[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fAl3hSD4LqBaVvpUFnyUVYDDqi2Wu0klISEpjZgnsN-A":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":133,"fingerprints":217},"spamscrubber","SpamScrubber","1.0.0","Richard Phillips","https:\u002F\u002Fprofiles.wordpress.org\u002Frphillipsca\u002F","\u003Cp>SpamScrubber helps block bots and spam submissions by:\u003Cbr \u002F>\n– Adding a customizable delay to all form submit buttons.\u003Cbr \u002F>\n– Obfuscating form actions for non-JavaScript users.\u003Cbr \u002F>\n– Adding a honeypot field (with customizable label) to trap bots.\u003Cbr \u002F>\n– Blocking direct POSTs by requiring a JavaScript token.\u003Cbr \u002F>\n– Providing admin stats for various spam attempt types.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is free software released under the GPLv2 or later.\u003C\u002Fp>\n","A simple and robust anti-spam plugin that adds a submission delay, JavaScript token, and a honeypot field to your site's forms.",0,209,"","6.8.5","6.0","7.4",[18,19,20,21,22],"accessibility","antispam","forms","honeypot","spam","https:\u002F\u002Fspamscrubber.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fspamscrubber.1.0.0.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"rphillipsca",1,30,94,"2026-04-03T23:06:04.134Z",[36,54,71,91,112],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":25,"num_ratings":31,"last_updated":46,"tested_up_to":14,"requires_at_least":47,"requires_php":48,"tags":49,"homepage":51,"download_link":52,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":53},"antispam-for-elementor-forms","Antispam for Elementor Forms","2.3.1","Greyhound Studio","https:\u002F\u002Fprofiles.wordpress.org\u002Fmadebygreyhound\u002F","\u003Cp>Antispam for Elementor Forms adds two methods of preventing spam submissions to Elementor Pro forms – checking the form contents against the WordPress comment blocklist, which is automatically synced daily, and a JavaScript-based honeypot field, with an optional minimum time to fill out the form.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Privacy disclaimer\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin uses the WordPress comment blocklist from GitHub (https:\u002F\u002Fgithub.com\u002Fsplorp\u002Fwordpress-comment-blacklist, via the raw.githubusercontent.com domain). It is synced daily. Your server’s IP address will be shared with GitHub when this happens. Their terms of use can be found here: https:\u002F\u002Fdocs.github.com\u002Fen\u002Fsite-policy\u002Fgithub-terms\u002Fgithub-terms-of-service and their privacy statement can be found here: https:\u002F\u002Fdocs.github.com\u002Fen\u002Fsite-policy\u002Fprivacy-policies\u002Fgithub-general-privacy-statement No data about your users is shared.\u003C\u002Fp>\n","Practical spam prevention for Elementor Forms, without relying on third-party services.",900,9128,"2025-10-06T09:01:00.000Z","5.2","8.0",[19,50,20,21],"elementor","https:\u002F\u002Fgithub.com\u002FMadeByGreyhound\u002Fantispam-for-elementor-forms","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fantispam-for-elementor-forms.2.3.1.zip","2026-03-15T15:16:48.613Z",{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":11,"num_ratings":11,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":67,"tags":68,"homepage":69,"download_link":70,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":53},"apiosys-honeypot-cf7","Apio systems – Honeypot for Contact Form 7","0.9.4","Joris Le Blansch","https:\u002F\u002Fprofiles.wordpress.org\u002Fapiosys\u002F","\u003Cp>I like to use Contact Form 7 on most of my WordPress sites. It’s a powerful form manager that suits all my needs. I don’t like to use external calls to protect the forms from spam submissions though (like reCaptcha or hCaptcha) and don’t want to present a manual captcha to a user (math or other puzzle). Since I couldn’t find a really basic honeypot script that works on most entries, I created one here. Hopefully it’s useful to someone else also.\u003C\u002Fp>\n\u003Ch3>Setup\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Install the plugin using the regular plugin setup routine or upload the entire apiosys-honeypot-cf7 folder to the \u002Fwp-content\u002Fplugins\u002F directory.\u003C\u002Fli>\n\u003Cli>Activate the plugin through the “Plugins” menu in WordPress, you MUST have Contact Form 7 AND Flamingo installed and enabled.\u003C\u002Fli>\n\u003Cli>Add the following shortcodes to your Contact Form 7 forms:\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>[honeypot] – Adds the hidden honeypot field\u003Cbr \u002F>\n[timestamp] – Adds time-based validation\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Complete the rest of the options which you can find in Admin > Contact > Honeypot. A generally good working set of values is enabled by default there.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>What tests are used?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>A Honeypot Field\u003C\u002Fli>\n\u003Cli>A Checkbox Trap\u003C\u002Fli>\n\u003Cli>Time-Based Validation\u003C\u002Fli>\n\u003Cli>Email domain Check\u003C\u002Fli>\n\u003Cli>Basic Content Analysis\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Does it really work?