[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fAFaPYE2gj2Lbt0fmiyWmbE4MP0digB_8TQnTAAgcNzE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":22,"download_link":23,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":35,"analysis":59,"fingerprints":183},"spam-word-blocker","Spam Word Blocker","1.1.0","Harshit Kumar","https:\u002F\u002Fprofiles.wordpress.org\u002Fkumarharshit\u002F","\u003Cp>Spam Word Blocker is a lightweight, WordPress policy-compliant plugin that prevents publishing of any post, page, or custom post type if the content contains unwanted words defined by the admin.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Instant Popup Alert\u003C\u002Fstrong> – Shows exactly which blocked words were found\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Works for ALL Post Types\u003C\u002Fstrong> – Automatically covers posts, pages, and custom post types\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight\u003C\u002Fstrong> – Only runs during publish events, zero background load\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Server-Side Enforcement\u003C\u002Fstrong> – Cannot be bypassed\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Beautiful Admin UI\u003C\u002Fstrong> – Clean white and green premium design\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WordPress Policy Compliant\u003C\u002Fstrong> – Proper escaping, sanitizing, and nonces\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Case-Insensitive Matching\u003C\u002Fstrong> – Smart word-boundary detection\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How It Works\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Admin adds blocked words\u002Fphrases (one per line) in plugin settings\u003C\u002Fli>\n\u003Cli>When user clicks Publish, plugin scans title, content, and excerpt\u003C\u002Fli>\n\u003Cli>If blocked words found:\n\u003Cul>\n\u003Cli>Instant popup shows which words are blocked\u003C\u002Fli>\n\u003Cli>Post is saved as draft automatically\u003C\u002Fli>\n\u003Cli>Admin notice displays after page reload\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>User removes blocked words and republishes successfully\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Perfect For\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Content moderation\u003C\u002Fli>\n\u003Cli>Preventing accidental spam content\u003C\u002Fli>\n\u003Cli>Multi-author sites\u003C\u002Fli>\n\u003Cli>Guest post management\u003C\u002Fli>\n\u003Cli>Adult content filtering\u003C\u002Fli>\n\u003Cli>Brand protection\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Developed by Harshit Kumar – https:\u002F\u002Fkumarharshit.in\u003C\u002Fp>\n","Prevent posts\u002Fpages from being published if they contain unwanted or spam words. Shows instant popup with blocked words.",0,144,"2025-11-28T08:03:00.000Z","6.9.4","5.0","7.0",[18,19,20,4,21],"block-spa-word","spam-publish-blocker","spam-word","spam-word-filter","https:\u002F\u002Fkumarharshit.in\u002Fspam-word-blocker\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fspam-word-blocker.1.1.0.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":24,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"kumarharshit",3,50,30,94,"2026-04-04T14:21:32.829Z",[36],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":24,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":49,"download_link":57,"security_score":58,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"honeypot-woocommerce-wp-antispam","Honeypot WooCommerce – WordPress AntiSpam","1.3.7","Camilo","https:\u002F\u002Fprofiles.wordpress.org\u002Fcamilo517\u002F","\u003Cp>This plugin activates a honeypot (Anti-Spam and anti-bot) in the following sites:\u003Cbr \u002F>\n-WooCommerce login form\u003Cbr \u002F>\n-WooCommerce registration form\u003Cbr \u002F>\n-Comments box of the post\u003Cbr \u002F>\n-WordPress registration form\u003Cbr \u002F>\n-WordPress login form\u003C\u002Fp>\n\u003Cp>It is highly optimized, so that the performance of your website is not affected\u003C\u002Fp>\n","This plugin activates a honeypot (Anti-Spam and anti-bot) in the following