[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f8cJAly89rsTUqC7nsb7yax7ZkUTuetHH3Ph6DV8Vd4A":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":138,"crawl_stats":38,"alternatives":146,"analysis":233,"fingerprints":638},"stop-spammer-registrations-plugin","Stop Spammers Classic","2026.3","Web Guy","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebguyio\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwebguyio\u002Fdam-spam\u002Fissues\" rel=\"nofollow ugc\">💬 Ask Question\u003C\u002Fa> | \u003Ca href=\"mailto:webguywork@gmail.com\" rel=\"nofollow ugc\">📧 Email Me\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>A simplified, restored, and preserved version of the original Stop Spammers plugin.\u003C\u002Fp>\n\u003Cp>🥪 \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsponsors\u002Fwebguyio\" rel=\"nofollow ugc\">Buy Me a Sandwich\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Development for Stop Spammers has slowed down; I recommend switching to \u003Ca href=\"https:\u002F\u002Fdamspam.com\u002F\" rel=\"nofollow ugc\">Dam Spam\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>🧐 \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwebguyio\u002Fdam-spam\u002Fissues\u002F8\" rel=\"nofollow ugc\">Why, What Happened?\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>However, rest-assured that if you can’t migrate to Dam Spam, I’ll still continue making sure that Stop Spammers is safe, stable, and supported.\u003C\u002Fp>\n\u003Cp>🛟 \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwebguyio\u002Fdam-spam\u002Fissues\" rel=\"nofollow ugc\">Get Support\u003C\u002Fa>\u003C\u002Fp>\n","A simplified, restored, and preserved version of the original Stop Spammers plugin.",30000,2585698,88,243,"2026-02-24T20:20:00.000Z","6.9.4","3.0","5.0",[20,21,22,23,24],"anti-spam","no-spam","security","spam","spam-protection","https:\u002F\u002Fdamspam.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstop-spammer-registrations-plugin.zip",89,8,0,"2026-01-27 00:00:00","2026-03-15T15:16:48.613Z",[33,49,63,75,90,99,114,127],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2025-14795","stop-spammers-classic-cross-site-request-forgery-via-email-allowlist","Stop Spammers Classic \u003C= 2026.1 - Cross-Site Request Forgery via Email Allowlist","The Stop Spammers Classic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2026.1. This is due to missing nonce validation in the ss_addtoallowlist class. This makes it possible for unauthenticated attackers to add arbitrary email addresses to the spam allowlist via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. The vulnerability was partially patched in version 2026.1.",null,"\u003C=2026.1","2026.2","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2026-01-28 13:26:16",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5d6f38d7-a769-422d-ae3f-565cb1cc8a73?source=api-prod",2,{"id":50,"url_slug":51,"title":52,"description":53,"plugin_slug":4,"theme_slug":38,"affected_versions":54,"patched_in_version":55,"severity":41,"cvss_score":56,"cvss_vector":57,"vuln_type":44,"published_date":58,"updated_date":59,"references":60,"days_to_patch":62},"CVE-2025-2935","anti-spam-spam-protection-block-spam-users-comments-forms-cross-site-request-forgery-to-multiple-administrative-actions","Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms \u003C= 2024.7 - Cross-Site Request Forgery to Multiple Administrative Actions","The Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2024.7. This is due to missing or incorrect nonce validation in the 'ss_option_maint.php' and 'ss_user_filter_list' files. This makes it possible for unauthenticated attackers to delete pending comments, and re-enable a previously blocked user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","\u003C=2024.7","2025",5.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:L\u002FI:L\u002FA:N","2025-06-05 17:43:52","2025-10-17 19:44:27",[61],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Faefb192a-ed42-44a9-bbd1-5906909a419c?source=api-prod",134,{"id":64,"url_slug":65,"title":66,"description":67,"plugin_slug":4,"theme_slug":38,"affected_versions":68,"patched_in_version":69,"severity":41,"cvss_score":56,"cvss_vector":70,"vuln_type":44,"published_date":71,"updated_date":72,"references":73,"days_to_patch":13},"CVE-2023-7065","stop-spammers-security-block-spam-users-comments-forms-cross-site-request-forgery-csrf-via-sfsprocess","Stop Spammers Security | Block Spam Users, Comments, Forms \u003C= 2024.4 - Cross-Site Request Forgery (CSRF) via sfs_process","The Stop Spammers Security | Block Spam Users, Comments, Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2024.4. This is due to missing or incorrect nonce validation on the sfs_process AJAX action. This makes it possible for unauthenticated attackers to add arbitrary IPs to the plugin's allowlist and blocklist via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","\u003C=2024.4","2024.5","CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:L","2024-05-03 00:00:00","2024-07-29 21:35:56",[74],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F1998cadb-2eb3-4819-aa7c-59e4f777c7f8?source=api-prod",{"id":76,"url_slug":77,"title":78,"description":79,"plugin_slug":4,"theme_slug":38,"affected_versions":80,"patched_in_version":81,"severity":41,"cvss_score":82,"cvss_vector":83,"vuln_type":84,"published_date":85,"updated_date":86,"references":87,"days_to_patch":89},"CVE-2023-2488","stop-spammers-security-reflected-cross-site-scripting","Stop Spammers Security \u003C= 2022.6 - Reflected Cross-Site Scripting","The Stop Spammers Security plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in versions up to, and including, 2022.