WP-Safety

Proxy & VPN Blocker Security & Risk Analysis

wordpress.org/plugins/proxy-vpn-blocker

Block VPNs, proxies, Tor, and spam on WordPress. Strengthen security and stop fake users with smart IP blocking via proxycheck.io.

1K active installs v3.5.8 PHP 7.2+ WP 4.9+ Updated Mar 5, 2026
proxy-blockersecurityspam-protectiontor-blockervpn-blocker
99
A · Safe
CVEs total1
Unpatched0
Last CVEJan 9, 2026
Plugin page Download
Safety Verdict

Is Proxy & VPN Blocker Safe to Use in 2026?

Generally Safe

Score 99/100

Proxy & VPN Blocker has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Jan 9, 2026Updated 2mo ago
Risk Assessment

The "proxy-vpn-blocker" plugin version 3.5.8 exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and performing a substantial number of capability checks. The fact that all known CVEs are currently patched is also a reassuring sign. However, significant concerns arise from the static analysis, particularly regarding the presence of unprotected AJAX handlers. The taint analysis reveals three high-severity flows, indicating potential for attackers to exploit these vulnerabilities if authorization is indeed missing.

The vulnerability history, while showing no currently unpatched issues, notes a past medium-severity vulnerability, and the common type being "Missing Authorization" aligns with the concerns found in the static analysis of unprotected AJAX entry points. This suggests a recurring theme that requires careful attention. The plugin's attack surface is moderately sized, but the proportion of unprotected entry points (4 out of 13) is a clear risk.

In conclusion, while the plugin benefits from strong SQL handling and a good number of security checks, the unprotected AJAX handlers and high-severity taint flows present a notable risk. The historical pattern of "Missing Authorization" vulnerabilities reinforces the need for robust authentication and authorization checks on all user-facing entry points. Addressing these specific weaknesses would significantly improve the plugin's overall security.

Key Concerns

  • 4 unprotected AJAX handlers
  • 3 high severity taint flows
  • 78% output escaping (implies 22% not properly escaped)
  • 1 file operation with potential for misuse
  • Bundled Select2 library (potential for outdated issues)
Vulnerabilities
1 published

Proxy & VPN Blocker Security Vulnerabilities

CVEs by Year

1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-69353medium · 4.3Missing Authorization

Proxy & VPN Blocker <= 3.5.3 - Missing Authorization

Jan 9, 2026 Patched in 3.5.4 (6d)
Version History

Proxy & VPN Blocker Release Timeline

v3.5.8Current
v3.5.7
v3.5.6
v3.5.5
v3.5.4
v3.5.31 CVE
CVE-2025-69353
v3.5.21 CVE
CVE-2025-69353
v3.5.01 CVE
CVE-2025-69353
v3.4.51 CVE
CVE-2025-69353
v3.4.41 CVE
CVE-2025-69353
v3.4.31 CVE
CVE-2025-69353
v3.4.21 CVE
CVE-2025-69353
v3.4.11 CVE
CVE-2025-69353
v3.3.11 CVE
CVE-2025-69353
v3.3.01 CVE
CVE-2025-69353
v3.2.41 CVE
CVE-2025-69353
v3.2.31 CVE
CVE-2025-69353
v3.2.21 CVE
CVE-2025-69353
v3.2.11 CVE
CVE-2025-69353
v3.2.01 CVE
CVE-2025-69353
Code Analysis
Analyzed Mar 16, 2026

Proxy & VPN Blocker Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
22 prepared
Unescaped Output
39
136 escaped
Nonce Checks
15
Capability Checks
21
File Operations
1
External Requests
17
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

100% prepared22 total queries

Output Escaping

78% escaped175 total outputs
Data Flows · Security
4 unsanitized

Data Flow Analysis

10 flows4 with unsanitized paths
<debugging> (includes\dbg\debugging.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Proxy & VPN Blocker Attack Surface

