2",[87,23,88,24,89],"firewall","security","spam-blocker","https:\u002F\u002Fwordpress.com\u002Fplugins\u002Fzero-spam\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fzero-spam.5.7.7.zip",92,"2024-04-15 00:00:00",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":102,"downloaded":103,"rating":104,"num_ratings":105,"last_updated":106,"tested_up_to":83,"requires_at_least":107,"requires_php":108,"tags":109,"homepage":115,"download_link":116,"security_score":117,"vuln_count":118,"unpatched_count":29,"last_vuln_date":119,"fetched_at":31},"cryptx","CryptX","4.0.11","Ralf Weber","https:\u002F\u002Fprofiles.wordpress.org\u002Fd3395\u002F","\u003Cp>No more SPAM by spiders scanning your site for email addresses. With CryptX you can hide all your email addresses, with and without a mailto-link, by converting them using javascript or UNICODE.\u003C\u002Fp>\n\u003Cp>CryptX protects your email addresses from spambots while keeping them readable and functional for your visitors. The plugin automatically detects email addresses in your content and encrypts them using various methods including JavaScript encryption, Unicode conversion, and image replacement.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Automatic Email Detection\u003C\u002Fstrong> – Finds and encrypts email addresses in posts, pages, comments, and widgets\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple Encryption Methods\u003C\u002Fstrong> – JavaScript, Unicode, image replacement, and custom text options\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Widget Support\u003C\u002Fstrong> – Works with text widgets and other widget content\u003C\u002Fli>\n\u003Cli>\u003Cstrong>RSS Feed Control\u003C\u002Fstrong> – Option to disable encryption in RSS feeds\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Whitelist Support\u003C\u002Fstrong> – Exclude specific domains from encryption\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Per-Post Control\u003C\u002Fstrong> – Enable\u002Fdisable encryption on individual posts and pages\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shortcode Support\u003C\u002Fstrong> – Use \u003Ccode>[cryptx]email@example.com[\u002Fcryptx]\u003C\u002Fcode> for manual encryption\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Template Functions\u003C\u002Fstrong> – Developer-friendly functions for theme integration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fweber-nrw.de\u002Fwordpress\u002Fcryptx\u002F\" title=\"Plugin Homepage\" rel=\"nofollow ugc\">Plugin Homepage\u003C\u002Fa>\u003C\u002Fp>\n","No more SPAM by spiders scanning your site for email addresses!",10000,280578,88,19,"2025-12-18T08:01:00.000Z","6.7","8.3",[110,111,112,113,114],"antispam","email-encryption","mail","privacy","spam-protection","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcryptx\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcryptx.4.0.11.zip",99,1,"2025-12-04 20:35:36",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":128,"downloaded":129,"rating":130,"num_ratings":131,"last_updated":132,"tested_up_to":83,"requires_at_least":133,"requires_php":134,"tags":135,"homepage":139,"download_link":140,"security_score":141,"vuln_count":142,"unpatched_count":29,"last_vuln_date":143,"fetched_at":31},"oopspam-anti-spam","OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA)","1.2.64","OOPSpam Team","https:\u002F\u002Fprofiles.wordpress.org\u002Foopspam\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.oopspam.com\u002F\" rel=\"nofollow ugc\">OOPSpam\u003C\u002Fa> is a modern anti-spam solution that uses advanced AI and machine learning to protect your WordPress forms and comments from spam. Our system has blocked over 1 billion spam attempts across 3.5M+ websites, maintaining 99.9% accuracy without compromising user privacy or accessibility.