[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fPOzjz22Z-6MgWin9jFxuALZGE72dp4tv4B_f6BmbF0k":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":103,"crawl_stats":38,"alternatives":108,"analysis":210,"fingerprints":307},"iq-block-country","iQ Block Country","1.2.26","Pascal","https:\u002F\u002Fprofiles.wordpress.org\u002Fiqpascal\u002F","\u003Cp>iQ Block Country is a plugin that allows you to limit access to your website content. You can either allow or disallow visitors from defined countries to (parts of) your content.\u003C\u002Fp>\n\u003Cp>For instance if you have content that should be restricted to a limited set of countries you can do so.\u003Cbr \u002F>\nIf you want to block rogue countries that cause issues like for instance hack attempts, spamming of your comments etc you can block them as well.\u003C\u002Fp>\n\u003Cp>Do you want secure your WordPress Admin backend site to only your country? Entirely possible! You can even block all countries and only allow your ip address.\u003C\u002Fp>\n\u003Cp>And even if you block a country you can still allow certain visitors by putting their ip address on the allow list just like you can allow a country but put ip addresses on the block list from that country.\u003C\u002Fp>\n\u003Cp>You can show blocked visitors a message which you can style by using CSS or you can redirect them to a page within your WordPress site. Or you can redirect the visitors to an external website.\u003C\u002Fp>\n\u003Cp>You can (dis)allow visitors to blog articles, blog categories or pages or all content.\u003C\u002Fp>\n\u003Cp>Stop visitors from doing harmful things on your WordPress site or limit the countries that can access your blog. Add an additional layer of security to your WordPress site.\u003C\u002Fp>\n\u003Cp>This plugin uses the GeoLite database from Maxmind. It has a 99.5% accuracy so that is pretty good for a free database. If you need higher accuracy you can buy a license from MaxMind directly.\u003Cbr \u002F>\nIf you cannot or do not want to download the GeoIP database from Maxmind you can use the GeoIP API website available on https:\u002F\u002Fwebence.net\u002F\u003Cbr \u002F>\nIf you want to use the GeoLite database from Maxmind you will have to download the GeoIP database from MaxMind directly and upload it to your site.\u003Cbr \u002F>\nThe WordPress license does not allow this plugin to download the MaxMind Geo database for you.\u003C\u002Fp>\n\u003Cp>Please be aware that although this plugin can help you greatly with reducing the number of ‘bad’ visitors on your website it is not fool proof and those who really want to visit your site may find a away.\u003Cbr \u002F>\nThis is not a security issue but a simple fact of today. Nobody can guarantee you 100% security as it is a constant battle between the good guys and the bad guys.\u003C\u002Fp>\n\u003Cp>If you are sure your webhosting or yourself does not use any form of caching or proxying we recommend setting the “Override IP information” on the Home tab to REMOTE_ADDR\u003C\u002Fp>\n\u003Cp>Do you need help with this plugin? Please email support@webence.net.\u003C\u002Fp>\n\u003Ch4>GDPR Information\u003C\u002Fh4>\n\u003Cp>This plugin stores data about your visitors in your local WordPress database. The number of days this data is stores can be configured on the settings page. You can also disable logging any data.\u003C\u002Fp>\n\u003Cp>Data which is stored of blocked visitors:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>IP Address\u003C\u002Fli>\n\u003Cli>Date and time of the visit\u003C\u002Fli>\n\u003Cli>URL that was requested\u003C\u002Fli>\n\u003Cli>Country of the IP address\u003C\u002Fli>\n\u003Cli>If the block happened on your backend or your frontend\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Data which is stored on non blocked visitors:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Nothing\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you allow tracking (yeah if you do!) you share some information with us. This is only the IP address of a blocked request on your backend. No other information is send and only the IP address is logged on our systems to gather how many times that IP address have attempted to login to a backend. We do not log which site was visited or which URL just only the IP address So we cannot lead an ip address back to a specific website or user. If an IP address is not blocked again within a month we will remove the IP address from the list.\u003C\u002Fp>\n\u003Cp>If you use the GeoIP API service you send the IP address of your visitor to one of our servers. This IP Address is however in no way stored at our servers and only used to convert it to a country id.\u003C\u002Fp>\n\u003Ch4>Using this plugin with a caching plugin\u003C\u002Fh4>\n\u003Cp>Please note that many of the caching plugins are not compatible with this plugin. The nature of caching is that a dynamically build web page is cached into a static page.