[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f8Uyplo_e6aqeIK0xrDmyh_rU2no30NOquL8bDy2M9io":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":14,"tags":17,"homepage":14,"download_link":22,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":34,"analysis":137,"fingerprints":231},"simple-spam-blocker","Simple Spam Blocker","2.0.0","Awais","https:\u002F\u002Fprofiles.wordpress.org\u002Fawais300\u002F","\u003Cp>Simple Spam Blocker use honeypot technique which is fast and easy way to prevent spam. This plugin can stop spam comments, spam registration and also can be used to stop bots to try to login into admin panel. This plugin also provide option to stop spammers to get register via Ultimate Memeber Plugin’s registration from. You can also use shortcode [simple-spam-blocker] on any form to stop spammers.\u003C\u002Fp>\n","Simple Spam Blcoker stop spam comments and also can be used to stop bots to try to login into admin panel.",20,1364,0,"","6.9.4","3.0.1",[18,19,20,21],"comments","honeypot","login","spam","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-spam-blocker.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":23,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"awais300",3,1080,30,94,"2026-04-04T21:48:38.257Z",[35,61,81,102,121],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":15,"requires_at_least":48,"requires_php":49,"tags":50,"homepage":14,"download_link":56,"security_score":57,"vuln_count":58,"unpatched_count":13,"last_vuln_date":59,"fetched_at":60},"captcha-code-authentication","Captcha Code","3.3","WebFactory","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebfactory\u002F","\u003Cp>Adds GDPR compatible captcha code anti-spam protection to WordPress forms – comments form, registration form, lost password form, and login form. In order to post comments or register, users have to type in the code shown on the image. This prevents spam from automated bots & adds security. No external services (like Google ReCaptcha) are used. No API keys are needed, and no user-identifiable data is used so it’s GDPR compatible.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Captcha position – comments form, login form, registration form, or lost password form.\u003C\u002Fli>\n\u003Cli>Letters type – capital letters, small letters, or captial & small letters.\u003C\u002Fli>\n\u003Cli>Captcha type – alphanumeric, alphabets or numbers.\u003C\u002Fli>\n\u003Cli>Translation enabled.\u003C\u002Fli>\n\u003C\u002Fol>\n","GDPR compatible captcha anti-spam protection for login form, comments form, registration form & lost password form. Eliminate spam with captcha.",100000,678917,76,34,"2025-12-03T18:21:00.000Z","3.0","5.2",[51,52,53,54,55],"captcha","comments-spam","form-captcha","login-captcha","recaptcha","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcaptcha-code-authentication.3.3.zip",99,2,"2023-11-24 00:00:00","2026-03-15T15:16:48.613Z",{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":23,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":14,"tags":75,"homepage":78,"download_link":79,"security_score":80,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":60},"user-last-login","User Last Login","1.2","raj_prince","https:\u002F\u002Fprofiles.wordpress.org\u002Fraj_prince\u002F","\u003Cp>This plugin is specially created for manage the user last login time. The plugin shows the last login date & time of user in manage users view and also has function available to sort the column in ascending and descending order.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Links\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.online-advertisment.com\u002Fuser-last-login-plugin\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.online-advertisment.com\u002Fblog\u002Fuser-last-login\u002F\" rel=\"nofollow ugc\">Donate Us\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Shortcode\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>[user_last_login] \u003C\u002Fpre>\n\u003Cp>It will show you current user last login date time.\u003C\u002Fp>\n\u003Cp>You can also pass the parameters in shortcode\u003C\u002Fp>\n\u003Cpre>[user_last_login user_id='2' format='F j, Y g:i a']\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Widget\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>You can show user last login date time using widget “User Last Login”\u003C\u002Fp>\n","Displays login datetime in manage users screen and sorts users by last login time.",600,11074,9,"2017-02-27T05:50:00.000Z","4.7.32","4.0",[18,76,20,21,77],"last","user","http:\u002F\u002Fwww.online-advertisment.com\u002Fblog\u002Fuser-last-login\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-last-login.zip",85,{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":89,"downloaded":90,"rating":91,"num_ratings":92,"last_updated":93,"tested_up_to":15,"requires_at_least":94,"requires_php":14,"tags":95,"homepage":100,"download_link":101,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":60},"honeypot-toolkit","Honeypot Toolkit","5.0.4","Jeff Sterup","https:\u002F\u002Fprofiles.wordpress.org\u002Ffoomagoo\u002F","\u003Cp>This plugin allows you to automatically insert your Project Honeypot links into all of your pages and block IP addresses that are listed on the Http:BL list from Project Honeypot. There is an option to block IP addresses that have been blocked by Spamcop using their blacklist and the SANS Internet Storm Center API as well.