Does Spam Protection Without Captcha have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Spam Protection Without Captcha compatible with WordPress 5.5.18?

According to WordPress.org data, Spam Protection Without Captcha 1.2 has been tested up to WordPress 5.5.18. Check the plugin's changelog for the latest compatibility information.

Is Spam Protection Without Captcha compatible with PHP 5.4+?

Spam Protection Without Captcha requires PHP 5.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Spam Protection Without Captcha updated?

Spam Protection Without Captcha was last updated on Aug 3, 2020. Frequent updates are generally a positive security signal.

What is Spam Protection Without Captcha's security score?

Spam Protection Without Captcha has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Spam Protection Without Captcha Security & Risk Analysis

wordpress.org/plugins/spam-protection-without-captcha

Protect Login, Register, Lost & Reset Password, Comment, woocommerce, CF7, bbpress, BuddyPress forms.

100 active installs v1.2 PHP 5.4+ WP 4.6+ Updated Aug 3, 2020

botcaptchacommentsnocaptchaspam

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Spam Protection Without Captcha Safe to Use in 2026?

Generally Safe

Score 85/100

Spam Protection Without Captcha has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The "spam-protection-without-captcha" plugin v1.2 exhibits a generally strong security posture based on the provided static analysis. The complete absence of AJAX handlers, REST API routes, shortcodes, and cron events with unprotected entry points is a significant positive. Furthermore, the code demonstrates good practices with 100% of SQL queries utilizing prepared statements and a high percentage of output being properly escaped. The presence of nonce and capability checks also indicates an awareness of security principles. However, the analysis does highlight one external HTTP request, which, while not inherently risky, warrants scrutiny to ensure the target is trusted and the request is handled securely. The taint analysis reveals two flows with unsanitized paths, which, despite not reaching a critical or high severity in this report, represent potential avenues for injection vulnerabilities if not handled with extreme care in the application logic.

Key Concerns

Unsanitized paths in taint analysis
External HTTP request detected

Vulnerabilities

None known

Spam Protection Without Captcha Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Spam Protection Without Captcha Release Timeline

v1.2Current

v1.1

Code Analysis

Analyzed Mar 16, 2026

Spam Protection Without Captcha Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

34 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

92% escaped37 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

settings_save (admin\settings.php:278)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Spam Protection Without Captcha Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 44

actionadmin_initadmin\settings.php:19

actionadmin_initadmin\settings.php:20

actionadmin_enqueue_scriptsadmin\settings.php:22

actionnetwork_admin_menuadmin\settings.php:30

actionadmin_menuadmin\settings.php:32

actionwp_loadedadmin\settings.php:352

actionafter_setup_themefunctions.php:8

actionwp_enqueue_scriptsspwc-hooks.php:23

actionlogin_enqueue_scriptsspwc-hooks.php:24

filterspwc_verifyspwc-hooks.php:26

actionlogin_formspwc-hooks.php:30

filterlogin_form_middlespwc-hooks.php:31

actionwoocommerce_login_formspwc-hooks.php:32

actionum_after_login_fieldsspwc-hooks.php:33

filterauthenticatespwc-hooks.php:34

actionregister_formspwc-hooks.php:39

actionwoocommerce_register_formspwc-hooks.php:40

filterregistration_errorsspwc-hooks.php:41

filterwoocommerce_registration_errorsspwc-hooks.php:42

actionlostpassword_formspwc-hooks.php:47

actionwoocommerce_lostpassword_formspwc-hooks.php:48

actionlostpassword_postspwc-hooks.php:49

actionresetpass_formspwc-hooks.php:54

actionwoocommerce_resetpassword_formspwc-hooks.php:55

filtervalidate_password_resetspwc-hooks.php:56

actioncomment_formspwc-hooks.php:62

filterpre_comment_approvedspwc-hooks.php:65

filterpreprocess_commentspwc-hooks.php:67

actionbp_before_registration_submit_buttonsspwc-hooks.php:73

actionbp_signup_validatespwc-hooks.php:74

actionwoocommerce_checkout_after_order_reviewspwc-hooks.php:79

actionwoocommerce_after_checkout_validationspwc-hooks.php:80

actionsignup_extra_fieldsspwc-hooks.php:85

filterwpmu_validate_user_signupspwc-hooks.php:86

actionsignup_blogformspwc-hooks.php:88

filterwpmu_validate_blog_signupspwc-hooks.php:89

filterwpcf7_form_elementsspwc-hooks.php:94

filterwpcf7_validatespwc-hooks.php:95

actionbbp_theme_before_topic_form_submit_wrapperspwc-hooks.php:100

actionbbp_new_topic_pre_extrasspwc-hooks.php:101

actionbbp_theme_before_reply_form_submit_wrapperspwc-hooks.php:106

actionbbp_new_reply_pre_extrasspwc-hooks.php:107

actioninitspwc-hooks.php:110

actioninitspwc-hooks.php:392

Maintenance & Trust

Spam Protection Without Captcha Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.18

Last updatedAug 3, 2020

PHP min version5.4

Downloads5K

Community Trust

Rating100/100

Number of ratings3

Active installs100

Alternatives

Spam Protection Without Captcha Alternatives

TomS reCAPTCHA

toms-recaptcha

Integrated Google ReCaptcha for WordPress.Protect the login, register, lostpassword and comment forms. Support Woocommerce, Ultimate Member and more p …

600 No CVEs

Advanced Invisible Anti-Spam

advanced-invisible-anti-spam

Block bots without annoying captchas. Cache friendly solution with rotating keys! Blocks comment, registration, and bbpress spam. Activate and done!

300 No CVEs

BotBlocker

botblocker

Kills spam-bots, leaves humans standing. No CAPTCHAS, no math questions, no passwords, just spam blocking that stops spam-bots dead in their tracks.

200 No CVEs

AntiBot Captcha

antibot-captcha

AntiBot Captcha - simple good-looking, but well-protected plugin against spam robots for your blog comments

50 No CVEs

BT Captcha

bt-captcha

BT Captcha - simple, Bilingual, Flexible, Protect Your WP Blog Against Comment Spams

10 No CVEs

Developer Profile

Spam Protection Without Captcha Developer Profile

Shamim Hasan

6 plugins · 5K total installs

trust score

Avg Security Score

86/100

Avg Patch Time

77 days

View full developer profile

Detection Fingerprints

How We Detect Spam Protection Without Captcha

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/spam-protection-without-captcha/assets/js/admin.js

Script Paths