\u003Cbr \u002F>\n If a visitor is blocked this plugin sends header data where it supplies info that the page should not be cached. Many plugins however disregard this info and cache the page or the redirect. Resulting in valid visitors receiving a message that they are blocked. This is not a malfunction of this plugin.\u003C\u002Fp>\n\u003Cp>Disclaimer: No guarantees are made but after some light testing the following caching plugins seem to work: Comet Cache, WP Super Cache\u003Cbr \u002F>\nPlugins that do NOT work: W3 Total Cache, Hyper cache, WPRocket\u003C\u002Fp>\n\u003Cp>Warning: Caching & Geo Blocking do not work well together.\u003C\u002Fp>\n\u003Cp>In the best case scenario countries or IP’s you want to block get served a page from cache and when visiting non cached pages they get blocked. This is due to the fact when pages are served from cache the iQ Block Country plugin does not get started and can’t do it’s job.\u003C\u002Fp>\n\u003Cp>If the caching plugin however ignores the caching headers you risk the chance that the block message gets cached and everyone gets to see they are blocked even the countries that you did not block.\u003C\u002Fp>\n\u003Cp>If you’re fine with blocked countries getting served the page from cache then you’re fine using the iQ Block Country plugin.\u003C\u002Fp>\n\u003Cp>If you’re not you should disable either the cache or the Geo Blocking. Or search for another solution outside WordPress (for instance by using the Varnish software) where you can GeoBlock at a caching level.\u003C\u002Fp>\n\u003Ch3>GeoIP API\u003C\u002Fh3>\n\u003Cp>For your convenience we offer a GeoIP API service. This API is not mandatory to use as you can always use the free MaxMind GeoIP Database.\u003C\u002Fp>\n\u003Cp>If you do not want or can’t go through the hassle of updating your MaxMind GeoIP database we provide an API service to convert the IP address of your visitors to a country.\u003C\u002Fp>\n\u003Cp>If you decide to purchase an GeoIP API Key via https:\u002F\u002Fwebence.net you’ll get an eMail with your API Key (License Key).\u003Cbr \u002F>\nOnce you enter this key in your iQ Block Country settings your license key will be validated at our API service and a the nearest API server to you will be chosen. To do this your website will contact all API servers once to request\u003Cbr \u002F>\nan empty file.\u003C\u002Fp>\n\u003Cp>Once you use the API service the IP address of your visitors and your API key are send to one of the API servers and converted to a country. The plugin checks if the visitor should be blocked based on that country or not.\u003C\u002Fp>\n\u003Cp>What is logged on our end?\u003Cbr \u002F>\n* Upon validation of your license key your request will be logged in our webserver logs. (This will be the IP address of your webserver).\u003Cbr \u002F>\n* Upon checking an IP address of your visitor this IP address is only used to convert it to the country it belongs to and is not logged. We have no way to link a visitors IP address to your website.\u003Cbr \u002F>\n  What is logged is your API Key and the Website URL making the request.\u003C\u002Fp>\n\u003Cp>If you decide to purchase the GeoIP API key your chosen payment account will be charged by on a time basis. This subscription will not renew itself unless you subscribed to our service prior to September 2024.\u003C\u002Fp>\n\u003Cp>Privacy policy regarding this service specific can be found here: https:\u002F\u002Fwebence.nl\u002Fwp-content\u002Fuploads\u002F2022\u002F06\u002FPrivacy-Policy-Webence-API.pdf\u003C\u002Fp>\n\u003Ch3>MaxMind Database Usage\u003C\u002Fh3>\n\u003Cp>This plugin uses the Free version of the MaxMind GeoIP2 Country Database. You can also use the paid version but will have to make sure it is uploaded to the same location with the filename of Free database.\u003C\u002Fp>\n\u003Cp>MaxMind Terms of Use: https:\u002F\u002Fwww.maxmind.com\u002Fen\u002Fterms-of-use\u003Cbr \u002F>\nMaxMind Privacy Policy: https:\u002F\u002Fwww.maxmind.com\u002Fen\u002Fprivacy-policy\u003C\u002Fp>\n","Allow or disallow visitors from certain countries accessing (parts of) your website",20000,1194369,78,163,"2026-03-13T14:42:00.000Z","6.9.4","3.5.2","7.4",[20,21,22,23,24],"ban-countries","block","block-countries","block-spam","geoblocking","https:\u002F\u002Fwebence.net\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fiq-block-country.1.2.26.zip",99,5,0,"2022-09-26 00:00:00","2026-03-15T15:16:48.613Z",[33,49,62,76,90],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2022-41155","iq-block-country-country-blocking-bypass","iQ Block Country \u003C= 1.2.18 - Country Blocking Bypass","The iQ Block Country plugin for WordPress is vulnerable to Country Blocking Bypass in versions up to, and including, 1.2.18. This is due to the improperly implemented login page verification check in the iqblockcountry_is_login_page function. This makes it possible for unauthenticated attackers to bypass the country block by including the string 'wp-login' in the URL.",null,"\u003C=1.2.18","1.2.19","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:L\u002FI:N\u002FA:N","Authentication