\u003C\u002Fh3>\n\u003Cp>It has been tested on several high-traffic WP sites. I see a return of ~ 1 ‰ (i.e. 1 in a thousand) of spam going through. That usually corresponds to humans paid to fill forms or sophisticated bots. Please feel free to contribute to make it even better. You can contribute directly \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fapio-sys\u002Fapiosys-honeypot-cf7\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n","Basic Honeypot plugin for Contact Form 7 to drastically reduce spam on form submissions without user interaction.",60,349,"2025-12-04T11:22:00.000Z","6.9.4","6.5","7.2",[19,20,21],"https:\u002F\u002Fapio.systems","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fapiosys-honeypot-cf7.0.9.4.zip",{"slug":72,"name":73,"version":74,"author":75,"author_profile":76,"description":77,"short_description":78,"active_installs":79,"downloaded":80,"rating":81,"num_ratings":82,"last_updated":83,"tested_up_to":65,"requires_at_least":84,"requires_php":16,"tags":85,"homepage":89,"download_link":90,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":53},"gravity-forms-zero-spam","Gravity Forms Zero Spam","1.7.2","GravityKit","https:\u002F\u002Fprofiles.wordpress.org\u002Fgravityview\u002F","\u003Cp>This Gravity Forms add-on blocks spam using a non-obtrusive anti-spam measure and can email a spam report summary.\u003C\u002Fp>\n\u003Ch3>Spam blocking for Gravity Forms\u003C\u002Fh3>\n\u003Cp>To get started, all you need to do is activate the plugin!\u003C\u002Fp>\n\u003Ch3>Is the Gravity Forms honeypot field not working for you? 🍯 🐝\u003C\u002Fh3>\n\u003Cp>Zero Spam is better than the Gravity Forms anti-spam honeypot field. If you’re getting spammed, try this plugin.\u003C\u002Fp>\n\u003Ch3>Use this plugin instead of reCaptcha\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>reCaptcha is user-hostile!\u003C\u002Fstrong> Use this instead! Users don’t need to click stoplights, crosswalks, or bicycles when you use this plugin to stop spam.\u003C\u002Fp>\n\u003Ch3>Enable or disable filtering per form\u003C\u002Fh3>\n\u003Cp>If you only want the plugin for specific forms, that’s possible! The plugin adds a simple “Prevent spam using Gravity Forms Zero Spam” setting to each form (requires Gravity Forms 2.5 or newer).\u003C\u002Fp>\n\u003Ch3>Spam report emails\u003C\u002Fh3>\n\u003Cp>Spam summary report emails are disabled by default. Once enabled, a spam summary that includes the number of entries per-form will be sent via email.\u003C\u002Fp>\n\u003Cp>Choose whether you want to be notified after the number of entries reaches a threshold (e.g. 10 spam entries) or after a certain number of days (e.g. every week). If there are no spam entries, no report will be sent.\u003C\u002Fp>\n\u003Cp>Requires \u003Ca href=\"https:\u002F\u002Fwww.gravityforms.com\u002F?partner_id=1210629&irgwc=1&utm_medium=affiliate&utm_campaign=1210629&utm_source=Katz%20Web%20Services%2C%20Inc.\" rel=\"nofollow ugc\">Gravity Forms\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cem>Brought to you by \u003Ca href=\"https:\u002F\u002Fwww.gravitykit.com?utm_source=plugin&utm_campaign=zero-spam&utm_content=readme\" rel=\"nofollow ugc\">GravityKit\u003C\u002Fa>. We create essential Gravity Forms Add-Ons.\u003C\u002Fem>\u003C\u002Fp>\n","Enhance your Gravity Forms to include anti-spam measures originally based on the work of David Walsh's \"Zero Spam\" technique.",100000,1048908,86,23,"2026-03-12T14:21:00.000Z","4.7",[86,87,88,21,22],"anti-spam","captcha","gravity-forms","https:\u002F\u002Fwww.gravitykit.com?utm_source=plugin&utm_campaign=zero-spam&utm_content=pluginuri","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgravity-forms-zero-spam.1.7.2.zip",{"slug":92,"name":93,"version":94,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":99,"downloaded":100,"rating":33,"num_ratings":101,"last_updated":102,"tested_up_to":65,"requires_at_least":103,"requires_php":104,"tags":105,"homepage":107,"download_link":108,"security_score":109,"vuln_count":110,"unpatched_count":11,"last_vuln_date":111,"fetched_at":53},"contact-forms-anti-spam","Maspik – Ultimate Spam Protection","2.7.2","yonifre","https:\u002F\u002Fprofiles.wordpress.org\u002Fyonifre\u002F","\u003Cp>Maspik is an advanced WordPress anti-spam plugin that blocks bots, fake leads, and unwanted submissions across your entire site — without hurting real users.\u003C\u002Fp>\n\u003Cp>Trusted by thousands of websites worldwide. Works automatically on activation.\u003C\u002Fp>\n\u003Cp>👉 Works with all major form plugins. No CAPTCHA. No coding. Immediate results.\u003C\u002Fp>\n\u003Ch3>Why block spam with Maspik?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>🚀 \u003Cstrong>Instant protection\u003C\u002Fstrong> – Works as soon as you activate the plugin.\u003C\u002Fli>\n\u003Cli>🎯 \u003Cstrong>High success rate\u003C\u002Fstrong> – Better protection than traditional CAPTCHA.\u003C\u002Fli>\n\u003Cli>🔍 \u003Cstrong>Smart detection\u003C\u002Fstrong> – Identifies spam patterns automatically with advanced rules and optional AI spam detection.\u003C\u002Fli>\n\u003Cli>🌐 \u003Cstrong>Wide compatibility\u003C\u002Fstrong> – Supports all major form plugins and WordPress core forms (comments, registration).\u003C\u002Fli>\n\u003Cli>🛠️ \u003Cstrong>Fully customizable\u003C\u002Fstrong> – Blacklists, IP blocking, character limits, link limits, countries, languages, and more.\u003C\u002Fli>\n\u003Cli>👥 \u003Cstrong>Spam Block Guarantee\u003C\u002Fstrong> – We are committed to helping you block spam. See the \u003Ca href=\"#-spam-block-guarantee---for-all-users\" rel=\"nofollow ugc\">Spam Block Guarantee\u003C\u002Fa> section.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cp>✅ Works instantly with popular form plugins and core WordPress forms\u003Cbr \u002F>\n✅ No CAPTCHA required – silent protection for your visitors\u003Cbr \u002F>\n✅ Forbidden keywords list system (Blacklist\u002FBlocklist) – block any word, phrase, or pattern you want per field type\u003Cbr \u002F>\n✅ IP blacklist & API integrations\u003Cbr \u002F>\n✅ Phone number validation\u003Cbr \u002F>\n✅ Multiple honeypot methods and advanced key checks\u003Cbr \u002F>\n✅ Multi-language support\u003Cbr \u002F>\n✅ Maspik Matrix – Cloud-based Multi-layer spam protection engine\u003C\u002Fp>\n\u003Ch3>Detailed Features – Advanced Spam Protection & Filtering\u003C\u002Fh3>\n\u003Ch3>Maspik Matrix – Advanced Multi-Layer Spam Protection\u003C\u002Fh3>\n\u003Cp>Maspik Matrix is a powerful layered spam filter that combines multiple detection methods into one unified protection system.