[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fzbmTEdN6Q2aOMxwg-aIS-OSmjGr_POor5w_yue71YLw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":136,"fingerprints":455},"spamanvil","SpamAnvil","1.2.7","Alexandre Amato","https:\u002F\u002Fprofiles.wordpress.org\u002Faamato\u002F","\u003Cp>\u003Cstrong>SpamAnvil is a free, open-source WordPress anti-spam plugin that uses artificial intelligence to block comment spam.\u003C\u002Fstrong> Unlike Akismet (which requires a paid plan for commercial sites) or simple keyword-based filters, SpamAnvil leverages large language models (LLMs) to actually \u003Cem>understand\u003C\u002Fem> your comments and detect even the most sophisticated spam.\u003C\u002Fp>\n\u003Cp>Traditional spam filters rely on static word lists and link counting. Spammers have evolved. \u003Cstrong>SpamAnvil fights back with AI that understands context, intent, and language patterns\u003C\u002Fstrong> – catching spam that looks legitimate and approving real comments that others would flag.\u003C\u002Fp>\n\u003Ch4>Why SpamAnvil?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>100% Free\u003C\u002Fstrong> – No premium tier, no subscription, no hidden costs. Bring your own API key (free options available).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smarter Than Rules\u003C\u002Fstrong> – AI understands context. A comment about “buying a new home” won’t be flagged just because it contains “buy”.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Works With Free AI Models\u003C\u002Fstrong> – Use OpenRouter’s free Llama models for $0 cost, or connect premium models for maximum accuracy.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy-First\u003C\u002Fstrong> – Your data stays between you and your chosen AI provider. IP addresses are stored as irreversible SHA-256 hashes. GDPR\u002FLGPD compliant by design.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No Cloud Lock-in\u003C\u002Fstrong> – Choose from 6+ AI providers. Switch anytime. Your anti-spam, your rules.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Supported AI Providers\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>OpenAI\u003C\u002Fstrong> (GPT-4o-mini, GPT-4o, etc.)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Anthropic Claude\u003C\u002Fstrong> (Claude Sonnet, Haiku, etc.)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Google Gemini\u003C\u002Fstrong> (Gemini 2.0 Flash, Pro, etc.)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>OpenRouter\u003C\u002Fstrong> (100+ models, including FREE ones)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Featherless.ai\u003C\u002Fstrong> (Open-source models)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Any OpenAI-compatible API\u003C\u002Fstrong> (LM Studio, Ollama via proxy, vLLM, etc.)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>AI-Powered Spam Detection\u003C\u002Fstrong> – Each comment is analyzed by an LLM that scores it 0-100 for spam probability\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Intelligent Heuristics Engine\u003C\u002Fstrong> – Pre-analyzes comments with regex patterns, spam word detection, URL counting, and prompt injection detection to catch obvious spam without API calls\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Async Background Processing\u003C\u002Fstrong> – Comments are queued and processed via WP-Cron so your site stays fast\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smart IP Blocking\u003C\u002Fstrong> – Automatically blocks repeat offenders with escalating ban durations (24h, 48h, 96h…)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic Retry with Backoff\u003C\u002Fstrong> – Failed API calls retry up to 3 times with exponential delays\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Encrypted API Key Storage\u003C\u002Fstrong> – AES-256-CBC encryption for all stored API keys. Optional wp-config.php constants for maximum security\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Statistics Dashboard\u003C\u002Fstrong> – Track how many comments were checked, how much spam was caught, API usage and errors\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Full Evaluation Logs\u003C\u002Fstrong> – See the AI’s reasoning for every comment scored, with provider, model, response time, and score\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable AI Prompts\u003C\u002Fstrong> – Full control over what the AI is instructed to do\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Fallback Provider\u003C\u002Fstrong> – Configure a backup AI so spam checking never stops\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Prompt Injection Defense\u003C\u002Fstrong> – Multi-layered protection prevents attackers from manipulating the AI through crafted comments\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable Spam Threshold\u003C\u002Fstrong> – Slide between aggressive (catch more spam) and permissive (fewer false positives)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Moderator Bypass\u003C\u002Fstrong> – Trusted users skip spam checking entirely\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How It Works\u003C\u002Fh4>\n\u003Col>\n\u003Cli>A visitor submits a comment\u003C\u002Fli>\n\u003Cli>SpamAnvil checks if the IP is blocked from previous spam attempts\u003C\u002Fli>\n\u003Cli>The heuristic engine runs a quick pre-analysis (URL count, spam words, suspicious patterns)\u003C\u002Fli>\n\u003Cli>If the heuristic score is very high, the comment is instantly marked as spam – no API call needed\u003C\u002Fli>\n\u003Cli>Otherwise, the comment is queued for AI analysis (or processed immediately in sync mode)\u003C\u002Fli>\n\u003Cli>The AI analyzes the comment in context (post title, author info, heuristic data) and returns a spam