[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$faxezf7dCL1ioqfXSaJEYyEbBD2svf10wDtgM-8BSzMA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":13,"tags":16,"homepage":22,"download_link":23,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":33,"analysis":122,"fingerprints":168},"ninja-spam-protection","Ninja Spam Protection","1.0.0","randomoutputs","https:\u002F\u002Fprofiles.wordpress.org\u002Frandomoutputs\u002F","\u003Cp>The quickest and GDPR-compliant Anti-Spam Protection plugin to prevent bot spam comments in the Default Commenting System of WordPress.\u003C\u002Fp>\n\u003Ch4>Features of Ninja Spam Protection\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>100% effective.\u003C\u002Fli>\n\u003Cli>No settings are required at all.\u003C\u002Fli>\n\u003Cli>Non-Captcha solution.\u003C\u002Fli>\n\u003Cli>Fully Automatic.\u003C\u002Fli>\n\u003Cli>100% GDPR Compliant.\u003C\u002Fli>\n\u003Cli>Fastest Spam Protection like a Ninja.\u003C\u002Fli>\n\u003Cli>Compatible with all page caching and performance optimization plugins.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How Does Ninja Spam Protection Works?\u003C\u002Fh4>\n\u003Cp>To prevent spamming of comments, the default action path (wp-comments-post.php) is blocked for users and clickable over a unique hash key when a visitor scrolls to leave a comment. Doing so prevents comment spamming that can be done by bots.\u003C\u002Fp>\n\u003Ch3>Installation of Ninja Spam Protection\u003C\u002Fh3>\n\u003Cp>Install “Ninja Spam Protection” Plugin Manually\u003C\u002Fp>\n\u003Col>\n\u003Cli>Download the “Ninja Spam Protection” Plugin\u003C\u002Fli>\n\u003Cli>Upload \u003Ccode>Ninja Spam Protection\u003C\u002Fcode> to the \u003Ccode>\u002Fwp-content\u002Fplugins\u002F\u003C\u002Fcode> directory\u003C\u002Fli>\n\u003Cli>Activate the plugin through the ‘Plugins’ menu in WordPress\u003C\u002Fli>\n\u003Cli>If you are using any page cache plugin, make sure to purge\u002Fclear the cache.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Install Ninja Spam Protection Plugin from WordPress Dashboard\u003C\u002Fp>\n\u003Col>\n\u003Cli>Go to Plugins menu > Add new\u003C\u002Fli>\n\u003Cli>Search for “Ninja Spam Protection”\u003C\u002Fli>\n\u003Cli>Activate the plugin through the ‘Plugins’ menu in WordPress\u003C\u002Fli>\n\u003Cli>If you are using any page cache plugin, make sure to purge\u002Fclear the cache.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Changelog of Ninja Spam Protection\u003C\u002Fh3>\n\u003Ch4>1.0.0\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Initial Release\u003C\u002Fli>\n\u003C\u002Ful>\n","The ultimate solution to prevent spam comments like a ninja on the default commenting system for WordPress in WordPress.",0,781,"","5.9.13","4.5",[17,18,19,20,21],"anti-spam","comments","gdpr","security","spam","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fninja-spam-protection\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fninja-spam-protection.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":11,"avg_security_score":24,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},1,30,94,"2026-04-04T03:56:44.991Z",[34,54,72,88,105],{"slug":35,"name":36,"version":37,"author":38,"author_profile":39,"description":40,"short_description":41,"active_installs":42,"downloaded":43,"rating":24,"num_ratings":44,"last_updated":45,"tested_up_to":46,"requires_at_least":15,"requires_php":47,"tags":48,"homepage":51,"download_link":52,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":53},"forget-spam-comment","Forget Spam Comment","1.1.9","Gulshan Kumar","https:\u002F\u002Fprofiles.wordpress.org\u002Fthegulshankumar\u002F","\u003Cp>The fastest and GDPR compliant Anti-Spam plugin to prevent bot spam in the \u003Cstrong>Default Commenting System\u003C\u002Fstrong> of WordPress.\u003C\u002Fp>\n\u003Ch3>Important\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Please clear page cache after plugin activation.\u003C\u002Fli>\n\u003Cli>Only for default commenting system. Not for AMP.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>100% GDPR Compliant.\u003C\u002Fli>\n\u003Cli>Captcha-Free solution.\u003C\u002Fli>\n\u003Cli>Requires no settings.\u003C\u002Fli>\n\u003Cli>Automatic. No need of false-positive comment moderation.\u003C\u002Fli>\n\u003Cli>Compatible with all page caching and performance optimization plugins.\u003C\u002Fli>\n\u003Cli>Fastest ever. A tiny inline JavaScript in just ~200 bytes does all magic.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How does it work?