\u003C\u002Fp>\n\u003Cp>This engine performs several checks in parallel to increase accuracy and reduce false positives, including:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>IP reputation and risk scoring  \u003C\u002Fli>\n\u003Cli>Pattern matching and keyword analysis  \u003C\u002Fli>\n\u003Cli>Heuristic behavior checks  \u003C\u002Fli>\n\u003Cli>Structural and content-based evaluation  \u003C\u002Fli>\n\u003Cli>AI Spam Check scoring mechanisms  \u003C\u002Fli>\n\u003Cli>Learn from spam submissions and improve over time\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Maspik Matrix provides stronger, faster, and more reliable spam detection by evaluating each submission through multiple layers of protection simultaneously.\u003C\u002Fp>\n\u003Ch3>Blacklisting by Field Type\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Text fields\u002FText area fields\u003C\u002Fstrong> (e.g. name, subject, message)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email fields\u003C\u002Fstrong> (supports regex\u002Fwildcard patterns)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>URL fields\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Phone number fields\u003C\u002Fstrong> (regex\u002Fwildcard support)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Blocking Capabilities\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Specific IP addresses\u003C\u002Fli>\n\u003Cli>Spam submissions in:\n\u003Cul>\n\u003Cli>WordPress comments\u003C\u002Fli>\n\u003Cli>WordPress registration forms\u003C\u002Fli>\n\u003Cli>Contact forms from supported plugins (see list below)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Option to block submissions containing emojis in textarea fields\u003C\u002Fli>\n\u003Cli>Blocking bot-generated submissions\u003C\u002Fli>\n\u003Cli>Advanced key checks to detect automated submissions\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Advanced Blocking\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Honeypot fields (multiple strategies)\u003C\u002Fli>\n\u003Cli>IP verification (100 checks\u002Fmonth in free version)\u003C\u002Fli>\n\u003Cli>Advanced key check engine\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Character Control\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Maximum characters in text fields\u003C\u002Fli>\n\u003Cli>Maximum characters in textarea fields\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Link Limitation\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Limit the number of links allowed in textarea fields (for example, 0–1 links)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>API Integrations\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Proxycheck.io\u003C\u002Fstrong> – Check IP addresses against proxy\u002FVPN\u002FTOR\u003C\u002Fli>\n\u003Cli>\u003Cstrong>AbuseIPDB.com\u003C\u002Fstrong> – Check IP addresses against abuse\u002Fspam\u002Fmalicious\u002Fproxy\u002FVPN\u002FTOR\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Numverify.com\u003C\u002Fstrong> – Validate phone numbers to block spam phone numbers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Spam Log\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Review blocked submissions\u003C\u002Fli>\n\u003Cli>Understand why and how spam was blocked\u003C\u002Fli>\n\u003Cli>Use logs to fine-tune your spam protection\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Detailed Statistics\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Track how many spam submissions were blocked\u003C\u002Fli>\n\u003Cli>Analyze patterns\u003C\u002Fli>\n\u003Cli>Monitor protection over time\u003C\u002Fli>\n\u003Cli>Advanced spam statistics dashboard in the admin\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Supported Forms\u003C\u002Fh3>\n\u003Cp>Maspik integrates seamlessly with a wide range of popular form plugins and WordPress core forms:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Elementor Forms\u003C\u002Fli>\n\u003Cli>Contact Form 7\u003C\u002Fli>\n\u003Cli>Hello Plus\u003C\u002Fli>\n\u003Cli>Ninja Forms\u003C\u002Fli>\n\u003Cli>Everest Forms\u003C\u002Fli>\n\u003Cli>Formidable Forms\u003C\u002Fli>\n\u003Cli>JetFormBuilder\u003C\u002Fli>\n\u003Cli>Forminator Forms\u003C\u002Fli>\n\u003Cli>Fluent Forms\u003C\u002Fli>\n\u003Cli>Bricks Builder Forms\u003C\u002Fli>\n\u003Cli>Breakdance Builder Forms\u003C\u002Fli>\n\u003Cli>BuddyPress\u003C\u002Fli>\n\u003Cli>Bitforms\u003C\u002Fli>\n\u003Cli>Metform\u003C\u002Fli>\n\u003Cli>WordPress comments\u003C\u002Fli>\n\u003Cli>WordPress registration form\u003C\u002Fli>\n\u003Cli>Custom PHP forms\u003C\u002Fli>\n\u003Cli>WPForms*  \u003C\u002Fli>\n\u003Cli>Gravity Forms*  \u003C\u002Fli>\n\u003Cli>WooCommerce registration form*  \u003C\u002Fli>\n\u003Cli>WooCommerce review*\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>(*) Pro license required.