\u003Cbr \u002F>\nTo prevent bots from using brute force attacks and scanning your site there is an option to block users that fail to login a set number of times or use blocked user names. You can also block IP addresses that generate a large number of 404 errors. This plugin will also prevent WordPress User Enumeration and automatically block anyone attempting it.\u003C\u002Fp>\n","Automatically insert Project Honeypot links into your pages and block IP addresses that are listed on various block lists you can choose from.",400,19448,90,8,"2026-02-06T18:40:00.000Z","4.6.0",[96,19,97,98,99],"brute-force-protection","login-monitor","project-honeypot","spam-prevention","https:\u002F\u002Fwww.sterup.com\u002Fwordpress-plugins\u002Fhoneypot-toolkit\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhoneypot-toolkit.5.0.4.zip",{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":23,"downloaded":110,"rating":32,"num_ratings":29,"last_updated":111,"tested_up_to":112,"requires_at_least":113,"requires_php":14,"tags":114,"homepage":116,"download_link":117,"security_score":118,"vuln_count":119,"unpatched_count":119,"last_vuln_date":120,"fetched_at":60},"ap-honeypot","AP HoneyPot WordPress Plugin","1.4","Denis V (Artprima)","https:\u002F\u002Fprofiles.wordpress.org\u002Fv-media\u002F","\u003Cp>AP HoneyPot WordPress Plugin, based on Jan Stępień’s http:BL, allows you\u003Cbr \u002F>\nto verify IP addresses of clients connecting to your blog against the Project\u003Cbr \u002F>\nHoney Pot database. Thanks to http:BL API you can quickly check whether your\u003Cbr \u002F>\nvisitor is an email harvester, a comment spammer or any other malicious\u003Cbr \u002F>\ncreature. Communication with verification server is done via DNS request\u003Cbr \u002F>\nmechanism, which makes the query and response even quicker. Now, thanks\u003Cbr \u002F>\nto AP HoneyPot WordPress Plugin any potentially harmful clients are denied\u003Cbr \u002F>\nfrom accessing your blog and therefore abusing it.\u003C\u002Fp>\n\u003Ch4>Your Feedback Matters\u003C\u002Fh4>\n\u003Cp>Bugs to report? Feature requests? Criticism? New ideas? We want to hear from\u003Cbr \u002F>\nyou! Do not hesitate. Get in touch with us and share your views.\u003C\u002Fp>\n","AP HoneyPot WordPress Plugin allows you to verify IP addresses of clients connecting to your blog against the Project Honey Pot database.",6621,"2013-12-04T14:22:00.000Z","3.7.41","2.9",[18,19,115,21],"httpbl","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fap-honeypot\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fap-honeypot.zip",63,1,"2025-09-05 00:00:00",{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":31,"downloaded":129,"rating":13,"num_ratings":13,"last_updated":130,"tested_up_to":131,"requires_at_least":132,"requires_php":14,"tags":133,"homepage":135,"download_link":136,"security_score":80,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":60},"mighty-captcha","Mighty CAPTCHA","1.0","Sabaoh","https:\u002F\u002Fprofiles.wordpress.org\u002Fsabaoh\u002F","\u003Cp>This plugin will add some reCAPTCHA widget to login form, comment form, and user registration form. With this plugin, sites owners can avoid spam comment, user registration, and biting password.\u003C\u002Fp>\n\u003Cp>Mighty CAPTCHA uses a Google reCAPTCHA technology. To work, API key pair, issued Google, is necessary.\u003C\u002Fp>\n\u003Cp>For more information about key pair, please refer https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fintro\u002Findex.html .\u003C\u002Fp>\n\u003Cp>You can choose which form will be with reCAPTCHA widget or not. For login form and user registration form, a normal size widget is too wide. So you can choose compact widget. (but I do not like it.)\u003C\u002Fp>\n\u003Cp>Below is characteristic of new Google reCAPTCHA.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Easy for ordinary users. They only must check the “I’m not a robot”.\u003C\u002Fli>\n\u003Cli>When Google reCAPTCHA recognized an access was smell fishy, image authentication screen would appear.\u003C\u002Fli>\n\u003Cli>New image authentication screen is without deformed letters, with photo images instead of them.\u003C\u002Fli>\n\u003Cli>Photo images authentication is for example “choose all photos of a cat”. Easy to human and hard to robot.\u003C\u002Fli>\n\u003Cli>It’s easy to use with smart phone or tablet.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Why don’t you usher it into your site!