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=2022.6","2023",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2023-05-15 00:00:00","2024-01-22 19:56:02",[88],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F889cb1d5-7f5c-4904-9b5f-cc8a505eb65c?source=api-prod",253,{"id":91,"url_slug":92,"title":93,"description":94,"plugin_slug":4,"theme_slug":38,"affected_versions":80,"patched_in_version":81,"severity":41,"cvss_score":95,"cvss_vector":96,"vuln_type":84,"published_date":85,"updated_date":86,"references":97,"days_to_patch":89},"CVE-2023-2489","stop-spammers-security-authenticated-admin-stored-cross-site-scripting-2","Stop Spammers Security \u003C= 2022.6 - Authenticated (Admin+) Stored Cross-Site Scripting","The Stop Spammers Security plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2022.6  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N",[98],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc83df43e-286d-4695-9c37-bee2870fd3b5?source=api-prod",{"id":100,"url_slug":101,"title":102,"description":103,"plugin_slug":4,"theme_slug":38,"affected_versions":104,"patched_in_version":105,"severity":106,"cvss_score":107,"cvss_vector":108,"vuln_type":109,"published_date":110,"updated_date":86,"references":111,"days_to_patch":113},"CVE-2022-4120","stop-spammers-security-unauthenticated-php-object-injection","Stop Spammers Security \u003C= 2022.5 - Unauthenticated PHP Object Injection","The Stop Spammers Security plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2022.5 via deserialization of untrusted input when issuing a CPATCHA challenge. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. Note: The official PHP recommendation is not to pass untrusted input to unserialize even if the allowed_classes option is set to false.","\u003C=2022.5","2022.6","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Deserialization of Untrusted Data","2022-12-05 00:00:00",[112],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F6065ad75-1685-4f1d-9ba9-d4c8ec840521?source=api-prod",414,{"id":115,"url_slug":116,"title":117,"description":118,"plugin_slug":4,"theme_slug":38,"affected_versions":119,"patched_in_version":120,"severity":41,"cvss_score":121,"cvss_vector":122,"vuln_type":84,"published_date":123,"updated_date":86,"references":124,"days_to_patch":126},"CVE-2021-24517","stop-spammers-security-authenticated-admin-stored-cross-site-scripting","Stop Spammers Security \u003C= 2021.17 - Authenticated (Admin+) Stored Cross-Site Scripting","The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2021.18 does not escape some of its settings, allowing high privilege users such as admin to set Cross-Site Scripting payloads in them even when the unfiltered_html capability is disallowed","\u003C2021.18","2021.18",4.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2021-08-09 00:00:00",[125],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F1bf805fc-4b27-47c4-b24e-79158cffaac4?source=api-prod",897,{"id":128,"url_slug":129,"title":130,"description":131,"plugin_slug":4,"theme_slug":38,"affected_versions":132,"patched_in_version":133,"severity":41,"cvss_score":82,"cvss_vector":83,"vuln_type":84,"published_date":134,"updated_date":86,"references":135,"days_to_patch":137},"CVE-2021-24245","stop-spammers-reflected-cross-site-scripting","Stop Spammers \u003C= 2021.8 - Reflected Cross-Site Scripting","The Stop Spammers WordPress plugin before 2021.9 did not escape user input when blocking requests (such as matching a spam word), outputting it in an attribute after sanitising it to remove HTML tags, which is not sufficient and lead to a reflected Cross-Site Scripting issue.","\u003C2021.9","2021.9","2021-04-08 00:00:00",[136],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F2598ae85-5e91-47e6-b3f5-0d977fe80dd5?source=api-prod",1020,{"slug":139,"display_name":7,"profile_url":8,"plugin_count":140,"total_installs":141,"avg_security_score":142,"avg_patch_time_days":143,"trust_score":144,"computed_at":145},"webguyio",30,52370,100,629,79,"2026-04-04T02:45:48.572Z",[147,164,184,201,218],{"slug":148,"name":149,"version":150,"author":7,"author_profile":8,"description":151,"short_description":152,"active_installs":153,"downloaded":154,"rating":155,"num_ratings":156,"last_updated":157,"tested_up_to":16,"requires_at_least":158,"requires_php":158,"tags":159,"homepage":25,"download_link":160,"security_score":161,"vuln_count":162,"unpatched_count":29,"last_vuln_date":163,"fetched_at":31},"dam-spam","Dam Spam","1.1.3","\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwebguyio\u002Fdam-spam\u002Fissues\" rel=\"nofollow ugc\">💬 Ask Question\u003C\u002Fa> | \u003Ca href=\"mailto:webguywork@gmail.com\" rel=\"nofollow ugc\">📧 Email Me\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Dam Spam is a comprehensive spam protection plugin that blocks spam registrations, login attempts, comments, and contact form submissions. It provides multiple layers of protection including IP blocking, email validation, CAPTCHA challenges, and integration with third-party spam detection services.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>How it Works\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Dam Spam runs a series of configurable checks on registrations, logins, comments, and form submissions. When a submission is flagged as potentially suspicious, you can choose to block it outright or present a CAPTCHA challenge. Legitimate users are cached to speed up future submissions, while known spam sources are permanently blocked.