[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fDVhuifS7fRqqc2ukLEKkgw-cb6C17jlIVmawTjCJHmg":3,"$fSD7aWfi8v0Wed6V_1UTsI-mTEDNJ8YsigyFmumTEOBI":289,"$f95pLE1taSOOninbcxDW4kvSjyM8FdTMshk_JqKWw8jk":293},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":31,"crawl_stats":27,"alternatives":37,"analysis":134,"fingerprints":257},"sz-comment-filter","Sz Comment Filter","1.1.2","SzMake","https:\u002F\u002Fprofiles.wordpress.org\u002Fszmake\u002F","\u003Cp>In English:\u003C\u002Fp>\n\u003Cp>No spam in comments. blocked by Invisible internal token-code with ajax.\u003C\u002Fp>\n\u003Cp>This plugin blocks 100% of spam messages in the author of the environment.\u003C\u002Fp>\n\u003Cp>It blocks spam without using the CAPTCHA input-field.\u003C\u002Fp>\n\u003Cp>There is no modification of display the comment form.\u003C\u002Fp>\n\u003Cp>(but the commnet which is posted by spammers manually via browser is not blocked by this plugin)\u003C\u002Fp>\n\u003Cp>In Japanese:\u003C\u002Fp>\n\u003Cp>このプラグインはコメント投稿時にAjaxを使ってスパムロボットによる投稿コメントか判別し自動でブロックするプラグインです。\u003C\u002Fp>\n\u003Cp>作者の環境では、今のところこのプラグインで100％スパムBOT投稿がブロックできています。\u003C\u002Fp>\n\u003Cp>一般的なスパム対策としてAkismetプラグインがありますがブロックされるのは９割程度で100%は止まりませんでした。\u003C\u002Fp>\n\u003Cp>別の方法としてCAPTCHA系のプラグインを使いBot対策する手段もありますが、こちらはほぼ100%スパムBotからの投稿はブロックされますがユーザーに煩わしい確認文字入力に毎回協力してもらう必要がありました。 このプラグインでは、見えない入力欄を用意してコメント投稿時にjavascriptでCAPTCHA入力に変わる固有の確認トークン入力処理をで行うことでスパムBotからの投稿をブロックします。\u003C\u002Fp>\n\u003Cp>利用ユーザーのコメントフォームの見え方は変わりません。\u003C\u002Fp>\n\u003Cp>(残念ながらこのプラグインではブラウザを介した手入力によるスパム投稿はブロックできません)\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwp.szmake.net\u002Fsz-comment-filtter\u002F\" title=\"Documentation in Japanese\" rel=\"nofollow ugc\">日本語の詳細説明ページはこちら\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Translators\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Japanese (ja)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contact\u003C\u002Fh3>\n\u003Cp>email to contact[at]szmake.net\u003Cbr \u002F>\ntwitter @sxmtz\u003C\u002Fp>\n","No spam in comments. blocked by Invisible internal token-code with ajax.This is not used CAPTCHA.",10,1556,0,"2015-03-26T15:38:00.000Z","4.1.42","3.0","",[19,20,21,22,23],"comment","comment-spam","comments","spam","spammer","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsz-comment-filter\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsz-comment-filter.1.1.2.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"szmake",1,30,84,"2026-05-20T00:51:28.431Z",[38,57,72,96,116],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":55,"download_link":56,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"anti-spam-reloaded","Anti-spam Reloaded","6.5","kudlav","https:\u002F\u002Fprofiles.wordpress.org\u002Fkudlav\u002F","\u003Cp>This is fork of successful Anti-spam plugin v5.5 written by webvitalii, for more info visit \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fkudlav\u002Fanti-spam\u002F\" rel=\"nofollow ugc\">GitHub Fork\u003C\u002Fa>.\u003Cbr \u002F>\nFrom version 5.6 maintained by kudlav.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fkudlav\u002Fanti-spam\u002F\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Anti-spam Reloaded plugin blocks 100% of automatic spam messages in comments section and also blocks all trackbacks.No captcha required.\u003C\u002Fp>\n\u003Cp>Plugin is simple and easy to use: just install it and it just works.\u003C\u002Fp>\n\u003Cp>Blocked comments can be stored in the Spam area and converted to regular comments if needed.\u003C\u002Fp>\n\u003Cp>Anti-spam Reloaded plugin is GDPR compliant and does not store any other user data except of the behaviour mentioned above.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Plugin blocks spam only in comments section.\u003C\u002Fstrong>.\u003Cbr \u002F>\nPlugin does not block manual spam (submitted by spammers manually via browser).\u003C\u002Fp>\n\u003Ch3>Compatibility\u003C\u002Fh3>\n\u003Cp>All modern browsers and IE11+ are supported.\u003Cbr \u002F>\nAnti-spam Reloaded plugin works with disabled JavaScript. Users with disabled JavaScript should manually fill current year before submitting the comment.