[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fVSppAinwY0Z-MGn43D4GXgKAYuF5vb2nUHZEYcAh1Oc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":15,"requires_php":7,"tags":16,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":34,"analysis":133,"fingerprints":165},"o-rly-comment-spam-search","O RLY","1.0","","https:\u002F\u002Fprofiles.wordpress.org\u002Fjason-morrison\u002F","\u003Cp>Comment spam is annoying, and although there are great plugins like Akismet\u003Cbr \u002F>\nto catch spam, annoying “this is best post evar” compliment spam seems to\u003Cbr \u002F>\nalways wiggle through.  The best way to tell if a compliment is genuine\u003Cbr \u002F>\nis to check Google to see if it’s been slathered all over the web.\u003C\u002Fp>\n\u003Cp>Auto-querying Google is against the ToS, so this plugin just gives you\u003Cbr \u002F>\nconvenient link to do the check.\u003C\u002Fp>\n","O RLY Comment Spam Search creates a quick link to make sure comments aren't spam.",10,2051,0,"2009-05-31T19:05:00.000Z","2.7.0",[17,18,19,20,21],"admin","comment-spam","comments","compliment-spam","spam","http:\u002F\u002Fwww.jasonmorrison.net\u002Fcontent\u002Fo-rly-comment-spam-search-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fo-rly-comment-spam-search.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":29,"profile_url":8,"plugin_count":30,"total_installs":11,"avg_security_score":24,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"jason-morrison",1,30,84,"2026-04-04T02:29:42.930Z",[35,57,80,100,115],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":54,"download_link":55,"security_score":56,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"anti-spam-reloaded","Anti-spam Reloaded","6.5","kudlav","https:\u002F\u002Fprofiles.wordpress.org\u002Fkudlav\u002F","\u003Cp>This is fork of successful Anti-spam plugin v5.5 written by webvitalii, for more info visit \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fkudlav\u002Fanti-spam\u002F\" rel=\"nofollow ugc\">GitHub Fork\u003C\u002Fa>.\u003Cbr \u002F>\nFrom version 5.6 maintained by kudlav.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fkudlav\u002Fanti-spam\u002F\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Anti-spam Reloaded plugin blocks 100% of automatic spam messages in comments section and also blocks all trackbacks.No captcha required.\u003C\u002Fp>\n\u003Cp>Plugin is simple and easy to use: just install it and it just works.\u003C\u002Fp>\n\u003Cp>Blocked comments can be stored in the Spam area and converted to regular comments if needed.\u003C\u002Fp>\n\u003Cp>Anti-spam Reloaded plugin is GDPR compliant and does not store any other user data except of the behaviour mentioned above.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Plugin blocks spam only in comments section.\u003C\u002Fstrong>.\u003Cbr \u002F>\nPlugin does not block manual spam (submitted by spammers manually via browser).\u003C\u002Fp>\n\u003Ch3>Compatibility\u003C\u002Fh3>\n\u003Cp>All modern browsers and IE11+ are supported.\u003Cbr \u002F>\nAnti-spam Reloaded plugin works with disabled JavaScript. Users with disabled JavaScript should manually fill current year before submitting the comment.\u003C\u002Fp>\n\u003Cp>Server compatibility:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress 3.3 – 6.5\u003C\u002Fli>\n\u003Cli>PHP 5.6 – 8.2\u003C\u002Fli>\n\u003Cli>Doesn’t use jQuery\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Plugin is incompatible with:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disqus\u003C\u002Fli>\n\u003Cli>Jetpack Comments\u003C\u002Fli>\n\u003Cli>AJAX Comment Form\u003C\u002Fli>\n\u003Cli>bbPress\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If site has caching plugin enabled and cache is not cleared or if theme does not use ‘comment_form’ action\u003Cbr \u002F>\nand there is no plugin inputs in comments form – plugin tries to add hidden fields automatically using JavaScript.\u003C\u002Fp>\n\u003Ch3>How does it work?\u003C\u002Fh3>\n\u003Cp>The blocking algorithm is based on 2 methods: ‘invisible js-captcha’ and ‘invisible input trap’ (aka honeypot technique).\u003C\u002Fp>\n\u003Ch4>‘invisible js-captcha’\u003C\u002Fh4>\n\u003Cp>The ‘invisible js-captcha’ method is based on fact that bots does not have JavaScript on their user-agents.