\u003C\u002Fh4>\n\u003Cp>To prevent spam comments plugin blocks the default action path (wp-comments-post.php) for bots and make it accessible over unique hash query string when a visitor scroll to leave a comment. This way it prevents automated spam comment done by bots.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Video Demonstration\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FuwIfk08GSwk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003Cbr \u002F>\nWatch on \u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=uwIfk08GSwk\" rel=\"nofollow ugc\">YouTube\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Let’s support each other 🙏\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Please Upvote Forget Spam Comment plugin at \u003Ca href=\"https:\u002F\u002Fwww.producthunt.com\u002Fproducts\u002Fforget-spam-comment#forget-spam-comment\" rel=\"nofollow ugc\">Product Hunt\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>You can \u003Ca href=\"https:\u002F\u002Fwww.gulshankumar.net\u002Fcontact\u002F\" rel=\"nofollow ugc\">contact me\u003C\u002Fa> to report any issues. I’d be happy to assist.\u003C\u002Fli>\n\u003C\u002Ful>\n","The ultimate solution to stop spam comments in the default commenting system of WordPress",9000,75412,46,"2025-06-07T14:20:00.000Z","6.8.5","5.6",[17,49,19,20,50],"firewall","stop-spam","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fforget-spam-comment\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fforget-spam-comment.1.1.9.zip","2026-03-15T15:16:48.613Z",{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":24,"num_ratings":29,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":67,"tags":68,"homepage":70,"download_link":71,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":53},"spam-comment-remover","Spam Comment Remover","4.0","Sahil Dadwal","https:\u002F\u002Fprofiles.wordpress.org\u002Fsahildadwal\u002F","\u003Cp>Spam Comment Remover is a lightweight, zero-setup WordPress plugin that automatically stops spam comments and silently removes them.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Universal spam detection engine  \u003C\u002Fli>\n\u003Cli>Blocks hidden links, disguised URLs, BBCode, anchor tags  \u003C\u002Fli>\n\u003Cli>Blocks gibberish, AI-generated text patterns, random strings  \u003C\u002Fli>\n\u003Cli>Auto-deletes \u003Cem>pending\u003C\u002Fem> and \u003Cem>spam\u003C\u002Fem> comments after activation  \u003C\u002Fli>\n\u003Cli>Keeps admin-approved comments safe  \u003C\u002Fli>\n\u003Cli>No conflict with any plugin or theme  \u003C\u002Fli>\n\u003Cli>Removes “Website” field from the comment form  \u003C\u002Fli>\n\u003Cli>Fully automated system — no settings required  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Perfect for bloggers, businesses, portfolio sites, and WooCommerce stores.\u003C\u002Fp>\n","Automatically remove spam comments without Akismet. Universal spam detection that blocks junk, hidden links, fake names, gibberish, and automated subm &hellip;",70,1464,"2025-12-08T18:11:00.000Z","6.9.4","5.0","8.0",[17,69,18,20,21],"cleaner","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fspam-comment-remover\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fspam-comment-remover.4.0.zip",{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":80,"downloaded":81,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":82,"requires_at_least":83,"requires_php":13,"tags":84,"homepage":86,"download_link":87,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"back-list","Back List","0.5","w3prodigy","https:\u002F\u002Fprofiles.wordpress.org\u002Fw3prodigy\u002F","\u003Cp>Adds Whitelist and Blacklist options for Trackbacks and Pingbacks as well as the option to auto-accept Trackbacks from your own blog. These options can be found on the Discussion Options page.\u003C\u002Fp>\n","Adds Whitelist and Blacklist options for Trackbacks and Pingbacks",10,2230,"3.0.5","3.0",[17,85,18,20],"blacklist","http:\u002F\u002Fw3prodigy.com\u002Fwordpress-plugins\u002Fback-list\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fback-list.zip",{"slug":89,"name":90,"version":91,"author":92,"author_profile":93,"description":94,"short_description":95,"active_installs":80,"downloaded":96,"rating":11,"num_ratings":11,"last_updated":97,"tested_up_to":98,"requires_at_least":99,"requires_php":13,"tags":100,"homepage":102,"download_link":103,"security_score":104,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":53},"wp-mail-validator","WP-Mail-Validator","0.6.5","kimpenhaus","https:\u002F\u002Fprofiles.wordpress.org\u002Fkimpenhaus\u002F","\u003Cp>WP-Mail-Validator is an anti-spam plugin. It provides mail-address validation in 5 ways:\u003C\u002Fp>\n\u003Col>\n\u003Cli>syntax of mail-addresses\u003C\u002Fli>\n\u003Cli>mailserver host\u003C\u002Fli>\n\u003Cli>mx-record of mailserver\u003C\u002Fli>\n\u003Cli>user-defined blacklist\u003C\u002Fli>\n\u003Cli>trashmail services\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Once the plugin identifies a mail-address to be non existing on the mailserver or being on the blacklist or\u003Cbr \u002F>\nfrom trashmail service, any comment being made is moved to the spam area awaiting moderation from the blog owner.