\u003C\u002Fp>\n","Mighty-CAPTCHA add an authentication with Google reCAPTCHA technology to login, comment, and register form, with API keys which delivered by Google.",2329,"2015-10-09T00:57:00.000Z","4.3.34","4.3.1",[18,20,134,21,77],"register","http:\u002F\u002Fwordpress.sabaoh.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmighty-captcha.zip",{"attackSurface":138,"codeSignals":199,"taintFlows":221,"riskAssessment":222,"analyzedAt":230},{"hooks":139,"ajaxHandlers":192,"restRoutes":193,"shortcodes":194,"cronEvents":198,"entryPointCount":119,"unprotectedCount":13},[140,146,149,152,155,158,161,164,168,171,174,177,180,182,188],{"type":141,"name":142,"callback":143,"file":144,"line":145},"action","plugins_loaded","anonymous","includes\\class-spam-blocker.php",143,{"type":141,"name":147,"callback":143,"file":144,"line":148},"admin_enqueue_scripts",158,{"type":141,"name":150,"callback":143,"file":144,"line":151},"admin_menu",160,{"type":141,"name":153,"callback":143,"file":144,"line":154},"init",173,{"type":141,"name":156,"callback":143,"file":144,"line":157},"login_enqueue_scripts",180,{"type":141,"name":159,"callback":143,"file":144,"line":160},"wp_enqueue_scripts",181,{"type":141,"name":162,"callback":143,"file":144,"line":163},"login_form",185,{"type":165,"name":166,"callback":143,"file":144,"line":167},"filter","wp_authenticate_user",186,{"type":141,"name":169,"callback":143,"file":144,"line":170},"comment_form",190,{"type":165,"name":172,"callback":143,"file":144,"line":173},"preprocess_comment",191,{"type":141,"name":175,"callback":143,"file":144,"line":176},"register_form",195,{"type":165,"name":178,"callback":143,"file":144,"line":179},"registration_errors",196,{"type":141,"name":142,"callback":143,"file":144,"line":181},200,{"type":141,"name":183,"callback":184,"priority":185,"file":186,"line":187},"um_after_form","honeypot_form_field",10,"public\\class-spam-blocker-public.php",111,{"type":141,"name":189,"callback":190,"priority":185,"file":186,"line":191},"um_before_new_user_register","honeypot_um_before_new_user_register",112,[],[],[195],{"tag":4,"callback":196,"file":186,"line":197},"spam_blocker_shortcode",137,[],{"dangerousFunctions":200,"sqlUsage":201,"outputEscaping":203,"fileOperations":13,"externalRequests":13,"nonceChecks":119,"capabilityChecks":13,"bundledLibraries":220},[],{"prepared":13,"raw":13,"locations":202},[],{"escaped":204,"rawEcho":205,"locations":206},7,6,[207,211,213,215,217,219],{"file":208,"line":209,"context":210},"admin\\partials\\spam-blocker-admin-display.php",35,"raw output",{"file":208,"line":212,"context":210},41,{"file":208,"line":214,"context":210},47,{"file":208,"line":216,"context":210},53,{"file":186,"line":218,"context":210},151,{"file":186,"line":160,"context":210},[],[],{"summary":223,"deductions":224},"The \"simple-spam-blocker\" plugin version 2.0.0 exhibits a generally good security posture based on the provided static analysis. The absence of dangerous functions, SQL queries that are all prepared, no file operations, and no external HTTP requests are all positive indicators. The presence of a nonce check is also commendable.\n\nHowever, a significant concern arises from the output escaping, where only 54% of outputs are properly escaped. This leaves a considerable portion vulnerable to cross-site scripting (XSS) attacks if user-supplied data is not sufficiently sanitized before being displayed. The lack of capability checks, while potentially indicating limited functionality that doesn't require them, also means that privileged actions might not be adequately protected against unauthorized access if any such actions exist within the shortcode.\n\nThe plugin's vulnerability history is clean, with no recorded CVEs. This suggests that the developers have historically maintained a secure codebase or that the plugin has not been a target of widespread exploitation. While this is a strength, it doesn't negate the identified code-level risks.\n\nIn conclusion, while the plugin has a strong foundation with secure data handling for SQL and external interactions, the insufficient output escaping presents a notable risk. Addressing the 46% of unescaped outputs should be the priority to improve the overall security of this plugin.",[225,227],{"reason":226,"points":92},"Insufficient output escaping",{"reason":228,"points":229},"Missing capability checks",5,"2026-03-16T22:40:52.825Z",{"wat":232,"direct":241},{"assetPaths":233,"generatorPatterns":236,"scriptPaths":237,"versionParams":238},[234,235],"\u002Fwp-content\u002Fplugins\u002Fsimple-spam-blocker\u002Fadmin\u002Fcss\u002Fspam-blocker-admin.css","\u002Fwp-content\u002Fplugins\u002Fsimple-spam-blocker\u002Fadmin\u002Fjs\u002Fspam-blocker-admin.js",[],[235],[239,240],"simple-spam-blocker\u002Fadmin\u002Fcss\u002Fspam-blocker-admin.css?ver=","simple-spam-blocker\u002Fadmin\u002Fjs\u002Fspam-blocker-admin.js?ver=",{"cssClasses":242,"htmlComments":243,"htmlAttributes":244,"restEndpoints":247,"jsGlobals":248,"shortcodeOutput":249},[],[],[245,246],"data-nonce-name","data-nonce-value",[],[],[]]