\u003Cbr \u002F>\nExtra hidden field is added to comments form.\u003Cbr \u002F>\nIt is the question about the current year.\u003Cbr \u002F>\nIf the user visits site, than this field is answered automatically with JavaScript, is hidden by JavaScript and CSS and invisible for the user.\u003Cbr \u002F>\nIf the spammer will fill year-field incorrectly – the comment will be blocked because it is spam.\u003C\u002Fp>\n\u003Ch4>‘invisible input trap’\u003C\u002Fh4>\n\u003Cp>The ‘invisible input trap’ method is based on fact that almost all the bots will fill inputs with name ’email’ or ‘url’.\u003Cbr \u002F>\nExtra hidden field is added to comments form.\u003Cbr \u002F>\nThis field is hidden for the user and user will not fill it.\u003Cbr \u002F>\nBut this field is visible for the spammer.\u003Cbr \u002F>\nIf the spammer will fill this trap-field with anything – the comment will be blocked because it is spam.\u003C\u002Fp>\n","No spam in comments. No captcha.",2000,14862,100,14,"2024-05-03T21:07:00.000Z","6.5.8","3.3","5.6",[52,18,19,21,53],"comment","spammer","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fanti-spam-reloaded\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fanti-spam-reloaded.6.5.zip",92,{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":67,"num_ratings":68,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":50,"tags":72,"homepage":78,"download_link":79,"security_score":56,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"stop-media-comment-spamming","Stop Media Comment Spamming","1.8.3","DeveloperWil","https:\u002F\u002Fprofiles.wordpress.org\u002Fdeveloperwil\u002F","\u003Cp>If you find your media file attachments are being targeted by spam comments then here is the solution for you.\u003C\u002Fp>\n\u003Cp>Stop Media Comment Spamming removes the ability for visitors to comment on media attachments.  It does \u003Cem>not\u003C\u002Fem> remove commenting from any other part of your WordPress installation.\u003C\u002Fp>\n\u003Cp>Visitors will still be able to comment on your posts and pages.\u003C\u002Fp>\n\u003Cp>\u003Cem>Why would you need this plugin?\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>WordPress natively allows comments to be left on any file in the Media Library.\u003C\u002Fp>\n\u003Cp>Unfortunately spammers can target this and quickly leave horrible and unrelated comments on your site.\u003C\u002Fp>\n\u003Cp>WordPress provides no way in Admin Dashboard to disable this feature.\u003C\u002Fp>\n\u003Cp>Some of the spam seems to get through popular spam filtering plugins.\u003C\u002Fp>\n\u003Cp>You still want to allow visitors to comments on your posts and pages.\u003C\u002Fp>\n\u003Cp>If only there was a plugin that allowed you to stop visitors leaving comments on media files.\u003C\u002Fp>\n\u003Cp>Ta da!  Here’s one.\u003C\u002Fp>\n\u003Ch4>Plugin Page\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fzeropointdevelopment.com\u002Fstopping-wordpress-media-attachment-comment-spamming\u002F\" title=\"Stop Media Commpent Spamming WordPress Plugin\" rel=\"nofollow ugc\">Stop Media Comment Spamming\u003C\u002Fa>\u003C\u002Fp>\n","Stops media comment spamming by removing the ability to comment on attachments.",900,17898,60,6,"2024-07-04T01:36:00.000Z","6.6.5","5.2",[73,74,75,76,77],"remove-attachment-comments","remove-media-comments","stop-comment-spam","stop-media-comment-spam","stop-media-comments","https:\u002F\u002Fzeropointdevelopment.com\u002Fstopping-wordpress-media-attachment-comment-spamming\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstop-media-comment-spamming.1.8.3.zip",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":45,"num_ratings":90,"last_updated":91,"tested_up_to":92,"requires_at_least":93,"requires_php":94,"tags":95,"homepage":98,"download_link":99,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"lh-zero-spam","LH Zero Spam","1.13","shawfactor","https:\u002F\u002Fprofiles.wordpress.org\u002Fshawfactor\u002F","\u003Cp>\u003Cstrong>Why should your users prove that they’re humans by filling out captchas? Let bots prove they’re not bots with the \u003Ca href=\"http:\u002F\u002Flhero.org\u002Fplugins\u002Flh-zero-spam\u002F\" rel=\"nofollow ugc\">LH Zero Spam plugin\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>LH Zero Spam blocks registration spam and spam in comments automatically without any config or setup. Zero Spam was initially built based on the work by \u003Ca href=\"http:\u002F\u002Fdavidwalsh.name\u002Fwordpress-comment-spam\" rel=\"nofollow ugc\">David Walsh\u003C\u002Fa>, but enhanced with simpler code base and unobtrusive JavaScript.