\u003C\u002Fp>\n\u003Ch3>Pro Version Features 🌟\u003C\u002Fh3>\n\u003Cp>Upgrade to Maspik Pro to unlock powerful additional features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>⭐ Advanced IP verification (10,000 checks\u002Fmonth)\u003C\u002Fli>\n\u003Cli>⭐ Custom spam dashboard for multiple sites – manage all spam settings from one place\u003C\u002Fli>\n\u003Cli>⭐ Country-based filtering – block spam by country or allow only specific countries\u003C\u002Fli>\n\u003Cli>⭐ Language-based filtering – block spam by language or allow only specific languages\u003C\u002Fli>\n\u003Cli>⭐ Settings import\u002Fexport\u003C\u002Fli>\n\u003Cli>⭐ Premium support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Learn more and get Maspik Pro at:\u003Cbr \u002F>\nhttps:\u002F\u002Fwpmaspik.com\u002F?readme-file\u003C\u002Fp>\n\u003Ch3>Important Note\u003C\u002Fh3>\n\u003Cp>Be cautious when selecting words to blacklist, as every website has different needs.\u003Cbr \u002F>\nFor example, if you are a digital marketing agency and blacklist the word “SEO”, you may lose some valid leads.\u003C\u002Fp>\n\u003Cp>The plugin is provided “as is” and the user assumes full responsibility for configuring and using it appropriately for their specific needs.\u003C\u002Fp>\n\u003Cp>Maspik is GDPR compliant.\u003C\u002Fp>\n\u003Ch3>Support & Community\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>🚀 \u003Ca href=\"https:\u002F\u002Fwpmaspik.com\u002Fdocumentation\u002Fgetting-started\u002F?readme-file\" rel=\"nofollow ugc\">Get Started guide\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>📚 \u003Ca href=\"https:\u002F\u002Fwpmaspik.com\u002Fdocumentation\u002F?readme-file\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>💬 \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fgroups\u002Fmaspik\" rel=\"nofollow ugc\">Community Forum\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>🐛 \u003Ca href=\"https:\u002F\u002Fwpmaspik.com\u002F#support?readme-file\" rel=\"nofollow ugc\">Report Issues\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>💡 \u003Ca href=\"https:\u002F\u002Fwpmaspik.com\u002F#support?readme-file\" rel=\"nofollow ugc\">Feature Requests\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>💰 \u003Ca href=\"https:\u002F\u002Fwpmaspik.com\u002Fget-maspik-pro-for-free-share-your-expertise\u002F?readme-file\" rel=\"nofollow ugc\">Receive Pro for free\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>💖 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fcontact-forms-anti-spam\u002Freviews\u002F#new-post\" rel=\"ugc\">Support us with a 5-star review\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>✨ \u003Ca href=\"https:\u002F\u002Fwpmaspik.com\u002F?readme-file\" rel=\"nofollow ugc\">WP Maspik Website\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🛡️ Spam Block Guarantee – for all users\u003C\u002Fh3>\n\u003Cp>We stand behind our protection. If spam is still getting through your forms, our team is here to help and guide you to block it.\u003C\u002Fp>\n\u003Ch3>Getting Help is Easy\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Join our \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fgroups\u002Fmaspik\" rel=\"nofollow ugc\">Community Forum\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Create a new post with:\n\u003Cul>\n\u003Cli>Your website URL and form page URL (optional)\u003C\u002Fli>\n\u003Cli>Description of the spam you are receiving\u003C\u002Fli>\n\u003Cli>Screenshot or text of sample spam submissions\u003C\u002Fli>\n\u003Cli>Your Maspik version\u003C\u002Fli>\n\u003Cli>Screenshot or export of your current Maspik settings\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Our team will guide you step-by-step to block the spam effectively.\u003C\u002Fp>\n","No more fake leads or unwanted submissions — Maspik blocks spam instantly across all forms without using CAPTCHA.",30000,837476,83,"2026-03-11T09:13:00.000Z","5.0","7.0",[86,19,106,21,22],"blacklist","https:\u002F\u002Fwpmaspik.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcontact-forms-anti-spam.2.7.2.zip",96,8,"2025-09-09 17:27:41",{"slug":113,"name":114,"version":115,"author":116,"author_profile":117,"description":118,"short_description":119,"active_installs":120,"downloaded":121,"rating":122,"num_ratings":123,"last_updated":124,"tested_up_to":65,"requires_at_least":125,"requires_php":16,"tags":126,"homepage":13,"download_link":129,"security_score":130,"vuln_count":131,"unpatched_count":11,"last_vuln_date":132,"fetched_at":53},"cf7-antispam","AntiSpam for Contact Form 7","0.7.4","Erik","https:\u002F\u002Fprofiles.wordpress.org\u002Fcodekraft\u002F","\u003Cp>Are you unsatisfied with your current antispam solution for Contact Form 7? It might be using an ineffective method to combat the specific type of bot attacks you’re facing. Fortunately, I have a solution for you!\u003Cbr \u002F>\nAntispam for Contact Form 7 is a simple yet highly effective plugin that protects your mailbox from bot flooding. Say goodbye to tedious configurations and captchas, which often lead to reduced conversions and inconvenience for genuine users. Our plugin utilizes a combination of on-page and off-page bot traps, along with an auto-learning mechanism powered by a statistical “Bayesian” spam filter called B8.\u003Cbr \u002F>\nCF7-AntiSpam seamlessly integrates with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fflamingo\u002F\" rel=\"ugc\">Flamingo\u003C\u002Fa> and enhances its functionality. When both plugins are installed, Flamingo gains additional controls, and an extra dashboard widget is enabled.\u003C\u002Fp>\n\u003Ch3>SETUP\u003C\u002Fh3>\n\u003Cp>Basic – Install and go! No configuration, keys, or registrations are required to activate the antispam protection. In this case, some protections, such as fingerprinting, language checks, and honeypots, will be enabled.