[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fnVgFGF_DzRRMzXEw6Vlep4YU0yA-633H0aHprDwn9ew":3,"$fbgwMb33j2LTHqNFm3IvNxH2qBQxjw7xzz_lR6I8NLWw":377,"$fzFznWtjF2Y8ucKS-fYFPYMGTqKBVEV0_ScDyq4DfvVY":381},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"discovery_status":31,"vulnerabilities":32,"developer":50,"crawl_stats":38,"alternatives":54,"analysis":157,"fingerprints":354},"querywall","QueryWall: Plug'n Play Firewall","1.1.1","4ley","https:\u002F\u002Fprofiles.wordpress.org\u002F4ley\u002F","\u003Cp>QueryWall analyzes queries automically to protect your site against malicious URL requests.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>How it works\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>QueryWall analyzes all incoming HTTP requests and silently blocks malicious queries containing risky strings like wp-config.php, eval code, base64_ encrypted code, and many more.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Plug’n Play Firewall\u003C\u002Fli>\n\u003Cli>Simple, fast and solid\u003C\u002Fli>\n\u003Cli>Upload, activate, ready and done\u003C\u002Fli>\n\u003Cli>Works in background\u003C\u002Fli>\n\u003Cli>Identifies and forbids a wide range of malicious queries\u003C\u002Fli>\n\u003Cli>Add your own rules if you like\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Contribution \u002F Social\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Contribute to \u003Ca href=\"https:\u002F\u002Fgithub.com\u002F4ley\u002Fquerywall\" rel=\"nofollow ugc\">QueryWall at GitHub\u003C\u002Fa> or follow \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fquerywall\" rel=\"nofollow ugc\">QueryWall at Facebook\u003C\u002Fa>\u003C\u002Fp>\n","Autopilot protection for your WordPress against malicious URL requests.",200,12127,100,9,"2018-10-23T10:16:00.000Z","5.0.25","3.1","",[20,21,22,23,24],"antivirus","block","firewall","protect","security","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fquerywall\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fquerywall.zip",63,1,"2023-05-26 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":38,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":38,"patch_diff_files":47,"patch_trac_url":38,"research_status":38,"research_verified":48,"research_rounds_completed":49,"research_plan":38,"research_summary":38,"research_vulnerable_code":38,"research_fix_diff":38,"research_exploit_outline":38,"research_model_used":38,"research_started_at":38,"research_completed_at":38,"research_error":38,"poc_status":38,"poc_video_id":38,"poc_summary":38,"poc_steps":38,"poc_tested_at":38,"poc_wp_version":38,"poc_php_version":38,"poc_playwright_script":38,"poc_exploit_code":38,"poc_has_trace":48,"poc_model_used":38,"poc_verification_depth":38},"CVE-2023-2492","querywall-authenticated-administrator-sql-injection","QueryWall \u003C= 1.1.1 - Authenticated (Administrator+) SQL Injection","The QueryWall plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.1.1 due to insufficient escaping on a user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",null,"\u003C=1.1.1","high",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2024-01-22 19:56:02",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F306c98ad-0d42-4ad5-b82a-bf4579865aa9?source=api-prod",[],false,0,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":51,"trust_score":52,"computed_at":53},30,68,"2026-05-19T18:12:41.919Z",[55,80,99,118,140],{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":65,"num_ratings":66,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":70,"tags":71,"homepage":75,"download_link":76,"security_score":77,"vuln_count":78,"unpatched_count":49,"last_vuln_date":79,"fetched_at":30},"zero-spam","Zero Spam for WordPress","5.5.8","Ben Marshall","https:\u002F\u002Fprofiles.wordpress.org\u002Fbmarshall511\u002F","\u003Cp>Protect your WordPress website seamlessly with Zero Spam for WordPress! Eliminate spam and malicious attacks that can harm your online presence. Our plugin integrates effortlessly with \u003Ca href=\"https:\u002F\u002Fwww.zerospam.org\" rel=\"nofollow ugc\">Zero Spam\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.stopforumspam.com\u002F\" rel=\"nofollow ugc\">Stop Forum Spam\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Fwww.projecthoneypot.org\u002F\" rel=\"nofollow ugc\">Project Honeypot\u003C\u002Fa> to offer a strong defense system.\u003C\u002Fp>\n\u003Cp>Rest easy knowing that we utilize multiple detection methods to swiftly identify and halt potential threats. Whether it’s pesky spam, devious trolls, or cunning hackers, Zero Spam is here to protect your website.\u003C\u002Fp>\n\u003Ch4>Worry-free, Powerful Protection at Your Fingertips\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>No captchas or moderation queues — no longer a admin’s problem.