Does FV Antispam have any unpatched vulnerabilities?

No. All known vulnerabilities in FV Antispam have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is FV Antispam compatible with WordPress 6.8.5?

According to WordPress.org data, FV Antispam 2.8 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is FV Antispam updated?

FV Antispam was last updated on Nov 11, 2025. Frequent updates are generally a positive security signal.

What is FV Antispam's security score?

FV Antispam has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

FV Antispam Security & Risk Analysis

wordpress.org/plugins/fv-antispam

FV Antispam is a powerful and simple antispam plugin. It moves any spambot comments directly to trash and allows Akismet to just deal with human spam.

1K active installs v2.8 PHP + WP 3.5+ Updated Nov 11, 2025

akismetantispamspam

A · Safe

CVEs total1

Unpatched0

Last CVENov 18, 2025

Plugin page Download

Safety Verdict

Is FV Antispam Safe to Use in 2026?

Generally Safe

Score 99/100

FV Antispam has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 18, 2025Updated 4mo ago

Risk Assessment

The "fv-antispam" v2.8 plugin exhibits a mixed security posture. While it demonstrates good practices with a limited attack surface and a high percentage of SQL queries using prepared statements, there are significant areas of concern. The presence of the `unserialize` function, a known source of deserialization vulnerabilities, is a critical flag. Furthermore, a substantial proportion of flows with unsanitized paths (4 out of 5 analyzed) and one high-severity taint flow indicate potential for injection attacks or privilege escalation if malicious input can reach these paths. The plugin's vulnerability history shows one past medium-severity Cross-Site Scripting (XSS) vulnerability, suggesting a past susceptibility to output escaping issues. Although currently unpatched vulnerabilities are zero, the pattern of past XSS issues combined with a low rate of properly escaped output (43%) raises concerns about potential future XSS vulnerabilities. Overall, the plugin has strengths in its controlled entry points and database security but requires careful attention to input sanitization, output escaping, and the use of dangerous functions.

Key Concerns

Dangerous function: unserialize found
Flows with unsanitized paths (4/5)
High severity taint flow
Low output escaping rate (43%)
Past medium XSS vulnerability

Vulnerabilities

FV Antispam Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-66102medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

FV Antispam <= 2.7 - Reflected Cross-Site Scripting

Nov 18, 2025 Patched in 2.8 (32d)

Code Analysis

Analyzed Mar 16, 2026

FV Antispam Code Analysis

Dangerous Functions

Raw SQL Queries

9 prepared

Unescaped Output

41 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$aOptions = unserialize($aOptions);fv-antispam.php:1370

SQL Query Safety

32% prepared28 total queries

Output Escaping

43% escaped95 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

5 flows4 with unsanitized paths

func__faq_tastic_spam_check (fv-antispam.php:1296)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

FV Antispam Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_fv_foliopress_ajax_pointersfv-antispam.php:106

authwp_ajax_fv_foliopress_ajax_pointersinclude\fp-api.php:55

WordPress Hooks 39

actionadmin_menufv-antispam.php:53

actionadmin_headfv-antispam.php:56

actionright_now_table_endfv-antispam.php:59

filterplugin_row_metafv-antispam.php:64

filterplugin_action_linksfv-antispam.php:66

actioncomment_status_linksfv-antispam.php:72

actioninitfv-antispam.php:75

actioninitfv-antispam.php:78

filterget_comment_textfv-antispam.php:80

filterthe_commentsfv-antispam.php:81

filterplugin_action_linksfv-antispam.php:83

actionin_plugin_update_message-fv-antispam/fv-antispam.phpfv-antispam.php:87

filterget_user_option_closedpostboxes_fv_antispam_settingsfv-antispam.php:91

actioncomment_postfv-antispam.php:112

actioninitfv-antispam.php:113

actionpreprocess_commentfv-antispam.php:114

actionlogin_headfv-antispam.php:119

actionlogin_enqueue_scriptsfv-antispam.php:120

actionlogin_formfv-antispam.php:121

actionregister_formfv-antispam.php:122

actioninitfv-antispam.php:123

filterthe_contentfv-antispam.php:126

actioninitfv-antispam.php:127

filterthe_contentfv-antispam.php:130

filterthe_excerptfv-antispam.php:131

filterwidget_textfv-antispam.php:132

filterplugins_loadedfv-antispam.php:136

actiontemplate_redirectfv-antispam.php:139

actionwp_print_footer_scriptsfv-antispam.php:141

actionwp_headfv-antispam.php:142

actionfv_clean_trash_hourlyfv-antispam.php:146

actionwp_insert_commentfv-antispam.php:147

actionwp_footerfv-antispam.php:1287

filterpre_comment_approvedfv-antispam.php:1446

filterpreprocess_commentfv-antispam.php:1603

filterregistration_errorsfv-antispam.php:1803

actionadmin_enqueue_scriptsinclude\fp-api.php:54

actionadmin_noticesinclude\fp-api.php:56

actionadmin_print_footer_scriptsinclude\fp-api.php:313

Scheduled Events 1

fv_clean_trash_hourly

Maintenance & Trust

FV Antispam Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedNov 11, 2025

PHP min version

Downloads61K

Community Trust

Rating74/100

Number of ratings3

Active installs1K

Alternatives

FV Antispam Alternatives

Akismet Anti-spam: Spam Protection

akismet

The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.

6.0M 2 CVEs

Antispam Bee

antispam-bee

100

Sophisticated antispam plugin for effective daily comment and trackback spam-fighting. Built with data protection and privacy in mind.

700K 1 CVE

WP Armour – Honeypot Anti Spam

honeypot

Fastest growing Anti Spam plugin. No API calls, subscriptions, captcha or puzzle. Full GDPR complaint. For comments, contact form, login, registration

300K 2 CVEs

Spam protection, Honeypot, Anti-Spam by CleanTalk

cleantalk-spam-protect

Blocks spam comments, fake users, contact form spam and more. No impact on SEO. Privacy focused. CAPTCHA free, premium Antispam plugin.

200K 13 CVEs

CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress

advanced-nocaptcha-recaptcha

Use CAPTCHA to stop spam and allow customers & users to interact with your website easily. Block fake accounts and orders. Avoid false positives.

100K 1 CVE

Developer Profile

FV Antispam Developer Profile

FolioVision

19 plugins · 48K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

1121 days

View full developer profile

Detection Fingerprints

How We Detect FV Antispam

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/fv-antispam/css/fv-antispam.css/wp-content/plugins/fv-antispam/js/fv-antispam.js/wp-content/plugins/fv-antispam/js/fv-antispam.min.js/wp-content/plugins/fv-antispam/js/fv-antispam.js/wp-content/plugins/fv-antispam/js/fv-antispam.min.js

Script Paths

/wp-content/plugins/fv-antispam/js/fv-antispam.js/wp-content/plugins/fv-antispam/js/fv-antispam.min.js

Version Parameters

fv-antispam/css/fv-antispam.css?ver=fv-antispam/js/fv-antispam.js?ver=fv-antispam/js/fv-antispam.min.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-fv-antispam-nonce

JS Globals

fv_antispam_params

FAQ