\u003C\u002Fp>\n\u003Cp>Server compatibility:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress 3.3 – 6.5\u003C\u002Fli>\n\u003Cli>PHP 5.6 – 8.2\u003C\u002Fli>\n\u003Cli>Doesn’t use jQuery\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Plugin is incompatible with:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disqus\u003C\u002Fli>\n\u003Cli>Jetpack Comments\u003C\u002Fli>\n\u003Cli>AJAX Comment Form\u003C\u002Fli>\n\u003Cli>bbPress\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If site has caching plugin enabled and cache is not cleared or if theme does not use ‘comment_form’ action\u003Cbr \u002F>\nand there is no plugin inputs in comments form – plugin tries to add hidden fields automatically using JavaScript.\u003C\u002Fp>\n\u003Ch3>How does it work?\u003C\u002Fh3>\n\u003Cp>The blocking algorithm is based on 2 methods: ‘invisible js-captcha’ and ‘invisible input trap’ (aka honeypot technique).\u003C\u002Fp>\n\u003Ch4>‘invisible js-captcha’\u003C\u002Fh4>\n\u003Cp>The ‘invisible js-captcha’ method is based on fact that bots does not have JavaScript on their user-agents.\u003Cbr \u002F>\nExtra hidden field is added to comments form.\u003Cbr \u002F>\nIt is the question about the current year.\u003Cbr \u002F>\nIf the user visits site, than this field is answered automatically with JavaScript, is hidden by JavaScript and CSS and invisible for the user.\u003Cbr \u002F>\nIf the spammer will fill year-field incorrectly – the comment will be blocked because it is spam.\u003C\u002Fp>\n\u003Ch4>‘invisible input trap’\u003C\u002Fh4>\n\u003Cp>The ‘invisible input trap’ method is based on fact that almost all the bots will fill inputs with name ’email’ or ‘url’.\u003Cbr \u002F>\nExtra hidden field is added to comments form.\u003Cbr \u002F>\nThis field is hidden for the user and user will not fill it.\u003Cbr \u002F>\nBut this field is visible for the spammer.\u003Cbr \u002F>\nIf the spammer will fill this trap-field with anything – the comment will be blocked because it is spam.\u003C\u002Fp>\n","No spam in comments. No captcha.",2000,14984,100,14,"2024-05-03T21:07:00.000Z","6.5.8","3.3","5.6",[19,20,21,22,23],"http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fanti-spam-reloaded\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fanti-spam-reloaded.6.5.zip",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":45,"active_installs":13,"downloaded":64,"rating":13,"num_ratings":13,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":17,"tags":68,"homepage":69,"download_link":70,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":71},"fortify","Fortify","1.0","webvitaly","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebvitaly\u002F","\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"http:\u002F\u002Fweb-profile.net\u002Fwordpress\u002Fplugins\u002Ffortify\u002F\" title=\"Plugin page\" rel=\"nofollow ugc\">Fortify\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"http:\u002F\u002Fweb-profile.net\u002Fdonate\u002F\" title=\"Support the development\" rel=\"nofollow ugc\">Donate\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwebvitalii\u002Ffortify\" title=\"Fork\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Fortify plugin blocks automatic spam in comments section. No captcha.\u003C\u002Fp>\n\u003Cp>Plugin is easy to use: just install it and it just works.\u003C\u002Fp>\n\u003Cp>Blocked comments can be stored in the Spam area if needed. This can be enabled\u002Fdisabled via Settings page. This is useful for testing and debug purpose. Blocked spam comments can be easily converted to regular comments if needed.\u003C\u002Fp>\n\u003Cp>Fortify plugin is GDPR compliant and does not store any other user data except of the behavior mentioned above.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Plugin blocks spam only in comments section\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>After installing the Fortify plugin \u003Cstrong>try to submit a comment on your site being logged out\u003C\u002Fstrong>.