Bypass by Primary Weakness","2024-01-22 19:56:02",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fabc983c6-aa30-4d1b-b6af-99b5ba1c8481?source=api-prod",484,{"id":50,"url_slug":51,"title":52,"description":53,"plugin_slug":4,"theme_slug":38,"affected_versions":54,"patched_in_version":55,"severity":41,"cvss_score":42,"cvss_vector":56,"vuln_type":57,"published_date":58,"updated_date":45,"references":59,"days_to_patch":61},"CVE-2022-1762","iq-block-country-protection-bypass-due-to-ip-spoofing","iQ Block Country \u003C= 1.2.13 - Protection Bypass due to IP Spoofing","The iQ Block Country WordPress plugin through 1.2.13 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers.","\u003C=1.2.13","1.2.17","CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Authorization Bypass Through User-Controlled Key","2022-05-17 00:00:00",[60],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5f388049-b453-406c-abdf-2a51c7abed2d?source=api-prod",616,{"id":63,"url_slug":64,"title":65,"description":66,"plugin_slug":4,"theme_slug":38,"affected_versions":67,"patched_in_version":68,"severity":41,"cvss_score":69,"cvss_vector":70,"vuln_type":71,"published_date":72,"updated_date":45,"references":73,"days_to_patch":75},"CVE-2022-0246","iq-block-country-admin-arbitrary-file-deletion-via-zip-slip","iQ Block Country \u003C 1.2.13 - Admin+ Arbitrary File Deletion via Zip Slip","The settings of the iQ Block Country WordPress plugin before 1.2.13 can be exported or imported using its backup functionality. An authorized user can import preconfigured settings of the plugin by uploading a zip file. After the uploading process, files in the uploaded zip file are extracted one by one. During the extraction process, existence of a file is checked. If the file exists, it is deleted without any security control by only considering the name of the extracted file. This behavior leads to \"Zip Slip\" vulnerability.","\u003C1.2.13","1.2.13",6.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:R\u002FS:U\u002FC:H\u002FI:H\u002FA:H","External Control of File Name or Path","2022-03-16 00:00:00",[74],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F21e3d4a5-aaf3-4f42-8868-cd8c9bccd026?source=api-prod",678,{"id":77,"url_slug":78,"title":79,"description":80,"plugin_slug":4,"theme_slug":38,"affected_versions":81,"patched_in_version":82,"severity":41,"cvss_score":83,"cvss_vector":84,"vuln_type":85,"published_date":86,"updated_date":45,"references":87,"days_to_patch":89},"CVE-2021-36873","wordpress-iq-block-country-authenticated-stored-cross-site-scripting","WordPress iQ Block Country \u003C= 1.2.11 - Authenticated Stored Cross-Site Scripting","Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress iQ Block Country plugin (versions \u003C= 1.2.11). Vulnerable parameter: &blockcountry_blockmessage.","\u003C=1.2.11","1.2.12",5.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2021-09-22 23:26:00",[88],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb01ce539-08f4-48f7-9ddc-56e87a2c91cc?source=api-prod",852,{"id":91,"url_slug":92,"title":93,"description":94,"plugin_slug":4,"theme_slug":38,"affected_versions":95,"patched_in_version":96,"severity":41,"cvss_score":97,"cvss_vector":98,"vuln_type":85,"published_date":99,"updated_date":45,"references":100,"days_to_patch":102},"WF-dcdb5d23-b9fe-495b-8431-f82f22813531-iq-block-country","iq-block-country-reflected-cross-site-scripting","iQ Block Country  \u003C 1.1.20 - Reflected Cross-Site Scripting","The iQ Block Country plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ipaddress’ parameter in versions up to, and including, 1.1.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C1.1.20","1.1.20",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2015-08-24 00:00:00",[101],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fdcdb5d23-b9fe-495b-8431-f82f22813531?source=api-prod",3074,{"slug":104,"display_name":7,"profile_url":8,"plugin_count":105,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":106,"trust_score":13,"computed_at":107},"iqpascal",1,1141,"2026-04-03T21:14:36.579Z",[109,128,150,171,191],{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":117,"downloaded":118,"rating":29,"num_ratings":29,"last_updated":119,"tested_up_to":16,"requires_at_least":120,"requires_php":121,"tags":122,"homepage":125,"download_link":126,"security_score":127,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"admin-country-allowlist","Admin Country Allowlist","1.4.0","Ric","https:\u002F\u002Fprofiles.wordpress.org\u002Fqwebltd\u002F","\u003Cp>By far the simplest country allowlist plugin available for WordPress. Locks admin panel and XMLRPC access to a given list of allowed countries using \u003Ca href=\"https:\u002F\u002Fapis.qweb.co.uk\u002Fip-lookup\u002F\" rel=\"nofollow ugc\">QWeb’s IP to country lookup API\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This is free open source software (FOSS), which you’re welcome to either use as-is, or fork and further develop under the very permissive terms of the \u003Ca href=\"LICENSE\" rel=\"nofollow ugc\">MIT license\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Out of the box, this is most likely the simplest, most efficient plugin for restricting access to your WordPress admin panel to an allowlist of specific countries. Simply install and activate the plugin, obtain an access key via the QWeb Ltd API console, and enter your access key in the plugin settings. The plugin will automatically determine your own country and add this to the allowlist, and you can add other countries to the list as you like.