score\u003C\u002Fli>\n\u003Cli>Comments scoring above your threshold are marked as spam; clean comments are auto-approved\u003C\u002Fli>\n\u003Cli>Repeat offender IPs are automatically blocked with escalating durations\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Use Cases\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Blogs\u003C\u002Fstrong> receiving hundreds of spam comments per day\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce stores\u003C\u002Fstrong> where comment spam affects SEO and credibility\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Membership sites\u003C\u002Fstrong> that need to protect community discussions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multilingual sites\u003C\u002Fstrong> – AI understands comments in any language, unlike keyword-based filters\u003C\u002Fli>\n\u003Cli>\u003Cstrong>High-traffic sites\u003C\u002Fstrong> – Async processing handles any volume without slowing down your site\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Sites tired of Akismet\u003C\u002Fstrong> – Free alternative with no cloud dependency and full data control\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Security\u003C\u002Fh4>\n\u003Cp>SpamAnvil follows WordPress security best practices throughout:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>AES-256-CBC encrypted API key storage\u003C\u002Fli>\n\u003Cli>wp-config.php constant support for API keys (never touch the database)\u003C\u002Fli>\n\u003Cli>Nonce verification on all forms and AJAX requests\u003C\u002Fli>\n\u003Cli>Capability checks on all admin actions\u003C\u002Fli>\n\u003Cli>Prepared SQL statements on every database query\u003C\u002Fli>\n\u003Cli>Output escaping on all rendered content\u003C\u002Fli>\n\u003Cli>Prompt injection defense: boundary tags, system prompt hardening, heuristic injection detection, strict JSON validation, temperature 0\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Languages\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>English (default)\u003C\u002Fli>\n\u003Cli>Translation-ready (.pot file included)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Third-Party Services\u003C\u002Fh4>\n\u003Cp>SpamAnvil sends comment data (content, author name, email, and URL) to external AI services for spam analysis. The specific service used depends on your configuration. No data is sent until you configure and enable a provider.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>OpenAI\u003C\u002Fstrong> — \u003Ca href=\"https:\u002F\u002Fopenai.com\" rel=\"nofollow ugc\">https:\u002F\u002Fopenai.com\u003C\u002Fa> — \u003Ca href=\"https:\u002F\u002Fopenai.com\u002Fpolicies\u002Fterms-of-use\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> — \u003Ca href=\"https:\u002F\u002Fopenai.com\u002Fpolicies\u002Fprivacy-policy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Anthropic (Claude)\u003C\u002Fstrong> — \u003Ca href=\"https:\u002F\u002Fwww.anthropic.com\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.anthropic.com\u003C\u002Fa> — \u003Ca href=\"https:\u002F\u002Fwww.anthropic.com\u002Fpolicies#terms\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa> — \u003Ca href=\"https:\u002F\u002Fwww.anthropic.com\u002Fpolicies#privacy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Google Gemini\u003C\u002Fstrong> — \u003Ca href=\"https:\u002F\u002Fai.google.dev\" rel=\"nofollow ugc\">https:\u002F\u002Fai.google.dev\u003C\u002Fa> — \u003Ca href=\"https:\u002F\u002Fai.google.dev\u002Fgemini-api\u002Fterms\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa> — \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fprivacy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>OpenRouter\u003C\u002Fstrong> — \u003Ca href=\"https:\u002F\u002Fopenrouter.ai\" rel=\"nofollow ugc\">https:\u002F\u002Fopenrouter.ai\u003C\u002Fa> — \u003Ca href=\"https:\u002F\u002Fopenrouter.ai\u002Fterms\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa> — \u003Ca href=\"https:\u002F\u002Fopenrouter.ai\u002Fprivacy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Featherless.ai\u003C\u002Fstrong> — \u003Ca href=\"https:\u002F\u002Ffeatherless.ai\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Ffeatherless.ai\u003C\u002Fa> — \u003Ca href=\"https:\u002F\u002Ffeatherless.ai\u002Fterms\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa> — \u003Ca href=\"https:\u002F\u002Ffeatherless.ai\u002Fprivacy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>When using the “Generic OpenAI-Compatible” option, data is sent to the URL you configure. You are responsible for ensuring compliance with the privacy policies of your chosen service.\u003C\u002Fp>\n","Stop comment spam with AI. Uses ChatGPT, Claude, Gemini and other LLMs to catch spam that traditional filters miss. 100% free.",20,375,0,"2026-02-22T11:33:00.000Z","6.9.4","5.8","7.4",[19,20,21,22,23],"ai","anti-spam","artificial-intelligence","comments","spam","https:\u002F\u002Fsoftware.amato.com.br\u002Fspamanvil-antispam-plugin-for-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fspamanvil.1.2.7.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"aamato",1,30,94,"2026-04-04T17:08:19.601Z",[37,59,75,94,114],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":56,"download_link":57,"security_score":58,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"mailgun-email-validator","Mailgun Email Validator","1.2.4.1","Jesin A","https:\u002F\u002Fprofiles.wordpress.org\u002Fjesin\u002F","\u003Cp>Most email validators look for an \u003Ccode>@\u003C\u002Fcode> and a \u003Ccode>.\u003C\u002Fcode>(dot) some go further and blacklist certain domain names. But Mailgun’s Advanced email validation service goes deeper and looks for the existence of the domain name, presence of a \u003Ca href=\"http:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FMX_record\" rel=\"nofollow ugc\">MX record\u003C\u002Fa> and the custom ESP(Email Service Provider) grammar.