WP-Safety

Bug reporting tool & Website feedback. Spotfix Security & Risk Analysis

wordpress.org/plugins/spotfix-content-review

Collect visitors’ feedback and suggestions directly on your website pages. Make bug reporting, spell checking, and grammar reviews easy.

0 active installs v1.0.4 PHP 7.2+ WP 5.0+ Updated Mar 18, 2026
buggrammarspell-checktypo
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Bug reporting tool & Website feedback. Spotfix Safe to Use in 2026?

Generally Safe

Score 100/100

Bug reporting tool & Website feedback. Spotfix has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "spotfix-content-review" plugin, version 1.0.4, presents a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and achieving a high percentage of properly escaped output. It also has no known historical vulnerabilities, which is a strong indicator of a well-maintained codebase. However, a significant concern arises from the attack surface. All three identified AJAX handlers lack authentication checks, making them potentially exploitable by unauthenticated users. While the plugin includes nonce checks and capability checks, their placement or effectiveness on these unprotected AJAX endpoints is not specified in the provided data, but their absence from an explicit 'auth check' is a critical oversight.

The taint analysis shows no identified unsanitized flows, which is a positive sign. The absence of dangerous functions, file operations, and shortcodes also contributes to a generally cleaner code profile. Despite the lack of historical vulnerabilities, the unprotected AJAX endpoints represent a tangible and immediate risk that requires attention. The plugin's strengths lie in its database and output handling, but its core interaction points with users are exposed.

Key Concerns

  • AJAX handlers without authentication checks
  • Multiple AJAX handlers without auth checks
Vulnerabilities
None known

Bug reporting tool & Website feedback. Spotfix Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Bug reporting tool & Website feedback. Spotfix Release Timeline

v1.0.4Current
v1.0.3
Code Analysis
Analyzed Mar 17, 2026

Bug reporting tool & Website feedback. Spotfix Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
3
38 escaped
Nonce Checks
3
Capability Checks
5
File Operations
0
External Requests
3
Bundled Libraries
0

Output Escaping

93% escaped41 total outputs
Attack Surface
3 unprotected

Bug reporting tool & Website feedback. Spotfix Attack Surface

Entry Points3
Unprotected3

AJAX Handlers 3

authwp_ajax_spotfix_check_statusincludes\class-spotfix.php:49
authwp_ajax_spotfix_create_accountincludes\class-spotfix.php:50
authwp_ajax_spotfix_configure_accountincludes\class-spotfix.php:51
WordPress Hooks 6
actionadmin_menuincludes\class-spotfix.php:45
actionadmin_initincludes\class-spotfix.php:46
actionadmin_enqueue_scriptsincludes\class-spotfix.php:47
actionadmin_enqueue_scriptsincludes\class-spotfix.php:48
filterplugin_row_metaincludes\class-spotfix.php:53
actionwp_enqueue_scriptsincludes\class-spotfix.php:62
Maintenance & Trust

Bug reporting tool & Website feedback. Spotfix Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 18, 2026
PHP min version7.2
Downloads279

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Bug reporting tool & Website feedback. Spotfix Alternatives

WProofreader spell & grammar check plugin for WordPress

WProofreader spell & grammar check plugin for WordPress

webspellchecker

A
100

WProofreader checks spelling, grammar, and style in real-time while editing in WordPress.

4K No CVEs
Orphans

Orphans

sierotki

A
100

Supports the grammar rule for orphan words at the end of a line.

40K No CVEs
WP Spell Check

WP Spell Check

wp-spell-check

A
96

Proofread & Audit your WordPress website with One Click! Find & fix the errors and build a professional image for your business.

2K 6 CVEs
Webmaster Spelling Notifications

Webmaster Spelling Notifications

gourl-spelling-notifications

A
85

Plugin allows site visitors to send reports to the webmaster/owner about any spelling or grammatical errors. Spelling checker on your website.

100 No CVEs
Perfect Tense – Spelling and Grammar Checker

Perfect Tense – Spelling and Grammar Checker

perfect-tense

A
85

Perfect Tense is an AI-powered, spelling and grammar corrector. Perfect Tense will automatically detect and fix mistakes, proofread entire blog posts, …

100 No CVEs
Developer Profile

Bug reporting tool & Website feedback. Spotfix Developer Profile

CleanTalk Inc

5 plugins · 230K total installs

73
trust score
Avg Security Score
92/100
Avg Patch Time
571 days
View full developer profile
Detection Fingerprints

How We Detect Bug reporting tool & Website feedback. Spotfix

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/spotfix-content-review/admin/css/spotfix-admin.css/wp-content/plugins/spotfix-content-review/admin/js/spotfix-admin.js
Version Parameters
spotfix-admin.css?ver=spotfix-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
spotfix-auto-setupspotfix-create-account-blockspotfix-create-accountspotfix-configure-account-blockspotfix-configure-accountspotfix-setup-messagespotfix-instructions-sectionspotfix-admin
Data Attributes
id="spotfix-create-account"id="spotfix-configure-account"id="spotfix-code"
JS Globals
spotfixAdmin
FAQ

Frequently Asked Questions about Bug reporting tool & Website feedback. Spotfix