\u003C\u002Fp>\n\u003Cp>Countries are entered as comma separated \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FISO_3166-1_alpha-2#Officially_assigned_code_elements\" rel=\"nofollow ugc\">ISO 3166-1 alpha-2 country codes\u003C\u002Fa> in a single field, making it super easy to copy & paste the same list across multiple websites.\u003C\u002Fp>\n\u003Cp>This plugin also restricts access to the WordPress XMLRPC mechanism, using the same country allowlist.\u003C\u002Fp>\n\u003Cp>You can optionally choose to allow or disallow access through known public proxy servers, even if they’re located in an allowed country.\u003C\u002Fp>\n\u003Cp>The plugin creates a cache of IP information and automatically clears cache files older than one week. This reduces the number of lookup requests and keeps your website responsive, without creating an unnecessarily large cache.\u003C\u002Fp>\n\u003Cp>As a single 25kb file, this is an exceptionally lightweight plugin. Built to be efficient, and using QWeb’s incredibly responsive \u003Ca href=\"https:\u002F\u002Fapis.qweb.co.uk\u002Fip-lookup\u002F\" rel=\"nofollow ugc\">IP lookup API\u003C\u002Fa>, the Admin Country Allowlist plugin should be a part of your standard security kit for any WordPress websites that you manage.\u003C\u002Fp>\n\u003Cp>This plugin relies on \u003Ca href=\"https:\u002F\u002Fapis.qweb.co.uk\u002Fip-lookup\u002F\" rel=\"nofollow ugc\">QWeb’s IP to country lookup API\u003C\u002Fa> for IP to country lookups, and will not function without an active API key from this service. QWeb does provide a FREE tier for this API service, suitable for most websites. Please refer to the \u003Ca href=\"https:\u002F\u002Fapis.qweb.co.uk\u002Fconsole\u002Feula\" rel=\"nofollow ugc\">QWeb Ltd API Terms of Use\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.qweb.co.uk\u002Fprivacy-policy\" rel=\"nofollow ugc\">QWeb Ltd Privacy Policy\u003C\u002Fa>.\u003C\u002Fp>\n","By far the simplest country allowlist plugin available. Locks admin panel and XMLRPC access to a given list of allowed countries.",80,2908,"2025-11-28T11:52:00.000Z","5.8","5.6",[123,20,21,22,124],"ban","security","https:\u002F\u002Fgithub.com\u002Fqwebltd\u002Fwordpress-admin-country-allowlist","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-country-allowlist.1.4.0.zip",100,{"slug":129,"name":130,"version":131,"author":132,"author_profile":133,"description":134,"short_description":135,"active_installs":136,"downloaded":137,"rating":138,"num_ratings":139,"last_updated":140,"tested_up_to":16,"requires_at_least":141,"requires_php":142,"tags":143,"homepage":148,"download_link":149,"security_score":127,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"en-spam","En Spam","1.1","hatul","https:\u002F\u002Fprofiles.wordpress.org\u002Fhatul\u002F","\u003Cp>“En Spam” blocks totally comments and form submissions of bots by cookies and javascript. Bots can’t use cookies and javascript and therefore will not be able to comment.\u003Cbr \u002F>\nUsers that blocking cookies or Javascript can to comment after transfer in special page.\u003C\u002Fp>\n\u003Cp>We protect Elementor Pro and Contact Form 7 (cf7) forms and default comments of WordPress.\u003C\u002Fp>\n\u003Cp>The plugin is transparent to your visitors, only bots will be blocked.\u003C\u002Fp>\n\u003Cp>You can see how many spambots blocked in dashboard widget.\u003C\u002Fp>\n\u003Cp>“En Spam” means “have not spam” in Hebrew.\u003C\u002Fp>\n","Block spam with cookies and JavaScript. All Spambots will remain away from your blog. Without settings or Captcha, install and forget the spam.",600,16567,82,7,"2025-11-30T08:38:00.000Z","2.0","",[144,23,145,146,147],"anti-spam","bot","comment","spam","http:\u002F\u002Fhatul.info\u002Fen-spam","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fen-spam.1.1.zip",{"slug":151,"name":152,"version":153,"author":154,"author_profile":155,"description":156,"short_description":157,"active_installs":136,"downloaded":158,"rating":127,"num_ratings":159,"last_updated":160,"tested_up_to":16,"requires_at_least":161,"requires_php":18,"tags":162,"homepage":168,"download_link":169,"security_score":27,"vuln_count":105,"unpatched_count":29,"last_vuln_date":170,"fetched_at":31},"reoon-email-verifier","Reoon Email Verifier","2.1.1","Reoon Technology","https:\u002F\u002Fprofiles.wordpress.org\u002Freoon\u002F","\u003Cp>Reoon Email Verifier offers a robust solution for verifying email addresses in real-time, protecting your site from spam registrations and enhancing email campaign effectiveness. With over 99% accuracy, our verification service integrates seamlessly with popular WordPress forms, offering broad compatibility and exceptional reliability.