\u003Cbr \u002F>\nThe grammar here is the rules defined by each email provider. For example, Yahoo Mail addresses can only contain letters, numbers, underscores, and one period.\u003Cbr \u002F>\nSo \u003Ccode>user.name.abc@yahoo.com\u003C\u002Fcode> perfectly passes the \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fis_email\" rel=\"nofollow ugc\">is_email()\u003C\u002Fa> function but can never exist as it contains more than one period. Such addresses can’t escape Mailgun’s Email validation.\u003C\u002Fp>\n\u003Ch4>Why use Mailgun’s email validation service?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Performs the usual email syntax check.\u003C\u002Fli>\n\u003Cli>Checks the existence of the email domain. So \u003Ccode>user@some-random-characters.com\u003C\u002Fcode> can’t escape.\u003C\u002Fli>\n\u003Cli>Checks if the email domain has a MX record. So \u003Ccode>anything@example.com\u003C\u002Fcode> is caught.\u003C\u002Fli>\n\u003Cli>Checks if the username complies with the grammar of its ESP (Email Service provider). Eg Gmail doesn’t allow usernames less than 6 characters and hyphens so \u003Ccode>small@gmail.com\u003C\u002Fcode> and \u003Ccode>hyphen-user@gmail.com\u003C\u002Fcode> can’t get away.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Why use this plugin?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Integrates with the \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fis_email\" rel=\"nofollow ugc\">is_email()\u003C\u002Fa> function of WordPress. So it works seamlessly with Contact Form 7, Jetpack\u002FGrunion contact forms, WordPress registration form and any form which uses the \u003Ccode>is_email()\u003C\u002Fcode> function.\u003C\u002Fli>\n\u003Cli>Kicks spam before it is inserted into the database\u003C\u002Fli>\n\u003Cli>Ensures that the commenting process is uninterrupted even if Mailgun suffers a \u003Ca href=\"http:\u002F\u002Fstatus.mailgun.com\" rel=\"nofollow ugc\">downtime\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Works completely transparent, nothing changes in the frontend\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin requires a Mailgun Public API Key which can be obtained by \u003Ca href=\"https:\u002F\u002Fmailgun.com\u002Fsignup\" rel=\"nofollow ugc\">signing up at Mailgun\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>If you’re trying out this plugin on a local WAMP\u002FLAMP\u002FMAMP installation make sure your system is connected to the Internet for this plugin to contact Mailgun.\u003C\u002Fp>\n\u003Ch4>Available Languages\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>Serbo-Croatian by \u003Ca href=\"http:\u002F\u002Fwww.webhostinghub.com\u002F\" rel=\"nofollow ugc\">Borisa Djuraskovic\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Spanish by \u003Ca href=\"http:\u002F\u002Fwww.webhostinghub.com\u002F\" rel=\"nofollow ugc\">Andrew Kurtis\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Further Reading\u003C\u002Fh4>\n\u003Cp>Read about Mailgun’s email validation service.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fblog.mailgun.com\u002Fpost\u002Ffree-email-validation-api-for-web-forms\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fblog.mailgun.com\u002Fpost\u002Ffree-email-validation-api-for-web-forms\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fblog.mailgun.com\u002Fpost\u002Fweekly-product-update-improvements-to-email-validation-api\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fblog.mailgun.com\u002Fpost\u002Fweekly-product-update-improvements-to-email-validation-api\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fmailgun.github.io\u002Fvalidator-demo\u002F\" rel=\"nofollow ugc\">Mailgun Address Validator demo\u003C\u002Fa> and its \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmailgun\u002Fvalidator-demo\u002Ftree\u002Fgh-pages\" rel=\"nofollow ugc\">source code\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>The \u003Ca href=\"https:\u002F\u002Fwebsistent.com\u002Fwordpress-plugins\u002Fmailgun-email-validator\u002F\" rel=\"nofollow ugc\">Mailgun Email Validator Plugin\u003C\u002Fa> official homepage.\u003C\u002Fli>\n\u003C\u002Ful>\n","Kick spam with a highly advanced email validation in comment forms, user registration and contact forms using Mailgun's Email validation service.",60,11426,82,25,"2017-11-25T14:21:00.000Z","4.9.29","3.1.0","",[20,22,54,23,55],"email-validation","validation","https:\u002F\u002Fwebsistent.com\u002Fwordpress-plugins\u002Fmailgun-email-validator\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmailgun-email-validator.1.2.4.1.zip",85,{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":33,"downloaded":67,"rating":13,"num_ratings":13,"last_updated":68,"tested_up_to":15,"requires_at_least":69,"requires_php":70,"tags":71,"homepage":73,"download_link":74,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"ai-comment-guard","AI Comment Guard","1.2.4","Tudor Constantin","https:\u002F\u002Fprofiles.wordpress.org\u002Ftud0r\u002F","\u003Cp>\u003Cstrong>AI Comment Guard\u003C\u002Fstrong> is a powerful WordPress plugin that uses artificial intelligence to automatically moderate comments on your website. Say goodbye to spam and inappropriate content with intelligent, customizable AI analysis.