\u003C\u002Fp>\n\u003Cp>Major features in LH Zero Spam include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>No captcha\u003C\u002Fstrong>, because spam is not users’ problem\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No moderation queues\u003C\u002Fstrong>, because spam is not administrators’ problem\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Blocks spam registrations & comments\u003C\u002Fstrong> with the use of JavaScript\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Blocks buddypress spam registrations\u003C\u002Fstrong> with the use of JavaScript\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Blocks woocommerce spam orders\u003C\u002Fstrong> with the use of JavaScript\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Like this plugin? Please consider \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Flh-zero-spam\u002F\" rel=\"ugc\">leaving a 5-star review\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Love this plugin or want to help the LocalHero Project? Please consider \u003Ca href=\"https:\u002F\u002Flhero.org\u002Fportfolio\u002Flh-zero-spam\u002F\" rel=\"nofollow ugc\">making a donation\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n","Zero Spam makes blocking spam comments and registrations easy.",200,7543,3,"2022-10-14T04:12:00.000Z","6.0.11","4.0","7.0",[96,97,18,19,21],"anti-spam","antispam","https:\u002F\u002Flhero.org\u002Fportfolio\u002Flh-zero-spam\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flh-zero-spam.zip",{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":45,"downloaded":108,"rating":13,"num_ratings":13,"last_updated":109,"tested_up_to":110,"requires_at_least":111,"requires_php":7,"tags":112,"homepage":113,"download_link":114,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"tantan-spam","TanTanNoodles Simple Spam Filter","0.6.2","joetan","https:\u002F\u002Fprofiles.wordpress.org\u002Fjoetan\u002F","\u003Cp>A simple pre-filter to weed out the most obvious comment spam (about 90% of all spam).\u003C\u002Fp>\n\u003Cp>Legitimate comments that get blocked (either by this plugin or by Akismet) can be presented with a captcha to confirm that the comment is legitimate. Comments that don’t pass the captcha will be immediately discarded.\u003C\u002Fp>\n\u003Cp>Helps you identify potential spam words (you can use this to tweak the plugin’s filters).\u003C\u002Fp>\n","A plugin that does a simple sanity check to stop really obvious comment spam before it is processed.",22458,"2008-10-22T18:44:00.000Z","2.6","2.3",[17,19,21],"http:\u002F\u002Ftantannoodles.com\u002Ftoolkit\u002Fspam-filter\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftantan-spam.zip",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":123,"downloaded":124,"rating":67,"num_ratings":30,"last_updated":125,"tested_up_to":48,"requires_at_least":126,"requires_php":7,"tags":127,"homepage":131,"download_link":132,"security_score":56,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"squelch-unspam","Squelch Unspam","1.5.1","Matt Lowe","https:\u002F\u002Fprofiles.wordpress.org\u002Fsquelch\u002F","\u003Cp>Unspam by Squelch Design is the simplest \u003Ca href=\"http:\u002F\u002Fsquelchdesign.com\u002Fwordpress-plugin-squelch-unspam\u002F\" rel=\"nofollow ugc\">WordPress anti-spam plugin\u003C\u002Fa> you can find for \u003Cstrong>reducing your comment spam\u003C\u002Fstrong> problem. Once installed there’s nothing\u003Cbr \u002F>\nto configure, and nothing changes to your visitors: No captcha or silly games. Once installed\u003Cbr \u002F>\nthe plugin will simply randomize the names of the fields in the comments form on your blog and reject comments that are sent to the\u003Cbr \u002F>\nstandard WordPress field names, or where bots have blindly submitted data to the honeypot fields.