[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fEvfNXa1HykBiQy-GA03n_utHdH0Lf2FF52MFyPlh5aI":3,"$fOjFuWmweZ28ZWsxzeGA6laiqwvn8HhVJ1J7tkvASdEU":300,"$fAn8Pio4VTGco-oBO8sUTjM0ndHxGNMS1tTmtrQYbozU":304},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"discovery_status":31,"vulnerabilities":32,"developer":33,"crawl_stats":29,"alternatives":41,"analysis":135,"fingerprints":280},"pk-spam-registration-blocker","Pk Spam Registration Blocker","1.1","Pradnyankur Nikam","https:\u002F\u002Fprofiles.wordpress.org\u002Fphpsword\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fpkplugins.com\u002F\" title=\"Pk Spam Registration Blocker WordPress plugin Link at pkplugins.com\" rel=\"nofollow ugc\">Pk Spam Registration Blocker WordPress plugin\u003C\u002Fa> blocks spam user registration. This plugin prevents bot or spam user registrations on WordPress websites. Try this WP plugin to disable auto registration, stop test\u002Ffake user registrations on WP site. The plugin uses Google reCAPTCHA v3 to stop fake user registration.\u003C\u002Fp>\n\u003Ch4>Pk Spam Registration Blocker WordPress Plugin Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Very simple, easy to install and use.\u003C\u002Fli>\n\u003Cli>No complex menus or setting.\u003C\u002Fli>\n\u003Cli>Add Google reCaptcha site key & secret key and done.\u003C\u002Fli>\n\u003Cli>Enable or disable spam protection on your website.\u003C\u002Fli>\n\u003Cli>Enable or disable registration spam protection on specific pages.\u003C\u002Fli>\n\u003Cli>Compatible with almost latest version of WordPress.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How Does It Work?\u003C\u002Fh4>\n\u003Cp>Once you install & configure Pk Spam Registration Blocker, it protects your website. The back-end plugin codes load Google reCaptcha on selected form pages. The Google reCaptcha v3 automatically block spam activity. When a genuine user submits the form, it is is successful. While, if the bot software tries to automatically submit forms, the request are blocked. In the latest reCaptcha version, that is v3, user don’t need to fill out challenge question. The user activity is detected automatically. And any spam activity is restricted.\u003C\u002Fp>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cp>Currently the plugin is available in only the English language. We will add more languages soon.\u003C\u002Fp>\n\u003Ch4>More Information and Support\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Homepage of \u003Ca href=\"https:\u002F\u002Fpkplugins.com\u002F\" title=\"WordPress plugin to stop spam attacks\" rel=\"nofollow ugc\">Pk Spam Registration Blocker Plugin\u003C\u002Fa> for WordPress at pkplugins.com\u003C\u002Fli>\n\u003Cli>More \u003Ca href=\"https:\u002F\u002Fpkplugins.com\u002F\" title=\"List of Free WordPress plugins\" rel=\"nofollow ugc\">Free WordPress plugins\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpkplugins.com\u002F\" title=\"WordPress Plugin support and help\" rel=\"nofollow ugc\">Plugin support and help\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Read more and Support\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>If you like Pk Spam Registration Blocker plugin, please provide your valuable feedback and suggestions to improve the quality of the plugin.\u003C\u002Fli>\n\u003Cli>Feel free to test the plugin in different WordPress versions and vote in the Compatibility section so that other users can check compatibility and download the appropriate version.\u003C\u002Fli>\n\u003Cli>Share your experience by rating the plugin.\u003C\u002Fli>\n\u003Cli>Read about plugin news, updates and more on our official website at \u003Ca href=\"https:\u002F\u002Fpkplugins.com\u002F\" title=\"WordPress plugins for your website at pkplugins.com\" rel=\"nofollow ugc\">pkplugins.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Do not hesitate to ask questions, report bugs\u002Ferrors or anything related to our plugin through our support section, author’s website or plugin website.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>License\u003C\u002Fh4>\n\u003Cp>Pk Spam Registration Blocker WordPress plugin is released under the GPLv2. You can download, install and use this plugin for free on your personal or commercial website.\u003C\u002Fp>\n","Protect your website registration form from spam attacks. Block test or fake user registrations on your WordPress website.",10,2172,100,1,"2023-12-28T07:09:00.000Z","6.4.8","5.2","5.5",[20,21,22,23,24],"block-fake-users","bot-protection","no-bot-registration","prevent-bots","stop-spam-registration","https:\u002F\u002Fpkplugins.