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Check email address during the form submission.\u003Cbr \u002F>\n– Can detect valid, invalid, temporary, catch-all, inbox-full, spamtrap addresses.\u003Cbr \u002F>\n– Quick mode verification checks an email within 0.5 seconds.\u003Cbr \u002F>\n– Dynamic detection of disposable and temporary email addresses.\u003Cbr \u002F>\n– Supports most of the free email providers and business\u002Fprofessional emails.\u003Cbr \u002F>\n– Live API for instant verification during user registration (within 0.5 seconds).\u003Cbr \u002F>\n– Verification mode and custom filters can be selected.\u003Cbr \u002F>\n– GDPR compliant, ensuring user data protection and privacy.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Supported WordPress Forms:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Formidable Form\u003Cbr \u002F>\n– Gravity Form\u003Cbr \u002F>\n– Default WordPress Registration Form\u003Cbr \u002F>\n– WooCommerce Checkout Form\u003Cbr \u002F>\n– Contact Form 7\u003Cbr \u002F>\n– Ninja Forms\u003Cbr \u002F>\n– WPForms\u003Cbr \u002F>\n– Elementor Forms\u003Cbr \u002F>\n– Fluent Forms\u003Cbr \u002F>\n– Forminator Forms\u003Cbr \u002F>\n– HappyForms\u003Cbr \u002F>\n– Mail Mint Form\u003Cbr \u002F>\n– Contact Form by BestWebSoft\u003Cbr \u002F>\n– WordPress Comment Form\u003Cbr \u002F>\n– SureCart\u003Cbr \u002F>\n– WS Form\u003Cbr \u002F>\n– JetForm Builder\u003Cbr \u002F>\n– MetForm\u003Cbr \u002F>\n– BuddyForms\u003Cbr \u002F>\n– EverestForms\u003Cbr \u002F>\n– Bitforms\u003C\u002Fp>\n\u003Cp>To learn about the list of features and detailed benefits, please visit \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.reoon.com\u002Femail-verifier\u002F\" rel=\"nofollow ugc\">Reoon Email Verifier\u003C\u002Fa>\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch3>Third-Party Service Usage\u003C\u002Fh3>\n\u003Cp>This plugin integrates with the Reoon Email Verifier service to provide real-time email verification functionality. Through API calls to Reoon Technology’s servers, it verifies email addresses and retrieves account information, using the following endpoints:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Verify email addresses: https:\u002F\u002Femailverifier.reoon.com\u002Fapi\u002Fv1\u002Fverify?email=[email]&mode=[mode]&key=[your_api_key]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>By installing and activating this plugin, you consent to the transmission of email addresses to these URLs for the purpose of verification.\u003C\u002Fp>\n\u003Cp>Data Privacy and Security Commitment: We prioritize your privacy and the security of your data. All submitted email addresses are automatically deleted from our servers after 15 days, ensuring that your data is not stored indefinitely. Furthermore, we do not sell or use the submitted emails for marketing purposes. This practice is part of our commitment to maintaining your trust and complying with data protection regulations.\u003C\u002Fp>\n\u003Cp>The use of the Reoon Email Verifier service is subject to Reoon’s Terms of Service and Privacy Policy, available at:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Terms of Service: https:\u002F\u002Fwww.reoon.com\u002Fterms-and-conditions\u002F\nPrivacy Policy: https:\u002F\u002Fwww.reoon.com\u002Fprivacy-policy\u002F\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>We encourage you to review these documents to understand how Reoon Technology handles and protects your data. It is crucial to ensure that the use of this plugin complies with your website’s privacy policy and any applicable legal obligations concerning data protection and privacy.\u003C\u002Fp>\n","Safeguard your online forms against invalid, temporary, disposable, and harmful email addresses with real-time verification.",6021,3,"2026-01-18T16:36:00.000Z","4.7",[163,164,165,166,167],"block-spam-registration","email-validator","email-verifier","form-email-validation","temporary-email-blocker","https:\u002F\u002Fwww.reoon.com\u002Femail-verifier\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freoon-email-verifier.2.1.1.zip","2025-10-09 00:00:00",{"slug":172,"name":173,"version":174,"author":175,"author_profile":176,"description":177,"short_description":178,"active_installs":136,"downloaded":179,"rating":127,"num_ratings":105,"last_updated":180,"tested_up_to":181,"requires_at_least":120,"requires_php":182,"tags":183,"homepage":188,"download_link":189,"security_score":190,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"toms-recaptcha","TomS reCAPTCHA","1.2.0","TomS Caprice","https:\u002F\u002Fprofiles.wordpress.org\u002Ftomsneddon\u002F","\u003Cp>Integrated Google ReCaptcha for WordPress. Protect the login, register, lostpassword and comment forms. Support Woocommerce, Ultimate Member and more popular forms.