\u003C\u002Fli>\n\u003Cli>Our system dynamically blocks threats, keeping your site safe.\u003C\u002Fli>\n\u003Cli>Integration with global IP reputation providers for enhanced security.\u003C\u002Fli>\n\u003Cli>Block IPs temporarily or permanently, keep unwanted visitors out.\u003C\u002Fli>\n\u003Cli>Geolocation tracks origins of threats, providing valuable insights.\u003C\u002Fli>\n\u003Cli>Ability to block countries, regions, zip\u002Fpostal codes & cities.\u003C\u002Fli>\n\u003Cli>REST API for programmatic settings management — perfect for CI\u002FCD, staging syncs, and automation.\u003C\u002Fli>\n\u003Cli>Utilize \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsplorp\u002Fwordpress-comment-blacklist\" rel=\"nofollow ugc\">splorp’s Comment Blacklist\u003C\u002Fa> to strengthen your disallowed list.\u003C\u002Fli>\n\u003Cli>Block disposable & malicious email effortlessly with \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdisposable\" rel=\"nofollow ugc\">disposable\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Multiple techniques, including the renowned solution by \u003Ca href=\"https:\u002F\u002Fdavidwalsh.name\u002Fwordpress-comment-spam\" rel=\"nofollow ugc\">David Walsh\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Seamlessly integrates with popular plugins including:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">WooCommerce\u003C\u002Fa> — Secure customer registrations.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgivewp.com\u002Fref\u002F1118\u002F\" rel=\"nofollow ugc\">GiveWP\u003C\u002Fa> — Prevents attempts to test stolen credit cards.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-user-avatar\u002F\" rel=\"ugc\">ProfilePress\u003C\u002Fa> — Keeps registrations safe & secure.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmailchimp-for-wp\u002F\" rel=\"ugc\">Mailchimp for WordPress\u003C\u002Fa> — Protects sign-ups from abuse.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.gravityforms.com\u002F\" rel=\"nofollow ugc\">Gravity Forms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcontact-form-7\u002F\" rel=\"ugc\">Contact Form 7\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpforms-lite\u002F\" rel=\"ugc\">WPForms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fformidable\u002F\" rel=\"ugc\">Formidable Form Builder\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffluentform\u002F\" rel=\"ugc\">Fluent Forms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpdiscuz\u002F\" rel=\"ugc\">wpDiscuz\u003C\u002Fa> — Versatile form protection.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>With Zero Spam for WordPress, you not only get exceptional protection but also a reliable support that ensures your peace of mind.\u003C\u002Fp>\n\u003Ch4>Enhance Detection with Optional 3rd-Party Integrations\u003C\u002Fh4>\n\u003Cp>Zero Spam for WordPress can integrate optional services for enhanced spam detection. Before using these, we recommend reviewing their terms and privacy policies.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.zerospam.org\u002F\" rel=\"nofollow ugc\">Zero Spam\u003C\u002Fa>\u003C\u002Fstrong> – Utilize our real-time IP reputation analysis. Take a look at our \u003Ca href=\"https:\u002F\u002Fwww.zerospam.org\u002Fprivacy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.zerospam.org\u002Fterms\u002F\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> for more details.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fipbase.com\u002F\" rel=\"nofollow ugc\">ipbase.com\u003C\u002Fa>\u003C\u002Fstrong> – Access detailed geolocation information of attackers. Familiarize yourself with their \u003Ca href=\"https:\u002F\u002Fipbase.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> & \u003Ca href=\"https:\u002F\u002Fwww.iubenda.com\u002Fterms-and-conditions\u002F41661719\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fipinfo.io\u002F\" rel=\"nofollow ugc\">ipinfo.io\u003C\u002Fa>\u003C\u002Fstrong> – Gather geolocation details of malicious users. Refer to their \u003Ca href=\"https:\u002F\u002Fipinfo.io\u002Fprivacy-policy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> & \u003Ca href=\"https:\u002F\u002Fipinfo.io\u002Fterms-of-service\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> for further information.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fipstack.com\u002F\" rel=\"nofollow ugc\">ipstack\u003C\u002Fa>\u003C\u002Fstrong> – Obtain extensive geolocation insights. Review their \u003Ca href=\"https:\u002F\u002Fwww.ideracorp.com\u002FLegal\u002FAPILayer\u002FPrivacyStatement\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> & \u003Ca href=\"https:\u002F\u002Fipstack.com\u002Fterms\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> to learn more.