Spam Captcha – Safeguard your WordPress website effortlessly with Spam Captcha for WordPress Security & Risk Analysis

wordpress.org/plugins/spam-captcha

This plugins avoids spam actions on your website (comments and contact form if you use Contact Form 7).

200 active installs v1.4.7 PHP + WP 3.0+ Updated Sep 10, 2025

captchacommentcommentsformspam

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Spam Captcha – Safeguard your WordPress website effortlessly with Spam Captcha for WordPress Safe to Use in 2026?

Generally Safe

Score 100/100

Spam Captcha – Safeguard your WordPress website effortlessly with Spam Captcha for WordPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago

Risk Assessment

The "spam-captcha" plugin v1.4.7 exhibits significant security concerns, primarily due to its large attack surface with unprotected entry points. The analysis reveals 8 AJAX handlers that lack proper authentication checks, making them prime targets for unauthorized actions. Furthermore, the plugin's code signals indicate a weak approach to security, with a concerningly low percentage of properly escaped outputs and zero nonce checks on AJAX handlers, which is a critical omission for preventing Cross-Site Request Forgery (CSRF) attacks. The presence of the `unserialize` function, especially without clear sanitization, also poses a risk for remote code execution if not handled with extreme caution. While the plugin has no recorded vulnerability history, this absence should not be interpreted as a sign of inherent security. Instead, it may reflect a lack of deep security auditing or simply good fortune up to this point. The taint analysis, showing 12 flows with unsanitized paths, underscores the potential for critical vulnerabilities that could be exploited.

Key Concerns

AJAX handlers without authentication checks
Low output escaping percentage
No nonce checks on AJAX handlers
Unsanitized paths in taint analysis
Use of unserialize function
Low percentage of prepared SQL statements

Vulnerabilities

None known

Spam Captcha – Safeguard your WordPress website effortlessly with Spam Captcha for WordPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Spam Captcha – Safeguard your WordPress website effortlessly with Spam Captcha for WordPress Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

305

14 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$plugins = unserialize(@file_get_contents(dirname(__FILE__)."/data/SLFramework_OtherPlugins_".date('core\otherplugins.class.php:48

unserialize$res = unserialize($request['body']);core\otherplugins.class.php:128

unserialize$res = unserialize($request['body']);core\otherplugins.class.php:176

SQL Query Safety

20% prepared41 total queries

Output Escaping

4% escaped319 total outputs

Data Flows

12 unsanitized

Data Flow Analysis

12 flows12 with unsanitized paths

flush (core\admin_table.class.php:170)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

8 unprotected

Spam Captcha – Safeguard your WordPress website effortlessly with Spam Captcha for WordPress Attack Surface