\u003C\u002Fp>\n\u003Cp>Unlike traditional CAPTCHA solutions that can hurt your conversion rates, OOPSpam works silently in the background, analyzing submissions against our extensive database of 500M+ malicious IPs and emails to catch both bot and human spammers.\u003C\u002Fp>\n\u003Ch3>Why Choose OOPSpam?\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>🚀 Zero Impact on User Experience\u003C\u002Fstrong>\u003Cbr \u002F>\n– No CAPTCHA puzzles or challenges that hurt conversions\u003Cbr \u002F>\n– Works silently in the background without JavaScript or tracking\u003Cbr \u002F>\n– Maintains fast website performance with server-side processing\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🛡️ Intelligent Spam Prevention\u003C\u002Fstrong>\u003Cbr \u002F>\n– Catch 99.9% of spam using advanced machine learning and contextual analysis\u003Cbr \u002F>\n– Protect against both automated bots and human spammers\u003Cbr \u002F>\n– Auto-detect spam patterns unique to your website’s context\u003Cbr \u002F>\n– Block spam from VPNs and known malicious sources\u003Cbr \u002F>\n– Prevent WooCommerce card testing attacks with advanced checkout protection\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🔒 Privacy-First Design\u003C\u002Fstrong>\u003Cbr \u002F>\n– GDPR-compliant with no data stored on our servers\u003Cbr \u002F>\n– Optional IP and email analysis for maximum privacy\u003Cbr \u002F>\n– All logs stored in your WordPress database\u003Cbr \u002F>\n– Remove sensitive information from messages automatically\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🌍 Smart Geographic Controls\u003C\u002Fstrong>\u003Cbr \u002F>\n– Target your relevant market by blocking specific countries\u003Cbr \u002F>\n– Filter submissions by language to focus on your audience\u003Cbr \u002F>\n– Prevent fraud and abuse from high-risk regions\u003C\u002Fp>\n\u003Cp>\u003Cstrong>⚙️ Powerful Management Tools\u003C\u002Fstrong>\u003Cbr \u002F>\n– View and manage spam entries with detailed detection reasons\u003Cbr \u002F>\n– Export data for analysis or reporting\u003Cbr \u002F>\n– Rate limiting to prevent abuse and click fraud\u003Cbr \u002F>\n– Manual override options for complete control\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🏢 Perfect for Agencies\u003C\u002Fstrong>\u003Cbr \u002F>\n– Use one API key across unlimited websites\u003Cbr \u002F>\n– Centralized logging option in OOPSpam dashboard\u003Cbr \u002F>\n– Consistent protection across all your client sites\u003C\u002Fp>\n\u003Ch3>What Our Users Say\u003C\u002Fh3>\n\u003Cblockquote>\n\u003Cp>“It’s eliminated all spam, and even the need for CAPTCHA. Setup is quick and the interface is intuitive.” – @gotmick\u003C\u002Fp>\n\u003Cp>“Very responsive support and dev team. Customer support was amazing, response time was immediate and issues were solved instantly.” – @viv18germany\u003C\u002Fp>\n\u003Cp>“Pricing is perfect for agencies as they do tiers by actual # of API calls and no limit on the number of sites you can install this on.” – @squarecandy\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>By the Numbers\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>3.5M+\u003C\u002Fstrong> websites protected daily\u003C\u002Fli>\n\u003Cli>\u003Cstrong>1B+\u003C\u002Fstrong> spam attempts blocked\u003C\u002Fli>\n\u003Cli>\u003Cstrong>99.9%\u003C\u002Fstrong> detection accuracy\u003C\u002Fli>\n\u003Cli>\u003Cstrong>24\u002F7\u003C\u002Fstrong> customer support\u003C\u002Fli>\n\u003Cli>\u003Cstrong>500M+\u003C\u002Fstrong> malicious IPs and emails in our database\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Works With Everything\u003C\u002Fh3>\n\u003Cp>The plugin seamlessly protects your \u003Cstrong>comments\u003C\u002Fstrong>, \u003Cstrong>site search\u003C\u002Fstrong>, and \u003Cstrong>all major form plugins\u003C\u002Fstrong>. No extra configuration needed – it just works!