\u003Cbr \u002F>\nIf you get an error – you may check the solution in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Ffortify\" rel=\"ugc\">Support section\u003C\u002Fa> or submit a new topic with detailed description of your problem.\u003C\u002Fp>\n",1227,"2021-12-19T20:52:00.000Z","5.8.13","5.0",[19,20,21,22,23],"http:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffortify\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffortify.1.0.zip","2026-03-15T15:16:48.613Z",{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":80,"downloaded":81,"rating":82,"num_ratings":83,"last_updated":84,"tested_up_to":85,"requires_at_least":86,"requires_php":53,"tags":87,"homepage":93,"download_link":94,"security_score":95,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"stop-media-comment-spamming","Stop Media Comment Spamming","1.8.3","DeveloperWil","https:\u002F\u002Fprofiles.wordpress.org\u002Fdeveloperwil\u002F","\u003Cp>If you find your media file attachments are being targeted by spam comments then here is the solution for you.\u003C\u002Fp>\n\u003Cp>Stop Media Comment Spamming removes the ability for visitors to comment on media attachments.  It does \u003Cem>not\u003C\u002Fem> remove commenting from any other part of your WordPress installation.\u003C\u002Fp>\n\u003Cp>Visitors will still be able to comment on your posts and pages.\u003C\u002Fp>\n\u003Cp>\u003Cem>Why would you need this plugin?\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>WordPress natively allows comments to be left on any file in the Media Library.\u003C\u002Fp>\n\u003Cp>Unfortunately spammers can target this and quickly leave horrible and unrelated comments on your site.\u003C\u002Fp>\n\u003Cp>WordPress provides no way in Admin Dashboard to disable this feature.\u003C\u002Fp>\n\u003Cp>Some of the spam seems to get through popular spam filtering plugins.\u003C\u002Fp>\n\u003Cp>You still want to allow visitors to comments on your posts and pages.\u003C\u002Fp>\n\u003Cp>If only there was a plugin that allowed you to stop visitors leaving comments on media files.\u003C\u002Fp>\n\u003Cp>Ta da!  Here’s one.\u003C\u002Fp>\n\u003Ch4>Plugin Page\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fzeropointdevelopment.com\u002Fstopping-wordpress-media-attachment-comment-spamming\u002F\" title=\"Stop Media Commpent Spamming WordPress Plugin\" rel=\"nofollow ugc\">Stop Media Comment Spamming\u003C\u002Fa>\u003C\u002Fp>\n","Stops media comment spamming by removing the ability to comment on attachments.",800,17975,60,6,"2024-07-04T01:36:00.000Z","6.6.5","5.2",[88,89,90,91,92],"remove-attachment-comments","remove-media-comments","stop-comment-spam","stop-media-comment-spam","stop-media-comments","https:\u002F\u002Fzeropointdevelopment.com\u002Fstopping-wordpress-media-attachment-comment-spamming\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstop-media-comment-spamming.1.8.3.zip",92,{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":48,"num_ratings":106,"last_updated":107,"tested_up_to":108,"requires_at_least":109,"requires_php":110,"tags":111,"homepage":114,"download_link":115,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"lh-zero-spam","LH Zero Spam","1.13","shawfactor","https:\u002F\u002Fprofiles.wordpress.org\u002Fshawfactor\u002F","\u003Cp>\u003Cstrong>Why should your users prove that they’re humans by filling out captchas? Let bots prove they’re not bots with the \u003Ca href=\"http:\u002F\u002Flhero.org\u002Fplugins\u002Flh-zero-spam\u002F\" rel=\"nofollow ugc\">LH Zero Spam plugin\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>LH Zero Spam blocks registration spam and spam in comments automatically without any config or setup. Zero Spam was initially built based on the work by \u003Ca href=\"http:\u002F\u002Fdavidwalsh.name\u002Fwordpress-comment-spam\" rel=\"nofollow ugc\">David Walsh\u003C\u002Fa>, but enhanced with simpler code base and unobtrusive JavaScript.