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>🤖 \u003Cstrong>Multiple AI Provider Support\u003C\u002Fstrong>: Choose from OpenAI (GPT-4\u002FGPT-3.5), Anthropic (Claude), or OpenRouter\u003C\u002Fli>\n\u003Cli>⚡ \u003Cstrong>Automatic Comment Processing\u003C\u002Fstrong>: Instantly analyze and moderate comments as they’re submitted\u003C\u002Fli>\n\u003Cli>🎯 \u003Cstrong>Smart Classification\u003C\u002Fstrong>: Automatically approve, reject, hold, or mark comments as spam\u003C\u002Fli>\n\u003Cli>📊 \u003Cstrong>Confidence Thresholds\u003C\u002Fstrong>: Set custom confidence levels for different actions\u003C\u002Fli>\n\u003Cli>📝 \u003Cstrong>Customizable AI Prompts\u003C\u002Fstrong>: Tailor the AI’s behavior to your specific needs\u003C\u002Fli>\n\u003Cli>📈 \u003Cstrong>Comprehensive Logging\u003C\u002Fstrong>: Track all AI decisions with detailed logs and statistics\u003C\u002Fli>\n\u003Cli>🔒 \u003Cstrong>Secure API Integration\u003C\u002Fstrong>: Your API keys are stored securely\u003C\u002Fli>\n\u003Cli>🌍 \u003Cstrong>Internationalization Ready\u003C\u002Fstrong>: Fully translatable to any language\u003C\u002Fli>\n\u003Cli>⚙️ \u003Cstrong>Easy Configuration\u003C\u002Fstrong>: Simple setup with intuitive admin interface\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How It Works\u003C\u002Fh4>\n\u003Col>\n\u003Cli>\u003Cstrong>Configure Your AI Provider\u003C\u002Fstrong>: Add your API key from OpenAI, Anthropic, or OpenRouter\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Set Your Preferences\u003C\u002Fstrong>: Customize thresholds and prompts to match your moderation style\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Let AI Do the Work\u003C\u002Fstrong>: Comments are automatically analyzed and actioned based on your settings\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Review and Refine\u003C\u002Fstrong>: Monitor performance through detailed logs and adjust settings as needed\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Perfect For\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Bloggers\u003C\u002Fstrong> who want to maintain quality discussions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Business Websites\u003C\u002Fstrong> needing professional comment moderation\u003C\u002Fli>\n\u003Cli>\u003Cstrong>High-Traffic Sites\u003C\u002Fstrong> requiring automated spam protection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Community Platforms\u003C\u002Fstrong> wanting consistent moderation standards\u003C\u002Fli>\n\u003Cli>\u003Cstrong>International Sites\u003C\u002Fstrong> needing multilingual comment analysis\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Privacy & Security\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>API keys are stored securely in your WordPress database\u003C\u002Fli>\n\u003Cli>No comment data is stored on third-party servers beyond AI processing\u003C\u002Fli>\n\u003Cli>GDPR compliant with optional logging that can be disabled\u003C\u002Fli>\n\u003Cli>All communications with AI providers use secure HTTPS connections\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to an external service in order to analyze and moderate comments using artificial intelligence.\u003Cbr \u002F>\nYou can choose one of the following providers in the plugin settings:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>\u003Cstrong>OpenAI API\u003C\u002Fstrong> (https:\u002F\u002Fopenai.com\u002F)\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Purpose:\u003C\u002Fstrong> Used to generate text analysis and classify comments.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data sent:\u003C\u002Fstrong> The comment content (text) and moderation instructions.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>When data is sent:\u003C\u002Fstrong> Each time a comment is submitted on your site and OpenAI is selected as the provider.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Where data is sent:\u003C\u002Fstrong> To OpenAI servers (https:\u002F\u002Fapi.openai.com\u002Fv1\u002Fchat\u002Fcompletions).  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Policies:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fopenai.com\u002Fpolicies\u002Fterms-of-use\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fopenai.com\u002Fpolicies\u002Fprivacy-policy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Anthropic API\u003C\u002Fstrong> (https:\u002F\u002Fwww.anthropic.com\u002F)\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Purpose:\u003C\u002Fstrong> Used to analyze and classify comments through the Claude model.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data sent:\u003C\u002Fstrong> The comment content and analysis context.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>When data is sent:\u003C\u002Fstrong> Each time a comment is submitted and Anthropic is selected as the provider.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Where data is sent:\u003C\u002Fstrong> To Anthropic servers (https:\u002F\u002Fapi.anthropic.com\u002Fv1\u002Fmessages).  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Policies:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwww.anthropic.com\u002Flegal\u002Fconsumer-terms\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.anthropic.com\u002Flegal\u002Fprivacy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>OpenRouter API\u003C\u002Fstrong> (https:\u002F\u002Fopenrouter.ai\u002F)\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Purpose:\u003C\u002Fstrong> Routes requests to multiple AI models for comment analysis.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data sent:\u003C\u002Fstrong> The comment content and parameters required for processing.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>When data is sent:\u003C\u002Fstrong> Each time a comment is submitted and OpenRouter is selected as the provider.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Where data is sent:\u003C\u002Fstrong> To OpenRouter servers (https:\u002F\u002Fopenrouter.ai\u002Fapi\u002Fv1\u002Fchat\u002Fcompletions).  