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Multiple Protection Layers\u003C\u002Fstrong> – Block spam using IP lists, disposable email detection, and behavioral analysis\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CAPTCHA Support\u003C\u002Fstrong> – Integrate with Google reCAPTCHA or hCaptcha to challenge suspicious submissions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Third-Party API Integration\u003C\u002Fstrong> – Connect with Akismet, Stop Forum Spam, BotScout, and other spam detection services\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Challenges\u003C\u002Fstrong> – Present challenges only to suspicious users while allowing legitimate users through\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Allow and Block Lists\u003C\u002Fstrong> – Maintain custom lists of allowed and blocked IPs, emails, and user IDs\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smart Caching\u003C\u002Fstrong> – Cache known good and bad IPs to improve performance and reduce API calls\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Comprehensive Logging\u003C\u002Fstrong> – Track all blocked attempts and approved submissions for review\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Login\u002FRegistration Forms\u003C\u002Fstrong> – Optional custom forms with built-in spam protection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User Management\u003C\u002Fstrong> – Identify and manage inactive or suspicious user accounts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Configuration\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>After installation, go to the Dam Spam settings in your WordPress admin to:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Enable the protection types you need (registration, login, comments, contact forms)\u003C\u002Fli>\n\u003Cli>Choose which spam detection methods to use (IP checks, email validation, third-party APIs)\u003C\u002Fli>\n\u003Cli>Configure CAPTCHA settings if desired\u003C\u002Fli>\n\u003Cli>Set up allow and block lists for your specific needs\u003C\u002Fli>\n\u003Cli>Review logs to fine-tune your protection settings\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Differences from Stop Spammers\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Dam Spam is a fork of \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fstop-spammer-registrations-plugin\u002F\" rel=\"ugc\">Stop Spammers\u003C\u002Fa>. While the core spam protection functionality remains similar, Dam Spam’s file and code structure has been significantly cleaned up and modernized.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Addon Support\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Dam Spam supports custom spam checks via addons. Create a separate plugin with this structure:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php\n\u002F*\nPlugin Name: Dam Spam Addon Example\nDescription: Custom spam check addon for Dam Spam\nVersion: 1.0\n*\u002F\n\nadd_filter( 'dam_spam_addons_block', function( $addons ) {\n    $addons[] = array( __FILE__, 'My_Spam_Check' );\n    return $addons;\n} );\n\nclass My_Spam_Check {\n    public function process( $ip, &$stats, &$options, &$post ) {\n        if ( $ip === '123.45.67.89' ) {\n            return 'Blocked by custom check';\n        }\n        return false;\n    }\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cul>\n\u003Cli>Hook into \u003Ccode>dam_spam_addons_block\u003C\u002Fcode> or \u003Ccode>dam_spam_addons_allow\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Return an array with your file path and class name\u003C\u002Fli>\n\u003Cli>Create a class with a \u003Ccode>process()\u003C\u002Fcode> method\u003C\u002Fli>\n\u003Cli>For \u003Ccode>dam_spam_addons_block\u003C\u002Fcode>: return \u003Ccode>false\u003C\u002Fcode> to continue checking, or a string to block\u003C\u002Fli>\n\u003Cli>For \u003Ccode>dam_spam_addons_allow\u003C\u002Fcode>: return \u003Ccode>false\u003C\u002Fcode> to continue checking, or a string to approve\u003C\u002Fli>\n\u003Cli>Test using Dam Spam > Testing (spam checks don’t run when logged in)\u003C\u002Fli>\n\u003C\u002Ful>\n","Comprehensive spam protection for WordPress registration, login, comments, and contact forms.",1000,7382,86,4,"2026-03-07T03:55:00.000Z","",[20,21,22,23,24],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdam-spam.zip",99,1,"2026-02-17 19:02:21",{"slug":165,"name":166,"version":167,"author":168,"author_profile":169,"description":170,"short_description":171,"active_installs":153,"downloaded":172,"rating":173,"num_ratings":174,"last_updated":175,"tested_up_to":176,"requires_at_least":177,"requires_php":178,"tags":179,"homepage":182,"download_link":183,"security_score":142,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"universal-honey-pot","Universal Honey Pot","6.0.0","Ludwig You","https:\u002F\u002Fprofiles.wordpress.org\u002Fludwigyou\u002F","\u003Cp>Universal Honey Pot is a powerful and user-friendly WordPress plugin that provides a plug-and-play solution for protecting your forms against unwanted spam. It automatically adds honey pots to all supported form plugins, such as Contact Form 7, Formidable Forms, Forminator, Elementor Pro, Divi and WPforms. With Universal Honey Pot, you can safeguard your WordPress site from spam without any manual configuration.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easy to use: Simply install and activate the plugin, and it will start adding honey pots to supported form plugins.