[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fbS0vx675lcgbLUQJsuYWhOwhJAxmtsAyH_CbICuPRBE":3,"$fDd8gMyKmzhfz-dlPdEYUro0XsEFGBb9mKSr1KTgd30o":216,"$fylwZE7tftoywrhyJujjrABu7yhWgjqM2svzeplDEkVo":221},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":22,"download_link":23,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26,"discovery_status":27,"vulnerabilities":28,"developer":29,"crawl_stats":25,"alternatives":34,"analysis":119,"fingerprints":177},"jetbuilder-daily-comment-limit","JetBuilder Daily Comment Limit","1.1.2","jetbuilder","https:\u002F\u002Fprofiles.wordpress.org\u002Fjetbuilder\u002F","\u003Cp>Tired of bots submitting hundreds of spam comments in a minute and consuming your database resources? “Limit Daily Comments” is a pure, zero-configuration micro-plugin that intercepts traffic before it enters your spam box. Developed lovingly by the JetBuilder team.\u003C\u002Fp>\n\u003Cp>Features:\u003Cbr \u002F>\n* Blocks users\u002Fbots from making more than a specific amount of comments per 24 hours via the same IP.\u003Cbr \u002F>\n* Ability to set a site-wide global daily comment limit to protect your server.\u003Cbr \u002F>\n* Beautifully designed backend UI dashboard statistics to track your blocked hits today and total hits.\u003Cbr \u002F>\n* Completely blocks connections using lightweight HTTP Error 429 (Too Many Requests), avoiding database server overload.\u003Cbr \u002F>\n* Bypasses Admins automatically.\u003Cbr \u002F>\n* Compatible with CDNs like Cloudflare (correctly retrieves X-Forwarded-For IP).\u003Cbr \u002F>\n* Extremely fast logic with zero overhead footprint.\u003C\u002Fp>\n","A lightweight plugin to block comment spammers by restricting the number of comments an IP can make per day. Includes a beautiful dashboard stats widg …",0,58,"2026-04-06T08:19:00.000Z","6.9.4","5.0","7.0",[18,19,20,21],"anti-spam","comments","rate-limit","security","https:\u002F\u002FJetBuilder.com\u002Fplugins\u002Fjetbuilder-daily-comment-limit\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjetbuilder-daily-comment-limit.1.1.2.zip",100,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":11,"avg_security_score":24,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},1,30,94,"2026-05-19T20:15:59.933Z",[35,52,71,87,106],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":24,"num_ratings":30,"last_updated":45,"tested_up_to":14,"requires_at_least":15,"requires_php":46,"tags":47,"homepage":50,"download_link":51,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"spam-comment-remover","Spam Comment Remover","4.0","Sahil Dadwal","https:\u002F\u002Fprofiles.wordpress.org\u002Fsahildadwal\u002F","\u003Cp>Spam Comment Remover is a lightweight, zero-setup WordPress plugin that automatically stops spam comments and silently removes them.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Universal spam detection engine  \u003C\u002Fli>\n\u003Cli>Blocks hidden links, disguised URLs, BBCode, anchor tags  \u003C\u002Fli>\n\u003Cli>Blocks gibberish, AI-generated text patterns, random strings  \u003C\u002Fli>\n\u003Cli>Auto-deletes \u003Cem>pending\u003C\u002Fem> and \u003Cem>spam\u003C\u002Fem> comments after activation  \u003C\u002Fli>\n\u003Cli>Keeps admin-approved comments safe  \u003C\u002Fli>\n\u003Cli>No conflict with any plugin or theme  \u003C\u002Fli>\n\u003Cli>Removes “Website” field from the comment form  \u003C\u002Fli>\n\u003Cli>Fully automated system — no settings required  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Perfect for bloggers, businesses, portfolio sites, and WooCommerce stores.\u003C\u002Fp>\n","Automatically remove spam comments without Akismet. Universal spam detection that blocks junk, hidden links, fake names, gibberish, and automated subm …",70,1640,"2025-12-08T18:11:00.000Z","8.0",[18,48,19,21,49],"cleaner","spam","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fspam-comment-remover\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fspam-comment-remover.4.0.zip",{"slug":53,"name":54,"version":55,"author":56,"author_profile":57,"description":58,"short_description":59,"active_installs":60,"downloaded":61,"rating":11,"num_ratings":11,"last_updated":62,"tested_up_to":63,"requires_at_least":64,"requires_php":65,"tags":66,"homepage":68,"download_link":69,"security_score":70,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"back-list","Back List","0.5","w3prodigy","https:\u002F\u002Fprofiles.wordpress.org\u002Fw3prodigy\u002F","\u003Cp>Adds Whitelist and Blacklist options for Trackbacks and Pingbacks as well as the option to auto-accept Trackbacks from your own blog. These options can be found on the Discussion Options page.