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpk-spam-registration-blocker.zip",85,0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":34,"display_name":7,"profile_url":8,"plugin_count":35,"total_installs":36,"avg_security_score":37,"avg_patch_time_days":38,"trust_score":39,"computed_at":40},"phpsword",4,820,89,30,86,"2026-05-19T16:03:09.223Z",[42,67,79,102,120],{"slug":43,"name":44,"version":45,"author":46,"author_profile":47,"description":48,"short_description":49,"active_installs":50,"downloaded":51,"rating":52,"num_ratings":53,"last_updated":54,"tested_up_to":55,"requires_at_least":56,"requires_php":56,"tags":57,"homepage":62,"download_link":63,"security_score":64,"vuln_count":65,"unpatched_count":28,"last_vuln_date":66,"fetched_at":30},"clickcease-click-fraud-protection","ClickCease Click Fraud Protection","3.2.13","eranfl","https:\u002F\u002Fprofiles.wordpress.org\u002Feranfl\u002F","\u003Cp>Bots and invalid traffic can reach your site through paid, organic, and direct traffic, resulting in a wasted ad budget and disrupted marketing funnels.\u003C\u002Fp>\n\u003Cp>Prevent bots, competitors, and malicious users from damaging your marketing performance with ClickCease, the industry-leading service that keeps your website and ads safe from fraud. Quick installation and real-time protection for all your website’s incoming traffic.\u003C\u002Fp>\n\u003Cp>ClickCease protects you from invalid traffic by monitoring and protecting your:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Paid traffic (Google, Facebook, & Microsoft)\u003C\u002Fli>\n\u003Cli>Organic traffic\u003C\u002Fli>\n\u003Cli>Direct traffic\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Put a stop to ad and click fraud on your website with our market-leading AI software. Allow yourself to fully focus on growing your business without having online fraud distract you.\u003C\u002Fp>\n\u003Cp>You will need an active ClickCease subscription to use this WordPress plugin.\u003C\u002Fp>\n","Protect your website and ad campaigns from bots, competitors, and click fraud with ClickCease's advanced fraud prevention and real-time monitoring.",10000,262250,66,7,"2025-07-21T15:27:00.000Z","6.6.5","5.6",[21,58,59,60,61],"click-fraud","clickcease","fraud-protection","website-protection","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclickcease-click-fraud-protection.zip",99,2,"2024-05-06 00:00:00",{"slug":68,"name":69,"version":70,"author":46,"author_profile":47,"description":71,"short_description":72,"active_installs":73,"downloaded":74,"rating":28,"num_ratings":28,"last_updated":75,"tested_up_to":55,"requires_at_least":56,"requires_php":56,"tags":76,"homepage":62,"download_link":78,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"cheq-essentials-go-to-market-security","CHEQ Essentials","1.13","\u003Cp>As a website owner, one of the biggest challenges you face is dealing with invalid traffic. Invalid traffic (27% of direct and organic traffic on average in 2022) refers to any non-human or fraudulent activity, such as bots, click farms, and other forms of automated traffic. This can not only damage your site’s reputation but also result in lost revenue, slow performance, and skewed data that damage your decision-making.\u003C\u002Fp>\n\u003Cp>CHEQ Essentials is here to help. We use advanced algorithms and machine learning techniques to analyze user behavior and distinguish between legitimate and invalid traffic.\u003C\u002Fp>\n\u003Cp>With this plugin, you can automatically monitor your website traffic in real time and identify any suspicious patterns or behavior. The plugin also provides detailed reports and analytics that can help you better understand your traffic and identify any potential issues.\u003C\u002Fp>\n\u003Cp>Once the plugin detects invalid traffic, it can take immediate action to prevent further damage. This may include blocking IP addresses on Google Ads, redirecting traffic to a 403 page, or implementing other measures to prevent bots and other automated traffic from accessing your site.\u003C\u002Fp>\n\u003Cp>Overall, this is an essential tool for any website owner who wants to secure and protect their site from fraudulent activity and ensure a safe and reliable user experience. With CHEQ Essentials, you can rest assured that your site is protected from invalid traffic and other forms of online fraud.