\u003C\u002Fli>\n\u003Cli>Plug-and-play: No manual configuration required. Universal Honey Pot seamlessly integrates with compatible form plugins.\u003C\u002Fli>\n\u003Cli>Wide compatibility: Supports popular form plugins like Contact Form 7, Formidable Forms, Forminator, Elementor Pro, Divi and WPforms, with more to be added in future updates.\u003C\u002Fli>\n\u003Cli>Effective spam protection: Honey pots act as a hidden trap for spambots, reducing the amount of unwanted submissions.\u003C\u002Fli>\n\u003Cli>Lightweight and optimized: Universal Honey Pot is designed to be resource-friendly and ensures smooth performance on your website.\u003C\u002Fli>\n\u003Cli>Behavioral Spam Filter (Beta): This new feature uses behavioral analysis to detect and block spam submissions. It is currently in beta testing and will be improved in future updates.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Supported Form Plugins\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Contact Form 7\u003C\u002Fli>\n\u003Cli>Elementor Pro\u003C\u002Fli>\n\u003Cli>Formidable Forms\u003C\u002Fli>\n\u003Cli>Forminator\u003C\u002Fli>\n\u003Cli>Divi\u003C\u002Fli>\n\u003Cli>WPforms\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Coming Soon\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Fluent Form\u003C\u002Fli>\n\u003Cli>Jetpack\u003C\u002Fli>\n\u003Cli>Gravity Forms\u003C\u002Fli>\n\u003Cli>Everest Forms\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Other plugin by Webdeclic\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwebdeclic.com\" rel=\"nofollow ugc\">Webdeclic\u003C\u002Fa> is a French web agency based in Paris. We are specialized in the creation of websites and e-commerce sites. We are also the creator of the following plugins:\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmentions-legales-par-webdeclic\u002F\" rel=\"ugc\">Mentions Legales Par Webdeclic\u003C\u002Fa>\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcookie-dough-compliance-and-consent-for-gdpr\u002F\" rel=\"ugc\">Cookie Dough Compliance and Consent for GDPR\u003C\u002Fa>\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fquickwebp\u002F\" rel=\"ugc\">QuickWebP – Compress \u002F Optimize Images & Convert WebP | SEO Friendly\u003C\u002Fa>\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsearch\u002Fwebdeclic\u002F\" rel=\"ugc\">Show all plugins on WordPress.org\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Support us\u003C\u002Fh3>\n\u003Cp>⭐️ If you like this plugin, please give us a 5 star rating on WordPress.org. This will motivate us to develop new features and write other plugins. ⭐️\u003C\u002Fp>\n\u003Cp>☕️ If you want buy me a coffee, you can do it here : \u003Ca href=\"https:\u002F\u002Fbmc.link\u002Fludwig\" rel=\"nofollow ugc\">Buy me a coffee\u003C\u002Fa> ☕️\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GNU General Public License v2 or later. For more details, see http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For any support requests or inquiries, please visit the plugin’s WordPress.org support forum: Plugin Support Forum.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Developed by \u003Ca href=\"https:\u002F\u002Fwebdeclic.com\" rel=\"nofollow ugc\">Webdeclic\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Universal Honey Pot is a powerful and user-friendly WordPress plugin that provides a plug-and-play solution for protecting your forms against unwanted &hellip;",9151,74,3,"2025-10-08T11:56:00.000Z","6.8.5","4.0.0","7.4",[20,180,181,22,24],"forms","honey-pot","https:\u002F\u002Fwebdeclic.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Funiversal-honey-pot.6.0.0.zip",{"slug":185,"name":186,"version":187,"author":188,"author_profile":189,"description":190,"short_description":191,"active_installs":192,"downloaded":193,"rating":142,"num_ratings":162,"last_updated":194,"tested_up_to":176,"requires_at_least":18,"requires_php":158,"tags":195,"homepage":199,"download_link":200,"security_score":142,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"automatic-break-iframes","SpamShieldX","1.2","Alireza Nejati","https:\u002F\u002Fprofiles.wordpress.org\u002Falireza-nejati\u002F","\u003Cp>SpamShieldX is the ultimate solution for protecting your WordPress website from spam and iframe abuse. Our plugin blocks malicious iframes and prevents unwanted spam sources, keeping your site secure and optimized.\u003C\u002Fp>\n\u003Cp>Whether you’re a blogger, website owner, or developer, SpamShieldX is the perfect tool to enhance your site’s security and performance. Our plugin is lightweight, easy to configure, and seamlessly integrates into your WordPress site.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Block iframe abuse\u003C\u002Fli>\n\u003Cli>Prevent spam from harmful sources\u003C\u002Fli>\n\u003Cli>Protect your content and improve security\u003C\u002Fli>\n\u003Cli>Easy to use and setup\u003C\u002Fli>\n\u003Cli>Regular updates for maximum security\u003C\u002Fli>\n\u003C\u002Ful>\n","SpamShieldX is the ultimate solution for protecting your WordPress website from spam and iframe abuse. Our plugin blocks malicious iframes and prevent &hellip;",10,2276,"2025-04-28T07:01:00.000Z",[20,196,24,197,198],"iframe-blocker","website-security","wordpress-firewall","http:\u002F\u002Fazarsys.