\u003C\u002Fp>\n","Adds Whitelist and Blacklist options for Trackbacks and Pingbacks",10,2263,"2010-09-07T16:01:00.000Z","3.0.5","3.0","",[18,67,19,21],"blacklist","http:\u002F\u002Fw3prodigy.com\u002Fwordpress-plugins\u002Fback-list\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fback-list.zip",85,{"slug":72,"name":73,"version":74,"author":75,"author_profile":76,"description":77,"short_description":78,"active_installs":60,"downloaded":79,"rating":11,"num_ratings":11,"last_updated":80,"tested_up_to":81,"requires_at_least":82,"requires_php":65,"tags":83,"homepage":85,"download_link":86,"security_score":70,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"wp-mail-validator","WP-Mail-Validator","0.6.5","kimpenhaus","https:\u002F\u002Fprofiles.wordpress.org\u002Fkimpenhaus\u002F","\u003Cp>WP-Mail-Validator is an anti-spam plugin. It provides mail-address validation in 5 ways:\u003C\u002Fp>\n\u003Col>\n\u003Cli>syntax of mail-addresses\u003C\u002Fli>\n\u003Cli>mailserver host\u003C\u002Fli>\n\u003Cli>mx-record of mailserver\u003C\u002Fli>\n\u003Cli>user-defined blacklist\u003C\u002Fli>\n\u003Cli>trashmail services\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Once the plugin identifies a mail-address to be non existing on the mailserver or being on the blacklist or\u003Cbr \u002F>\nfrom trashmail service, any comment being made is moved to the spam area awaiting moderation from the blog owner.\u003C\u002Fp>\n\u003Ch3>Theme-Modification\u003C\u002Fh3>\n\u003Cp>WP-Mail-Validator comes with 3 theme functions that can be used:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Ccode>wp_mail_validator_info_label()\u003C\u002Fcode>: shows a protected by info label\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp_mail_validator_version()\u003C\u002Fcode>: shows the current plugin version\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp_mail_validator_fended_spam_attack_count()\u003C\u002Fcode>: shows the count of spam attackes fended\u003C\u002Fli>\n\u003C\u002Fol>\n","WP-Mail-Validator is an anti-spam plugin. It provides mail-address validation in 5 ways:",3235,"2020-04-13T17:37:00.000Z","5.4.19","5.2.0",[18,67,19,21,84],"trashmail","https:\u002F\u002Fgithub.com\u002Fkimpenhaus\u002Fwp-mail-validator","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-mail-validator.0.6.5.zip",{"slug":88,"name":89,"version":90,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":11,"downloaded":95,"rating":24,"num_ratings":30,"last_updated":96,"tested_up_to":97,"requires_at_least":98,"requires_php":99,"tags":100,"homepage":104,"download_link":105,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"comments-firewall","Comments Firewall","1.0.2","korchix","https:\u002F\u002Fprofiles.wordpress.org\u002Fkorchix\u002F","\u003Cp>Comments Firewall is a powerful anti-spam plugin that provides enterprise-grade firewall protection for your WordPress comments. It blocks spam before it reaches your database, eliminating the need for manual moderation while maintaining full compatibility with your theme and existing comment system.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Remove Website Field\u003C\u002Fstrong>: Completely eliminates the website field from comment forms to prevent URL submissions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smart Link Blocking\u003C\u002Fstrong>: Two-mode protection system (Balanced\u002FStrict) blocks HTTP\u002FHTTPS links with advanced pattern detection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Author Name Protection\u003C\u002Fstrong>: Blocks links in commenter names to prevent sophisticated spam attempts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Submission Control\u003C\u002Fstrong>: Granular control over comment submission methods (Form, REST API, XML-RPC)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Force URL Clearing\u003C\u002Fstrong>: Ensures all author URLs are cleared on submission, regardless of input method\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Statistics Dashboard\u003C\u002Fstrong>: Real-time tracking of blocked spam comments with visual dashboard widget\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multilingual Ready\u003C\u002Fstrong>: Full translations in 5 languages (English, Spanish, French, German, Arabic with RTL support)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Optional Branding Badge\u003C\u002Fstrong>: Customizable “Protected by Comments Firewall” badge for your site\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Theme Compatible\u003C\u002Fstrong>: Works with any theme using standard WordPress comment