\u003C\u002Fp>\n\u003Ch3>Supported form & comment solutions:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WooCommerce Order & Registration\u003C\u002Fli>\n\u003Cli>BuddyPress\u003C\u002Fli>\n\u003Cli>Elementor Forms\u003C\u002Fli>\n\u003Cli>Ninja Forms\u003C\u002Fli>\n\u003Cli>Gravity Forms\u003C\u002Fli>\n\u003Cli>Kadence Form Block and Form (Adv) Block\u003C\u002Fli>\n\u003Cli>Fluent Forms\u003C\u002Fli>\n\u003Cli>Breakdance Forms\u003C\u002Fli>\n\u003Cli>WS Form\u003C\u002Fli>\n\u003Cli>WPDiscuz\u003C\u002Fli>\n\u003Cli>Forminator\u003C\u002Fli>\n\u003Cli>WPForms\u003C\u002Fli>\n\u003Cli>Formidable Forms\u003C\u002Fli>\n\u003Cli>Contact Form 7\u003C\u002Fli>\n\u003Cli>Bricks Forms\u003C\u002Fli>\n\u003Cli>Toolset Forms\u003C\u002Fli>\n\u003Cli>Piotnet Forms \u003C\u002Fli>\n\u003Cli>GiveWP Donation Forms\u003C\u002Fli>\n\u003Cli>MailPoet\u003C\u002Fli>\n\u003Cli>Beaver Builder Contact Form\u003C\u002Fli>\n\u003Cli>Ultimate Member\u003C\u002Fli>\n\u003Cli>MemberPress\u003C\u002Fli>\n\u003Cli>Paid Memberships Pro\u003C\u002Fli>\n\u003Cli>Jetpack Forms\u003C\u002Fli>\n\u003Cli>MC4WP: Mailchimp for WordPress\u003C\u002Fli>\n\u003Cli>SureForms\u003C\u002Fli>\n\u003Cli>SureCart\u003C\u002Fli>\n\u003Cli>QuForm\u003C\u002Fli>\n\u003Cli>HappyForms Pro\u003C\u002Fli>\n\u003Cli>Avada Forms\u003C\u002Fli>\n\u003Cli>MetForm\u003C\u002Fli>\n\u003Cli>ACF Frontend Forms\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>OOPSpam Anti-Spam WordPress plugin requires minimal configuration. Check out our \u003Ca href=\"https:\u002F\u002Fhelp.oopspam.com\u002Fwordpress\u002F\" rel=\"nofollow ugc\">comprehensive WordPress guide\u003C\u002Fa> for detailed setup instructions. To get started quickly, \u003Ca href=\"https:\u002F\u002Fapp.oopspam.com\u002FIdentity\u002FAccount\u002FRegister\" rel=\"nofollow ugc\">get a key\u003C\u002Fa> and paste it into the appropriate setting field under \u003Cem>Settings=>OOPSpam Anti-Spam\u003C\u002Fem>. If you have a contact form plugin, make sure you enable spam protection on the settings page.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Please note\u003C\u002Fstrong>: This is a premium plugin. You need an \u003Ca href=\"https:\u002F\u002Fapp.oopspam.com\u002FIdentity\u002FAccount\u002FRegister\" rel=\"nofollow ugc\">OOPSpam Anti-Spam API key\u003C\u002Fa> to use the plugin. Each account comes with 40 free spam checks per month.\u003Cbr \u002F>\nIf you already use OOPSpam on other platforms, you can use the same API key for this plugin.\u003C\u002Fp>\n","Protect your forms from spam with 99.9% accuracy - no CAPTCHA, no JavaScript, no tracking. Trusted by 3.5M+ websites.",6000,221611,98,45,"2026-03-13T15:10:00.000Z","3.6","",[136,137,138,88,89],"anti-spam","contact-forms","form-protection","https:\u002F\u002Fwww.oopspam.