Entry Points9

Unprotected8

AJAX Handlers 8

authwp_ajax_translate_addcore.class.php:85

authwp_ajax_translate_modifycore.class.php:86

authwp_ajax_translate_createcore.class.php:87

authwp_ajax_send_translationcore.class.php:88

authwp_ajax_update_summarycore.class.php:89

authwp_ajax_del_paramcore.class.php:92

authwp_ajax_add_paramcore.class.php:93

authwp_ajax_send_feedbackcore.class.php:96

Shortcodes 1

[spam_captcha] spam-captcha.php:83

WordPress Hooks 40

actioninitcore.class.php:50

actionparse_requestcore.class.php:51

actionadmin_menucore.class.php:53

filterplugin_row_metacore.class.php:54

filterplugin_action_linkscore.class.php:55

actioninitcore.class.php:56

actioninitcore.class.php:58

actionwp_enqueue_scriptscore.class.php:61

actionwp_enqueue_scriptscore.class.php:62

actionwp_enqueue_scriptscore.class.php:64

actionwp_enqueue_scriptscore.class.php:67

actionwp_enqueue_scriptscore.class.php:69

actionwp_enqueue_scriptscore.class.php:70

actionadmin_enqueue_scriptscore.class.php:73

actionadmin_enqueue_scriptscore.class.php:74

actionadmin_enqueue_scriptscore.class.php:76

actionadmin_enqueue_scriptscore.class.php:79

actionadmin_enqueue_scriptscore.class.php:81

actionadmin_enqueue_scriptscore.class.php:82

filterthe_contentcore.class.php:99

filterget_the_excerptcore.class.php:100

filterget_the_excerptcore.class.php:101

actionactivated_plugincore.class.php:104

filtermce_external_pluginscore.class.php:703

filtermce_buttonscore.class.php:704

filtertiny_mce_versioncore.class.php:705

actionparse_requestspam-captcha.php:66

actionpreprocess_commentspam-captcha.php:68

actionwp_insert_commentspam-captcha.php:69

actioncomment_spam_to_approvedspam-captcha.php:72

actioncomment_spam_to_unapprovedspam-captcha.php:73

actioncomment_trash_to_approvedspam-captcha.php:74

actioncomment_approved_to_spamspam-captcha.php:76

actioncomment_unapproved_to_spamspam-captcha.php:77

filtercomments_templatespam-captcha.php:79

actioncomment_formspam-captcha.php:80

actionwp_footerspam-captcha.php:81

filterwpcf7_form_elementsspam-captcha.php:95

filterwpcf7_validate_email*spam-captcha.php:96

actionadmin_noticesspam-captcha.php:1246

Maintenance & Trust

Spam Captcha – Safeguard your WordPress website effortlessly with Spam Captcha for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedSep 10, 2025

PHP min version

Downloads34K

Community Trust

Rating60/100

Number of ratings2

Active installs200

Alternatives

Spam Captcha – Safeguard your WordPress website effortlessly with Spam Captcha for WordPress Alternatives

Spam protection, Honeypot, Anti-Spam by CleanTalk

cleantalk-spam-protect

Blocks spam comments, fake users, contact form spam and more. No impact on SEO. Privacy focused. CAPTCHA free, premium Antispam plugin.

200K 13 CVEs

Captcha Code

captcha-code-authentication

GDPR compatible captcha anti-spam protection for login form, comments form, registration form & lost password form. Eliminate spam with captcha.

100K 2 CVEs

Akismet Anti-spam: Spam Protection

akismet

The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.

6.0M 2 CVEs

reCAPTCHA in WP comments form

recaptcha-in-wp-comments-form

reCAPTCHA in WP comments form is an ANTISPAM tool that adds a Google reCAPTCHA to the comments form and protects your site from the spam robots threat …

9K No CVEs

Comment Blacklist Updater

comment-blacklist-updater

Update "Comment Blacklist" spam terms to manage spam in forms and comments

1K 1 CVE

Developer Profile

Spam Captcha – Safeguard your WordPress website effortlessly with Spam Captcha for WordPress Developer Profile

KaizenCoders

14 plugins · 31K total installs

trust score

Avg Security Score

87/100

Avg Patch Time

153 days

View full developer profile

Detection Fingerprints

How We Detect Spam Captcha – Safeguard your WordPress website effortlessly with Spam Captcha for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/spam-captcha/assets/js/spam-captcha-admin.js/wp-content/plugins/spam-captcha/assets/css/spam-captcha-public.css/wp-content/plugins/spam-captcha/assets/css/spam-captcha-admin.css/wp-content/plugins/spam-captcha/assets/js/spam-captcha-public.js

Script Paths

/wp-content/plugins/spam-captcha/assets/js/spam-captcha-admin.js/wp-content/plugins/spam-captcha/assets/js/spam-captcha-public.js

Version Parameters

spam-captcha/assets/css/spam-captcha-public.css?ver=spam-captcha/assets/js/spam-captcha-public.js?ver=spam-captcha/assets/css/spam-captcha-admin.css?ver=spam-captcha/assets/js/spam-captcha-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

spam-captcha-messagespam-captcha-warning

HTML Comments

Data Attributes

data-spam-captcha-id

JS Globals

SpamCaptchaspamCaptchaPublic

FAQ