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fautomatic-break-iframes.1.2.zip",{"slug":202,"name":203,"version":204,"author":205,"author_profile":206,"description":207,"short_description":208,"active_installs":29,"downloaded":209,"rating":29,"num_ratings":29,"last_updated":210,"tested_up_to":16,"requires_at_least":211,"requires_php":212,"tags":213,"homepage":158,"download_link":217,"security_score":142,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"mathematical-captcha-applier","Mathematical Captcha Applier","1.0","samiur6688","https:\u002F\u002Fprofiles.wordpress.org\u002Fsamiur6688\u002F","\u003Cp>\u003Cstrong>Mathematical Captcha Applier\u003C\u002Fstrong> is a lightweight WordPress plugin that lets you easily apply a simple math-based captcha to form submit buttons on your website by specifying their CSS selector. Just provide a specific button’s CSS selector, and the plugin will display a captcha prompt before the action is completed. This could help to prevent spam and unwanted bot activity.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Add a mathematical captcha to form submit buttons (\u003Ccode>\u003Cinput type=\"submit\">\u003C\u002Fcode> or \u003Ccode>\u003Cbutton type=\"submit\">\u003C\u002Fcode>) by specifying their CSS selector (ID or class).\u003Cbr \u002F>\n– Attempts to protect forms from automated submissions.\u003Cbr \u002F>\n– No external dependencies — lightweight and fast.\u003Cbr \u002F>\n– Simple configuration via the WordPress dashboard.\u003Cbr \u002F>\n– If JavaScript is disabled, this plugin will hide the selected buttons.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>How It Works:\u003C\u002Fstrong>\u003Cbr \u002F>\nWhen a user clicks the protected button, a small popup will appear asking them to solve a basic math problem (e.g., \u003Ccode>5 + 3 = ?\u003C\u002Fcode>). If answered correctly, the action will proceed.\u003C\u002Fp>\n\u003Cp>If JavaScript is disabled in the browser, the plugin hides the selected submit button.\u003C\u002Fp>\n","Apply a simple mathematical captcha to specific buttons by providing their CSS class or ID to prevent spamming.",217,"2026-01-03T08:37:00.000Z","5.6","7.2",[20,214,215,216,24],"captcha","form-security","math-captcha","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmathematical-captcha-applier.1.0.zip",{"slug":219,"name":220,"version":221,"author":222,"author_profile":223,"description":224,"short_description":225,"active_installs":29,"downloaded":226,"rating":29,"num_ratings":29,"last_updated":227,"tested_up_to":16,"requires_at_least":228,"requires_php":178,"tags":229,"homepage":158,"download_link":232,"security_score":142,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"tiny-comment-spam-blocker","Tiny Comment Spam Blocker","1.4.0","Kasuga","https:\u002F\u002Fprofiles.wordpress.org\u002Fkasuga16\u002F","\u003Cp>Tiny Comment Spam Blocker is a lightweight yet powerful plugin designed to protect your WordPress comments from spam. It employs five different techniques to detect and block unwanted comments:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>Nonce Verification\u003C\u002Fstrong> – Ensures that the comment form submission is genuine.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Submission Time Check\u003C\u002Fstrong> – Blocks comments submitted too quickly to prevent bots.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Honeypot Field\u003C\u002Fstrong> – Hidden field that traps automated spam bots.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User Agent Validation\u003C\u002Fstrong> – Detects suspicious User-Agent strings and blocks them.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Forbidden Word Filtering\u003C\u002Fstrong> – Blocks submissions containing words or phrases from a configurable list within the \u003Cstrong>comment body, email address, or IP address.\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>JavaScript-Based Human Interaction Detection\u003C\u002Fstrong> – Sets a verification token when mouse movement, scrolling, or touch interaction is detected.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>(Option) Block Non-Japanese Comments\u003C\u002Fstrong> – Blocks comments that do not contain Japanese characters (Hiragana, Katakana, or Han\u002FKanji), primarily targeting machine-translated or foreign spam.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>These filters are applied in order: if a comment passes the first check, it proceeds to the second, and so on, until all checks are applied or the comment is blocked.\u003C\u002Fp>\n\u003Cp>Additional features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Option to log detected spam in a local log file (up to 1.0 MB).\u003C\u002Fli>\n\u003Cli>Optional email notifications when spam is detected.\u003C\u002Fli>\n\u003Cli>Easy settings page in the WordPress admin panel.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Settings\u003C\u002Fh3>\n\u003Cp>The plugin provides the following settings in the WordPress admin panel:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Enable Spam Protection\u003C\u002Fstrong> – Toggle the spam protection on or off. When disabled, all anti-spam checks are skipped.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Save Spam Detection Log\u003C\u002Fstrong> – Enable or disable logging of detected spam. Logs are saved in a local file up to 1.0 MB within the WordPress uploads directory.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Notification Email Address\u003C\u002Fstrong> – Enter an email address to receive notifications when spam is detected. Leave blank to disable email notifications.