\u003C\u002Fp>\n\u003Cp>You will need an active CHEQ Essentials subscription to use this WordPress plugin.\u003C\u002Fp>\n","Protect, analyze & block threats in real time your website from bots, click fraud, and invalid traffic with CHEQ Essentials.",700,6928,"2025-07-21T15:20:00.000Z",[21,58,60,77,61],"spam-protection","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcheq-essentials-go-to-market-security.zip",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":13,"num_ratings":89,"last_updated":90,"tested_up_to":91,"requires_at_least":92,"requires_php":93,"tags":94,"homepage":100,"download_link":101,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"disable-registration-page","Disable Registration Page","1.1.0","Derick Payne","https:\u002F\u002Fprofiles.wordpress.org\u002Fpetrichorpost\u002F","\u003Cp>There are many situations where you would like to enable user registrations, but disable the default WordPress registration page. Particularly when using a membership or registration plugin that allows registration in the front end of your website.\u003C\u002Fp>\n\u003Cp>Unknown to many; the default WordPress registration stays active when installing these frontend registration plugins. This means that any anti-spam and security measures you implement on the frontend means nothing, because bots are still able to create spam accounts on your website using the backend or default WordPress registration page.\u003C\u002Fp>\n\u003Cp>The “\u003Ca href=\"https:\u002F\u002Fwww.rizonesoft.com\u002Fwordpress\u002Fdisable-wordpress-registration-page\u002F\" rel=\"nofollow ugc\">Disable Registration Page\u003C\u002Fa>” plugin closes this dangerous backdoor without disabling user registration on your website.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Stop bot and spam registrations.\u003C\u002Fli>\n\u003Cli>Disable the default registration page without disabling user registration.\u003C\u002Fli>\n\u003Cli>Extremely easy to use. Just activate!\u003C\u002Fli>\n\u003Cli>No complicated options.\u003C\u002Fli>\n\u003Cli>Plays well with all frontend registration plugins.\u003C\u002Fli>\n\u003C\u002Ful>\n","Disable the default WordPress registration page without disabling user registration.",400,3576,3,"2018-02-19T05:14:00.000Z","4.9.29","2.9.0","4.3",[95,96,97,98,99],"disable-default-registration-page","disable-wordpress-registration-page","registration","security","stop-spam-registrations","https:\u002F\u002Fwww.rizonesoft.com\u002Fwordpress\u002Fdisable-wordpress-registration-page\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-registration-page.zip",{"slug":103,"name":104,"version":82,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":13,"downloaded":109,"rating":13,"num_ratings":14,"last_updated":110,"tested_up_to":111,"requires_at_least":112,"requires_php":113,"tags":114,"homepage":118,"download_link":119,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"carticy-checkout-shield-for-woocommerce","Checkout Shield for WooCommerce – Stop Fake Orders, Spam Bots & Card Testing","carticy","https:\u002F\u002Fprofiles.wordpress.org\u002Fcarticy\u002F","\u003Cp>\u003Cstrong>Checkout Shield\u003C\u002Fstrong> stops fake checkout orders and card testing attacks — the kind that bypass your CAPTCHA.\u003C\u002Fp>\n\u003Cp>Card testing bots don’t fill out your checkout form. They hit your store’s checkout API directly, completely skipping any reCAPTCHA or hCaptcha you’ve set up. That’s why CAPTCHA alone doesn’t stop them.\u003C\u002Fp>\n\u003Cp>This plugin verifies that every checkout request comes from a real browser session. Bots that can’t prove they loaded your checkout page get blocked before WooCommerce processes the order.\u003C\u002Fp>\n\u003Ch4>Why Store Owners Choose This Plugin\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Catches what CAPTCHA misses\u003C\u002Fstrong> — blocks bots hitting your checkout API directly\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Works with any caching\u003C\u002Fstrong> — LiteSpeed, Cloudflare, WP Rocket, W3TC — no conflicts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Zero configuration\u003C\u002Fstrong> — activate and you’re protected\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No external services\u003C\u002Fstrong> — everything runs on your server, no subscriptions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No performance impact\u003C\u002Fstrong> — validation