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Foopspam-anti-spam.1.2.64.zip",96,3,"2025-10-30 00:00:00",{"slug":145,"name":146,"version":147,"author":148,"author_profile":149,"description":150,"short_description":151,"active_installs":152,"downloaded":153,"rating":104,"num_ratings":154,"last_updated":155,"tested_up_to":83,"requires_at_least":156,"requires_php":157,"tags":158,"homepage":160,"download_link":161,"security_score":117,"vuln_count":118,"unpatched_count":29,"last_vuln_date":162,"fetched_at":31},"no-bot-registration","No-Bot Registration","2.5.1","Arnan de Gans","https:\u002F\u002Fprofiles.wordpress.org\u002Fadegans\u002F","\u003Cp>Tired of spam bots in your WordPress and ClassicPress website? Do you want to get rid of false registrations and other spammy nonsense? Don’t wan’t to use a clumsy and user-unfriendly Captcha? Don’t want to use a Captcha from Google or other big-tech company period?\u003C\u002Fp>\n\u003Cp>Meet \u003Cstrong>No-Bot Registration\u003C\u002Fstrong>, easy to use, superior protection without making it hard for your visitors. Easily blacklist (partial) email addresses and domains so they can no longer register an account.\u003C\u002Fp>\n\u003Cp>Create one or more questions and a set of possible answers for them and visitors have to answer your question when they register.\u003Cbr \u002F>\nIf they answer wrong, they get denied their account.\u003C\u002Fp>\n\u003Cp>Questions can be as simple as “1 + 1”, with possible answers being 1, one or uno. That way you can plan for eventualities and how people interpret your question.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Protect registration forms\u003C\u002Fli>\n\u003Cli>Protect the WooCommerce checkout form if you let people register from there\u003C\u002Fli>\n\u003Cli>Protect your blog comment form\u003C\u002Fli>\n\u003Cli>Prevents comment spam, trackback spam and other nuisances with ease\u003C\u002Fli>\n\u003Cli>Set up multiple security questions to further confuse bots\u003C\u002Fli>\n\u003Cli>Blacklist any email, domain or tld you don’t like\u003C\u002Fli>\n\u003Cli>Configurable notification messages for users failing the security tests\u003C\u002Fli>\n\u003C\u002Ful>\n","Prevent bots from creating accounts by blacklisting domains and usernames and present people with a human friendly security question.",2000,36071,27,"2025-12-28T03:50:00.000Z","5.8","8.0",[110,159,21,23,88],"bot","https:\u002F\u002Fajdg.solutions\u002Fproduct\u002Fno-bot-registration\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fno-bot-registration.2.5.1.zip","2024-04-09 00:00:00",{"slug":164,"name":165,"version":166,"author":165,"author_profile":167,"description":168,"short_description":169,"active_installs":170,"downloaded":171,"rating":172,"num_ratings":173,"last_updated":174,"tested_up_to":83,"requires_at_least":175,"requires_php":176,"tags":177,"homepage":181,"download_link":182,"security_score":117,"vuln_count":118,"unpatched_count":29,"last_vuln_date":183,"fetched_at":31},"proxy-vpn-blocker","Proxy & VPN Blocker","3.5.8","https:\u002F\u002Fprofiles.wordpress.org\u002Frickstermuk\u002F","\u003Ch4>Block VPNs, Proxies, Tor & Spam – Strengthen Your WordPress Security\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Proxy & VPN Blocker\u003C\u002Fstrong> is a complete \u003Cstrong>WordPress security plugin\u003C\u002Fstrong> designed to protect your site from anonymous and abusive traffic.\u003Cbr \u002F>\nIt functions as a powerful \u003Cstrong>VPN blocker\u003C\u002Fstrong>, \u003Cstrong>proxy blocker\u003C\u002Fstrong>, and \u003Cstrong>Tor blocker\u003C\u002Fstrong>, preventing unwanted visitors, spam bots, and fake users from accessing your site.\u003C\u002Fp>\n\u003Cp>Using the trusted \u003Ca href=\"https:\u002F\u002Fproxycheck.io\" rel=\"nofollow ugc\">proxycheck.io\u003C\u002Fa> API, it detects connections from VPNs, open proxies, Tor nodes, and compromised servers — giving you real-time protection without slowing down your site.