\u003C\u002Fp>\n\u003Cp>Major features in LH Zero Spam include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>No captcha\u003C\u002Fstrong>, because spam is not users’ problem\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No moderation queues\u003C\u002Fstrong>, because spam is not administrators’ problem\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Blocks spam registrations & comments\u003C\u002Fstrong> with the use of JavaScript\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Blocks buddypress spam registrations\u003C\u002Fstrong> with the use of JavaScript\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Blocks woocommerce spam orders\u003C\u002Fstrong> with the use of JavaScript\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Like this plugin? Please consider \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Flh-zero-spam\u002F\" rel=\"ugc\">leaving a 5-star review\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Love this plugin or want to help the LocalHero Project? Please consider \u003Ca href=\"https:\u002F\u002Flhero.org\u002Fportfolio\u002Flh-zero-spam\u002F\" rel=\"nofollow ugc\">making a donation\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n","Zero Spam makes blocking spam comments and registrations easy.",200,7664,3,"2022-10-14T04:12:00.000Z","6.0.11","4.0","7.0",[112,113,20,21,22],"anti-spam","antispam","https:\u002F\u002Flhero.org\u002Fportfolio\u002Flh-zero-spam\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flh-zero-spam.zip",{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":124,"downloaded":125,"rating":82,"num_ratings":33,"last_updated":126,"tested_up_to":51,"requires_at_least":127,"requires_php":17,"tags":128,"homepage":132,"download_link":133,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"squelch-unspam","Squelch Unspam","1.5.1","Matt Lowe","https:\u002F\u002Fprofiles.wordpress.org\u002Fsquelch\u002F","\u003Cp>Unspam by Squelch Design is the simplest \u003Ca href=\"http:\u002F\u002Fsquelchdesign.com\u002Fwordpress-plugin-squelch-unspam\u002F\" rel=\"nofollow ugc\">WordPress anti-spam plugin\u003C\u002Fa> you can find for \u003Cstrong>reducing your comment spam\u003C\u002Fstrong> problem. Once installed there’s nothing\u003Cbr \u002F>\nto configure, and nothing changes to your visitors: No captcha or silly games. Once installed\u003Cbr \u002F>\nthe plugin will simply randomize the names of the fields in the comments form on your blog and reject comments that are sent to the\u003Cbr \u002F>\nstandard WordPress field names, or where bots have blindly submitted data to the honeypot fields.\u003C\u002Fp>\n\u003Cp>What this means for spammers is that they have to do quite a lot more work to send spam to your website. It may also make sending\u003Cbr \u002F>\nspam to your website unreliable as changes to your theme may upset their spam submission tools. Or they may have to resort to using\u003Cbr \u002F>\nhumans to send spam to your website (not much I can do about that I’m afraid) which will cost them more money.\u003C\u002Fp>\n\u003Cp>Currently implemented:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Names of fields are randomized every night at 12:00,\u003C\u002Fli>\n\u003Cli>Submissions to the standard WordPress field names are automatically deleted,\u003C\u002Fli>\n\u003Cli>Honeypot fields added to comments form,\u003C\u002Fli>\n\u003Cli>WooCommerce support.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Additional (planned) features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Contact Form 7 integration\u003C\u002Fli>\n\u003Cli>Statistical collection,\u003C\u002Fli>\n\u003Cli>Automated blocking of persistent IPs,\u003C\u002Fli>\n\u003Cli>Opt-in centralized collection of comment spam and statistics for additional research.