\u003Cbr \u002F>\nAdvanced – For CF7A to properly analyze the email content using its dictionary, it needs to parse the input message field of your form. To notify the antispam to check this field, you’ll need to add a “marker” to each contact form on your website. Simply add ‘flamingo_message: “[your-message]”‘ in the additional settings panel of each contact form you want to secure. This process follows the same method used with Flamingo. While this step may seem tedious, it is required for advanced text statistical analysis. Without it, the B8 filter cannot be enabled.\u003Cbr \u002F>\nGeoIP – (Optional) If you need to restrict which countries or languages can email you, you can enable this functionality. To enable GeoIP, you’ll need to agree to the GeoLite2 End User License Agreement and sign up for GeoLite2 Downloadable Databases. This will provide you with the required key to download the database. For detailed instructions, please refer to the dedicated section in the cf7-antispam plugin settings.\u003C\u002Fp>\n\u003Ch3>Antispam Available Tests\u003C\u002Fh3>\n\u003Cp>✅ Browser Fingerprinting\u003Cbr \u002F>\n✅ Language checks (Geo-ip, http headers and browser)\u003Cbr \u002F>\n✅ Honeypot\u003Cbr \u002F>\n️🆕 Honeyform*\u003Cbr \u002F>\n✅ Domain Name System Blackhole List (aka DNSBL)\u003Cbr \u002F>\n✅ blocklists (with automatic ban after N failed attempts, user defined ip exclusion list)\u003Cbr \u002F>\n✅ Hidden fields with encrypted unique hash\u003Cbr \u002F>\n✅ Time elapsed (with min\u002Fmax values)\u003Cbr \u002F>\n✅ Prohibited words in message\u002Femail and user agent\u003Cbr \u002F>\n✅ B8 statistical “Bayesian” spam filter\u003Cbr \u002F>\n✅ Identity protection\u003Cbr \u002F>\n✅ Webmail protection\u003C\u002Fp>\n\u003Ch3>Extends Flamingo and turns it into a spam manager!\u003C\u002Fh3>\n\u003Cp>With this plugin, you can now review emails and train B8 to identify spam and legitimate messages. This feature proves useful, especially during the initial stages when some spam emails may slip through.\u003Cbr \u002F>\nAlready using Flamingo? Even better! Just remember to add ‘flamingo_message: “[your-message]”‘ to the advanced settings (similar to other Flamingo labels) before activating the plugin. Alternatively, you can explore the advanced options and select “rebuild dictionary.”\u003Cbr \u002F>\nUpon activating CF7A, all previously collected emails will be parsed, and B8 will learn and develop its vocabulary. This pre-trained algorithm gives you a head start. How cool is that?\u003Cbr \u002F>\nAdditional Notes:\u003Cbr \u002F>\n– A new column has been added to the right side of the Flamingo inbound page, displaying the level of spaminess for each email.\u003Cbr \u002F>\n– If you unban an email on the Flamingo “inbound” page, the corresponding IP will be removed from the blocklist. However, marking an email as spam will not blocklist the IP again.\u003Cbr \u002F>\n– Before activating this plugin, please make sure to mark all spam emails as spam in the Flamingo inbound section. This auto-training process will help the B8 algorithm.\u003Cbr \u002F>\n– If you receive a spam message, please avoid deleting it from the “ham” section. Instead, place it in the spam section to teach B8 how to differentiate between spam and legitimate messages.\u003C\u002Fp>\n\u003Ch3>B8 statistical “Bayesian” Filter\u003C\u002Fh3>\n\u003Cp>Originally created by \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FGary_Robinson\" rel=\"nofollow ugc\">Gary Robinson\u003C\u002Fa> \u003Ca href=\"https:\u002F\u002Fwww.linuxjournal.com\u002Farticle\u002F6467\" rel=\"nofollow ugc\">b8 is a statistical “Bayesian”\u003C\u002Fa> spam filter implemented in PHP.\u003Cbr \u002F>\nThe B8 filter is a foundational example of \u003Cstrong>Machine Learning (ML)\u003C\u002Fstrong> for text classification, representing an early, yet powerful, statistical approach in Natural Language Processing (NLP). This approach precedes feature-weighting methods like \u003Cstrong>TF-IDF\u003C\u002Fstrong>, which in turn paved the way for modern deep learning architectures, such as \u003Cstrong>Transformers\u003C\u002Fstrong> and \u003Cstrong>GPT\u003C\u002Fstrong>.\u003Cbr \u002F>\nThe filter tells you whether a text is spam or not, using statistical text analysis. What it does is: you give b8 a text and it returns a value between 0 and 1, saying it’s ham when it’s near 0 and saying it’s spam when it’s near 1. See \u003Ca href=\"https:\u002F\u002Fnasauber.de\u002Fopensource\u002Fb8\u002Freadme.html#how-does-it-work\" rel=\"nofollow ugc\">How does it work?\u003C\u002Fa> for details about this.\u003Cbr \u002F>\nTo be able to distinguish spam and ham (non-spam), b8 first has to learn some spam and some ham texts. If it makes mistakes when classifying unknown texts or the result is not distinct enough, b8 can be told what the text actually is, getting better with each learned text.\u003Cbr \u002F>\nThis takes place on your own server without relying on third-party services.\u003Cbr \u002F>\nMore info: \u003Ca href=\"https:\u002F\u002Fnasauber.de\u002Fopensource\u002Fb8\u002F\" rel=\"nofollow ugc\">nasauber.de\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Identity protection\u003C\u002Fh3>\n\u003Cp>To fully protect the forms, it may be necessary to enable a couple of additional controls, because bots use the public data of the website to spam on it.\u003Cbr \u002F>\n– The first is user related and denies those who are not logged in the possibility of asking (sensitive) information about the user via wp-api and the protection for the xmlrpc exploit wordpress.\u003Cbr \u002F>\n– The second one is the WordPress protection that will obfuscate sensitive WordPress and server data, adding some headers in order to enhance security against xss and so on.\u003Cbr \u002F>\nWill be hidden the WordPress and WooCommerce version (wp_generator, woo_version), pingback (X-Pingback), server (nginx|apache|…) and php version (X-Powered-By), enabled xss protection headers (X-XSS-Protection), removes rest api link from header (but it will only continue to work if the link is not made public).