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Policies:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fopenrouter.ai\u002Fterms\" rel=\"nofollow ugc\">Terms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fopenrouter.ai\u002Fprivacy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 5.0 or higher\u003C\u002Fli>\n\u003Cli>PHP 7.2 or higher\u003C\u002Fli>\n\u003Cli>An API key from OpenAI, Anthropic, or OpenRouter\u003C\u002Fli>\n\u003Cli>SSL certificate recommended for secure API communications\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Additional Information\u003C\u002Fh3>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>For support, feature requests, or bug reports, please visit:\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fwww.linkedin.com\u002Fin\u002Ftudor-eusebiu-constantin\u002F\" rel=\"nofollow ugc\">LinkedIn Profile\u003C\u002Fa>\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftudor-constantin\u002Fai-comment-guard\" rel=\"nofollow ugc\">GitHub Repository\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Contributing\u003C\u002Fh4>\n\u003Cp>We welcome contributions! If you’d like to contribute to the development of AI Comment Guard:\u003Cbr \u002F>\n* Report bugs or suggest features through the support forum\u003Cbr \u002F>\n* Submit pull requests on GitHub\u003Cbr \u002F>\n* Help translate the plugin to your language\u003C\u002Fp>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Developed by Tudor Constantin\u003C\u002Fli>\n\u003Cli>Thanks to the WordPress community for feedback and support\u003C\u002Fli>\n\u003Cli>Icons and graphics from WordPress Dashicons\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>License\u003C\u002Fh4>\n\u003Cp>AI Comment Guard is licensed under the GPL v2 or later.\u003C\u002Fp>\n\u003Cp>This program is free software; you can redistribute it and\u002For modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.\u003C\u002Fp>\n\u003Cp>This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.\u003C\u002Fp>\n","Protect your WordPress site from spam with AI-powered comment moderation. Supports OpenAI, Anthropic, and OpenRouter providers.",471,"2025-12-09T17:13:00.000Z","5.0","7.2",[19,21,22,72,23],"moderation","https:\u002F\u002Fwww.linkedin.com\u002Fin\u002Ftudor-eusebiu-constantin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fai-comment-guard.1.2.4.zip",{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":83,"downloaded":84,"rating":13,"num_ratings":13,"last_updated":85,"tested_up_to":86,"requires_at_least":87,"requires_php":52,"tags":88,"homepage":92,"download_link":93,"security_score":58,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wp-mail-validator","WP-Mail-Validator","0.6.5","kimpenhaus","https:\u002F\u002Fprofiles.wordpress.org\u002Fkimpenhaus\u002F","\u003Cp>WP-Mail-Validator is an anti-spam plugin. It provides mail-address validation in 5 ways:\u003C\u002Fp>\n\u003Col>\n\u003Cli>syntax of mail-addresses\u003C\u002Fli>\n\u003Cli>mailserver host\u003C\u002Fli>\n\u003Cli>mx-record of mailserver\u003C\u002Fli>\n\u003Cli>user-defined blacklist\u003C\u002Fli>\n\u003Cli>trashmail services\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Once the plugin identifies a mail-address to be non existing on the mailserver or being on the blacklist or\u003Cbr \u002F>\nfrom trashmail service, any comment being made is moved to the spam area awaiting moderation from the blog owner.\u003C\u002Fp>\n\u003Ch3>Theme-Modification\u003C\u002Fh3>\n\u003Cp>WP-Mail-Validator comes with 3 theme functions that can be used:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Ccode>wp_mail_validator_info_label()\u003C\u002Fcode>: shows a protected by info label\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp_mail_validator_version()\u003C\u002Fcode>: shows the current plugin version\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp_mail_validator_fended_spam_attack_count()\u003C\u002Fcode>: shows the count of spam attackes fended\u003C\u002Fli>\n\u003C\u002Fol>\n","WP-Mail-Validator is an anti-spam plugin. It provides mail-address validation in 5 ways:",10,3191,"2020-04-13T17:37:00.000Z","5.4.19","5.2.0",[20,89,22,90,91],"blacklist","security","trashmail","https:\u002F\u002Fgithub.com\u002Fkimpenhaus\u002Fwp-mail-validator","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-mail-validator.0.6.5.zip",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":102,"downloaded":103,"rating":34,"num_ratings":104,"last_updated":105,"tested_up_to":15,"requires_at_least":16,"requires_php":70,"tags":106,"homepage":109,"download_link":110,"security_score":111,"vuln_count":112,"unpatched_count":13,"last_vuln_date":113,"fetched_at":28},"akismet","Akismet Anti-spam: Spam Protection","5.6","Automattic","https:\u002F\u002Fprofiles.wordpress.org\u002Fautomattic\u002F","\u003Cp>The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.\u003C\u002Fp>\n\u003Cp>Akismet checks your comments and contact form submissions against our global database of spam to prevent your site from publishing malicious content. You can review the comment spam it catches on your blog’s “Comments” admin screen.\u003C\u002Fp>\n\u003Cp>Major features in Akismet include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatically checks all comments and filters out the ones that look like spam.\u003C\u002Fli>\n\u003Cli>Each comment has a status history, so you can easily see which comments were caught or cleared by Akismet and which were spammed or unspammed by a moderator.\u003C\u002Fli>\n\u003Cli>URLs are shown in the comment body to reveal hidden or misleading links.\u003C\u002Fli>\n\u003Cli>Moderators can see the number of approved comments for each user.\u003C\u002Fli>\n\u003Cli>A discard feature that outright blocks the worst spam, saving you disk space and speeding up your site.