\u003C\u002Fp>\n\u003Cp>Perfect for login, registration, comments, or any page you want to secure, Proxy & VPN Blocker also includes smart \u003Cstrong>spam protection\u003C\u002Fstrong>, geoblocking, and IP logging to help you stay in control of who can access your WordPress site.\u003C\u002Fp>\n\u003Cp>Whether you’re running a blog, store, or membership site, this plugin helps keep out fake users, block risky regions, and stop automated spam attempts before they start.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Powerful WordPress security plugin – blocks VPNs, proxies, Tor, Mysterium nodes, and compromised servers in real time  \u003C\u002Fli>\n\u003Cli>Country blocking & geoblocking – allow or deny traffic by country or region with flexible IP-based controls  \u003C\u002Fli>\n\u003Cli>Supports IP ranges, CIDRs, specific IPs, and ASNs for precise network-level blocking  \u003C\u002Fli>\n\u003Cli>Optionally use proxycheck.io’s Risk Score for smarter VPN and proxy detection decisions  \u003C\u002Fli>\n\u003Cli>Built-in API Key Statistics with live usage graphs and daily query totals  \u003C\u002Fli>\n\u003Cli>Visitor Action Log – view blocked IPs, detection reason, and plugin response directly in your dashboard  \u003C\u002Fli>\n\u003Cli>Caches known good IPs to reduce API usage and improve performance  \u003C\u002Fli>\n\u003Cli>Works seamlessly with both IPv4 and IPv6 addresses  \u003C\u002Fli>\n\u003Cli>Compatible with Cloudflare and other CDN headers for accurate IP detection  \u003C\u002Fli>\n\u003Cli>Block access to Login, Registration, Admin, Comments, or any page\u002Fpost easily  \u003C\u002Fli>\n\u003Cli>Customize the “Access Denied” message or redirect visitors to a specific page  \u003C\u002Fli>\n\u003Cli>Log registration and recent login IPs in the Users list and profile – linked to proxycheck.io’s Threats page  \u003C\u002Fli>\n\u003Cli>Manage proxycheck.io Whitelist and Blacklist directly from WordPress  \u003C\u002Fli>\n\u003Cli>Simple integration via WordPress Editor and Toolbar for page-level protection  \u003C\u002Fli>\n\u003Cli>Lightweight, fast, and built to complement other security plugins  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>And much more available in \u003Ca href=\"https:\u002F\u002Fproxyvpnblocker.com\u002Fpremium\" rel=\"nofollow ugc\">Proxy & VPN Blocker Premium\u003C\u002Fa>!\u003C\u002Fp>\n\u003Ch4>The proxycheck.io API\u003C\u002Fh4>\n\u003Cp>This Plugin can be used without a proxycheck.io API key, but it will be limited to 100 daily queries to the API. To enhance the capabilities, you can obtain a free API key from proxycheck.io, which allows for 1,000 free daily queries, making it suitable for small WordPress sites.\u003C\u002Fp>\n\u003Cp>Here’s an overview of the free and paid API options:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Without an API key (100 queries\u002Fday)\u003C\u002Fli>\n\u003Cli>With a free API key (1,000 queries\u002Fday – ideal for small sites)\u003C\u002Fli>\n\u003Cli>With a paid API key (10,000 to over 10 million queries\u002Fday)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Your API key can be used across all of your sites and apps, you only need a proxycheck.io plan that fits your overall needs.\u003C\u002Fp>\n\u003Ch4>User IP Logging Feature\u003C\u002Fh4>\n\u003Cp>Proxy & VPN Blocker allows for local logging of user registration IP addresses. The IP addresses are displayed next to each user in the Users list and on their profile pages, visible to administrators. The Plugin also logs the most recent login IP address for each user, which is also displayed in the User’s list and profile page, with the IP address linked to the proxycheck.io Threats page.