\u003C\u002Fli>\n\u003C\u002Ful>\n","Unspam makes it harder for spammers to automatedly send spam to your blog by changing the names of the fields in the comment forms.",50,3899,"2024-04-10T11:08:00.000Z","4.4",[129,21,130,22,131],"comment-spam-filter","filter","spam-filter","http:\u002F\u002Fsquelchdesign.com\u002Fwordpress-plugin-squelch-unspam\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsquelch-unspam.1.5.1.zip",{"attackSurface":135,"codeSignals":195,"taintFlows":241,"riskAssessment":242,"analyzedAt":256},{"hooks":136,"ajaxHandlers":182,"restRoutes":191,"shortcodes":192,"cronEvents":193,"entryPointCount":194,"unprotectedCount":194},[137,143,147,151,154,158,162,167,170,174,178],{"type":138,"name":139,"callback":140,"file":141,"line":142},"action","init","szmcf_init","sz-comment-filter.php",35,{"type":138,"name":144,"callback":145,"file":141,"line":146},"wp_enqueue_scripts","szmcf_enqueue_script",66,{"type":138,"name":148,"callback":149,"file":141,"line":150},"comment_form_after_fields","szmcf_form_customizer",106,{"type":138,"name":152,"callback":149,"file":141,"line":153},"comment_form_logged_in_after",107,{"type":138,"name":155,"callback":156,"priority":33,"file":141,"line":157},"wp_head","szmcf_add_my_ajaxurl",120,{"type":130,"name":159,"callback":160,"priority":33,"file":141,"line":161},"preprocess_comment","szmcf_chk_comment",213,{"type":138,"name":163,"callback":164,"file":165,"line":166},"admin_enqueue_scripts","szmcf_admin_enqueue_scripts","szmcf-admin.php",25,{"type":138,"name":168,"callback":169,"file":165,"line":153},"admin_notices","szmcf_admin_notice",{"type":130,"name":171,"callback":172,"file":165,"line":173},"screen_layout_columns","szmcf_display_screen_option",143,{"type":138,"name":175,"callback":176,"file":165,"line":177},"admin_head","szmcf_register_screen_option",145,{"type":138,"name":179,"callback":180,"file":165,"line":181},"admin_init","szmcf_update_screen_option",165,[183,188],{"action":184,"nopriv":185,"callback":186,"hasNonce":185,"hasCapCheck":185,"file":141,"line":187},"szmcf_currentkey",false,"szmcf_ajax_currentkey",128,{"action":184,"nopriv":189,"callback":186,"hasNonce":185,"hasCapCheck":185,"file":141,"line":190},true,129,[],[],[],2,{"dangerousFunctions":196,"sqlUsage":204,"outputEscaping":206,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":240},[197,202],{"fn":198,"file":199,"line":200,"context":201},"unserialize","szmcf-functions.php",134,"$ret_array[$idx]=unserialize($szmcf_data[$keyname]);",{"fn":198,"file":199,"line":203,"context":201},148,{"prepared":13,"raw":13,"locations":205},[],{"escaped":207,"rawEcho":208,"locations":209},7,16,[210,213,214,216,218,220,222,224,226,227,229,231,232,234,236,238],{"file":141,"line":211,"context":212},86,"raw output",{"file":141,"line":48,"context":212},{"file":141,"line":215,"context":212},116,{"file":141,"line":217,"context":212},124,{"file":165,"line":219,"context":212},53,{"file":165,"line":221,"context":212},56,{"file":165,"line":223,"context":212},65,{"file":165,"line":225,"context":212},74,{"file":165,"line":225,"context":212},{"file":165,"line":228,"context":212},75,{"file":165,"line":230,"context":212},76,{"file":165,"line":230,"context":212},{"file":165,"line":233,"context":212},77,{"file":165,"line":235,"context":212},89,{"file":165,"line":237,"context":212},90,{"file":165,"line":239,"context":212},132,[],[],{"summary":243,"deductions":244},"The \"sz-comment-filter\" plugin version 1.1.2 exhibits significant security concerns, primarily stemming from its unprotected AJAX endpoints and the presence of dangerous functions. The analysis reveals two AJAX handlers, both lacking authentication checks, which presents a substantial attack surface.  Furthermore, the `unserialize` function is used twice, indicating a potential for deserialization vulnerabilities if user-controlled data is passed to it without proper sanitization. While the plugin demonstrates good practices in using prepared statements for SQL queries and has no recorded vulnerability history, these strengths are overshadowed by the critical weaknesses in input validation and authentication.\n\nThe absence of any taint analysis findings and zero known CVEs are positive indicators, suggesting that in the past, the plugin may not have been a target or has been developed with some level of security awareness. However, the static analysis clearly points to areas where vulnerabilities could easily be introduced or exploited. The low percentage of properly escaped output also raises concerns about Cross-Site Scripting (XSS) vulnerabilities, although no direct taint flows were identified for this.