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.stopforumspam.com\u002F\" rel=\"nofollow ugc\">Stop Forum Spam\u003C\u002Fa>\u003C\u002Fstrong> – Verify if visitors’ IPs have been reported. Explore their \u003Ca href=\"https:\u002F\u002Fwww.stopforumspam.com\u002Fprivacy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.stopforumspam.com\u002Flegal\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> for additional details.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.projecthoneypot.org\u002F\" rel=\"nofollow ugc\">Project Honeypot\u003C\u002Fa>\u003C\u002Fstrong> – Check if visitors’ IPs have been flagged. Refer to their \u003Ca href=\"https:\u002F\u002Fwww.projecthoneypot.org\u002Fprivacy_policy.php\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.projecthoneypot.org\u002Fterms_of_use.php\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> for more information.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Fmaps\" rel=\"nofollow ugc\">Google Maps\u003C\u002Fa>\u003C\u002Fstrong> – Plot attack locations on Google Maps. Please review their \u003Ca href=\"https:\u002F\u002Fwww.ideracorp.com\u002FLegal\u002FAPILayer\u002FPrivacyStatement\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> & \u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Fterms\u002Fsite-terms\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> for complete details.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Additionally, you have the option to contribute to Zero Spam’s improvement by enabling the sharing of detection information. For further information on the shared data, kindly refer to our \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FHighfivery\u002Fzero-spam-for-wordpress\u002Fwiki\u002FFAQ\" rel=\"nofollow ugc\">FAQ\u003C\u002Fa>.\u003C\u002Fp>\n","No spam, no scams, just seamless experiences with Zero Spam for WordPress - the shield your site deserves.",20000,1426861,82,143,"2026-03-16T18:51:00.000Z","6.9.4","6.9","8.2",[22,72,24,73,74],"protection","spam","spam-blocker","https:\u002F\u002Fwordpress.com\u002Fplugins\u002Fzero-spam\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fzero-spam.5.5.8.zip",96,5,"2024-04-15 00:00:00",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":90,"num_ratings":91,"last_updated":92,"tested_up_to":93,"requires_at_least":94,"requires_php":95,"tags":96,"homepage":18,"download_link":98,"security_score":13,"vuln_count":49,"unpatched_count":49,"last_vuln_date":38,"fetched_at":30},"wt-security","WebTotem Security","2.4.35","WebTotem","https:\u002F\u002Fprofiles.wordpress.org\u002Fwtsec\u002F","\u003Cp>\u003Cstrong>WebTotem: Enhance Your WordPress Website Security\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>WebTotem the Ultimate WordPress Security Plugin for Comprehensive Protection\u003Cbr \u002F>\nIn today’s digital landscape, safeguarding your WordPress website against a myriad of threats is paramount. WebTotem emerges as a formidable security solution, offering a suite of powerful features designed to protect your website from the ground up. With antivirus scans, firewall protection, SSL certificate monitoring, and port analysis, WebTotem ensures your web space is meticulously guarded. Pushing the envelope further, it incorporates CVE vulnerability scanning to preemptively identify and mitigate potential risks, fortifying your website’s defense mechanism.\u003Cbr \u002F>\nWebTotem transforms your website into an impenetrable fortress by integrating additional layers of security such as activity logs, two-factor authentication (2FA), brute force attack prevention, and CAPTCHA functionalities. This not only guarantees uninterrupted operation but also establishes a reliable security framework for your website.\u003C\u002Fp>\n\u003Ch3>Core Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Antivirus Protection:\u003C\u002Fstrong> Conducts thorough scans of your files for malicious software, hidden shells, and dubious modifications, marking the first step towards a secure website. It’s an intuitive solution for maintaining your site’s integrity.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Firewall Defense:\u003C\u002Fstrong> Offers real-time safeguarding against SQL injections, XSS, and DOS attacks, ensuring your data remains secure from unwelcome intrusions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SSL Module:\u003C\u002Fstrong> Administers continuous monitoring and management of your site’s SSL certificates, protecting data transmission round the clock.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Port Scanner:\u003C\u002Fstrong> Employs meticulous analysis to identify open ports, blocking unauthorized access and neutralizing potential threats.