\u003C\u002Fp>\n\u003Ch4>Caching Plugin Notice\u003C\u002Fh4>\n\u003Cp>If you’re using caching plugins (like WP Rocket or WP Super Cache), IP-based page blocking might not function correctly due to static caching. A DONOTCACHEPAGE option is available to help mitigate this issue.\u003C\u002Fp>\n\u003Ch4>Privacy & GDPR Compliance\u003C\u002Fh4>\n\u003Cp>To check IP addresses, the plugin sends them to the proxycheck.io API. No personally identifiable information (PII) beyond the IP is transmitted. For details, refer to proxycheck.io’s \u003Ca href=\"https:\u002F\u002Fproxycheck.io\u002Fprivacy\" rel=\"nofollow ugc\">privacy notice\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fproxycheck.io\u002Fgdpr\" rel=\"nofollow ugc\">GDPR Compliance\u003C\u002Fa> for further information.\u003C\u002Fp>\n\u003Ch4>Disclaimer\u003C\u002Fh4>\n\u003Cp>This Plugin is \u003Cem>not developed by proxycheck.io\u003C\u002Fem> despite being recommended by them.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>For plugin-related support, please use the WordPress.org support forum.\u003C\u002Fli>\n\u003Cli>For API or account questions, contact proxycheck.io directly.\u003C\u002Fli>\n\u003Cli>The proxycheck.io logo is used with express permission.\u003C\u002Fli>\n\u003C\u002Ful>\n","Block VPNs, proxies, Tor, and spam on WordPress. Strengthen security and stop fake users with smart IP blocking via proxycheck.io.",1000,127298,74,32,"2026-03-05T20:02:00.000Z","4.9","7.2",[178,88,114,179,180],"proxy-blocker","tor-blocker","vpn-blocker","https:\u002F\u002Fproxyvpnblocker.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fproxy-vpn-blocker.3.5.8.zip","2026-01-09 00:00:00",{"attackSurface":185,"codeSignals":272,"taintFlows":286,"riskAssessment":287,"analyzedAt":296},{"hooks":186,"ajaxHandlers":260,"restRoutes":265,"shortcodes":266,"cronEvents":271,"entryPointCount":28,"unprotectedCount":118},[187,193,198,203,207,211,215,219,221,225,229,233,237,241,245,249,253,256],{"type":188,"name":189,"callback":190,"file":191,"line":192},"filter","walker_nav_menu_start_el","eae_encode_emails","email-address-encoder.php",70,{"type":194,"name":195,"callback":196,"priority":170,"file":191,"line":197},"action","init","eae_register_shortcode",76,{"type":194,"name":199,"callback":200,"file":201,"line":202},"plugins_loaded","eae_load_textdomain","includes\\admin.php",8,{"type":194,"name":204,"callback":205,"file":201,"line":206},"admin_menu","eae_register_ui",13,{"type":194,"name":208,"callback":209,"file":201,"line":210},"admin_init","eae_register_settings",18,{"type":188,"name":212,"callback":213,"priority":47,"file":201,"line":214},"plugin_action_links","eae_plugin_actions_links",23,{"type":194,"name":216,"callback":217,"file":201,"line":218},"admin_notices","eae_page_scanner_notice",28,{"type":194,"name":216,"callback":220,"file":201,"line":67},"eae_compatibility_warnings",{"type":194,"name":222,"callback":223,"file":201,"line":224},"wp_enqueue_scripts","eae_enqueue_scripts",38,{"type":194,"name":226,"callback":227,"file":201,"line":228},"admin_enqueue_scripts","eae_enqueue_admin_scripts",43,{"type":194,"name":230,"callback":231,"file":201,"line":232},"load-settings_page_eae","eae_transmit_email",48,{"type":194,"name":234,"callback":235,"file":201,"line":236},"load-options.php","eae_clear_caches",53,{"type":194,"name":238,"callback":239,"file":201,"line":240},"wp","eae_cleanup_response",58,{"type":194,"name":242,"callback":243,"file":201,"line":244},"wp_footer","eae_adminbar_styles",200,{"type":188,"name":246,"callback":247,"priority":47,"file":