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Frecaptcha\" rel=\"nofollow ugc\">\u003Cstrong>Google reCAPTCHA\u003C\u002Fstrong>\u003C\u002Fa> is a free service that protects your site from spam and abuse. It uses advanced risk analysis techniques to tell humans and bots apart.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>Go to \u003Ca href=\"https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fadmin\u002Fcreate\" rel=\"nofollow ugc\">Google reCAPTCHA\u003C\u002Fa> to get the \u003Cstrong>Site key\u003C\u002Fstrong> and \u003Cstrong>Secret key\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4>reCAPTCHA Type:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>reCAPTCHA \u003Cstrong>v3\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>reCAPTCHA \u003Cstrong>v2 Checkbox\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>reCAPTCHA \u003Cstrong>v2 Invisible\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Supported Form List\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress default login form\u003C\u002Fli>\n\u003Cli>WordPress default register form\u003C\u002Fli>\n\u003Cli>WordPress default lostpassword form\u003C\u002Fli>\n\u003Cli>\n\u003Cp>WordPress default comment form\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">\u003Cstrong>Woocommerce\u003C\u002Fstrong>\u003C\u002Fa> login form\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">\u003Cstrong>Woocommerce\u003C\u002Fstrong>\u003C\u002Fa> register form\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">\u003Cstrong>Woocommerce\u003C\u002Fstrong>\u003C\u002Fa> lostpassword form\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">\u003Cstrong>Woocommerce\u003C\u002Fstrong>\u003C\u002Fa> checkout Billing form\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Add a shortcode \u003Cstrong>[toms_woo_register_form]\u003C\u002Fstrong> for \u003Cstrong>woocommerce register form\u003C\u002Fstrong> on any page you want.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fultimate-member\u002F\" rel=\"ugc\">\u003Cstrong>Ultimate Member\u003C\u002Fstrong>\u003C\u002Fa> login form\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fultimate-member\u002F\" rel=\"ugc\">\u003Cstrong>Ultimate Member\u003C\u002Fstrong>\u003C\u002Fa> register form\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fultimate-member\u002F\" rel=\"ugc\">\u003Cstrong>Ultimate Member\u003C\u002Fstrong>\u003C\u002Fa> lostpassword form\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcontact-form-block\u002F\" rel=\"ugc\">\u003Cstrong>Contact Form Block\u003C\u002Fstrong>\u003C\u002Fa> Contact Form Block\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>more support forms comming soon…\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Option settings\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Verify API : \u003Cstrong>Google.com\u003C\u002Fstrong>\u002F\u003Cstrong>Recaptcha.net\u003C\u002Fstrong> \u003Cstrong>—Notice:—\u003C\u002Fstrong> Some country can not use Google verify API, that means Google verify API will not work, even using vpn. If google.com not work try use Recaptcha.net\u003C\u002Fli>\n\u003Cli>reCAPTCHA v2 (Checkbox)  Theme: \u003Cstrong>Light\u003C\u002Fstrong>\u002F\u003Cstrong>Dark\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>reCAPTCHA v2 (Invisible) Badge: \u003Cstrong>Bottom Right\u003C\u002Fstrong>\u002F\u003Cstrong>Bottom Left\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Custom reCAPTCHA Language\u003C\u002Fh4>\n\u003Ch4>Translation ready\u003C\u002Fh4>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cp>Reliance upon any non-English translation is at your own risk; TomS reCAPTCHA can give no guarantees that translations from the original English are accurate.\u003C\u002Fp>\n\u003Cp>We recognise and thank those mentioned at https:\u002F\u002Ftoms-caprice.org\u002Ftranslations for code and\u002For libraries used and\u002For modified under the terms of their open source licences.\u003C\u002Fp>\n","Integrated Google ReCaptcha for WordPress.Protect the login, register, lostpassword and comment forms. Support Woocommerce, Ultimate Member and more p &hellip;",16563,"2023-03-29T08:59:00.000Z","6.2.9","7.0",[184,185,186,187,172],"block-spam-comments","captcha","nocaptcha","recaptcha","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftoms-recaptcha","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftoms-recaptcha.1.2.0.zip",85,{"slug":192,"name":193,"version":194,"author":195,"author_profile":196,"description":197,"short_description":198,"active_installs":199,"downloaded":200,"rating":127,"num_ratings":201,"last_updated":202,"tested_up_to":203,"requires_at_least":204,"requires_php":142,"tags":205,"homepage":206,"download_link":207,"security_score":208,"vuln_count":105,"unpatched_count":29,"last_vuln_date":209,"fetched_at":31},"stop-comment-spam","Stop Comment Spam","0.5.4","pedjas","https:\u002F\u002Fprofiles.wordpress.org\u002Fpedjas\u002F","\u003Cp>If you use Akismet, you are likely happy how it recognizes spam, but probably it still bothers you that you have to check recognized spam and reject it. If your blog is target of heavy spam, you may get large number of spams a day, and although Akismet prevents spam to show up on your blog, you still have to administer (delete) it.