sites:",200,4193,2,"2020-08-24T23:20:00.000Z","5.5.18","","5.6",[52,53,54,55,56],"antispam-woocommerce","antispam-wordpress","honeypot-woocommerce","security-woocommerce","seguridad","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhoneypot-woocommerce-wp-antispam.1.3.7.zip",85,{"attackSurface":60,"codeSignals":90,"taintFlows":137,"riskAssessment":176,"analyzedAt":182},{"hooks":61,"ajaxHandlers":86,"restRoutes":87,"shortcodes":88,"cronEvents":89,"entryPointCount":11,"unprotectedCount":11},[62,69,73,78,82],{"type":63,"name":64,"callback":65,"priority":66,"file":67,"line":68},"filter","wp_insert_post_data","spamwobl_check_before_publish",9999,"spam-word-blocker.php",143,{"type":63,"name":70,"callback":71,"file":67,"line":72},"redirect_post_location","closure",180,{"type":74,"name":75,"callback":76,"file":67,"line":77},"action","admin_notices","spamwobl_blocked_notice",197,{"type":74,"name":79,"callback":80,"file":67,"line":81},"admin_menu","spamwobl_add_admin_menu",237,{"type":74,"name":83,"callback":84,"file":67,"line":85},"admin_enqueue_scripts","spamwobl_enqueue_admin_assets",252,[],[],[],[],{"dangerousFunctions":91,"sqlUsage":92,"outputEscaping":94,"fileOperations":11,"externalRequests":11,"nonceChecks":135,"capabilityChecks":135,"bundledLibraries":136},[],{"prepared":46,"raw":11,"locations":93},[],{"escaped":95,"rawEcho":96,"locations":97},11,19,[98,101,102,104,106,108,110,112,114,115,117,119,121,123,125,127,129,131,133],{"file":67,"line":99,"context":100},222,"raw output",{"file":67,"line":99,"context":100},{"file":67,"line":103,"context":100},223,{"file":67,"line":105,"context":100},224,{"file":67,"line":107,"context":100},327,{"file":67,"line":109,"context":100},328,{"file":67,"line":111,"context":100},329,{"file":67,"line":113,"context":100},334,{"file":67,"line":113,"context":100},{"file":67,"line":116,"context":100},344,{"file":67,"line":118,"context":100},347,{"file":67,"line":120,"context":100},355,{"file":67,"line":122,"context":100},361,{"file":67,"line":124,"context":100},366,{"file":67,"line":126,"context":100},368,{"file":67,"line":128,"context":100},369,{"file":67,"line":130,"context":100},370,{"file":67,"line":132,"context":100},371,{"file":67,"line":134,"context":100},372,1,[],[138,165],{"entryPoint":139,"graph":140,"unsanitizedCount":11,"severity":164},"spamwobl_render_admin_page (spam-word-blocker.php:278)",{"nodes":141,"edges":160},[142,147,153,155],{"id":143,"type":144,"label":145,"file":67,"line":146},"n0","source","$_POST",299,{"id":148,"type":149,"label":150,"file":67,"line":151,"wp_function":152},"n1","sink","update_option() [Settings Manipulation]",301,"update_option",{"id":154,"type":144,"label":145,"file":67,"line":146},"n2",{"id":156,"type":149,"label":157,"file":67,"line":158,"wp_function":159},"n3","echo() [XSS]",354,"echo",[161,163],{"from":143,"to":148,"sanitized":162},true,{"from":154,"to":156,"sanitized":162},"low",{"entryPoint":166,"graph":167,"unsanitizedCount":11,"severity":164},"\u003Cspam-word-blocker> (spam-word-blocker.php:0)",{"nodes":168,"edges":173},[169,170,171,172],{"id":143,"type":144,"label":145,"file":67,"line":146},{"id":148,"type":149,"label":150,"file":67,"line":151,"wp_function":152},{"id":154,"type":144,"label":145,"file":67,"line":146},{"id":156,"type":149,"label":157,"file":67,"line":158,"wp_function":159},[174,175],{"from":143,"to":148,"sanitized":162},{"from":154,"to":156,"sanitized":162},{"summary":177,"deductions":178},"The \"spam-word-blocker\" v1.1.0 plugin exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The complete absence of known CVEs, a clean taint analysis with no unsanitized paths, and the use of prepared statements for all SQL queries are significant strengths. Furthermore, the plugin demonstrates good practices by implementing nonce and capability checks, indicating an effort to protect its limited entry points. The fact that there are no external HTTP requests or file operations further reduces the potential attack surface. \n\nHowever, a notable concern arises from the output escaping, where only 37% of outputs are properly escaped. This indicates a potential risk of Cross-Site Scripting (XSS) vulnerabilities, especially if user-supplied data is being displayed without adequate sanitization. While the static analysis found no critical or high severity taint flows, and the overall attack surface is zero, this incomplete output escaping is the most significant weakness identified. The lack of recorded past vulnerabilities is a positive sign, suggesting a mature and secure development history, but it does not fully mitigate the current risk posed by insufficient output sanitization.",[179],{"reason":180,"points":181},"Insufficient output escaping",7,"2026-03-17T06:14:03.409Z",{"wat":184,"direct":195},{"assetPaths":185,"generatorPatterns":189,"scriptPaths":190,"versionParams":191},[186,187,188],"\u002Fwp-content\u002Fplugins\u002Fspam-word-blocker\u002Fassets\u002Fadmin-style.css","\u002Fwp-content\u002Fplugins\u002Fspam-word-blocker\u002Fassets\u002Fmodal-style.css","\u002Fwp-content\u002Fplugins\u002Fspam-word-blocker\u002Fassets\u002Fcheck-publish.js",[],[188],[192,193,194],"spam-word-blocker\u002Fassets\u002Fadmin-style.css?ver=","spam-word-blocker\u002Fassets\u002Fmodal-style.css?ver=","spam-word-blocker\u002Fassets\u002Fcheck-publish.js?ver=",{"cssClasses":196,"htmlComments":198,"htmlAttributes":199,"restEndpoints":200,"jsGlobals":201,"shortcodeOutput":203},[197],"notice-error",[],[],[],[202],"spamwoblData",[]]