\n\nIn conclusion, while the plugin has a clean vulnerability history and uses prepared statements, the lack of authentication on AJAX endpoints and the use of `unserialize` create a high-risk profile. These issues could lead to arbitrary code execution, unauthorized actions, or data manipulation. Recommendations for immediate action would include implementing robust authentication and authorization checks on all AJAX handlers and carefully sanitizing any data passed to the `unserialize` function.",[245,247,249,252,254],{"reason":246,"points":11},"AJAX handlers without authentication checks",{"reason":248,"points":11},"Use of unserialize function",{"reason":250,"points":251},"Low percentage of properly escaped output",8,{"reason":253,"points":11},"No nonce checks on AJAX handlers",{"reason":255,"points":11},"No capability checks on entry points","2026-04-16T12:45:12.330Z",{"wat":258,"direct":269},{"assetPaths":259,"generatorPatterns":263,"scriptPaths":264,"versionParams":265},[260,261,262],"\u002Fwp-content\u002Fplugins\u002Fsz-comment-filter\u002Fcss\u002Fstyles-admin.css","\u002Fwp-content\u002Fplugins\u002Fsz-comment-filter\u002Fjs\u002Fscripts-admin.js","\u002Fwp-content\u002Fplugins\u002Fsz-comment-filter\u002Fjs\u002Fsz-comment-filter.js",[],[262,261],[266,267,268],"sz-comment-filter\u002Fjs\u002Fsz-comment-filter.js?ver=","sz-comment-filter\u002Fjs\u002Fscripts-admin.js?ver=","sz-comment-filter\u002Fcss\u002Fstyles-admin.css?ver=",{"cssClasses":270,"htmlComments":273,"htmlAttributes":274,"restEndpoints":284,"jsGlobals":286,"shortcodeOutput":288},[271,272],"szmcf-input","szmcf-hunnypot",[],[275,276,277,278,279,277,280,281,282,283],"name=\"szmcf-email-website-url\"","id=\"szmcf-email-website-url\"","class=\"szmcf-param\"","name=\"szmcf-key\"","id=\"szmcf-key\"","id=\"szmcf-input-debug\"","id=\"szmcf-input\"","id=\"szmcf-hunnypot\"","target=\"szmcf_iframe\"",[285],"\u002Fwp-json\u002Fszmcf_currentkey",[287],"var szmcf_ajaxurl",[],{"error":189,"url":290,"statusCode":291,"statusMessage":292,"message":292},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fsz-comment-filter\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":294,"versions":295},4,[296,301,308,315],{"version":6,"download_url":25,"svn_tag_url":297,"released_at":27,"has_diff":185,"diff_files_changed":298,"diff_lines":27,"trac_diff_url":299,"vulnerabilities":300,"is_current":189},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsz-comment-filter\u002Ftags\u002F1.1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsz-comment-filter%2Ftags%2F1.1.1&new_path=%2Fsz-comment-filter%2Ftags%2F1.1.2",[],{"version":302,"download_url":303,"svn_tag_url":304,"released_at":27,"has_diff":185,"diff_files_changed":305,"diff_lines":27,"trac_diff_url":306,"vulnerabilities":307,"is_current":185},"1.1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsz-comment-filter.1.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsz-comment-filter\u002Ftags\u002F1.1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsz-comment-filter%2Ftags%2F1.1.0&new_path=%2Fsz-comment-filter%2Ftags%2F1.1.1",[],{"version":309,"download_url":310,"svn_tag_url":311,"released_at":27,"has_diff":185,"diff_files_changed":312,"diff_lines":27,"trac_diff_url":313,"vulnerabilities":314,"is_current":185},"1.1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsz-comment-filter.1.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsz-comment-filter\u002Ftags\u002F1.1.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsz-comment-filter%2Ftags%2F1.0.0&new_path=%2Fsz-comment-filter%2Ftags%2F1.1.0",[],{"version":316,"download_url":317,"svn_tag_url":318,"released_at":27,"has_diff":185,"diff_files_changed":319,"diff_lines":27,"trac_diff_url":27,"vulnerabilities":320,"is_current":185},"1.0.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsz-comment-filter.1.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsz-comment-filter\u002Ftags\u002F1.0.0\u002F",[],[]]