hooks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight & Secure\u003C\u002Fstrong>: Zero performance impact with admin-only security controls\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>How It Works:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The plugin operates on multiple levels to ensure comprehensive spam protection:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>Form Level\u003C\u002Fstrong>: Removes website fields from comment forms via WordPress hooks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Validation Level\u003C\u002Fstrong>: Blocks submissions containing HTTP\u002FHTTPS patterns before they’re saved\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Method Level\u003C\u002Fstrong>: Controls which submission methods (form, API, XML-RPC) are allowed\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Perfect For:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Site owners experiencing backlink spam in comments\u003C\u002Fli>\n\u003Cli>Site owners wanting to avoid the hassle of manually managing spam comments\u003C\u002Fli>\n\u003Cli>Sites that want to maintain existing comments while preventing new spam\u003C\u002Fli>\n\u003Cli>Anyone looking for a plugin that blocks all comments containing a link\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin maintains full backward compatibility and won’t disrupt your existing comment workflow or database structure.\u003C\u002Fp>\n","Firewall protection for comments. Blocks spam before it reaches your database with automatic link filtering and zero manual moderation.",217,"2025-10-23T12:12:00.000Z","6.8.5","6.0","7.4",[18,101,102,103,21],"antispam","disable-comments","firewall","https:\u002F\u002Fkorchix.com\u002Fcomments-firewall","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomments-firewall.1.0.2.zip",{"slug":107,"name":108,"version":109,"author":110,"author_profile":111,"description":112,"short_description":113,"active_installs":11,"downloaded":114,"rating":11,"num_ratings":11,"last_updated":115,"tested_up_to":97,"requires_at_least":15,"requires_php":99,"tags":116,"homepage":65,"download_link":118,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"manzari-anti-spam-shield","Manzari Anti-Spam Shield","1.4.6","Gerry Manzari","https:\u002F\u002Fprofiles.wordpress.org\u002Fmanzari\u002F","\u003Cp>\u003Cstrong>Manzari Anti-Spam Shield\u003C\u002Fstrong> protects your WordPress comment forms from automated spam using multiple layers of defense:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>🔒 Hidden honeypot field to catch bots\u003C\u002Fli>\n\u003Cli>⏱️ Submission timing detection to block fast spam bots\u003C\u002Fli>\n\u003Cli>🧠 Keyword blocking for suspicious phrases\u003C\u002Fli>\n\u003Cli>✅ Optional Google reCAPTCHA v2 Checkbox\u003C\u002Fli>\n\u003Cli>📊 Dashboard widget showing total spam blocked\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Lightweight, fast, and privacy-friendly — no unnecessary external calls (unless you enable reCAPTCHA).\u003Cbr \u002F>\nBuilt for performance, simplicity, and full WordPress.org compliance.\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin uses Google reCAPTCHA v2 to help protect comment forms from automated spam.\u003C\u002Fp>\n\u003Cp>When reCAPTCHA is enabled, the plugin loads the Google reCAPTCHA script from:\u003Cbr \u002F>\nhttps:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fapi.js\u003C\u002Fp>\n\u003Cp>When a comment form is submitted, the plugin sends the following data to Google for verification:\u003Cbr \u002F>\n• The reCAPTCHA response token\u003Cbr \u002F>\n• The user’s IP address\u003Cbr \u002F>\n• Your site’s secret key\u003C\u002Fp>\n\u003Cp>This verification request is sent to:\u003Cbr \u002F>\nhttps:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fapi\u002Fsiteverify\u003C\u002Fp>\n\u003Cp>Google reCAPTCHA is provided by Google LLC.\u003Cbr \u002F>\nTerms of Service: https:\u002F\u002Fpolicies.google.com\u002Fterms\u003Cbr \u002F>\nPrivacy Policy: https:\u002F\u002Fpolicies.google.com\u002Fprivacy\u003C\u002Fp>\n","A lightweight anti-spam plugin using honeypot, timing, keyword, and reCAPTCHA v2 Checkbox protection. Blocks bots silently while keeping UX