\u003C\u002Fp>\n\u003Ch3>Theme-Modification\u003C\u002Fh3>\n\u003Cp>WP-Mail-Validator comes with 3 theme functions that can be used:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Ccode>wp_mail_validator_info_label()\u003C\u002Fcode>: shows a protected by info label\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp_mail_validator_version()\u003C\u002Fcode>: shows the current plugin version\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp_mail_validator_fended_spam_attack_count()\u003C\u002Fcode>: shows the count of spam attackes fended\u003C\u002Fli>\n\u003C\u002Fol>\n","WP-Mail-Validator is an anti-spam plugin. It provides mail-address validation in 5 ways:",3191,"2020-04-13T17:37:00.000Z","5.4.19","5.2.0",[17,85,18,20,101],"trashmail","https:\u002F\u002Fgithub.com\u002Fkimpenhaus\u002Fwp-mail-validator","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-mail-validator.0.6.5.zip",85,{"slug":106,"name":107,"version":108,"author":109,"author_profile":110,"description":111,"short_description":112,"active_installs":11,"downloaded":113,"rating":24,"num_ratings":29,"last_updated":114,"tested_up_to":46,"requires_at_least":115,"requires_php":116,"tags":117,"homepage":120,"download_link":121,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":53},"comments-firewall","Comments Firewall","1.0.2","korchix","https:\u002F\u002Fprofiles.wordpress.org\u002Fkorchix\u002F","\u003Cp>Comments Firewall is a powerful anti-spam plugin that provides enterprise-grade firewall protection for your WordPress comments. It blocks spam before it reaches your database, eliminating the need for manual moderation while maintaining full compatibility with your theme and existing comment system.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Remove Website Field\u003C\u002Fstrong>: Completely eliminates the website field from comment forms to prevent URL submissions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smart Link Blocking\u003C\u002Fstrong>: Two-mode protection system (Balanced\u002FStrict) blocks HTTP\u002FHTTPS links with advanced pattern detection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Author Name Protection\u003C\u002Fstrong>: Blocks links in commenter names to prevent sophisticated spam attempts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Submission Control\u003C\u002Fstrong>: Granular control over comment submission methods (Form, REST API, XML-RPC)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Force URL Clearing\u003C\u002Fstrong>: Ensures all author URLs are cleared on submission, regardless of input method\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Statistics Dashboard\u003C\u002Fstrong>: Real-time tracking of blocked spam comments with visual dashboard widget\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multilingual Ready\u003C\u002Fstrong>: Full translations in 5 languages (English, Spanish, French, German, Arabic with RTL support)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Optional Branding Badge\u003C\u002Fstrong>: Customizable “Protected by Comments Firewall” badge for your site\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Theme Compatible\u003C\u002Fstrong>: Works with any theme using standard WordPress comment hooks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight & Secure\u003C\u002Fstrong>: Zero performance impact with admin-only security controls\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>How It Works:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The plugin operates on multiple levels to ensure comprehensive spam protection:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>Form Level\u003C\u002Fstrong>: Removes website fields from comment forms via WordPress hooks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Validation Level\u003C\u002Fstrong>: Blocks submissions containing HTTP\u002FHTTPS patterns before they’re