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Open Path Scanner:\u003C\u002Fstrong> Proactively searches and reviews accessible paths to files and directories, closing off avenues for attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reputation Module:\u003C\u002Fstrong> Vigilantly monitors and alerts you about any blacklisting issues, safeguarding your site’s online reputation and visibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Accessibility Module:\u003C\u002Fstrong> Keeps a close watch on site availability and page response times, ensuring optimal performance and a seamless user experience.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Technology Scanner:\u003C\u002Fstrong> Accurately identifies your site’s technology stack and its versions, aiding in keeping your systems up-to-date.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Highlight Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Vulnerability Scanner:\u003C\u002Fstrong> A cornerstone feature that scans for known vulnerabilities within the Common Vulnerabilities and Exposures (CVE) database, enabling swift remediation to boost your site’s security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Server Resource Module:\u003C\u002Fstrong> Provides crucial insights into RAM and CPU usage, along with disk space analytics, facilitating efficient resource utilization for enhanced site performance.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Activity Log:\u003C\u002Fstrong> An essential tool for monitoring site changes and activities, offering a comprehensive event timeline for enhanced security oversight and swift incident response.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Enhanced Security Measures:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Two-Factor Authentication (2FA):\u003C\u002Fstrong> Elevates security by requiring a second form of verification, seamlessly integrated within your CMS to protect administrative access.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CAPTCHA Integration:\u003C\u002Fstrong> A versatile tool against spam bots and automated attacks, offering customizable CAPTCHA deployment to safeguard your forms from unwarranted submissions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Brute-Force Protection:\u003C\u002Fstrong> Actively combats password guessing attempts, employing proactive measures to prevent unauthorized access to your accounts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Level Assessment (Scoring):\u003C\u002Fstrong> Offers a detailed security evaluation based on an innovative methodology, pinpointing improvement areas with strategic recommendations to fortify your website’s security stance.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Vulnerability Remediation Advice:\u003C\u002Fstrong> Goes beyond detection by providing actionable, detailed guidance for addressing vulnerabilities, enhancing your website’s resilience against threats.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>WebTotem stands as a comprehensive security plugin, expertly crafted to enhance your WordPress site’s defenses. By adopting WebTotem, you not only protect your site from current threats but also strengthen its overall security architecture, ensuring a safe and robust online presence.\u003C\u002Fp>\n","WebTotem is a SaaS which provides powerful tools for securing and monitoring your website in one place in easy and flexible way.",900,92899,84,13,"2025-10-06T06:25:00.000Z","6.6.5","6.0","7.1",[20,22,97,72,24],"monitoring","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwt-security.2.4.35.zip",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":107,"downloaded":108,"rating":49,"num_ratings":49,"last_updated":109,"tested_up_to":68,"requires_at_least":110,"requires_php":111,"tags":112,"homepage":116,"download_link":117,"security_score":13,"vuln_count":49,"unpatched_count":49,"last_vuln_date":38,"fetched_at":30},"zero-budget-bot-shield","Zero Budget Bot Shield","1.0.2","wppropress","https:\u002F\u002Fprofiles.wordpress.org\u002Fwppropress\u002F","\u003Cp>Zero Budget Bot Shield is a WordPress security plugin that provides country blocking and 404 abuse protection without using external APIs or services\u003C\u002Fp>\n\u003Ch3>Country Blocking Without External APIs\u003C\u002Fh3>\n\u003Cp>Most geo-blocking plugins depend on third-party IP lookup services.\u003Cbr \u002F>\nZero Budget Bot Shield does not.\u003C\u002Fp>\n\u003Cp>Instead, it reads country codes directly from:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Cloudflare IP country headers\u003C\u002Fli>\n\u003Cli>Hosting provider GeoIP headers\u003C\u002Fli>\n\u003Cli>Standard server-level GeoIP integrations\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This means:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>No API keys\u003C\u002Fli>\n\u003Cli>No outbound IP lookups\u003C\u002Fli>\n\u003Cli>No visitor data sent to external services\u003C\u002Fli>\n\u003Cli>No privacy policy complexity\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cp>All features are available out of the box, with nothing locked behind a paywall.