\u003C\u002Fp>\n\u003Ch3>Mailbox Protection (Multiple Send)\u003C\u002Fh3>\n\u003Cp>Enhance email security by enabling the “Multiple Send” feature, which prevents consecutive email submissions to the user’s mailbox. This measure is effective in thwarting automated spam attempts and ensures a secure communication environment.\u003C\u002Fp>\n\u003Ch3>Security & Privacy: A Local-First Approach\u003C\u002Fh3>\n\u003Cp>AntiSpam for Contact Form 7 is built with your security and privacy as the \u003Cstrong>top priority\u003C\u002Fstrong>. Unlike many modern anti-spam solutions that rely on external cloud services or third-party subscriptions, our plugin is designed to run \u003Cstrong>entirely on your own WordPress installation\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>100% Local Processing:\u003C\u002Fstrong> All anti-spam logic, checks, and data processing are performed directly on your server. \u003Cstrong>No data is ever sent to, or stored by, any external third-party service\u003C\u002Fstrong> (including ours).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Not a Software as a Service (SaaS):\u003C\u002Fstrong> This plugin is a standalone, self-contained software solution, not an interface to a paid or subscription-based external service. Once installed, it works autonomously.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced Security:\u003C\u002Fstrong> Since there is \u003Cstrong>no central server or external API endpoint\u003C\u002Fstrong> to communicate with, your website is immune to potential risks associated with centralized services, such as Single Point of Failure or data breach risks.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You retain complete control and ownership over the security of your Contact Form 7 submissions.\u003C\u002Fp>\n\u003Ch3>Privacy Notices\u003C\u002Fh3>\n\u003Cp>AntiSpam for Contact Form 7 only processes the IP but doesn’t store any personal data directly from the user input. However, it creates a dictionary of spam and ham (non-spam) words in the WordPress database.\u003Cbr \u002F>\nThis dictionary is built from words found in the submitted messages, meaning it \u003Cstrong>may contain words that were part of the user’s e-mail message or personal data\u003C\u002Fstrong>. This data is “degenerated,” which means the words might be normalized or altered before being stored.\u003Cbr \u002F>\nThe sole purpose of this word collecting is to build a dictionary used for local, decentralized spam detection.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Community support: via the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fcontact-form-7-antispam\u002F\" rel=\"ugc\">support forums\u003C\u002Fa> on wordpress.org\u003Cbr \u002F>\nBug reporting (preferred): file an issue on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ferikyo\u002Fcontact-form-7-antispam\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Contribute\u003C\u002Fh4>\n\u003Cp>We love your input! We want to make contributing to this project as easy and transparent as possible, whether it’s:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Reporting a bug\u003C\u002Fli>\n\u003Cli>Testing the plugin with different user agent and report fingerprinting failures\u003C\u002Fli>\n\u003Cli>Discussing the current state, features, improvements\u003C\u002Fli>\n\u003Cli>Submitting a fix or a new feature\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>We use GitHub to host code, to track issues and feature requests, as well as accept pull requests.\u003Cbr \u002F>\nBy contributing, you agree that your contributions will be licensed under its GPLv2 License.\u003C\u002Fp>\n\u003Cp>My goal is to create an antispam that protects cf7 definitively without relying on external services. And free for everyone.\u003Cbr \u002F>\nif you want to help me, \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ferikyo\u002Fcontact-form-7-antispam\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa> is the right place 😉\u003C\u002Fp>\n\u003Ch3>copyright\u003C\u002Fh3>\n\u003Cp>AntiSpam for Contact Form 7, Copyright 2021 Codekraft Studio\u003Cbr \u002F>\nAntiSpam for Contact Form 7 is distributed under the terms of the GNU GPL\u003C\u002Fp>\n\u003Cp>This program is free software: you can redistribute it and\u002For modify\u003Cbr \u002F>\nit under the terms of the GNU General Public License as published by\u003Cbr \u002F>\nthe Free Software Foundation, either version 3 of the License, or\u003Cbr \u002F>\n(at your option) any later version.\u003C\u002Fp>\n\u003Cp>This program is distributed in the hope that it will be useful,\u003Cbr \u002F>\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\u003Cbr \u002F>\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\u003Cbr \u002F>\nSee the LICENSE file for more details.