saved\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Method Level\u003C\u002Fstrong>: Controls which submission methods (form, API, XML-RPC) are allowed\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Perfect For:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Site owners experiencing backlink spam in comments\u003C\u002Fli>\n\u003Cli>Site owners wanting to avoid the hassle of manually managing spam comments\u003C\u002Fli>\n\u003Cli>Sites that want to maintain existing comments while preventing new spam\u003C\u002Fli>\n\u003Cli>Anyone looking for a plugin that blocks all comments containing a link\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin maintains full backward compatibility and won’t disrupt your existing comment workflow or database structure.\u003C\u002Fp>\n","Firewall protection for comments. Blocks spam before it reaches your database with automatic link filtering and zero manual moderation.",173,"2025-10-23T12:12:00.000Z","6.0","7.4",[17,118,119,49,20],"antispam","disable-comments","https:\u002F\u002Fkorchix.com\u002Fcomments-firewall","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomments-firewall.1.0.2.zip",{"attackSurface":123,"codeSignals":145,"taintFlows":155,"riskAssessment":156,"analyzedAt":167},{"hooks":124,"ajaxHandlers":141,"restRoutes":142,"shortcodes":143,"cronEvents":144,"entryPointCount":11,"unprotectedCount":11},[125,131,136],{"type":126,"name":127,"callback":128,"file":129,"line":130},"action","admin_notices","ninja_spam_protection_notice","ninja-spam-protection.php",19,{"type":132,"name":133,"callback":134,"file":129,"line":135},"filter","comment_form_defaults","ninja_spam_protection_remove_comment_action_url",40,{"type":126,"name":137,"callback":138,"priority":139,"file":129,"line":140},"wp_footer","ninja_spam_protection_modify_action_url",99,64,[],[],[],[],{"dangerousFunctions":146,"sqlUsage":147,"outputEscaping":149,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":154},[],{"prepared":11,"raw":11,"locations":148},[],{"escaped":11,"rawEcho":29,"locations":150},[151],{"file":129,"line":152,"context":153},59,"raw output",[],[],{"summary":157,"deductions":158},"The ninja-spam-protection plugin v1.0.0 exhibits a strong security posture based on the provided static analysis.  The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events significantly limits the plugin's attack surface.  Furthermore, the code analysis shows no dangerous functions, file operations, or external HTTP requests, and all detected SQL queries utilize prepared statements, indicating good development practices in these areas.  The vulnerability history is also clean, with no known CVEs, which is a positive indicator. \n\nHowever, a critical concern arises from the output escaping analysis, where 100% of identified outputs are not properly escaped. This presents a significant risk of Cross-Site Scripting (XSS) vulnerabilities. Additionally, the complete lack of nonce checks and capability checks, coupled with zero unprotected entry points, is contradictory and requires further investigation. If there are indeed entry points that are not protected by capability checks, this would represent a serious security flaw. The absence of any taint analysis results is also noteworthy, as it suggests either no sensitive data flows were detected or the analysis was not comprehensive enough to identify them.\n\nIn conclusion, while the plugin demonstrates excellent practices in limiting its attack surface and secure SQL handling, the unescaped output is a major weakness that needs immediate attention. The lack of nonce and capability checks, if true for any entry points, would be a critical vulnerability. The clean vulnerability history is a strength, but the identified output escaping issue overshadows this.",[159,162,165],{"reason":160,"points":161},"Unescaped output detected",8,{"reason":163,"points":164},"Missing capability checks",5,{"reason":166,"points":164},"Missing nonce checks","2026-03-17T05:43:59.794Z",{"wat":169,"direct":176},{"assetPaths":170,"generatorPatterns":171,"scriptPaths":172,"versionParams":174},[],[],[173],"\u002Fwp-content\u002Fplugins\u002Fninja-spam-protection\u002Fjs\u002Fscript.js",[175],"ninja-spam-protection\u002Fjs\u002Fscript.js?ver=",{"cssClasses":177,"htmlComments":178,"htmlAttributes":179,"restEndpoints":183,"jsGlobals":184,"shortcodeOutput":186},[],[],[180,181,182],"id=\"ninja-spam-protection-comment-form\"","id=\"ast-ninja-spam-protection-comment-form\"","id=\"ht-ninja-spam-protection-comment-form\"",[],[185],"let ninja-spam-protection-comment-form",[]]