adds microseconds, not seconds\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features (Free)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Automatic bot blocking\u003C\u002Fstrong> — works the moment you activate, no setup needed\u003C\u002Fli>\n\u003Cli>\u003Cstrong>4 protection levels\u003C\u002Fstrong> — Learning, Permissive, Balanced, and Strict — choose how aggressive you want to be\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dashboard overview\u003C\u002Fstrong> — see blocked vs verified orders at a glance with a 7-day chart\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Order status tracking\u003C\u002Fstrong> — know which orders were flagged, passed, or blocked\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP whitelist\u003C\u002Fstrong> — let trusted addresses through, supports CIDR notation\u003C\u002Fli>\n\u003Cli>\u003Cstrong>API key authentication\u003C\u002Fstrong> — for headless and custom checkout setups\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Works with all checkout types\u003C\u002Fstrong> — classic, block-based, and all payment gateways\u003C\u002Fli>\n\u003Cli>\u003Cstrong>HPOS compatible\u003C\u002Fstrong> — works with High-Performance Order Storage\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce logging\u003C\u002Fstrong> — full integration with WooCommerce Status logs\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Pro Features\u003C\u002Fh4>\n\u003Cp>Take control with advanced tools:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Smart logging\u003C\u002Fstrong> — choose what gets logged: nothing, blocked attempts only, or everything with full details\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Recent blocks feed\u003C\u002Fstrong> — see the last 50 blocked attempts right on your dashboard, with email, payment method, and block reason\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic CDN\u002Fproxy detection\u003C\u002Fstrong> — correctly identifies visitor IPs behind Cloudflare, Sucuri, or Akamai without manual configuration\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Stronger permissive mode\u003C\u002Fstrong> — adds referrer verification on top of session checks for tighter bot detection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Checkout details in logs\u003C\u002Fstrong> — see exactly which email and payment method bots tried to use\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customer blocklist\u003C\u002Fstrong> — block repeat offenders by email, name, address, phone, IP, or postal code\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Order block metabox\u003C\u002Fstrong> — add customers to the blocklist directly from any order screen\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fcarticy.com\u002Fplugins\u002Fcheckout-shield-for-woocommerce\u002F\" rel=\"nofollow ugc\">Learn more about Pro features\u003C\u002Fa>\u003C\u002Fp>\n","Stops fake checkout orders, card testing attacks, and spam bots that bypass CAPTCHA. Works instantly with all checkout types.",420,"2026-03-08T12:38:00.000Z","6.9.4","6.0","8.0",[21,115,116,98,117],"checkout","fraud","woocommerce","https:\u002F\u002Fcarticy.com\u002Fcheckout-shield","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcarticy-checkout-shield-for-woocommerce.1.1.0.zip",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":128,"downloaded":129,"rating":28,"num_ratings":28,"last_updated":130,"tested_up_to":111,"requires_at_least":112,"requires_php":131,"tags":132,"homepage":62,"download_link":134,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"click-fraud-free","ClickFraudFree","1.0.0","cffjerson","https:\u002F\u002Fprofiles.wordpress.org\u002Fcffjerson\u002F","\u003Cp>ClickFraudFree is a \u003Cstrong>service-based plugin\u003C\u002Fstrong> that helps website owners protect their traffic and advertising campaigns from fraudulent clicks, bots, and malicious users.\u003C\u002Fp>\n\u003Cp>This plugin connects your WordPress site to the \u003Cstrong>ClickFraudFree external service\u003C\u002Fstrong>, which analyzes traffic patterns and detects invalid or fraudulent activity in real time.\u003C\u002Fp>\n\u003Cp>⚠️ \u003Cstrong>Important:\u003C\u002Fstrong>\u003Cbr \u002F>\nThis plugin relies on a \u003Cstrong>remote service\u003C\u002Fstrong> and does not function without an active ClickFraudFree account.