201,"line":248},"script_loader_tag","eae_defer_script",212,{"type":188,"name":250,"callback":251,"file":201,"line":252},"show_admin_bar","__return_false",440,{"type":188,"name":254,"callback":251,"file":201,"line":255},"debug_bar_enable",443,{"type":188,"name":257,"callback":258,"file":201,"line":259},"user_has_cap","closure",446,[261],{"action":262,"nopriv":263,"callback":262,"hasNonce":263,"hasCapCheck":263,"file":201,"line":264},"eae_dismiss_notice",false,63,[],[267],{"tag":268,"callback":269,"file":191,"line":270},"encode","eae_shortcode",85,[],{"dangerousFunctions":273,"sqlUsage":274,"outputEscaping":276,"fileOperations":29,"externalRequests":118,"nonceChecks":28,"capabilityChecks":142,"bundledLibraries":285},[],{"prepared":29,"raw":29,"locations":275},[],{"escaped":65,"rawEcho":142,"locations":277},[278,281,283],{"file":201,"line":279,"context":280},223,"raw output",{"file":282,"line":105,"context":280},"includes\\ui.php",{"file":282,"line":284,"context":280},37,[],[],{"summary":288,"deductions":289},"The \"email-address-encoder\" plugin v1.0.24 presents a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and performing nonce and capability checks in a number of instances. The absence of file operations and external HTTP requests is also encouraging, and there are no reported critical or high severity vulnerabilities in its history. However, there are significant concerns, primarily stemming from its attack surface and output escaping. The presence of an unprotected AJAX handler represents a direct entry point for potential attacks. While taint analysis shows no current issues, the historical vulnerability data indicates past medium severity Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) flaws. This suggests that input validation and output sanitization may have been inconsistent in previous versions, and even with partial output escaping in the current version, the remaining unescaped outputs present a risk for XSS attacks.\n\nThe plugin's vulnerability history, with two past medium severity CVEs related to CSRF and XSS, is a notable weakness. Although these are not currently unpatched, they signal a historical susceptibility to common web vulnerabilities. The fact that the last vulnerability was recent (2024-08-26) further emphasizes the need for vigilance. While the current version shows improvements in areas like SQL sanitization and a reduction in the overall attack surface, the unprotected AJAX handler and the percentage of unescaped outputs are significant risks that could be exploited. The absence of critical or high severity vulnerabilities in the past is positive, but the past issues and current code signals warrant careful consideration.",[290,292,294],{"reason":291,"points":47},"Unprotected AJAX handler",{"reason":293,"points":65},"Output escaping is not fully implemented",{"reason":295,"points":47},"Past medium severity CVEs (CSRF, XSS)","2026-03-16T17:07:28.752Z",{"wat":298,"direct":307},{"assetPaths":299,"generatorPatterns":302,"scriptPaths":303,"versionParams":304},[300,301],"\u002Fwp-content\u002Fplugins\u002Femail-address-encoder\u002Fassets\u002Fjs\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Femail-address-encoder\u002Fassets\u002Fjs\u002Ffrontend.js",[],[300,301],[305,306],"email-address-encoder\u002Fassets\u002Fjs\u002Fadmin.js?ver=","email-address-encoder\u002Fassets\u002Fjs\u002Ffrontend.js?ver=",{"cssClasses":308,"htmlComments":309,"htmlAttributes":310,"restEndpoints":312,"jsGlobals":313,"shortcodeOutput":315},[],[],[311],"data-eae-dismiss",[],[314],"eae_frontend",[316,317,318],"[encode]","\u003Ca href=\"","\" class=\""]