clean.",165,"2025-11-15T22:39:00.000Z",[18,19,117,21,49],"recaptcha","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmanzari-anti-spam-shield.1.4.6.zip",{"attackSurface":120,"codeSignals":148,"taintFlows":167,"riskAssessment":168,"analyzedAt":176},{"hooks":121,"ajaxHandlers":144,"restRoutes":145,"shortcodes":146,"cronEvents":147,"entryPointCount":11,"unprotectedCount":11},[122,127,131,135,139],{"type":123,"name":124,"callback":125,"file":126,"line":31},"action","admin_menu","add_settings_menu","jetbuilder-daily-comment-limit.php",{"type":123,"name":128,"callback":129,"file":126,"line":130},"admin_init","register_plugin_settings",31,{"type":123,"name":132,"callback":133,"file":126,"line":134},"admin_enqueue_scripts","enqueue_admin_assets",34,{"type":123,"name":136,"callback":137,"file":126,"line":138},"wp_dashboard_setup","register_dashboard_widget",36,{"type":140,"name":141,"callback":142,"priority":60,"file":126,"line":143},"filter","preprocess_comment","intercept_comment_submission",37,[],[],[],[],{"dangerousFunctions":149,"sqlUsage":150,"outputEscaping":153,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":151,"bundledLibraries":166},[],{"prepared":151,"raw":11,"locations":152},3,[],{"escaped":154,"rawEcho":155,"locations":156},11,4,[157,160,162,164],{"file":126,"line":158,"context":159},107,"raw output",{"file":126,"line":161,"context":159},115,{"file":126,"line":163,"context":159},157,{"file":126,"line":165,"context":159},161,[],[],{"summary":169,"deductions":170},"The \"jetbuilder-daily-comment-limit\" plugin version 1.1.2 exhibits a strong security posture based on the provided static analysis.  The plugin has a very small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events.  Crucially, there are no unprotected entry points, indicating that all interactions are intended to be secured. The code analysis also reveals good development practices, with all SQL queries utilizing prepared statements and a majority of output being properly escaped. There are also capability checks in place for the queries, which is a positive security measure. The absence of dangerous functions, file operations, and external HTTP requests further contributes to its secure design.\n\nHowever, the analysis does flag a couple of areas that could be improved. While the percentage of properly escaped output is good (73%), it's not 100%. This means there's a slight risk of cross-site scripting (XSS) vulnerabilities if the unescaped outputs are user-controllable. The complete lack of taint analysis results (0 flows analyzed) is unusual for a plugin that performs any kind of data processing or output, and while it indicates no *found* critical or high severity issues, it also suggests that a thorough taint analysis might not have been performed, or that the plugin's functionality is extremely limited. The vulnerability history is excellent, with zero recorded CVEs, suggesting a history of secure development or minimal exposure.\n\nIn conclusion, \"jetbuilder-daily-comment-limit\" v1.1.2 appears to be a secure plugin with a minimal attack surface and good coding practices. The primary area for improvement lies in ensuring all output is fully escaped to eliminate any potential XSS vectors. The lack of taint flow analysis, while not indicative of a current vulnerability, is a minor concern regarding the completeness of the security audit.",[171,174],{"reason":172,"points":173},"Unescaped output found",5,{"reason":175,"points":151},"No taint analysis performed","2026-04-16T13:51:05.684Z",{"wat":178,"direct":185},{"assetPaths":179,"generatorPatterns":181,"scriptPaths":182,"versionParams":183},[180],"\u002Fwp-content\u002Fplugins\u002Fjetbuilder-daily-comment-limit\u002Fassets\u002Fadmin-style.css",[],[],[184],"jetbuilder-daily-comment-limit\u002Fassets\u002Fadmin-style.css?ver=",{"cssClasses":186,"htmlComments":208,"htmlAttributes":210,"restEndpoints":213,"jsGlobals":214,"shortcodeOutput":215},[187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207],"jetbuilder-wrap","jb-header","jb-badge","jb-card","jb-form-group","jb-label","jb-input-wrapper","jb-input","jb-hint","jb-button","jb-footer","jb-dash-stats-wrap","jb-dash-intro","jb-dash-boxes","jb-dash-box","jb-dash-box-today","jb-dash-num","jb-dash-today-color","jb-dash-label","jb-dash-box-total","jb-dash-total-color",[209],"\u003C!-- Designed & Developed lovingly by \u003Cstrong>JetBuilder\u003C\u002Fstrong> -->",[211,212],"name=\"jetbuilder_cd_settings[max_per_ip]\"","name=\"jetbuilder_cd_settings[max_total]\"",[],[],[],{"error":217,"url":218,"statusCode":219,"statusMessage":220,"message":220},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fjetbuilder-daily-comment-limit\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":30,"versions":222},[223],{"version":6,"download_url":23,"svn_tag_url":224,"released_at":25,"has_diff":225,"diff_files_changed":226,"diff_lines":25,"trac_diff_url":25,"vulnerabilities":227,"is_current":217},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fjetbuilder-daily-comment-limit\u002Ftags\u002F1.1.2\u002F",false,[],[]]