Does Throws SPAM Away have any unpatched vulnerabilities?

No. All known vulnerabilities in Throws SPAM Away have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Throws SPAM Away compatible with WordPress 6.9.4?

According to WordPress.org data, Throws SPAM Away 3.8.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Throws SPAM Away updated?

Throws SPAM Away was last updated on Feb 7, 2026. Frequent updates are generally a positive security signal.

What is Throws SPAM Away's security score?

Throws SPAM Away has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Throws SPAM Away Security & Risk Analysis

wordpress.org/plugins/throws-spam-away

スパムコメントを無視して何もなかったように捨てる強力スパム対策プラグイン

20K active installs v3.8.2 PHP + WP 6.0+ Updated Feb 7, 2026

commentsspam

A · Safe

CVEs total1

Unpatched0

Last CVEMay 16, 2022

Plugin page Download

Safety Verdict

Is Throws SPAM Away Safe to Use in 2026?

Generally Safe

Score 99/100

Throws SPAM Away has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: May 16, 2022Updated 1mo ago

Risk Assessment

The "throws-spam-away" v3.8.2 plugin exhibits a mixed security posture. While it demonstrates good practices in areas like output escaping and minimizing file operations, significant concerns arise from its unprotected attack surface and taint analysis results. The presence of two AJAX handlers without authentication checks presents a direct pathway for attackers to interact with the plugin's functionality without proper authorization. Furthermore, the taint analysis revealed two high-severity flows with unsanitized paths, indicating potential vulnerabilities where user-controlled input could be used in a malicious way. The plugin's history includes a past high-severity vulnerability, specifically CSRF, which, while currently patched, suggests a pattern of past security weaknesses that require continued vigilance. The overall security is weakened by the direct exposure of functionality and potential for sensitive data handling issues, despite its efforts in other security areas.

Key Concerns

Unprotected AJAX handlers
High severity taint flows
Past high severity vulnerability
SQL queries not fully prepared
Untrusted input in some flows

Vulnerabilities

Throws SPAM Away Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2022-1709high · 8.8Cross-Site Request Forgery (CSRF)

Throws SPAM Away <= 3.3 - Cross-Site Request Forgery to Comment Modification

May 16, 2022 Patched in 3.3.1 (617d)

Code Analysis

Analyzed Mar 16, 2026

Throws SPAM Away Code Analysis

Dangerous Functions

Raw SQL Queries

15 prepared

Unescaped Output

132 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

54% prepared28 total queries

Output Escaping

92% escaped143 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

6 flows3 with unsanitized paths

tsa_get_hostbyip_html (hostbyip.php:10)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Throws SPAM Away Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_getHostbyIphostbyip.php:17

noprivwp_ajax_getHostbyIphostbyip.php:18

WordPress Hooks 7

actionafter_setup_themethrows_spam_away.class.php:25

actionadmin_menuthrows_spam_away.class.php:49

filterpreprocess_commentthrows_spam_away.php:197

actionwp_headthrows_spam_away.php:201

actioncomment_formthrows_spam_away.php:202

actioncomment_form_submit_fieldthrows_spam_away.php:213

actionpreprocess_commentthrows_spam_away.php:218

Maintenance & Trust

Throws SPAM Away Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 7, 2026

PHP min version

Downloads376K

Community Trust

Rating100/100

Number of ratings6

Active installs20K

Alternatives

Throws SPAM Away Alternatives

Akismet Anti-spam: Spam Protection

akismet

The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.

6.0M 2 CVEs

Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]

disable-comments

Allows administrators to globally disable comments on their site. Comments can be disabled according to post type. Multisite friendly.

1.0M 1 CVE

Antispam Bee

antispam-bee

100

Sophisticated antispam plugin for effective daily comment and trackback spam-fighting. Built with data protection and privacy in mind.

700K 1 CVE

Spam protection, Honeypot, Anti-Spam by CleanTalk

cleantalk-spam-protect

Blocks spam comments, fake users, contact form spam and more. No impact on SEO. Privacy focused. CAPTCHA free, premium Antispam plugin.

200K 13 CVEs

Captcha Code

captcha-code-authentication

GDPR compatible captcha anti-spam protection for login form, comments form, registration form & lost password form. Eliminate spam with captcha.

100K 2 CVEs

Developer Profile

Throws SPAM Away Developer Profile

ウェブ屋のさとーさん

2 plugins · 20K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

617 days

View full developer profile

Detection Fingerprints

How We Detect Throws SPAM Away

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/throws-spam-away/js/tsa_main.js/wp-content/plugins/throws-spam-away/css/tsa_main.css

Script Paths

/wp-content/plugins/throws-spam-away/js/tsa_main.js

Version Parameters

throws-spam-away/js/tsa_main.js?ver=throws-spam-away/css/tsa_main.css?ver=

HTML / DOM Fingerprints

CSS Classes

tsa-spam-away

HTML Comments

JS Globals

tsa_main

FAQ