WP-Safety

Geo-Captcha & Geo-Blacklist Security & Risk Analysis

wordpress.org/plugins/geo-captcha-geo-blacklist

Geo-Captcha shows a captcha image only to countries you don't trust. Geo-Blacklists allows you to disable comments for some countries.

10 active installs v1.0 PHP + WP 3.0+ Updated Apr 27, 2012
antispamcaptchacommentsgeographicspam
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Geo-Captcha & Geo-Blacklist Safe to Use in 2026?

Generally Safe

Score 85/100

Geo-Captcha & Geo-Blacklist has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago
Risk Assessment

The 'geo-captcha-geo-blacklist' plugin exhibits several concerning security practices despite having no known historical vulnerabilities. The static analysis reveals a significant weakness in output escaping, with only 16% of outputs properly escaped. This, combined with the presence of two unsanitized flows identified during taint analysis, one of which is rated as high severity, indicates a substantial risk of Cross-Site Scripting (XSS) or other injection vulnerabilities if the plugin handles user-supplied data without adequate sanitization.

Furthermore, the complete absence of nonce checks and capability checks, particularly concerning if any of the entry points were ever exposed (though currently none are), points to a lack of robust authorization and CSRF protection mechanisms. While the plugin currently has a clean vulnerability history, this does not mitigate the inherent risks present in the analyzed code. The presence of file operations without clear context also warrants caution. The plugin's overall security posture is therefore weakened by these identified code-level risks, necessitating careful review and potential remediation.

Key Concerns

  • High severity unsanitized taint flow
  • Unsanitized path in taint flow
  • Low percentage of properly escaped output
  • Zero nonce checks
  • Zero capability checks
Vulnerabilities
None known

Geo-Captcha & Geo-Blacklist Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Geo-Captcha & Geo-Blacklist Code Analysis

Dangerous Functions
0
Raw SQL Queries
8
7 prepared
Unescaped Output
21
4 escaped
Nonce Checks
0
Capability Checks
0
File Operations
4
External Requests
0
Bundled Libraries
0

SQL Query Safety

47% prepared15 total queries

Output Escaping

16% escaped25 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
<geo-captcha-blacklist-pages> (geo-captcha-blacklist-pages.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Geo-Captcha & Geo-Blacklist Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 8
actionadmin_menugeo-captcha-blacklist-pages.php:99
actionwp_set_comment_statusgeo-captcha-blacklist.php:370
actionadmin_headgeo-captcha-blacklist.php:430
actioncomment_formgeo-captcha-blacklist.php:433
filterpreprocess_commentgeo-captcha-blacklist.php:434
filtercomments_templategeo-captcha-blacklist.php:435
actionregister_formgeo-captcha-blacklist.php:438
actionregister_postgeo-captcha-blacklist.php:439
Maintenance & Trust

Geo-Captcha & Geo-Blacklist Maintenance & Trust

Maintenance Signals

WordPress version tested3.2.1
Last updatedApr 27, 2012
PHP min version
Downloads2K

Community Trust

Rating60/100
Number of ratings1
Active installs10
Alternatives

Geo-Captcha & Geo-Blacklist Alternatives

Spam protection, Honeypot, Anti-Spam by CleanTalk

Spam protection, Honeypot, Anti-Spam by CleanTalk

cleantalk-spam-protect

B
76

Blocks spam comments, fake users, contact form spam and more. No impact on SEO. Privacy focused. CAPTCHA free, premium Antispam plugin.

200K 13 CVEs
reCAPTCHA in WP comments form

reCAPTCHA in WP comments form

recaptcha-in-wp-comments-form

A
85

reCAPTCHA in WP comments form is an ANTISPAM tool that adds a Google reCAPTCHA to the comments form and protects your site from the spam robots threat &hellip;

9K No CVEs
Akismet Anti-spam: Spam Protection

Akismet Anti-spam: Spam Protection

akismet

A
99

The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.

6.0M 2 CVEs
Antispam Bee

Antispam Bee

antispam-bee

A
100

Sophisticated antispam plugin for effective daily comment and trackback spam-fighting. Built with data protection and privacy in mind.

700K 1 CVE
CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress

CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress

advanced-nocaptcha-recaptcha

A
99

Use CAPTCHA to stop spam and allow customers & users to interact with your website easily. Block fake accounts and orders. Avoid false positives.

100K 1 CVE
Developer Profile

Geo-Captcha & Geo-Blacklist Developer Profile

Noname

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Geo-Captcha & Geo-Blacklist

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/geo-captcha-geo-blacklist/geoip.inc/wp-content/plugins/geo-captcha-geo-blacklist/geo-captcha-blacklist-pages.php

HTML / DOM Fingerprints

JS Globals
geoip_opengeoip_country_name_by_addrgeoip_country_code_by_addr
FAQ

Frequently Asked Questions about Geo-Captcha & Geo-Blacklist