\u003C\u002Fp>\n\u003Ch4>Resources\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Contact Form 7 and Flamingo © 2021 Takayuki Miyoshi,\u003Ca href=\"https:\u002F\u002Fit.wordpress.org\u002Fplugins\u002Fcontact-form-7\u002F\" rel=\"nofollow ugc\">LGPLv3 or later\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>B8 https:\u002F\u002Fnasauber.de\u002Fopensource\u002Fb8\u002F, © 2021 Tobias Leupold, \u003Ca href=\"https:\u002F\u002Fgitlab.com\u002Fl3u\u002Fb8\u002F-\u002Ftree\u002Fab26daa6b293e6aa059d24ce7cf77af6c8b9b052\u002FLICENSES\" rel=\"nofollow ugc\">LGPLv3 or later\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>GeoLite2 \u003Ca href=\"https:\u002F\u002Fwww.maxmind.com\u002Fen\u002Fgeolite2\u002Feula\" rel=\"nofollow ugc\">license\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>GeoIP2 PHP API \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmaxmind\u002FGeoIP2-php\" rel=\"nofollow ugc\">GeoIP2-php\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>chart.js https:\u002F\u002Fwww.chartjs.org\u002F, © 2021 Chart.js \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fchartjs\u002FChart.js\u002Fgraphs\u002Fcontributors\" rel=\"nofollow ugc\">contributors\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fchartjs\u002FChart.js\u002Fblob\u002Fmaster\u002FLICENSE.md\" rel=\"nofollow ugc\">MIT\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Sudden Shower in the Summer, Public domain, Wikimedia Commons https:\u002F\u002Fcommons.wikimedia.org\u002Fwiki\u002FFile:Sudden_Shower_in_the_Summer_(5759500422).jpg\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contibutions\u003C\u002Fh3>\n\u003Cp>Mirek Długosz – \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ferikyo\u002Fcf7-antispam\u002Fpull\u002F30\" rel=\"nofollow ugc\">#30\u003C\u002Fa> fixes a crash that occurred when analysing flamingo metadata\u003Cbr \u002F>\nMeliEve – \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwp-blocks\u002Fcf7-antispam\u002Fpull\u002F42\" rel=\"nofollow ugc\">#42\u003C\u002Fa> Fix “internal_server_error” when message is empty\u003Cbr \u002F>\nMeliEve – \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwp-blocks\u002Fcf7-antispam\u002Fpull\u002F61\" rel=\"nofollow ugc\">#61\u003C\u002Fa>  Handle deferrer script loading\u003Cbr \u002F>\nZodiac1978 – \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwp-blocks\u002Fcf7-antispam\u002Fpull\u002F67\" rel=\"nofollow ugc\">#67\u003C\u002Fa> Remove warning for unsafe email configuration w\u002Fo protection\u003Cbr \u002F>\nJohnHooks – \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwp-blocks\u002Fcf7-antispam\u002Fpull\u002F61\" rel=\"nofollow ugc\">#66\u003C\u002Fa> Readme + plugin env\u003Cbr \u002F>\nsdellenb – \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwp-blocks\u002Fcf7-antispam\u002Fpull\u002F163\" rel=\"nofollow ugc\">#66\u003C\u002Fa> Fix $reason parameter for calling cf7a_ban_by_ip\u003C\u002Fp>\n\u003Ch3>Special thanks\u003C\u002Fh3>\n\u003Cp>This project is tested with BrowserStack. \u003Ca href=\"https:\u002F\u002Fwww.browserstack.com\u002F\" rel=\"nofollow ugc\">Browserstack\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>MaxMind GeoIP2\u003C\u002Fh3>\n\u003Cp>This plugin on demand can enable GeoLite2 created by MaxMind, available from \u003Ca href=\"https:\u002F\u002Fwww.maxmind.com\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.maxmind.com\u003C\u002Fa>\u003Cbr \u002F>\nWhile enabled you may \u003Cstrong>have to mention it in the privacy policy\u003C\u002Fstrong> of your site, depending on the law regulating privacy in your state!\u003Cbr \u002F>\n* GeoIP2 databases \u003Ca href=\"https:\u002F\u002Fwww.maxmind.com\u002Fen\u002Faccounts\u002Fcurrent\u002Fgeoip\u002Fdownloads\" rel=\"nofollow ugc\">GeoLite2 Country\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>DNSBL servers privacy policies\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>dnsbl-1.uceprotect.net \u003Ca href=\"http:\u002F\u002Fwww.uceprotect.net\u002Fen\u002Findex.php?m=13&s=0\" rel=\"nofollow ugc\">www.uceprotect.net license\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>dnsbl-2.uceprotect.net \u003Ca href=\"http:\u002F\u002Fwww.uceprotect.net\u002Fen\u002Findex.php?m=13&s=0\" rel=\"nofollow ugc\">www.uceprotect.net license\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>dnsbl-3.uceprotect.net \u003Ca href=\"http:\u002F\u002Fwww.uceprotect.net\u002Fen\u002Findex.php?m=13&s=0\" rel=\"nofollow ugc\">www.uceprotect.net license\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>dnsbl.sorbs.net \u003Ca href=\"http:\u002F\u002Fwww.sorbs.net\u002Finformation\u002Ffaq\u002F\" rel=\"nofollow ugc\">sorbs.net license\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>zen.spamhaus.org \u003Ca href=\"https:\u002F\u002Fwww.spamhaus.org\u002Forganization\u002Fdnsblusage\u002F\" rel=\"nofollow ugc\">spamhaus.org license\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>bl.spamcop.net \u003Ca href=\"https:\u002F\u002Fwww.spamcop.net\u002Ffom-serve\u002Fcache\u002F297.html\" rel=\"nofollow ugc\">spamcop.net license\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>b.barracudacentral.org \u003Ca href=\"https:\u002F\u002Fwww.barracuda.com\u002Fcompany\u002Flegal\u002Ftrust-center\u002Fdata-privacy\u002Fprivacy-policy\" rel=\"nofollow ugc\">barracudacentral.org privacy-policy\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>dnsbl.dronebl.org \u003Ca href=\"https:\u002F\u002Fdronebl.org\u002Fdocs\u002Ffaq\" rel=\"nofollow ugc\">dronebl.org\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>all.spamrats.com \u003Ca href=\"https:\u002F\u002Fspamrats.com\u002Ftos.php\" rel=\"nofollow ugc\">spamrats.com tos\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>bl.ipv6.spameatingmonkey.net \u003Ca href=\"https:\u002F\u002Fspameatingmonkey.com\u002Ffaq\" rel=\"nofollow ugc\">spameatingmonkey.net\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Inspirations, links\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Nikolai Tschacher \u003Ca href=\"https:\u002F\u002Fincolumitas.com\u002Fpages\u002FBotOrNot\u002F\" rel=\"nofollow ugc\">incolumitas.