Entry Points13
Unprotected4

AJAX Handlers 13

authwp_ajax_whitelist_addincludes\custom-form-handlers.php:73
authwp_ajax_pvb_admin_toolbarincludes\proxy-vpn-blocker-admin-bar.php:65
authwp_ajax_fetch_pvb_logsincludes\pvb-action-logs\proxy-vpn-blocker-action-log-fetcher.php:13
authwp_ajax_pvb_fetch_apigraphincludes\pvb-stats-page\proxy-vpn-blocker-stat-loader.php:35
authwp_ajax_pvb_refresh_statsincludes\pvb-stats-page\proxy-vpn-blocker-usage-fetcher.php:57
authwp_ajax_pvb_dismiss_review_bannerincludes\review-mode.php:398
noprivwp_ajax_pvb_dismiss_review_bannerincludes\review-mode.php:399
authwp_ajax_pvb_complete_setupincludes\setup-wizard\setup-wizard-form-handler.php:21
authwp_ajax_pvb_skip_setupincludes\setup-wizard\setup-wizard-form-handler.php:116
authwp_ajax_pvb_log_cors_detectionproxycheckio-cors.php:238
noprivwp_ajax_pvb_log_cors_detectionproxycheckio-cors.php:239
authwp_ajax_pvb_get_fresh_nonceproxycheckio-cors.php:248
noprivwp_ajax_pvb_get_fresh_nonceproxycheckio-cors.php:249
WordPress Hooks 62
actioninitincludes\class-proxy-vpn-blocker-settings.php:60
actionadmin_initincludes\class-proxy-vpn-blocker-settings.php:62
actionadmin_menuincludes\class-proxy-vpn-blocker-settings.php:64
filterpre_update_option_pvb_proxycheckio_API_Key_fieldincludes\class-proxy-vpn-blocker-settings.php:89
actionadmin_initincludes\class-proxy-vpn-blocker-settings.php:101
actionadmin_initincludes\class-proxy-vpn-blocker.php:129
actionadmin_enqueue_scriptsincludes\class-proxy-vpn-blocker.php:133
actionadmin_enqueue_scriptsincludes\class-proxy-vpn-blocker.php:134
actionadmin_enqueue_scriptsincludes\class-proxy-vpn-blocker.php:135
actionenqueue_block_editor_assetsincludes\class-proxy-vpn-blocker.php:137
actioninitincludes\class-proxy-vpn-blocker.php:146
actionupgrader_process_completeincludes\class-proxy-vpn-blocker.php:149
actioninitincludes\class-proxy-vpn-blocker.php:151
actionadmin_post_whitelist_addincludes\custom-form-handlers.php:72
actionadmin_post_whitelist_removeincludes\custom-form-handlers.php:113
actionadmin_post_blacklist_addincludes\custom-form-handlers.php:155
actionadmin_post_blacklist_removeincludes\custom-form-handlers.php:195
actionadmin_noticesincludes\help-mode.php:37
filtermanage_post_posts_columnsincludes\post-additions.php:22
filtermanage_page_posts_columnsincludes\post-additions.php:23
actionmanage_post_posts_custom_columnincludes\post-additions.php:53
actionmanage_page_posts_custom_columnincludes\post-additions.php:83
filterbulk_actions-edit-postincludes\post-additions.php:102
filterbulk_actions-edit-pageincludes\post-additions.php:113
actionadmin_action_pvb_set_block_postincludes\post-additions.php:154
actionadmin_action_pvb_set_block_pageincludes\post-additions.php:155
filterbulk_actions-edit-postincludes\post-additions.php:166
filterbulk_actions-edit-pageincludes\post-additions.php:177
actionadmin_action_pvb_unset_block_postincludes\post-additions.php:218
actionadmin_action_pvb_unset_block_pageincludes\post-additions.php:219
actionadmin_noticesincludes\post-additions.php:243
actionadmin_noticesincludes\post-additions.php:259
actionsave_postincludes\post-additions.php:320
actionupdate_post_metaincludes\post-additions.php:335
actionadmin_bar_menuincludes\proxy-vpn-blocker-admin-bar.php:139
actionwp_enqueue_scriptsincludes\proxy-vpn-blocker-admin-bar.php:176
actionadmin_bar_menuincludes\proxy-vpn-blocker-admin-bar.php:193
actionadd_meta_boxesincludes\proxy-vpn-blocker-classic-editor-support.php:54
actionsave_postincludes\proxy-vpn-blocker-classic-editor-support.php:83
actionrest_api_initincludes\proxy-vpn-blocker-stat-loader.php:30
actiondelete_old_pvb_action_logsincludes\pvb-action-logs\proxy-vpn-blocker-action-log-fetcher.php:87
actionadmin_noticesincludes\review-mode.php:360
actionuser_registerincludes\user-ip.php:34
actionwp_loginincludes\user-ip.php:69
filtermanage_users_columnsincludes\user-ip.php:81
filtermanage_users_custom_columnincludes\user-ip.php:239
filterusers_list_table_query_argsincludes\user-ip.php:315
actionedit_user_profileincludes\user-ip.php:483
actionshow_user_profileincludes\user-ip.php:484
actionplugins_loadedproxy-vpn-blocker-function.php:122
actionupdate_option_permalink_structureproxy-vpn-blocker-function.php:567
filterauthenticateproxy-vpn-blocker-function.php:611
actionlogin_initproxy-vpn-blocker-function.php:612
actionpre_comment_on_postproxy-vpn-blocker-function.php:614
actionwpproxy-vpn-blocker-function.php:620
actiontemplate_redirectproxy-vpn-blocker-function.php:621
actionsend_headersproxy-vpn-blocker-function.php:625
actioninitproxy-vpn-blocker-function.php:632
actionplugins_loadedproxy-vpn-blocker-function.php:643
actionwp_footerproxycheckio-cors.php:175
actionwp_headproxycheckio-cors.php:187
actionget_headerproxycheckio-cors.php:196