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Country blocking using server-level GeoIP headers\u003C\u002Fli>\n\u003Cli>No external APIs, IP databases, or paid services\u003C\u002Fli>\n\u003Cli>Automatic detection and blocking of 404 abuse\u003C\u002Fli>\n\u003Cli>Configurable rate limits and time windows\u003C\u002Fli>\n\u003Cli>Admin dashboard with statistics and event logs\u003C\u002Fli>\n\u003Cli>Exportable logs for auditing and analysis\u003C\u002Fli>\n\u003Cli>Native WordPress admin interface\u003C\u002Fli>\n\u003Cli>No front-end scripts or styles\u003C\u002Fli>\n\u003Cli>Fully self-contained and privacy-friendly\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>How It Works\u003C\u002Fh3>\n\u003Cp>\nZero Budget Bot Shield uses country codes provided by your server environment, such as:\n\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Cloudflare IP country headers\u003C\u002Fli>\n\u003Cli>Hosting provider GeoIP integrations\u003C\u002Fli>\n\u003Cli>Standard server-level GeoIP modules\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\nNo outbound IP lookups are performed, and no visitor data is sent outside your WordPress installation.\n\u003C\u002Fp>\n\u003Cp>\nFor 404 protection, the plugin monitors repeated not-found responses per IP address and automatically applies temporary blocks when thresholds are exceeded.\n\u003C\u002Fp>\n\u003Ch3>Privacy and Performance\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>No user tracking\u003C\u002Fli>\n\u003Cli>No storage of personally identifiable information\u003C\u002Fli>\n\u003Cli>No external API calls or SaaS dependencies\u003C\u002Fli>\n\u003Cli>No background cron jobs\u003C\u002Fli>\n\u003Cli>No performance impact on normal visitors\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\nAll processing happens locally using infrastructure you already control.\n\u003C\u002Fp>\n\u003Ch3>Recommended For\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Small businesses and personal websites\u003C\u002Fli>\n\u003Cli>Non-profits and educational institutions\u003C\u002Fli>\n\u003Cli>Shared hosting environments\u003C\u002Fli>\n\u003Cli>Developers who want simple, dependency-free protection\u003C\u002Fli>\n\u003Cli>Sites that require country blocking without paid services\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>About WPNatives\u003C\u002Fh3>\n\u003Cp>WPNatives develops practical, security-focused tools for WordPress site owners who value stability, performance, and transparency.\u003C\u002Fp>\n\u003Cp>Our plugins are designed to be lightweight, self-contained, and standards-compliant, with a focus on protecting WordPress sites without introducing unnecessary complexity, external dependencies, or recurring costs. We prioritize clean code, predictable behavior, and compatibility with common hosting environments.\u003C\u002Fp>\n\u003Cp>Our goal is to help individuals, nonprofits, small businesses, and agencies improve their site security and resilience using solutions that are easy to understand and maintain.\u003C\u002Fp>\n\u003Cp>Learn more at \u003Ca href=\"https:\u002F\u002Fwpnatives.com\" rel=\"nofollow ugc\">wpnatives.com\u003C\u002Fa> and explore our latest plugins, guides, and support resources.\u003C\u002Fp>\n","Free, lightweight WordPress plugin that blocks bots by country and prevents abuse via repeated 404 errors. Perfect for small organizations.",20,214,"2026-01-14T22:48:00.000Z","4.7","7.4",[113,114,22,115,24],"404-protection","bots","geo-blocking","https:\u002F\u002Fapp.wpnatives.com\u002Fzero-budget-bot-shield-lightweight-country-blocking-and-404-abuse-protection-for-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fzero-budget-bot-shield.1.0.2.zip",{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":13,"num_ratings":28,"last_updated":128,"tested_up_to":129,"requires_at_least":130,"requires_php":18,"tags":131,"homepage":137,"download_link":138,"security_score":139,"vuln_count":49,"unpatched_count":49,"last_vuln_date":38,"fetched_at":30},"automatic-break-iframes","SpamShieldX","1.2","Alireza Nejati","https:\u002F\u002Fprofiles.wordpress.org\u002Falireza-nejati\u002F","\u003Cp>SpamShieldX is the ultimate solution for protecting your WordPress website from spam and iframe abuse. Our plugin blocks malicious iframes and prevents unwanted spam sources, keeping your site secure and optimized.\u003C\u002Fp>\n\u003Cp>Whether you’re a blogger, website owner, or developer, SpamShieldX is the perfect tool to enhance your site’s security and performance. Our plugin is lightweight, easy to configure, and seamlessly integrates into your WordPress site.