\u003C\u002Fp>\n\u003Cp>Stop Comment Spam jumps in that place. It is very likely that you may identify large amount of spam by very precise keywords, and if spam contains specified keyword, it may undoubtedly be considered as 100% spam and rejected without need for Akismet or you to interfere.\u003C\u002Fp>\n\u003Cp>For instance, my blog is overwhelmed by, what we call Russian spam. Thing is that my blog uses Cyrillic alphabet, and Russian spammers recognize that, so they pay more attention to spam it with comments containing Russian language. As my blog is not in Russian language, I needed tool to recognize if Russian language is used in a comment, and if that is the case, to simply reject it. That is how this plugin became. It also helps a lot with Chinese spam and other verious automated spammers.\u003C\u002Fp>\n\u003Cp>You may use it to prevent using obscene words or other unwanted words in comments posted on your site. You just define list of words that are unacceptable, and any comment containing any of them would be rejected.\u003C\u002Fp>\n\u003Cp>Also, you may set similar keyword rules for comment author web site URL. If you have some nasty spammer that is persistent to advertise his site, you just put his site url in forbidden url list and he is gone, any comment using that site as commenter site URL will be rejected.\u003C\u002Fp>\n\u003Cp>There is option to limit number of allowed links in comment text. That would help stopping link spammers. All you have to do is set number of allowed links within comment. If spammer posts one more than allowed, his comment will be refused.\u003C\u002Fp>\n\u003Cp>This plugin is simple and straightforward. It will help you to filter out exact words or phrases, but it is not strong against more profane spammers. But, that is what Akismet is for. This plugin works as Akismet companion. It filters out obvious spam and lets Akismed deal with rest.\u003C\u002Fp>\n\u003Cp>Author uses this plugin personally since year 2009, and it prooved to be very helpful. It stopped two times more spamm comments than Akismet. This does not mean Akismet is worse, just that two thirds of spam comming to my blog were so obvious that simple tool like StopCommentSpam could handle it leaving Akismet to deal with less but more delicate spam.\u003C\u002Fp>\n\u003Ch3>Keyword examples\u003C\u002Fh3>\n\u003Cp>To stop spam comments using Russian language add these as forbidden comments contents:\u003C\u002Fp>\n\u003Cp>ы\u003C\u002Fp>\n\u003Cp>ю\u003C\u002Fp>\n\u003Cp>щ\u003C\u002Fp>\n\u003Cp>я\u003C\u002Fp>\n\u003Cp>э\u003C\u002Fp>\n\u003Cp>ь\u003C\u002Fp>\n\u003Cp>й\u003C\u002Fp>\n\u003Cp>ё\u003C\u002Fp>\n\u003Cp>пасибо\u003C\u002Fp>\n\u003Cp>что\u003C\u002Fp>\n\u003Cp>все\u003C\u002Fp>\n\u003Cp>Все\u003C\u002Fp>\n\u003Cp>Мне\u003C\u002Fp>\n\u003Cp>мне\u003C\u002Fp>\n\u003Cp>автор\u003C\u002Fp>\n\u003Cp>Что\u003C\u002Fp>\n\u003Cp>To stop some spam linking to spam or malicious sitees ad these to forbidden URL contents:\u003C\u002Fp>\n\u003Cp>.cn\u003C\u002Fp>\n\u003Cp>healthcare\u003C\u002Fp>\n\u003Cp>drugstore\u003C\u002Fp>\n\u003Cp>mail\u003C\u002Fp>\n\u003Cp>loan\u003C\u002Fp>\n\u003Cp>finance\u003C\u002Fp>\n\u003Cp>insurance\u003C\u002Fp>\n\u003Cp>viagra\u003C\u002Fp>\n\u003Cp>baidu.com\u003C\u002Fp>\n\u003Cp>clearance\u003C\u002Fp>\n\u003Cp>forum\u003C\u002Fp>\n\u003Cp>xxx\u003C\u002Fp>\n\u003Cp>topic\u003C\u002Fp>\n\u003Cp>gscraper\u003C\u002Fp>\n\u003Cp>jimdo\u003C\u002Fp>\n\u003Cp>nikeschuhe\u003C\u002Fp>\n\u003Cp>jordan\u003C\u002Fp>\n\u003Cp>discount\u003C\u002Fp>\n\u003Cp>money\u003C\u002Fp>\n\u003Cp>pharmacy\u003C\u002Fp>\n","Stop Comment Spam treats any comment by predefined rules to stop spam. It is supposed to be used as additional measure for any other antispam tool esp &hellip;",400,6864,4,"2024-12-24T10:24:00.000Z","6.7.5","2.6.1",[23,146,147],"http:\u002F\u002Fpedja.supurovic.net\u002Fstop-comment-spam","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstop-comment-spam.zip",91,"2025-01-16 