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Minimum Submission Time (seconds)\u003C\u002Fstrong> – Set the minimum allowed time between loading the comment form and submitting a comment. Comments submitted faster than this threshold are considered spam.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Forbidden Words List\u003C\u002Fstrong> – Enter one forbidden word, phrase, or IP address per line. Submissions containing these entries in the comment body, \u003Cstrong>email address\u003C\u002Fstrong>, or \u003Cstrong>IP address\u003C\u002Fstrong> will be blocked. \u003Cstrong>Case is insensitive.\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>\u003Cstrong>Example:\u003C\u002Fstrong>\u003Cbr \u002F>\nviagra\u003Cbr \u002F>\nonline pharmacy\u003Cbr \u002F>\nspam@email.com\u003Cbr \u002F>\n164.138.205.72\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Block No Japanese Comments\u003C\u002Fstrong> – If enabled, this becomes the final check: Comments that contain Japanese characters (Hiragana, Katakana, or Kanji) will be automatically accepted after passing other security checks. \u003Cstrong>Comments without Japanese characters will be blocked.\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Arbitrary Section\u003C\u002Fh3>\n\u003Cp>This plugin is designed to be lightweight and fast, ensuring minimal impact on site performance while providing robust protection against comment spam.\u003C\u002Fp>\n","A simple and lightweight yet rock-solid plugin that blocks comment spam using multiple automatic detection methods.",411,"2026-01-30T09:21:00.000Z","6.3",[20,230,231,22,24],"comments","honeypot","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftiny-comment-spam-blocker.1.4.0.zip",{"attackSurface":234,"codeSignals":394,"taintFlows":415,"riskAssessment":624,"analyzedAt":637},{"hooks":235,"ajaxHandlers":380,"restRoutes":391,"shortcodes":392,"cronEvents":393,"entryPointCount":48,"unprotectedCount":29},[236,242,247,251,255,258,261,264,268,272,276,281,286,290,292,295,298,301,305,308,311,315,319,323,327,331,335,338,342,345,348,350,353,356,360,364,368,372,376],{"type":237,"name":238,"callback":239,"file":240,"line":241},"action","mu_rightnow_end","ss_sp_rightnow","includes\\ss-admin-options.php",16,{"type":243,"name":244,"callback":245,"priority":192,"file":240,"line":246},"filter","plugin_row_meta","ss_sp_plugin_action_links",18,{"type":243,"name":248,"callback":249,"file":240,"line":250},"wpmu_users_columns","ss_sfs_ip_column_head",19,{"type":237,"name":252,"callback":253,"file":240,"line":254},"admin_menu","ss_admin_menu",21,{"type":237,"name":256,"callback":239,"file":240,"line":257},"rightnow_end",22,{"type":243,"name":259,"callback":249,"file":240,"line":260},"manage_users_columns",24,{"type":237,"name":262,"callback":253,"file":240,"line":263},"network_admin_menu",27,{"type":243,"name":265,"callback":266,"priority":162,"file":240,"line":267},"comment_row_actions","ss_row",29,{"type":237,"name":269,"callback":270,"priority":192,"file":240,"line":271},"manage_users_custom_column","ss_sfs_ip_column",37,{"type":237,"name":273,"callback":274,"file":240,"line":275},"admin_enqueue_scripts","sfs_handle_ajax",45,{"type":237,"name":277,"callback":278,"file":279,"line":280},"admin_init","ss_migrate_wlist_email","includes\\stop-spam-utils.php",175,{"type":237,"name":282,"callback":283,"file":284,"line":285},"admin_print_styles","ss_styles","stop-spammer-registrations-new.php",51,{"type":237,"name":287,"callback":288,"file":284,"line":289},"admin_notices","ss_admin_notice",64,{"type":237,"name":277,"callback":291,"file":284,"line":173},"ss_notice_dismissed",{"type":237,"name":287,"callback":293,"file":284,"line":294},"ss_wc_admin_notice",85,{"type":237,"name":277,"callback":296,"file":284,"line":297},"ss_wc_notice_dismissed",96,{"type":237,"name":299,"callback":300,"priority":29,"file":284,"line":161},"init","ss_init",{"type":243,"name":302,"callback":303,"priority":29,"file":284,"line":304},"ss_addons_allow","ss_addons_d",102,{"type":243,"name":306,"callback":303,"priority":29,"file":284,"line":307},"ss_addons_block",103,{"type":243,"name":309,"callback":303,"priority":29,"file":284,"line":310},"ss_addons_get",104,{"type":243,"name":312,"callback":313,"priority":162,"file":284,"line":314},"pre_user_login","ss_user_reg_filter",137,{"type":237,"name":316,"callback":317,"file":284,"line":318},"akismet_spam_caught","ss_log_akismet",150,{"type":237,"name":320,"callback":321,"file":284,"line":322},"user_register","ss_new_user_ip",183,{"type":237,"name":324,"callback":325,"priority":192,"file":284,"line":326},"wp_login","ss_log_user_ip",184,{"type":237,"name":328,"callback":329,"file":284,"line":330},"template_redirect","ss_check_404s",258,{"type":237,"name":332,"callback":333,"priority":192,"file":284,"line":334},"ss_stop_spam_caught","ss_caught_action",259,{"type":237,"name":336,"callback":336,"priority":192,"file":284,"line":337},"ss_stop_spam_ok",260,{"type":237,"name":339,"callback":340,"file":284,"line":341},"login_form","ss_add_captcha",265,{"type":237,"name":343,"callback":340,"file":284,"line":344},"register_form",268,{"type":237,"name":346,"callback":340,"file":284,"line":347},"comment_form_after_fields",271,{"type":237,"name":299,"callback":299,"file":284,"line":349},728,{"type":243,"name":259,"callback":351,"file":284,"line":352},"users_columns",731,{"type":237,"name":269,"callback":354,"priority":192,"file":284,"line":355},"users_custom_column",732,{"type":243,"name":357,"callback":358,"file":284,"line":359},"manage_users_sortable_columns","users_sortable_columns",733,{"type":243,"name":361,"callback":362,"file":284,"line":363},"request","users_orderby_column",734,{