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Block iframe abuse\u003C\u002Fli>\n\u003Cli>Prevent spam from harmful sources\u003C\u002Fli>\n\u003Cli>Protect your content and improve security\u003C\u002Fli>\n\u003Cli>Easy to use and setup\u003C\u002Fli>\n\u003Cli>Regular updates for maximum security\u003C\u002Fli>\n\u003C\u002Ful>\n","SpamShieldX is the ultimate solution for protecting your WordPress website from spam and iframe abuse. Our plugin blocks malicious iframes and prevent &hellip;",10,2320,"2025-04-28T07:01:00.000Z","6.8.5","5.0",[132,133,134,135,136],"anti-spam","iframe-blocker","spam-protection","website-security","wordpress-firewall","http:\u002F\u002Fazarsys.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fautomatic-break-iframes.1.2.zip",92,{"slug":141,"name":142,"version":143,"author":144,"author_profile":145,"description":146,"short_description":147,"active_installs":126,"downloaded":148,"rating":13,"num_ratings":149,"last_updated":150,"tested_up_to":129,"requires_at_least":130,"requires_php":18,"tags":151,"homepage":18,"download_link":155,"security_score":13,"vuln_count":49,"unpatched_count":49,"last_vuln_date":38,"fetched_at":156},"guardify","Guardify Firewall","1.1.2","BitCleric","https:\u002F\u002Fprofiles.wordpress.org\u002Fsoamuller23\u002F","\u003Cp>\u003Cstrong>Guardify\u003C\u002Fstrong> is a powerful WordPress firewall plugin designed to protect your website from a wide range of threats, including brute force attacks, SQL injections, malicious bots, and unauthorized access attempts. With an intuitive dashboard, detailed statistics, and advanced settings, Guardify empowers you to secure your site effortlessly.\u003C\u002Fp>\n\u003Ch3>🔐 Key Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Advanced Web Application Firewall (WAF)\u003C\u002Fstrong>\u003Cbr \u002F>\nIntercepts and filters all incoming traffic before it reaches WordPress. Blocks SQL injection, XSS, RFI, LFI, and other attack vectors.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Brute Force Attack Protection\u003C\u002Fstrong>\u003Cbr \u002F>\nBlocks repeated login attempts by limiting login frequency and analyzing IP reputation.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>2-Factor Authentication (2FA)\u003C\u002Fstrong>\u003Cbr \u002F>\nAdds an extra layer of login security for admin users, using time-based one-time passwords (TOTP).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Real-Time Activity Logs\u003C\u002Fstrong>\u003Cbr \u002F>\nTrack login attempts, blocked IPs, suspicious requests, and system actions with detailed logs. View statistics by day, week, or month.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Custom IP Whitelisting & Blacklisting\u003C\u002Fstrong>\u003Cbr \u002F>\nControl access to your site by adding IPs or IP ranges to allow or deny lists. Includes temporary blocking for failed login attempts.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>GeoIP Blocking\u003C\u002Fstrong>\u003Cbr \u002F>\nBlock or allow access from specific countries using the MaxMind GeoIP2 database integration.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Bot Access Control\u003C\u002Fstrong>\u003Cbr \u002F>\nDetect and manage access from known bots, scrapers, and fake crawlers. Option to block non-human traffic.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Anti-PHP Injection & File Access Blocking\u003C\u002Fstrong>\u003Cbr \u002F>\nPrevents direct access to PHP files in sensitive directories such as \u003Ccode>\u002Fwp-includes\u002F\u003C\u002Fcode> and \u003Ccode>\u002Fwp-content\u002Fuploads\u002F\u003C\u002Fcode>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Block Plugin and Theme Installation\u003C\u002Fstrong>\u003Cbr \u002F>\nRestrict installation of new plugins and themes via the WordPress dashboard — even by administrators. This helps prevent unauthorized or accidental installation of insecure components. Manual installation via FTP remains possible.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Block Theme Editor\u003C\u002Fstrong>\u003Cbr \u002F>\nDisable access to the Theme Editor (\u003Ccode>\u002Fwp-admin\u002Ftheme-editor.php\u003C\u002Fcode>) to prevent direct file editing. This minimizes the risk of malicious code injection or unintentional file corruption.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Forbidden Comment Words Filter\u003C\u002Fstrong>\u003Cbr \u002F>\nAutomatically mark comments as spam if they contain forbidden words or patterns (e.g., \u003Ccode>http\u003C\u002Fcode>, \u003Ccode>viagra\u003C\u002Fcode>, \u003Ccode>casino\u003C\u002Fcode>, \u003Ccode>porn\u003C\u002Fcode>). Helps drastically reduce comment spam by detecting common keywords and links.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Auto Block IPs in .htaccess\u003C\u002Fstrong>\u003Cbr \u002F>\nWhen enabled, IPs that exceed the rate limit are automatically added to the \u003Ccode>.htaccess\u003C\u002Fcode> file for permanent blocking. This server-level block prevents any further requests. Use with care, as shared or corporate IPs may be affected.