\u003C\u002Fp>\n\u003Ch3>How the service works\u003C\u002Fh3>\n\u003Cp>When enabled, the plugin sends limited traffic-related data to the ClickFraudFree servers for analysis. This allows the service to detect and prevent click fraud and invalid traffic.\u003C\u002Fp>\n\u003Cp>The plugin may communicate with the following external server:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>https:\u002F\u002Fclickfraudfree.com\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Data sent to the service\u003C\u002Fh3>\n\u003Cp>Depending on your configuration, the plugin may transmit the following data to the ClickFraudFree service:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Client ID (provided by the ClickFraudFree account)\u003C\u002Fli>\n\u003Cli>Visitor IP address\u003C\u002Fli>\n\u003Cli>HTTP referrer URL\u003C\u002Fli>\n\u003Cli>Timestamp of the visit\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>No personally identifiable user data is collected intentionally beyond what is required for fraud detection.\u003C\u002Fp>\n\u003Ch3>Why this data is needed\u003C\u002Fh3>\n\u003Cp>This information is required to:\u003Cbr \u002F>\n* Identify repeat or automated traffic\u003Cbr \u002F>\n* Detect bot activity and click farms\u003Cbr \u002F>\n* Prevent competitors from generating invalid ad clicks\u003Cbr \u002F>\n* Protect advertising budgets and analytics accuracy\u003C\u002Fp>\n\u003Ch3>Account requirement\u003C\u002Fh3>\n\u003Cp>An active ClickFraudFree account is required to use this plugin.\u003Cbr \u002F>\nYou must sign up at \u003Cstrong>https:\u002F\u002Fclickfraudfree.com\u003C\u002Fstrong> and obtain a Client ID.\u003C\u002Fp>\n","Protects websites and ad campaigns from bots, competitors, and invalid traffic using a remote click fraud detection service.",40,232,"2026-01-26T12:20:00.000Z","7.4",[133,21,58,60,61],"ad-fraud","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclick-fraud-free.1.0.0.zip",{"attackSurface":136,"codeSignals":196,"taintFlows":244,"riskAssessment":271,"analyzedAt":279},{"hooks":137,"ajaxHandlers":192,"restRoutes":193,"shortcodes":194,"cronEvents":195,"entryPointCount":28,"unprotectedCount":28},[138,144,149,153,158,163,166,169,173,176,179,182,186,189],{"type":139,"name":140,"callback":141,"file":142,"line":143},"action","admin_menu","pksrb_add_toplevel_menu","admin\u002Fadmin-menu.php",16,{"type":139,"name":145,"callback":146,"priority":11,"file":147,"line":148},"registration_errors","pksrb_validate_reg","includes\u002Fpksrb-validate.php",13,{"type":139,"name":150,"callback":151,"priority":11,"file":147,"line":152},"password_reset","pksrb_validate_reset",15,{"type":154,"name":155,"callback":156,"priority":13,"file":147,"line":157},"filter","authenticate","pksrb_validate_login",18,{"type":139,"name":159,"callback":160,"file":161,"line":162},"init","pksrb_init","pk-spam-registration-blocker.php",46,{"type":139,"name":159,"callback":164,"file":161,"line":165},"pksrb_regcss",48,{"type":139,"name":159,"callback":167,"file":161,"line":168},"pksrb_regjs",50,{"type":139,"name":170,"callback":171,"file":161,"line":172},"wp_enqueue_scripts","pksrb_load_css_js",52,{"type":139,"name":174,"callback":171,"file":161,"line":175},"admin_enqueue_scripts",53,{"type":139,"name":177,"callback":171,"file":161,"line":178},"login_head",54,{"type":139,"name":177,"callback":180,"file":161,"line":181},"pksrb_load_rcapi",56,{"type":139,"name":183,"callback":184,"file":161,"line":185},"login_form","pk_captcha_field",58,{"type":139,"name":187,"callback":184,"file":161,"line":188},"register_form",59,{"type":139,"name":190,"callback":184,"file":161,"line":191},"lostpassword_form",60,[],[],[],[],{"dangerousFunctions":197,"sqlUsage":198,"outputEscaping":200,"fileOperations":28,"externalRequests":14,"nonceChecks":28,"capabilityChecks":89,"bundledLibraries":243},[],{"prepared":28,"raw":28,"locations":199},[],{"escaped":201,"rawEcho":202,"locations":203},21,20,[204,208,210,212,214,215,217,219,221,223,225,227,229,231,233,235,237,239,241,242],{"file":205,"line":206,"context":207},"admin\u002Fdashboard-page.php",75,"raw output",{"file":205,"line":209,"context":207},76,{"file":205,"line":211,"context":207},77,{"file":205,"line":213,"context":207},84,{"file":205,"line":27,"context":207},{"file":205,"line":216,"context":207},117,{"file":205,"line":218,"context":207},135,{"file":205,"line":220,"context":207},140,{"file":205,"line":222,"context":207},144,{"file":205,"line":224,"context":207},149,{"file":205,"line":226,"context":207},152,{"file":205,"line":228,"context":207},153,{"file":205,"line":230,"context":207},158,{"file":205,"line":232,"context":207},161,{"file":205,"line":234,"context":207},163,{"file":205,"line":236,"context":207},165,{"file":205,"line":238,"context":207},173,{"file":205,"line":240,"context":207},177,{"file":205,"line":240,"context":207},{"file":205,"line":240,"context":207},[],[245,263],{"entryPoint":246,"graph":247,"unsanitizedCount":28,"severity":262},"pksrb_display_dashboard_page (admin\u002Fdashboard-page.php:7)",{"nodes":248,"edges":259},[249,253],{"id":250,"type":251,"label":252,"file":205,"line":202},"n0","source","$_POST (x2)",{"id":254,"type":255,"label":256,"file":205,"line":257,"wp_function":258},"n1","sink","echo() [XSS]",141,"echo",[260],{"from":250,"to":254,"sanitized":261},true,"low",{"entryPoint":264,"graph":265,"unsanitizedCount":28,"severity":262},"\u003Cdashboard-page> (admin\u002Fdashboard-page.php:0)",{"nodes":266,"edges":269},[267,268],{"id":250,"type":251,"label":252,"file":205,"line":202},{"id":254,"type":255,"label":256,"file":205,"line":257,"wp_function":258},[270],{"from":250,"to":254,"sanitized":261},{"summary":272,"deductions":273},"The \"pk-spam-registration-blocker\" plugin v1.1 exhibits a generally good security posture based on the provided static analysis.  The absence of any identified dangerous functions, raw SQL queries, file operations, or critical taint flows is a strong positive indicator.  Furthermore, the plugin appears to handle external HTTP requests cautiously and utilizes prepared statements for its SQL queries. The fact that there are no known CVEs or recorded vulnerabilities in its history suggests a history of secure development and maintenance.\n\nHowever, there are areas for potential improvement. The output escaping is only 51% properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is outputted without adequate sanitization. Additionally, the complete lack of nonce checks, especially given the presence of external HTTP requests, is a significant concern as it leaves the plugin vulnerable to cross-site request forgery (CSRF) attacks if any of its functionalities are triggered externally without proper verification.\n\nWhile the plugin has a clean vulnerability history and a small attack surface, the identified weaknesses in output escaping and the absence of nonce checks warrant attention. Addressing these points would significantly strengthen the plugin's overall security. The current security posture is fair, with room for improvement in handling user input and preventing unintended actions.",[274,277],{"reason":275,"points":276},"Low percentage of properly escaped output",8,{"reason":278,"points":11},"No nonce checks implemented","2026-04-16T12:03:20.785Z",{"wat":281,"direct":289},{"assetPaths":282,"generatorPatterns":285,"scriptPaths":286,"versionParams":288},[283,284],"\u002Fwp-content\u002Fplugins\u002Fpk-spam-registration-blocker\u002Fcss\u002Fpksrb.css","\u002Fwp-content\u002Fplugins\u002Fpk-spam-registration-blocker\u002Fjs\u002Fpksrb.js",[],[287],"https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fapi.js?render=",[],{"cssClasses":290,"htmlComments":291,"htmlAttributes":292,"restEndpoints":296,"jsGlobals":297,"shortcodeOutput":299},[],[],[293,294,295],"id=\"pk_captcha\"","name=\"pk_captcha\"","value=\"pk_captcha\"",[],[298],"pksrbParam",[],{"error":261,"url":301,"statusCode":302,"statusMessage":303,"message":303},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fpk-spam-registration-blocker\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":65,"versions":305},[306,313],{"version":6,"download_url":307,"svn_tag_url":308,"released_at":29,"has_diff":309,"diff_files_changed":310,"diff_lines":29,"trac_diff_url":311,"vulnerabilities":312,"is_current":261},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpk-spam-registration-blocker.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpk-spam-registration-blocker\u002Ftags\u002F1.1\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fpk-spam-registration-blocker%2Ftags%2F1.0&new_path=%2Fpk-spam-registration-blocker%2Ftags%2F1.1",[],{"version":314,"download_url":315,"svn_tag_url":316,"released_at":29,"has_diff":309,"diff_files_changed":317,"diff_lines":29,"trac_diff_url":29,"vulnerabilities":318,"is_current":309},"1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpk-spam-registration-blocker.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpk-spam-registration-blocker\u002Ftags\u002F1.0\u002F",[],[]]