\u003C\u002Fp>\n\u003Cp>What this means for spammers is that they have to do quite a lot more work to send spam to your website. It may also make sending\u003Cbr \u002F>\nspam to your website unreliable as changes to your theme may upset their spam submission tools. Or they may have to resort to using\u003Cbr \u002F>\nhumans to send spam to your website (not much I can do about that I’m afraid) which will cost them more money.\u003C\u002Fp>\n\u003Cp>Currently implemented:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Names of fields are randomized every night at 12:00,\u003C\u002Fli>\n\u003Cli>Submissions to the standard WordPress field names are automatically deleted,\u003C\u002Fli>\n\u003Cli>Honeypot fields added to comments form,\u003C\u002Fli>\n\u003Cli>WooCommerce support.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Additional (planned) features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Contact Form 7 integration\u003C\u002Fli>\n\u003Cli>Statistical collection,\u003C\u002Fli>\n\u003Cli>Automated blocking of persistent IPs,\u003C\u002Fli>\n\u003Cli>Opt-in centralized collection of comment spam and statistics for additional research.\u003C\u002Fli>\n\u003C\u002Ful>\n","Unspam makes it harder for spammers to automatedly send spam to your blog by changing the names of the fields in the comment forms.",50,3844,"2024-04-10T11:08:00.000Z","4.4",[128,19,129,21,130],"comment-spam-filter","filter","spam-filter","http:\u002F\u002Fsquelchdesign.com\u002Fwordpress-plugin-squelch-unspam\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsquelch-unspam.1.5.1.zip",{"attackSurface":134,"codeSignals":149,"taintFlows":156,"riskAssessment":157,"analyzedAt":164},{"hooks":135,"ajaxHandlers":145,"restRoutes":146,"shortcodes":147,"cronEvents":148,"entryPointCount":13,"unprotectedCount":13},[136,140],{"type":129,"name":137,"callback":138,"file":139,"line":31},"comment_moderation_text","o_rly_create_link","o-rly.php",{"type":129,"name":141,"callback":142,"priority":143,"file":139,"line":144},"comment_row_actions","o_rly_create_action",5,31,[],[],[],[],{"dangerousFunctions":150,"sqlUsage":151,"outputEscaping":153,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":155},[],{"prepared":13,"raw":13,"locations":152},[],{"escaped":13,"rawEcho":13,"locations":154},[],[],[],{"summary":158,"deductions":159},"The \"o-rly-comment-spam-search\" plugin v1.0 exhibits a strong security posture based on the provided static analysis.  There are no identified AJAX handlers, REST API routes, shortcodes, or cron events, which significantly limits the attack surface.  Furthermore, the code shows an absence of dangerous functions, file operations, and external HTTP requests.  Crucially, all SQL queries are prepared, and all outputs are properly escaped, indicating good development practices for preventing common vulnerabilities like SQL injection and cross-site scripting.\n\nThe taint analysis reveals no unsanitized flows, further reinforcing the plugin's safety.  The vulnerability history is completely clean, with no recorded CVEs of any severity. This lack of historical issues, coupled with the robust static analysis findings, suggests a well-secured plugin.  However, the complete absence of nonce checks and capability checks, while not directly indicating a current vulnerability due to the limited attack surface, represents a potential area for concern if the plugin's functionality were to expand in the future without proper authorization mechanisms.  Overall, the plugin appears very secure, with the primary area for improvement being the implementation of authorization checks should the attack surface grow.",[160,162],{"reason":161,"points":143},"No nonce checks",{"reason":163,"points":143},"No capability checks","2026-03-17T01:08:31.162Z",{"wat":166,"direct":171},{"assetPaths":167,"generatorPatterns":168,"scriptPaths":169,"versionParams":170},[],[],[],[],{"cssClasses":172,"htmlComments":177,"htmlAttributes":178,"restEndpoints":180,"jsGlobals":181,"shortcodeOutput":182},[173,174,175,176],"delete:the-comment-list:comment-","vim-d","vim-destructive","vim-s",[],[179],"title='Check for comment on other sites'",[],[],[]]