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Antoine Vastel \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fantoinevastel\u002Ffpscanner\" rel=\"nofollow ugc\">fp-scanner\u003C\u002Fa>\u002F\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fantoinevastel\u002Ffp-collect\" rel=\"nofollow ugc\">fp-collect\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Niespodd \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fniespodd\u002Fbrowser-fingerprinting\" rel=\"nofollow ugc\">niespodd\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Thomas Breuss \u003Ca href=\"https:\u002F\u002Fgist.github.com\u002Ftbreuss\u002F74da96ff5f976ce770e6628badbd7dfc\" rel=\"nofollow ugc\">tbreuss\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Domain Name System-based blackhole list \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FDomain_Name_System-based_blackhole_list\" rel=\"nofollow ugc\">wiki\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>dnsbl list \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FComparison_of_DNS_blacklists\" rel=\"nofollow ugc\">wiki\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","A trustworthy antispam plugin for Contact Form 7. Wave goodbye to spam and keep your inbox clean!",10000,81497,84,12,"2026-01-30T21:39:00.000Z","6.2",[19,127,21,128],"geoip","security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcf7-antispam.0.7.4.zip",98,2,"2025-07-16 00:00:00",{"attackSurface":134,"codeSignals":194,"taintFlows":206,"riskAssessment":207,"analyzedAt":216},{"hooks":135,"ajaxHandlers":175,"restRoutes":190,"shortcodes":191,"cronEvents":192,"entryPointCount":193,"unprotectedCount":193},[136,142,146,149,153,157,161,164,167,172],{"type":137,"name":138,"callback":139,"file":140,"line":141},"action","wp_enqueue_scripts","spamscrubber_enqueue_frontend_styles","spamscrubber.php",68,{"type":137,"name":143,"callback":144,"file":140,"line":145},"admin_enqueue_scripts","spamscrubber_enqueue_admin_styles",77,{"type":137,"name":147,"callback":148,"file":140,"line":81},"admin_menu","spamscrubber_admin_menu",{"type":137,"name":150,"callback":151,"file":140,"line":152},"admin_init","spamscrubber_admin_register_settings",97,{"type":137,"name":154,"callback":155,"file":140,"line":156},"template_redirect","spamscrubber_template_redirect_buffer",260,{"type":137,"name":158,"callback":159,"file":140,"line":160},"init","spamscrubber_check_js_and_honeypot",306,{"type":137,"name":138,"callback":162,"file":140,"line":163},"spamscrubber_enqueue_frontend_script",339,{"type":137,"name":158,"callback":165,"file":140,"line":166},"spamscrubber_add_error_page_rewrite",407,{"type":168,"name":169,"callback":170,"file":140,"line":171},"filter","query_vars","spamscrubber_register_query_var",425,{"type":137,"name":154,"callback":173,"file":140,"line":174},"spamscrubber_display_blocked_page",431,[176,182,184,188],{"action":177,"nopriv":178,"callback":179,"hasNonce":180,"hasCapCheck":180,"file":140,"line":181},"spamscrubber_disabled_click",true,"spamscrubber_handle_disabled_click",false,380,{"action":177,"nopriv":180,"callback":179,"hasNonce":180,"hasCapCheck":180,"file":140,"line":183},381,{"action":185,"nopriv":178,"callback":186,"hasNonce":180,"hasCapCheck":180,"file":140,"line":187},"spamscrubber_early_submit","spamscrubber_handle_early_submit",393,{"action":185,"nopriv":180,"callback":186,"hasNonce":180,"hasCapCheck":180,"file":140,"line":189},394,[],[],[],4,{"dangerousFunctions":195,"sqlUsage":196,"outputEscaping":198,"fileOperations":11,"externalRequests":11,"nonceChecks":204,"capabilityChecks":11,"bundledLibraries":205},[],{"prepared":11,"raw":11,"locations":197},[],{"escaped":199,"rawEcho":31,"locations":200},42,[201],{"file":140,"line":202,"context":203},174,"raw output",3,[],[],{"summary":208,"deductions":209},"The spamscrubber plugin v1.0.0 exhibits a mixed security posture.  It demonstrates good practices in areas like SQL query handling and output escaping, with 100% of SQL queries using prepared statements and 98% of outputs properly escaped.  There is also a history of zero known vulnerabilities, suggesting responsible development and maintenance.  However, a significant concern lies in its attack surface. All four identified AJAX handlers lack authentication checks, presenting a direct pathway for unauthenticated users to trigger plugin functionality. The absence of any capability checks across the analyzed code further exacerbates this risk, meaning any user, regardless of their role, could potentially interact with these vulnerable AJAX endpoints.\n\nThe taint analysis did not reveal any critical or high-severity flows, which is a positive sign. However, the static analysis did flag a substantial number of unprotected entry points, specifically the AJAX handlers. Given the lack of any logged vulnerability history, it's difficult to definitively assess the long-term security trajectory of this plugin. Nonetheless, the presence of unprotected AJAX handlers is a tangible and immediate risk that requires attention. The plugin has strengths in its secure handling of sensitive operations like database queries and output, but its unprotected interaction points represent a clear vulnerability that could be exploited.",[210,213],{"reason":211,"points":212},"Unprotected AJAX handlers",20,{"reason":214,"points":215},"No capability checks on entry points",10,"2026-03-17T06:03:23.247Z",{"wat":218,"direct":227},{"assetPaths":219,"generatorPatterns":221,"scriptPaths":222,"versionParams":224},[220],"\u002Fwp-content\u002Fplugins\u002Fspamscrubber\u002Fassets\u002Fcss\u002Fspamscrubber.css",[],[223],"\u002Fwp-content\u002Fplugins\u002Fspamscrubber\u002Fassets\u002Fjs\u002Fspamscrubber.js",[225,226],"spamscrubber\u002Fassets\u002Fcss\u002Fspamscrubber.css?ver=","spamscrubber\u002Fassets\u002Fjs\u002Fspamscrubber.js?ver=",{"cssClasses":228,"htmlComments":231,"htmlAttributes":232,"restEndpoints":233,"jsGlobals":234,"shortcodeOutput":235},[229,230],"spamscrubber-disabled","spamscrubber-extra-wrap",[],[],[],[],[]]