Does LH Zero Spam have any unpatched vulnerabilities?

No. All known vulnerabilities in LH Zero Spam have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is LH Zero Spam compatible with WordPress 6.0.11?

According to WordPress.org data, LH Zero Spam 1.13 has been tested up to WordPress 6.0.11. Check the plugin's changelog for the latest compatibility information.

Is LH Zero Spam compatible with PHP 7.0+?

LH Zero Spam requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is LH Zero Spam updated?

LH Zero Spam was last updated on Oct 14, 2022. Frequent updates are generally a positive security signal.

What is LH Zero Spam's security score?

LH Zero Spam has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

LH Zero Spam Security & Risk Analysis

wordpress.org/plugins/lh-zero-spam

Zero Spam makes blocking spam comments and registrations easy.

200 active installs v1.13 PHP 7.0+ WP 4.0+ Updated Oct 14, 2022

anti-spamantispamcomment-spamcommentsspam

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is LH Zero Spam Safe to Use in 2026?

Generally Safe

Score 85/100

LH Zero Spam has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The lh-zero-spam plugin v1.13 exhibits a generally strong security posture based on the provided static analysis. The absence of identified CVEs in its history is a positive indicator. The plugin also demonstrates good practices by exclusively using prepared statements for SQL queries and incorporating a significant number of nonce checks. Furthermore, the attack surface appears to be minimal, with no exposed AJAX handlers, REST API routes, shortcodes, or cron events that are unprotected. The plugin also avoids external HTTP requests and file operations, which are common vectors for vulnerabilities.

However, there are areas for improvement. The most significant concern is the low percentage of properly escaped output (33%). This suggests a potential risk for Cross-Site Scripting (XSS) vulnerabilities, particularly if user-supplied data is being rendered without adequate sanitization. The lack of capability checks, while not inherently a vulnerability in itself, means that access control relies solely on WordPress's default mechanisms. If any of the limited entry points were to be exploited in conjunction with other factors, the absence of specific capability checks could exacerbate the impact.

In conclusion, lh-zero-spam v1.13 is off to a good start with its secure coding practices, particularly concerning SQL injection and its limited attack surface. The absence of historical vulnerabilities is reassuring. The primary weakness identified is the insufficient output escaping, which warrants attention to prevent potential XSS attacks. Addressing this would significantly strengthen its overall security.

Key Concerns

Low percentage of properly escaped output

Vulnerabilities

None known

LH Zero Spam Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

LH Zero Spam Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

33% escaped6 total outputs

Attack Surface

LH Zero Spam Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 27

actionwp_footerincludes\lh-register-file-class.php:181

actionembed_footerincludes\lh-register-file-class.php:182

filterlh_web_application_precache_static_urls_filterincludes\lh-register-file-class.php:190

filterscript_loader_tagincludes\lh-register-file-class.php:236

filterstyle_loader_tagincludes\lh-register-file-class.php:237

filtercomment_form_default_fieldslh-zero-spam.php:357

actionpreprocess_commentlh-zero-spam.php:358

actioncomment_formlh-zero-spam.php:359

filtercomment_form_defaultslh-zero-spam.php:360

actionlogin_formlh-zero-spam.php:364

filterauthenticatelh-zero-spam.php:365

filterindieauth_authorization_formlh-zero-spam.php:366

actionregister_formlh-zero-spam.php:369

actionlh_bp_check_ins-register_form_shortcode_outputlh-zero-spam.php:370

filterregistration_errorslh-zero-spam.php:371

filterbp_core_validate_user_signuplh-zero-spam.php:372

actionlh_bp_better_signup-register_form_shortcode_outputlh-zero-spam.php:375

actionbp_before_account_details_fieldslh-zero-spam.php:378

actionbp_core_validate_user_signuplh-zero-spam.php:379

actionwoocommerce_after_order_noteslh-zero-spam.php:382

actionwoocommerce_after_checkout_validationlh-zero-spam.php:383

actionsignup_extra_fieldslh-zero-spam.php:386

filterwpmu_validate_user_signuplh-zero-spam.php:387

actionwp_loadedlh-zero-spam.php:390

actionlogin_initlh-zero-spam.php:391

filterlogin_body_classlh-zero-spam.php:394

actionplugins_loadedlh-zero-spam.php:420

Maintenance & Trust

LH Zero Spam Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11

Last updatedOct 14, 2022

PHP min version7.0

Downloads8K

Community Trust

Rating100/100

Number of ratings3

Active installs200

Alternatives

LH Zero Spam Alternatives

Language-based Comment Spam Condom

language-based-anti-spam-plugin

This plugin prevents comments spamming using language verification.

40 No CVEs

Akismet Anti-spam: Spam Protection

akismet

The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.

6.0M 2 CVEs

Antispam Bee

antispam-bee

100

Sophisticated antispam plugin for effective daily comment and trackback spam-fighting. Built with data protection and privacy in mind.

700K 1 CVE

Spam Destroyer

spam-destroyer

100

Kills spam dead in it's tracks. Be gone evil demon spam!

6K No CVEs

La Sentinelle antispam

la-sentinelle-antispam

100

Feel safe knowing that your website is safe from spam. La Sentinelle will guard your WordPress website against spam in a simple and effective way.

3K No CVEs

Developer Profile

LH Zero Spam Developer Profile

shawfactor

77 plugins · 15K total installs

trust score

Avg Security Score

87/100

Avg Patch Time

7 days

View full developer profile

Detection Fingerprints

How We Detect LH Zero Spam

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/lh-zero-spam/lh-zero-spam.js

Script Paths

lh-zero-spam-script

Version Parameters

lh-zero-spam/style.css?ver=lh-zero-spam/lh-zero-spam.js?ver=

HTML / DOM Fingerprints

CSS Classes

lh_zero_spam-nonce_valuelh_zero_spam-add_nonce

Data Attributes

id="lh_zero_spam-nonce_value"name="lh_zero_spam-nonce_value"class="lh_zero_spam-nonce_value"

Shortcode Output

<noscript>Please switch on Javascript to enable registration</noscript><noscript>Please switch on Javascript to enable commenting</noscript><noscript>Please switch on Javascript to enable login</noscript><noscript>Please switch on Javascript to enable ordering</noscript>

FAQ