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>PS: You’ll be prompted to get an Akismet.com API key to use it, once activated. Keys are free for personal blogs; paid subscriptions are available for businesses and commercial sites.\u003C\u002Fp>\n","The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.",6000000,386405930,1173,"2025-11-12T16:31:00.000Z",[20,107,22,108,23],"antispam","contact-form","https:\u002F\u002Fakismet.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fakismet.5.6.zip",99,2,"2015-10-13 00:00:00",{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":122,"downloaded":123,"rating":124,"num_ratings":125,"last_updated":126,"tested_up_to":127,"requires_at_least":128,"requires_php":129,"tags":130,"homepage":133,"download_link":134,"security_score":26,"vuln_count":32,"unpatched_count":13,"last_vuln_date":135,"fetched_at":28},"antispam-bee","Antispam Bee","2.11.8","pluginkollektiv","https:\u002F\u002Fprofiles.wordpress.org\u002Fpluginkollektiv\u002F","\u003Cp>Say Goodbye to comment spam on your WordPress blog or website. \u003Cem>Antispam Bee\u003C\u002Fem> blocks spam comments and trackbacks effectively, without captchas and without sending personal information to third party services. It is free of charge, ad-free and 100% GDPR compliant.\u003C\u002Fp>\n\u003Ch3>Feature\u002FSettings Overview\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Trust approved commenters.\u003C\u002Fli>\n\u003Cli>Trust commenters with a Gravatar.\u003C\u002Fli>\n\u003Cli>Consider the comment time.\u003C\u002Fli>\n\u003Cli>Allow comments only in a certain language.\u003C\u002Fli>\n\u003Cli>Block or allow commenters from certain countries.\u003C\u002Fli>\n\u003Cli>Treat BBCode links as spam.\u003C\u002Fli>\n\u003Cli>Use regular expressions.\u003C\u002Fli>\n\u003Cli>Search local spam database for commenters previously marked as spammers.\u003C\u002Fli>\n\u003Cli>Notify admins by e-mail about incoming spam.\u003C\u002Fli>\n\u003Cli>Delete existing spam after n days.\u003C\u002Fli>\n\u003Cli>Limit approval to comments\u002Fpings (will delete other comment types).\u003C\u002Fli>\n\u003Cli>Select spam indicators to send comments to deletion directly.\u003C\u002Fli>\n\u003Cli>Optionally exclude trackbacks and pingbacks from spam detection.\u003C\u002Fli>\n\u003Cli>Optionally spam-check comment forms on archive pages.\u003C\u002Fli>\n\u003Cli>Display spam statistics on the dashboard, including daily updates of spam detection rate and a total of blocked spam comments.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Community support via the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fantispam-bee\" rel=\"ugc\">support forums on wordpress.org\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Read \u003Ca href=\"https:\u002F\u002Fantispambee.pluginkollektiv.org\u002Fdocumentation\u002F\" rel=\"nofollow ugc\">the documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>We don’t handle support via e-mail, Twitter, GitHub issues etc.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contribute\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Active development of this plugin is handled \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpluginkollektiv\u002Fantispam-bee\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Pull requests for documented bugs are highly appreciated.\u003C\u002Fli>\n\u003Cli>If you think you’ve found a bug (e.g. you’re experiencing unexpected behavior), please post at the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fantispam-bee\" rel=\"ugc\">support forums\u003C\u002Fa> first.\u003C\u002Fli>\n\u003Cli>If you want to help us translate this plugin you can do so \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fantispam-bee\" rel=\"nofollow ugc\">on WordPress Translate\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Author: \u003Ca href=\"https:\u002F\u002Fsergejmueller.github.io\u002F\" rel=\"nofollow ugc\">Sergej Müller\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Maintainers: \u003Ca href=\"https:\u002F\u002Fpluginkollektiv.org\" rel=\"nofollow ugc\">pluginkollektiv\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Sophisticated antispam plugin for effective daily comment and trackback spam-fighting. Built with data protection and privacy in mind.",700000,10958057,96,225,"2025-07-22T11:23:00.000Z","6.8.5","4.6","5.2",[20,107,22,131,132],"spam-filter","spam-protection","https:\u002F\u002Fantispambee.pluginkollektiv.org\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fantispam-bee.2.11.8.zip","2023-11-27 00:00:00",{"attackSurface":137,"codeSignals":225,"taintFlows":254,"riskAssessment":449,"analyzedAt":454},{"hooks":138,"ajaxHandlers":188,"restRoutes":213,"shortcodes":214,"cronEvents":215,"entryPointCount":224,"unprotectedCount":224},[139,145,149,153,158,162,166,170,173,176,180,183],{"type":140,"name":141,"callback":142,"file":143,"line":144},"filter","cron_schedules","add_cron_interval","includes\\class-spamanvil.php",68,{"type":140,"name":146,"callback":147,"priority":83,"file":143,"line":148},"preprocess_comment","check_blocked_ip",71,{"type":140,"name":150,"callback":151,"priority":111,"file":143,"line":152},"pre_comment_approved","hold_for_review",72,{"type":154,"name":155,"callback":156,"priority":83,"file":143,"line":157},"action","comment_post","process_new_comment",73,{"type":154,"name":159,"callback":160,"file":143,"line":161},"spamanvil_process_queue","process_batch",76,{"type":154,"name":163,"callback":164,"file":143,"line":165},"spamanvil_cleanup_logs","cleanup_old_logs",77,{"type":154,"name":167,"callback":168,"file":143,"line":169},"admin_menu","add_menu_page",81,{"type":154,"name":171,"callback":172,"file":143,"line":47},"admin_init","register_settings",{"type":154,"name":171,"callback":174,"file":143,"line":175},"maybe_redirect_after_activation",83,{"type":154,"name":177,"callback":178,"file":143,"line":179},"admin_enqueue_scripts","enqueue_assets",84,{"type":154,"name":181,"callback":182,"file":143,"line":58},"wp_dashboard_setup","register_dashboard_widget",{"type":154,"name":184,"callback":185,"file":186,"line":187},"plugins_loaded","spamanvil_init","spamanvil.php",78,[189,194,198,202,205,209],{"action":190,"nopriv":191,"callback":192,"hasNonce":191,"hasCapCheck":191,"file":143,"line":193},"spamanvil_test_connection",false,"ajax_test_connection",88,{"action":195,"nopriv":191,"callback":196,"hasNonce":191,"hasCapCheck":191,"file":143,"line":197},"spamanvil_unblock_ip","ajax_unblock_ip",89,{"action":199,"nopriv":191,"callback":200,"hasNonce":191,"hasCapCheck":191,"file":143,"line":201},"spamanvil_scan_pending","ajax_scan_pending",90,{"action":159,"nopriv":191,"callback":203,"hasNonce":191,"hasCapCheck":191,"file":143,"line":204},"ajax_process_queue",91,{"action":206,"nopriv":191,"callback":207,"hasNonce":191,"hasCapCheck":191,"file":143,"line":208},"spamanvil_clear_api_key","ajax_clear_api_key",92,{"action":210,"nopriv":191,"callback":211,"hasNonce":191,"hasCapCheck":191,"file":143,"line":212},"spamanvil_dismiss_notice","ajax_dismiss_notice",93,[],[],[216,218,220,222],{"hook":159,"callback":159,"file":217,"line":125},"includes\\class-spamanvil-activator.php",{"hook":163,"callback":163,"file":217,"line":219},228,{"hook":159,"callback":159,"file":143,"line":221},137,{"hook":163,"callback":163,"file":143,"line":223},140,6,{"dangerousFunctions":226,"sqlUsage":227,"outputEscaping":249,"fileOperations":13,"externalRequests":32,"nonceChecks":83,"capabilityChecks":252,"bundledLibraries":253},[],{"prepared":228,"raw":229,"locations":230},46,5,[231,235,239,242,245],{"file":232,"line":233,"context":234},"includes\\class-spamanvil-ip-manager.php",127,"$wpdb->get_var() with variable interpolation",{"file":236,"line":237,"context":238},"includes\\class-spamanvil-queue.php",683,"$wpdb->get_col() with variable interpolation",{"file":240,"line":241,"context":234},"includes\\class-spamanvil-stats.php",141,{"file":240,"line":243,"context":244},177,"$wpdb->get_results() with variable interpolation",{"file":246,"line":247,"context":248},"uninstall.php",34,"$wpdb->query() with variable interpolation",{"escaped":250,"rawEcho":13,"locations":251},220,[],14,[],[255,302,340,360,370,380],{"entryPoint":256,"graph":257,"unsanitizedCount":13,"severity":301},"save_general_settings (admin\\class-spamanvil-admin.php:259)",{"nodes":258,"edges":294},[259,265,270,274,276,280,282,286,288,292],{"id":260,"type":261,"label":262,"file":263,"line":264},"n0","source","$_POST['spamanvil_mode']","admin\\class-spamanvil-admin.php",267,{"id":266,"type":267,"label":268,"file":263,"line":264,"wp_function":269},"n1","sink","update_option() [Settings Manipulation]","update_option",{"id":271,"type":261,"label":272,"file":263,"line":273},"n2","$_POST['spamanvil_threshold']",269,{"id":275,"type":267,"label":268,"file":263,"line":273,"wp_function":269},"n3",{"id":277,"type":261,"label":278,"file":263,"line":279},"n4","$_POST['spamanvil_heuristic_auto_spam']",270,{"id":281,"type":267,"label":268,"file":263,"line":279,"wp_function":269},"n5",{"id":283,"type":261,"label":284,"file":263,"line":285},"n6","$_POST['spamanvil_batch_size']",271,{"id":287,"type":267,"label":268,"file":263,"line":285,"wp_function":269},"n7",{"id":289,"type":261,"label":290,"file":263,"line":291},"n8","$_POST['spamanvil_log_retention']",272,{"id":293,"type":267,"label":268,"file":263,"line":291,"wp_function":269},"n9",[295,297,298,299,300],{"from":260,"to":266,"sanitized":296},true,{"from":271,"to":275,"sanitized":296},{"from":277,"to":281,"sanitized":296},{"from":283,"to":287,"sanitized":296},{"from":289,"to":293,"sanitized":296},"low",{"entryPoint":303,"graph":304,"unsanitizedCount":13,"severity":301},"save_provider_settings (admin\\class-spamanvil-admin.php:278)",{"nodes":305,"edges":333},[306,309,310,313,314,317,318,321,322,325,327,331],{"id":260,"type":261,"label":307,"file":263,"line":308},"$_POST['spamanvil_primary_provider']",285,{"id":266,"type":267,"label":268,"file":263,"line":308,"wp_function":269},{"id":271,"type":261,"label":311,"file":263,"line":312},"$_POST['spamanvil_fallback_provider']",286,{"id":275,"type":267,"label":268,"file":263,"line":312,"wp_function":269},{"id":277,"type":261,"label":315,"file":263,"line":316},"$_POST['spamanvil_fallback2_provider']",287,{"id":281,"type":267,"label":268,"file":263,"line":316,"wp_function":269},{"id":283,"type":261,"label":319,"file":263,"line":320},"$_POST[$model_key]",295,{"id":287,"type":267,"label":268,"file":263,"line":320,"wp_function":269},{"id":289,"type":261,"label":323,"file":263,"line":324},"$_POST",301,{"id":293,"type":267,"label":268,"file":263,"line":326,"wp_function":269},304,{"id":328,"type":261,"label":329,"file":263,"line":330},"n10","$_POST['spamanvil_generic_api_url']",310,{"id":332,"type":267,"label":268,"file":263,"line":330,"wp_function":269},"n11",[334,335,336,337,338,339],{"from":260,"to":266,"sanitized":296},{"from":271,"to":275,"sanitized":296},{"from":277,"to":281,"sanitized":296},{"from":283,"to":287,"sanitized":296},{"from":289,"to":293,"sanitized":296},{"from":328,"to":332,"sanitized":296},{"entryPoint":341,"graph":342,"unsanitizedCount":13,"severity":301},"save_prompt_settings (admin\\class-spamanvil-admin.php:315)",{"nodes":343,"edges":356},[344,347,348,351,352,355],{"id":260,"type":261,"label":345,"file":263,"line":346},"$_POST['spamanvil_system_prompt']",327,{"id":266,"type":267,"label":268,"file":263,"line":346,"wp_function":269},{"id":271,"type":261,"label":349,"file":263,"line":350},"$_POST['spamanvil_user_prompt']",330,{"id":275,"type":267,"label":268,"file":263,"line":350,"wp_function":269},{"id":277,"type":261,"label":353,"file":263,"line":354},"$_POST['spamanvil_spam_words']",333,{"id":281,"type":267,"label":268,"file":263,"line":354,"wp_function":269},[357,358,359],{"from":260,"to":266,"sanitized":296},{"from":271,"to":275,"sanitized":296},{"from":277,"to":281,"sanitized":296},{"entryPoint":361,"graph":362,"unsanitizedCount":13,"severity":301},"save_ip_settings (admin\\class-spamanvil-admin.php:337)",{"nodes":363,"edges":368},[364,367],{"id":260,"type":261,"label":365,"file":263,"line":366},"$_POST['spamanvil_ip_block_threshold']",345,{"id":266,"type":267,"label":268,"file":263,"line":366,"wp_function":269},[369],{"from":260,"to":266,"sanitized":296},{"entryPoint":371,"graph":372,"unsanitizedCount":13,"severity":301},"ajax_dismiss_notice (admin\\class-spamanvil-admin.php:507)",{"nodes":373,"edges":378},[374,376],{"id":260,"type":261,"label":323,"file":263,"line":375},514,{"id":266,"type":267,"label":268,"file":263,"line":377,"wp_function":269},522,[379],{"from":260,"to":266,"sanitized":296},{"entryPoint":381,"graph":382,"unsanitizedCount":13,"severity":301},"\u003Cclass-spamanvil-admin> (admin\\class-spamanvil-admin.php:0)",{"nodes":383,"edges":433},[384,385,386,387,388,389,390,391,392,393,394,395,396,398,400,402,404,406,408,411,413,415,417,419,421,423,425,427,429,431],{"id":260,"type":261,"label":262,"file":263,"line":264},{"id":266,"type":267,"label":268,"file":263,"line":264,"wp_function":269},{"id":271,"type":261,"label":272,"file":263,"line":273},{"id":275,"type":267,"label":268,"file":263,"line":273,"wp_function":269},{"id":277,"type":261,"label":278,"file":263,"line":279},{"id":281,"type":267,"label":268,"file":263,"line":279,"wp_function":269},{"id":283,"type":261,"label":284,"file":263,"line":285},{"id":287,"type":267,"label":268,"file":263,"line":285,"wp_function":269},{"id":289,"type":261,"label":290,"file":263,"line":291},{"id":293,"type":267,"label":268,"file":263,"line":291,"wp_function":269},{"id":328,"type":261,"label":307,"file":263,"line":308},{"id":332,"type":267,"label":268,"file":263,"line":308,"wp_function":269},{"id":397,"type":261,"label":311,"file":263,"line":312},"n12",{"id":399,"type":267,"label":268,"file":263,"line":312,"wp_function":269},"n13",{"id":401,"type":261,"label":315,"file":263,"line":316},"n14",{"id":403,"type":267,"label":268,"file":263,"line":316,"wp_function":269},"n15",{"id":405,"type":261,"label":319,"file":263,"line":320},"n16",{"id":407,"type":267,"label":268,"file":263,"line":320,"wp_function":269},"n17",{"id":409,"type":261,"label":410,"file":263,"line":324},"n18","$_POST (x2)",{"id":412,"type":267,"label":268,"file":263,"line":326,"wp_function":269},"n19",{"id":414,"type":261,"label":329,"file":263,"line":330},"n20",{"id":416,"type":267,"label":268,"file":263,"line":330,"wp_function":269},"n21",{"id":418,"type":261,"label":345,"file":263,"line":346},"n22",{"id":420,"type":267,"label":268,"file":263,"line":346,"wp_function":269},"n23",{"id":422,"type":261,"label":349,"file":263,"line":350},"n24",{"id":424,"type":267,"label":268,"file":263,"line":350,"wp_function":269},"n25",{"id":426,"type":261,"label":353,"file":263,"line":354},"n26",{"id":428,"type":267,"label":268,"file":263,"line":354,"wp_function":269},"n27",{"id":430,"type":261,"label":365,"file":263,"line":366},"n28",{"id":432,"type":267,"label":268,"file":263,"line":366,"wp_function":269},"n29",[434,435,436,437,438,439,440,441,442,443,444,445,446,447,448],{"from":260,"to":266,"sanitized":296},{"from":271,"to":275,"sanitized":296},{"from":277,"to":281,"sanitized":296},{"from":283,"to":287,"sanitized":296},{"from":289,"to":293,"sanitized":296},{"from":328,"to":332,"sanitized":296},{"from":397,"to":399,"sanitized":296},{"from":401,"to":403,"sanitized":296},{"from":405,"to":407,"sanitized":296},{"from":409,"to":412,"sanitized":296},{"from":414,"to":416,"sanitized":296},{"from":418,"to":420,"sanitized":296},{"from":422,"to":424,"sanitized":296},{"from":426,"to":428,"sanitized":296},{"from":430,"to":432,"sanitized":296},{"summary":450,"deductions":451},"The spamanvil v1.2.7 plugin exhibits a concerning security posture primarily due to a significant number of unprotected AJAX handlers. While the plugin demonstrates good practices in other areas, such as proper output escaping and a high percentage of prepared SQL statements, the lack of authentication on all identified entry points is a critical weakness. This means that any unauthenticated user could potentially trigger these AJAX actions, leading to unintended consequences or access to sensitive functionality. The taint analysis results are positive, showing no unsanitized paths or critical\u002Fhigh severity flows, suggesting that input validation and sanitization are generally handled well when they are present.  The plugin's vulnerability history is clean, with no known CVEs, which is a strong positive. However, this lack of historical issues does not negate the immediate risks posed by the unprotected AJAX handlers. The plugin's strengths lie in its careful handling of output and SQL, but its primary weakness in unauthenticated entry points requires immediate attention to mitigate potential exploitation.",[452],{"reason":453,"points":83},"All AJAX handlers lack authentication","2026-03-16T22:55:22.504Z",{"wat":456,"direct":465},{"assetPaths":457,"generatorPatterns":460,"scriptPaths":461,"versionParams":462},[458,459],"\u002Fwp-content\u002Fplugins\u002Fspamanvil\u002Fadmin\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fspamanvil\u002Fadmin\u002Fjs\u002Fadmin.js",[],[459],[463,464],"spamanvil\u002Fadmin\u002Fcss\u002Fadmin.css?ver=","spamanvil\u002Fadmin\u002Fjs\u002Fadmin.js?ver=",{"cssClasses":466,"htmlComments":468,"htmlAttributes":469,"restEndpoints":472,"jsGlobals":473,"shortcodeOutput":475},[467],"spamanvil-wrap",[],[470,471],"data-spamanvil-action","data-spamanvil-id",[],[474],"spamAnvil",[]]