"type":237,"name":365,"callback":366,"file":284,"line":367},"wp","ss_login_redirect",842,{"type":243,"name":369,"callback":370,"priority":161,"file":284,"line":371},"authenticate","ss_login_captcha_verify",1001,{"type":243,"name":373,"callback":374,"priority":192,"file":284,"line":375},"registration_errors","ss_registration_captcha_verify",1014,{"type":243,"name":377,"callback":378,"priority":161,"file":284,"line":379},"pre_comment_approved","ss_comment_captcha_verify",1027,[381,387],{"action":382,"nopriv":383,"callback":384,"hasNonce":385,"hasCapCheck":383,"file":240,"line":386},"sfs_sub",false,"sfs_handle_ajax_sub",true,32,{"action":388,"nopriv":383,"callback":389,"hasNonce":385,"hasCapCheck":383,"file":240,"line":390},"sfs_process","sfs_handle_ajax_sfs_process",36,[],[],[],{"dangerousFunctions":395,"sqlUsage":407,"outputEscaping":409,"fileOperations":28,"externalRequests":412,"nonceChecks":140,"capabilityChecks":413,"bundledLibraries":414},[396,401,403,405],{"fn":397,"file":398,"line":399,"context":400},"unserialize","classes\\ss_challenge.php",101,"$_POST = unserialize( base64_decode( $kp ), ['allowed_classes' => false] );",{"fn":397,"file":398,"line":402,"context":400},133,{"fn":397,"file":398,"line":404,"context":400},196,{"fn":397,"file":398,"line":406,"context":400},220,{"prepared":192,"raw":29,"locations":408},[],{"escaped":410,"rawEcho":29,"locations":411},424,[],5,13,[],[416,441,452,460,471,480,490,501,512,522,539,557,567,584,595,606,616],{"entryPoint":417,"graph":418,"unsanitizedCount":48,"severity":41},"sfs_handle_ajax_sfs_process_watch (includes\\ss-admin-options.php:403)",{"nodes":419,"edges":438},[420,425,431,435],{"id":421,"type":422,"label":423,"file":240,"line":424},"n0","source","$_POST (x4)",415,{"id":426,"type":427,"label":428,"file":240,"line":429,"wp_function":430},"n1","sink","echo() [XSS]",487,"echo",{"id":432,"type":422,"label":433,"file":240,"line":434},"n2","$_POST (x2)",418,{"id":436,"type":427,"label":428,"file":240,"line":437,"wp_function":430},"n3",501,[439,440],{"from":421,"to":426,"sanitized":385},{"from":432,"to":436,"sanitized":383},{"entryPoint":442,"graph":443,"unsanitizedCount":29,"severity":451},"process (classes\\ss_challenge.php:10)",{"nodes":444,"edges":449},[445,447],{"id":421,"type":422,"label":423,"file":398,"line":446},57,{"id":426,"type":427,"label":448,"file":398,"line":399,"wp_function":397},"unserialize() [Object Injection]",[450],{"from":421,"to":426,"sanitized":385},"low",{"entryPoint":453,"graph":454,"unsanitizedCount":29,"severity":451},"\u003Css_challenge> (classes\\ss_challenge.php:0)",{"nodes":455,"edges":458},[456,457],{"id":421,"type":422,"label":423,"file":398,"line":446},{"id":426,"type":427,"label":448,"file":398,"line":399,"wp_function":397},[459],{"from":421,"to":426,"sanitized":385},{"entryPoint":461,"graph":462,"unsanitizedCount":29,"severity":451},"sfs_handle_ajax_sub (includes\\ss-admin-options.php:202)",{"nodes":463,"edges":469},[464,467],{"id":421,"type":422,"label":465,"file":240,"line":466},"$_POST",223,{"id":426,"type":427,"label":428,"file":240,"line":468,"wp_function":430},247,[470],{"from":421,"to":426,"sanitized":385},{"entryPoint":472,"graph":473,"unsanitizedCount":29,"severity":451},"\u003Css-admin-options> (includes\\ss-admin-options.php:0)",{"nodes":474,"edges":478},[475,477],{"id":421,"type":422,"label":476,"file":240,"line":466},"$_POST (x7)",{"id":426,"type":427,"label":428,"file":240,"line":468,"wp_function":430},[479],{"from":421,"to":426,"sanitized":385},{"entryPoint":481,"graph":482,"unsanitizedCount":29,"severity":451},"\u003Css_allowlist_settings> (settings\\ss_allowlist_settings.php:0)",{"nodes":483,"edges":488},[484,487],{"id":421,"type":422,"label":485,"file":486,"line":140},"$_POST (x3)","settings\\ss_allowlist_settings.php",{"id":426,"type":427,"label":428,"file":486,"line":297,"wp_function":430},[489],{"from":421,"to":426,"sanitized":385},{"entryPoint":491,"graph":492,"unsanitizedCount":29,"severity":451},"\u003Css_blocklist_settings> (settings\\ss_blocklist_settings.php:0)",{"nodes":493,"edges":499},[494,497],{"id":421,"type":422,"label":495,"file":496,"line":250},"$_POST (x5)","settings\\ss_blocklist_settings.php",{"id":426,"type":427,"label":428,"file":496,"line":498,"wp_function":430},98,[500],{"from":421,"to":426,"sanitized":385},{"entryPoint":502,"graph":503,"unsanitizedCount":29,"severity":451},"\u003Css_cache> (settings\\ss_cache.php:0)",{"nodes":504,"edges":510},[505,508],{"id":421,"type":422,"label":433,"file":506,"line":507},"settings\\ss_cache.php",43,{"id":426,"type":427,"label":428,"file":506,"line":509,"wp_function":430},80,[511],{"from":421,"to":426,"sanitized":385},{"entryPoint":513,"graph":514,"unsanitizedCount":29,"severity":451},"\u003Css_challenge> (settings\\ss_challenge.php:0)",{"nodes":515,"edges":520},[516,518],{"id":421,"type":422,"label":423,"file":517,"line":254},"settings\\ss_challenge.php",{"id":426,"type":427,"label":428,"file":517,"line":519,"wp_function":430},142,[521],{"from":421,"to":426,"sanitized":385},{"entryPoint":523,"graph":524,"unsanitizedCount":29,"severity":451},"\u003Css_diagnostics> (settings\\ss_diagnostics.php:0)",{"nodes":525,"edges":536},[526,530,532,534],{"id":421,"type":422,"label":527,"file":528,"line":529},"$_POST (x9)","settings\\ss_diagnostics.php",40,{"id":426,"type":427,"label":428,"file":528,"line":531,"wp_function":430},75,{"id":432,"type":422,"label":533,"file":528,"line":267},"$_SERVER",{"id":436,"type":427,"label":428,"file":528,"line":535,"wp_function":430},76,[537,538],{"from":421,"to":426,"sanitized":385},{"from":432,"to":436,"sanitized":385},{"entryPoint":540,"graph":541,"unsanitizedCount":29,"severity":451},"\u003Css_network> (settings\\ss_network.php:0)",{"nodes":542,"edges":554},[543,546,550,552],{"id":421,"type":422,"label":465,"file":544,"line":545},"settings\\ss_network.php",33,{"id":426,"type":427,"label":547,"file":544,"line":548,"wp_function":549},"update_option() [Settings Manipulation]",41,"update_option",{"id":432,"type":422,"label":465,"file":544,"line":551},28,{"id":436,"type":427,"label":428,"file":544,"line":553,"wp_function":430},50,[555,556],{"from":421,"to":426,"sanitized":385},{"from":432,"to":436,"sanitized":385},{"entryPoint":558,"graph":559,"unsanitizedCount":29,"severity":451},"\u003Css_options> (settings\\ss_options.php:0)",{"nodes":560,"edges":565},[561,563],{"id":421,"type":422,"label":433,"file":562,"line":257},"settings\\ss_options.php",{"id":426,"type":427,"label":428,"file":562,"line":564,"wp_function":430},250,[566],{"from":421,"to":426,"sanitized":385},{"entryPoint":568,"graph":569,"unsanitizedCount":29,"severity":451},"\u003Css_reports> (settings\\ss_reports.php:0)",{"nodes":570,"edges":581},[571,574,576,579],{"id":421,"type":422,"label":433,"file":572,"line":573},"settings\\ss_reports.php",35,{"id":426,"type":427,"label":428,"file":572,"line":575,"wp_function":430},82,{"id":432,"type":422,"label":577,"file":572,"line":578},"$_SERVER (x3)",31,{"id":436,"type":427,"label":428,"file":572,"line":580,"wp_function":430},153,[582,583],{"from":421,"to":426,"sanitized":385},{"from":432,"to":436,"sanitized":385},{"entryPoint":585,"graph":586,"unsanitizedCount":29,"severity":451},"\u003Css_summary> (settings\\ss_summary.php:0)",{"nodes":587,"edges":593},[588,591],{"id":421,"type":422,"label":465,"file":589,"line":590},"settings\\ss_summary.php",219,{"id":426,"type":427,"label":428,"file":589,"line":592,"wp_function":430},337,[594],{"from":421,"to":426,"sanitized":385},{"entryPoint":596,"graph":597,"unsanitizedCount":29,"severity":451},"\u003Css_webservices_settings> (settings\\ss_webservices_settings.php:0)",{"nodes":598,"edges":604},[599,602],{"id":421,"type":422,"label":600,"file":601,"line":250},"$_POST (x8)","settings\\ss_webservices_settings.php",{"id":426,"type":427,"label":428,"file":601,"line":603,"wp_function":430},93,[605],{"from":421,"to":426,"sanitized":385},{"entryPoint":607,"graph":608,"unsanitizedCount":29,"severity":451},"ss_admin_notice (stop-spammer-registrations-new.php:54)",{"nodes":609,"edges":614},[610,612],{"id":421,"type":422,"label":533,"file":284,"line":611},58,{"id":426,"type":427,"label":428,"file":284,"line":613,"wp_function":430},61,[615],{"from":421,"to":426,"sanitized":385},{"entryPoint":617,"graph":618,"unsanitizedCount":29,"severity":451},"\u003Cstop-spammer-registrations-new> (stop-spammer-registrations-new.php:0)",{"nodes":619,"edges":622},[620,621],{"id":421,"type":422,"label":533,"file":284,"line":611},{"id":426,"type":427,"label":428,"file":284,"line":613,"wp_function":430},[623],{"from":421,"to":426,"sanitized":385},{"summary":625,"deductions":626},"The \"stop-spammer-registrations-plugin\" v2026.3 exhibits a mixed security posture. On the positive side, the plugin demonstrates good development practices with 100% of SQL queries using prepared statements and all output properly escaped. It also has a substantial number of nonce and capability checks, indicating an awareness of common WordPress security mechanisms. The static analysis reveals a small attack surface with all entry points protected by authentication checks.\n\nHowever, significant concerns arise from the vulnerability history. The plugin has a history of 8 known CVEs, including one critical and seven medium severity vulnerabilities. This suggests recurring security weaknesses within the plugin's codebase. The common vulnerability types (CSRF, Deserialization, XSS) indicate potential issues with input validation and handling of user-supplied data, despite the taint analysis showing only one flow with unsanitized paths. The presence of the `unserialize` function, while not flagged as critical in the taint analysis for this version, is a known risk factor for deserialization vulnerabilities, especially if coupled with untrusted data sources.\n\nIn conclusion, while the current version's static analysis shows improved secure coding practices in terms of SQL and output handling, the plugin's past vulnerability landscape is a major red flag. The history of critical and medium severity vulnerabilities, particularly those related to deserialization, necessitates a cautious approach. Users should be aware that despite the current analysis, past patterns of exploitable flaws may persist or be reintroduced in future updates.",[627,630,633,635],{"reason":628,"points":629},"History of critical CVEs",15,{"reason":631,"points":632},"History of medium CVEs",7,{"reason":634,"points":412},"Presence of dangerous function (unserialize)",{"reason":636,"points":28},"Flow with unsanitized paths","2026-03-16T17:24:03.192Z",{"wat":639,"direct":646},{"assetPaths":640,"generatorPatterns":642,"scriptPaths":643,"versionParams":644},[641],"\u002Fwp-content\u002Fplugins\u002Fstop-spammer-registrations-plugin\u002Fcss\u002Fadmin.css",[],[],[645],"stop-spammer-registrations-plugin\u002Fcss\u002Fadmin.css?ver=",{"cssClasses":647,"htmlComments":651,"htmlAttributes":652,"restEndpoints":654,"jsGlobals":655,"shortcodeOutput":660},[648,649,650],"notice","notice-warning","notice-info",[],[653],"data-ss-message",[],[656,657,658,659],"SS_VERSION","SS_PLUGIN_URL","SS_PLUGIN_FILE","SS_MU",[]]