Scheduled Events 1

delete_old_pvb_action_logs
Maintenance & Trust

Proxy & VPN Blocker Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 5, 2026
PHP min version7.2
Downloads128K

Community Trust

Rating74/100
Number of ratings32
Active installs1K
Alternatives

Proxy & VPN Blocker Alternatives

Stop Spammers Classic

Stop Spammers Classic

stop-spammer-registrations-plugin

A
89

A simplified, restored, and preserved version of the original Stop Spammers plugin.

30K 8 CVEs
Captcha by BestWebSoft – Advanced Spam Protection, Math & OCR-Friendly Captcha for Site Forms

Captcha by BestWebSoft – Advanced Spam Protection, Math & OCR-Friendly Captcha for Site Forms

captcha-bws

A
99

1 The Ultimate Spam Protection Plugin Using Captcha for WordPress Forms.

10K 2 CVEs
Dam Spam

Dam Spam

dam-spam

A
99

Comprehensive spam protection for WordPress registration, login, comments, and contact forms.

1K 1 CVE
Universal Honey Pot

Universal Honey Pot

universal-honey-pot

A
100

Universal Honey Pot is a powerful and user-friendly WordPress plugin that provides a plug-and-play solution for protecting your forms against unwanted &hellip;

1K No CVEs
Honeypot Guard – Silent Anti-Spam

Honeypot Guard – Silent Anti-Spam

honeypot-guard-silent-anti-spam

A
100

Anti-spam protection for forms, signups, and comments using advanced honeypot techniques. No CAPTCHAs, no user friction.

100 No CVEs
Developer Profile

Proxy & VPN Blocker Developer Profile

Proxy & VPN Blocker

1 plugin · 1K total installs

99
trust score
Avg Security Score
99/100
Avg Patch Time
6 days
View full developer profile
Detection Fingerprints

How We Detect Proxy & VPN Blocker

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/proxy-vpn-blocker/admin/js/pvb-admin.js/wp-content/plugins/proxy-vpn-blocker/admin/css/pvb-admin.css/wp-content/plugins/proxy-vpn-blocker/includes/js/pvb-frontend.js
Script Paths
/wp-content/plugins/proxy-vpn-blocker/admin/js/pvb-admin.js/wp-content/plugins/proxy-vpn-blocker/includes/js/pvb-frontend.js
Version Parameters
proxy-vpn-blocker/admin/css/pvb-admin.css?ver=proxy-vpn-blocker/admin/js/pvb-admin.js?ver=proxy-vpn-blocker/includes/js/pvb-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
pvb_warningpvb_hide_content
JS Globals
pvb_vars
FAQ

Frequently Asked Questions about Proxy & VPN Blocker