00:00:00",{"attackSurface":211,"codeSignals":277,"taintFlows":293,"riskAssessment":294,"analyzedAt":306},{"hooks":212,"ajaxHandlers":273,"restRoutes":274,"shortcodes":275,"cronEvents":276,"entryPointCount":29,"unprotectedCount":29},[213,219,223,227,231,235,241,244,248,251,255,258,262,266,269],{"type":214,"name":215,"callback":216,"file":217,"line":218},"action","admin_enqueue_scripts","iqbc_add_my_scripts","iq-block-country.php",248,{"type":214,"name":220,"callback":221,"priority":105,"file":217,"line":222},"init","iqblockcountry_checkCountryBackEnd",255,{"type":214,"name":224,"callback":225,"priority":105,"file":217,"line":226},"wp","iqblockcountry_checkCountryFrontEnd",258,{"type":214,"name":228,"callback":229,"file":217,"line":230},"admin_init","iqblockcountry_localization",266,{"type":214,"name":232,"callback":233,"file":217,"line":234},"admin_menu","iqblockcountry_create_menu",267,{"type":236,"name":237,"callback":238,"priority":239,"file":217,"line":240},"filter","update_option_blockcountry_tracking","iqblockcountry_schedule_tracking",10,268,{"type":236,"name":242,"callback":238,"priority":239,"file":217,"line":243},"add_option_blockcountry_tracking",269,{"type":236,"name":245,"callback":246,"priority":239,"file":217,"line":247},"update_option_blockcountry_apikey","iqblockcountry_schedule_retrieving",270,{"type":236,"name":249,"callback":246,"priority":239,"file":217,"line":250},"add_option_blockcountry_apikey",271,{"type":236,"name":252,"callback":253,"priority":239,"file":217,"line":254},"update_option_blockcountry_debuglogging","iqblockcountry_blockcountry_debuglogging",273,{"type":236,"name":256,"callback":253,"priority":239,"file":217,"line":257},"add_option_blockcountry_debuglogging",274,{"type":214,"name":259,"callback":260,"file":217,"line":261},"blockcountry_tracking","iqblockcountry_tracking",275,{"type":214,"name":263,"callback":264,"file":217,"line":265},"blockcountry_retrievebanlist","iqblockcountry_tracking_retrieve_xml",276,{"type":214,"name":220,"callback":267,"priority":105,"file":217,"line":268},"iqblockcountry_buffer",278,{"type":214,"name":270,"callback":271,"file":217,"line":272},"shutdown","iqblockcountry_buffer_flush",279,[],[],[],[],{"dangerousFunctions":278,"sqlUsage":279,"outputEscaping":284,"fileOperations":29,"externalRequests":29,"nonceChecks":105,"capabilityChecks":29,"bundledLibraries":289},[],{"prepared":29,"raw":105,"locations":280},[281],{"file":217,"line":282,"context":283},214,"$wpdb->get_results() with variable interpolation",{"escaped":201,"rawEcho":105,"locations":285},[286],{"file":217,"line":287,"context":288},226,"raw output",[290],{"name":291,"version":38,"knownCves":292},"Guzzle",[],[],{"summary":295,"deductions":296},"The 'iq-block-country' plugin, version 1.2.26, presents a mixed security posture.  While the static analysis reveals a commendable lack of direct attack surface entry points like unprotected AJAX handlers, REST API routes, or shortcodes, and no identified taint flows, there are significant areas of concern.  The plugin's historical vulnerability record is alarming, with a total of 5 known CVEs, all of medium severity. These past vulnerabilities indicate a pattern of security weaknesses, specifically including Authentication Bypass, Authorization Bypass, External Control of File Name or Path, and Cross-Site Scripting. The fact that all past vulnerabilities are currently unpatched is a major red flag.\n\nDespite the absence of immediate threats in the current static analysis, the historical data strongly suggests a propensity for the plugin to harbor security flaws. The presence of raw SQL queries without prepared statements, even if only one is found, coupled with a relatively high percentage of unescaped output (20%), indicates potential vulnerabilities that might have been missed or have yet to be exploited. The bundled Guzzle library, while not inherently problematic, requires attention to ensure it's up-to-date and doesn't introduce its own vulnerabilities. The absence of capability checks on entry points is also a concern, although currently the entry points are zero. Overall, while the current version appears to have addressed immediate static analysis threats, the plugin's history warrants extreme caution and suggests that users should remain vigilant and prioritize updating to a version that has demonstrably fixed all past security issues.",[297,300,302,304],{"reason":298,"points":299},"Past vulnerabilities present (medium severity)",20,{"reason":301,"points":28},"Raw SQL without prepared statements",{"reason":303,"points":201},"Unescaped output (20% of outputs)",{"reason":305,"points":159},"Bundled library (Guzzle) - potential for outdatedness","2026-03-16T17:27:29.162Z",{"wat":308,"direct":319},{"assetPaths":309,"generatorPatterns":313,"scriptPaths":314,"versionParams":315},[310,311,312],"\u002Fwp-content\u002Fplugins\u002Fiq-block-country\u002Fchosen.css","\u002Fwp-content\u002Fplugins\u002Fiq-block-country\u002Fjs\u002Fchosen.jquery.js","\u002Fwp-content\u002Fplugins\u002Fiq-block-country\u002Fjs\u002Fchosen.custom.js",[],[],[316,317,318],"iq-block-country\u002Fchosen.css?ver=","iq-block-country\u002Fjs\u002Fchosen.jquery.js?ver=","iq-block-country\u002Fjs\u002Fchosen.custom.js?ver=",{"cssClasses":320,"htmlComments":321,"htmlAttributes":322,"restEndpoints":323,"jsGlobals":324,"shortcodeOutput":343},[],[],[],[],[325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342],"CHOSENJS","CHOSENCSS","CHOSENCUSTOM","IQBCMAXMINDURL","IQBCGEOIP2DBFILE","IQBCTRACKINGURL","IQBCBANLISTRETRIEVEURL","GEOIPAPIURL","GEOIPAPIURLEU3","GEOIPAPIURLUS","GEOIPAPIURLUS2","GEOIPAPIURLUS3","GEOIPAPICHECKURL","GEOIPAPILICENSEURL","GEOIPAPILICENSECHECKURL","GEOIPAPICHECKUSAGEURL","ADMINAPICHECKURL","GEOIPAPITOKEN",[]]