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Email Notifications\u003C\u002Fstrong>\u003Cbr \u002F>\nStay informed with email alerts about critical security events, such as admin login attempts or IP bans.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Customizable Firewall Rules\u003C\u002Fstrong>\u003Cbr \u002F>\nAdvanced users can fine-tune rules with regex filters, HTTP method checks, user-agent filters, and more.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>User-Friendly Admin Interface\u003C\u002Fstrong>\u003Cbr \u002F>\nGuardify features a modern and intuitive UI built using native WordPress design language.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Clean Uninstall\u003C\u002Fstrong>\u003Cbr \u002F>\nAutomatically cleans up all data, logs, and settings when uninstalled—leaving your database clean.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Guardify is a powerful WordPress firewall plugin designed to protect your website from a wide range of threats, including brute force attacks, SQL inj &hellip;",480,2,"2025-06-04T19:22:00.000Z",[152,22,153,24,154],"brute-force-protection","ip-blocking","wordpress-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fguardify.1.1.2.zip","2026-03-15T15:16:48.613Z",{"attackSurface":158,"codeSignals":213,"taintFlows":282,"riskAssessment":340,"analyzedAt":353},{"hooks":159,"ajaxHandlers":207,"restRoutes":208,"shortcodes":209,"cronEvents":210,"entryPointCount":49,"unprotectedCount":49},[160,165,169,174,178,182,184,187,189,190,193,198,202,206],{"type":161,"name":162,"callback":162,"priority":51,"file":163,"line":164},"action","init","core\\class-qwall-admin.php",26,{"type":161,"name":166,"callback":167,"file":163,"line":168},"admin_menu","cb_admin_menu",37,{"type":170,"name":171,"callback":172,"priority":126,"file":163,"line":173},"filter","plugin_row_meta","cb_plugin_meta",38,{"type":161,"name":175,"callback":176,"file":177,"line":52},"activated_plugin","on_activated_plugin","core\\class-qwall-core.php",{"type":161,"name":162,"callback":162,"priority":179,"file":180,"line":181},35,"core\\class-qwall-firewall-rules.php",33,{"type":161,"name":166,"callback":167,"file":180,"line":183},43,{"type":161,"name":185,"callback":185,"priority":28,"file":186,"line":164},"plugins_loaded","core\\class-qwall-firewall.php",{"type":161,"name":162,"callback":162,"priority":51,"file":188,"line":164},"core\\class-qwall-monitor.php",{"type":161,"name":166,"callback":167,"file":188,"line":168},{"type":161,"name":191,"callback":192,"file":188,"line":173},"qwall_purge_logs","purge_logs",{"type":161,"name":194,"callback":195,"file":196,"line":197},"admin_notices","display_admin_notice","core\\class-qwall-notice.php",44,{"type":161,"name":162,"callback":162,"priority":199,"file":200,"line":201},40,"core\\class-qwall-settings.php",70,{"type":161,"name":203,"callback":204,"file":200,"line":205},"admin_init","cb_admin_init",81,{"type":161,"name":166,"callback":167,"file":200,"line":65},[],[],[],[211],{"hook":191,"callback":191,"file":177,"line":212},103,{"dangerousFunctions":214,"sqlUsage":215,"outputEscaping":235,"fileOperations":49,"externalRequests":49,"nonceChecks":280,"capabilityChecks":280,"bundledLibraries":281},[],{"prepared":49,"raw":216,"locations":217},6,[218,222,225,227,230,232],{"file":219,"line":220,"context":221},"core\\class-qwall-monitor-list-table.php",121,"$wpdb->get_var() with variable interpolation",{"file":219,"line":223,"context":224},122,"$wpdb->get_results() with variable interpolation",{"file":188,"line":226,"context":221},93,{"file":188,"line":228,"context":229},165,"$wpdb->query() with variable interpolation",{"file":188,"line":231,"context":229},167,{"file":233,"line":234,"context":229},"core\\class-qwall-setup.php",108,{"escaped":236,"rawEcho":237,"locations":238},7,23,[239,242,243,245,247,249,251,253,255,257,259,261,262,264,266,267,269,271,272,274,275,277,279],{"file":180,"line":240,"context":241},86,"raw output",{"file":180,"line":212,"context":241},{"file":180,"line":244,"context":241},117,{"file":180,"line":246,"context":241},120,{"file":180,"line":248,"context":241},133,{"file":180,"line":250,"context":241},135,{"file":188,"line":252,"context":241},118,{"file":188,"line":254,"context":241},140,{"file":196,"line":256,"context":241},55,{"file":196,"line":258,"context":241},56,{"file":200,"line":260,"context":241},244,{"file":200,"line":260,"context":241},{"file":200,"line":263,"context":241},245,{"file":200,"line":265,"context":241},257,{"file":200,"line":265,"context":241},{"file":200,"line":268,"context":241},258,{"file":200,"line":270,"context":241},270,{"file":200,"line":270,"context":241},{"file":200,"line":273,"context":241},271,{"file":200,"line":273,"context":241},{"file":200,"line":276,"context":241},285,{"file":200,"line":278,"context":241},287,{"file":200,"line":278,"context":241},3,[],[283,300,308,329],{"entryPoint":284,"graph":285,"unsanitizedCount":28,"severity":299},"close (core\\class-qwall-firewall.php:113)",{"nodes":286,"edges":297},[287,292],{"id":288,"type":289,"label":290,"file":186,"line":291},"n0","source","$_SERVER['SERVER_PROTOCOL']",128,{"id":293,"type":294,"label":295,"file":186,"line":291,"wp_function":296},"n1","sink","header() [Header Injection]","header",[298],{"from":288,"to":293,"sanitized":48},"medium",{"entryPoint":301,"graph":302,"unsanitizedCount":28,"severity":299},"\u003Cclass-qwall-firewall> (core\\class-qwall-firewall.php:0)",{"nodes":303,"edges":306},[304,305],{"id":288,"type":289,"label":290,"file":186,"line":291},{"id":293,"type":294,"label":295,"file":186,"line":291,"wp_function":296},[307],{"from":288,"to":293,"sanitized":48},{"entryPoint":309,"graph":310,"unsanitizedCount":49,"severity":328},"admin_init (core\\class-qwall-core.php:55)",{"nodes":311,"edges":324},[312,315,318,322],{"id":288,"type":289,"label":313,"file":177,"line":314},"$_POST['qwall_attack_vector']",125,{"id":293,"type":294,"label":316,"file":177,"line":314,"wp_function":317},"update_option() [Settings Manipulation]","update_option",{"id":319,"type":289,"label":320,"file":177,"line":321},"n2","$_POST",123,{"id":323,"type":294,"label":316,"file":177,"line":314,"wp_function":317},"n3",[325,327],{"from":288,"to":293,"sanitized":326},true,{"from":319,"to":323,"sanitized":326},"low",{"entryPoint":330,"graph":331,"unsanitizedCount":49,"severity":328},"\u003Cclass-qwall-core> (core\\class-qwall-core.php:0)",{"nodes":332,"edges":337},[333,334,335,336],{"id":288,"type":289,"label":313,"file":177,"line":314},{"id":293,"type":294,"label":316,"file":177,"line":314,"wp_function":317},{"id":319,"type":289,"label":320,"file":177,"line":321},{"id":323,"type":294,"label":316,"file":177,"line":314,"wp_function":317},[338,339],{"from":288,"to":293,"sanitized":326},{"from":319,"to":323,"sanitized":326},{"summary":341,"deductions":342},"The \"querywall\" plugin v1.1.1 presents a mixed security posture. While the static analysis indicates a relatively small attack surface with no immediately obvious unprotected entry points like AJAX handlers, REST API routes, or shortcodes, significant concerns arise from the SQL query handling and output escaping.  The analysis reveals that 100% of the identified SQL queries are not using prepared statements, a critical vulnerability that opens the door to SQL injection attacks. Furthermore, only 23% of output is properly escaped, suggesting a risk of cross-site scripting (XSS) vulnerabilities. The presence of two flows with unsanitized paths in the taint analysis also warrants attention, although they are not classified as critical or high severity in this assessment.\n\nThe plugin's vulnerability history is particularly alarming. With one known high-severity CVE related to SQL injection, and this vulnerability remaining unpatched, the plugin has a demonstrated history of critical security flaws. This indicates a pattern of insufficient input validation or sanitization, especially concerning database operations, and a lack of promptness in addressing known security issues. While the current version shows no critical taint flows and a limited overall attack surface, the legacy of a high-severity, unpatched SQL injection vulnerability and the concerning prevalence of raw SQL queries and poor output escaping strongly suggest that \"querywall\" v1.1.1 carries a significant risk of compromise.",[343,346,349,351],{"reason":344,"points":345},"Unpatched High Severity CVE",18,{"reason":347,"points":348},"100% of SQL queries use raw statements",15,{"reason":350,"points":236},"Low output escaping (23%)",{"reason":352,"points":216},"Flows with unsanitized paths (2)","2026-03-16T20:09:23.874Z",{"wat":355,"direct":364},{"assetPaths":356,"generatorPatterns":359,"scriptPaths":360,"versionParams":361},[357,358],"\u002Fwp-content\u002Fplugins\u002Fquerywall\u002Fcore\u002Fcss\u002Fqwall-admin.css","\u002Fwp-content\u002Fplugins\u002Fquerywall\u002Fcore\u002Fjs\u002Fqwall-admin.js",[],[358],[362,363],"querywall\u002Fcore\u002Fcss\u002Fqwall-admin.css?ver=","querywall\u002Fcore\u002Fjs\u002Fqwall-admin.js?ver=",{"cssClasses":365,"htmlComments":367,"htmlAttributes":370,"restEndpoints":373,"jsGlobals":374,"shortcodeOutput":376},[366],"nav-tab-active",[368,369],"\u003C!-- QueryWall Admin -->","\u003C!-- QueryWall Firewall Rules -->",[371,372],"data-qwall-action","data-qwall-method",[],[375],"qwall_admin_vars",[],{"error":326,"url":378,"statusCode":379,"statusMessage":380,"message":380},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fquerywall\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":49,"versions":382},[]]