Does VerifiedVisitors have any unpatched vulnerabilities?

No. All known vulnerabilities in VerifiedVisitors have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is VerifiedVisitors compatible with WordPress 6.4.8?

According to WordPress.org data, VerifiedVisitors 1.1.2 has been tested up to WordPress 6.4.8. Check the plugin's changelog for the latest compatibility information.

Is VerifiedVisitors compatible with PHP 7.2+?

VerifiedVisitors requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is VerifiedVisitors updated?

VerifiedVisitors was last updated on Feb 27, 2024. Frequent updates are generally a positive security signal.

What is VerifiedVisitors's security score?

VerifiedVisitors has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

VerifiedVisitors Security & Risk Analysis

wordpress.org/plugins/verifiedvisitors

VerifiedVisitors is a powerful AI/ML bot mitigation plugin to support the Wordpress community. It’s an easy to configure platform to defeat bad bots.

0 active installs v1.1.2 PHP 7.2+ WP 4.9+ Updated Feb 27, 2024

account-takeoverbot-mitigationbotsfirewallsecurity

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is VerifiedVisitors Safe to Use in 2026?

Generally Safe

Score 85/100

VerifiedVisitors has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The "verifiedvisitors" v1.1.2 plugin exhibits a strong security posture based on the provided static analysis. The complete absence of AJAX handlers, REST API routes, shortcodes, and cron events with unprotected entry points is a significant positive indicator. Furthermore, the plugin demonstrates excellent practices by exclusively using prepared statements for SQL queries, properly escaping all output, and implementing capability checks for sensitive operations. The lack of known CVEs and a clean vulnerability history reinforces this positive assessment, suggesting a well-maintained and secure codebase.

However, there are minor areas for consideration. The presence of file operations and external HTTP requests, while not inherently insecure, represent potential attack vectors that require diligent security practices within the plugin's implementation. The absence of nonce checks, even with a limited attack surface, could be a point of concern if any of the file operations or HTTP requests were to involve user-controllable data in the future. Overall, the plugin appears robust and has followed many security best practices, with only minor potential areas for future hardening.

Key Concerns

File operations present potential attack vectors
External HTTP requests present potential attack vectors
No nonce checks on entry points

Vulnerabilities

None known

VerifiedVisitors Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

VerifiedVisitors Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

11 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped11 total outputs

Attack Surface

VerifiedVisitors Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

actionadmin_initclass.admin.php:19

actionadmin_menuclass.admin.php:20

actioninitVerifiedVisitors.php:47

actionwp_enqueue_scriptsVerifiedVisitors.php:50

actioninitVerifiedVisitors.php:54

Maintenance & Trust

VerifiedVisitors Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8

Last updatedFeb 27, 2024

PHP min version7.2

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

VerifiedVisitors Alternatives

BBQ Firewall – Fast & Powerful Firewall Security

block-bad-queries

100

The fastest firewall plugin for WordPress. Protect against a wide range of threats with minimal performance impact.

100K No CVEs

Shield: Blocks Bots, Protects Users, and Prevents Security Breaches

wp-simple-firewall

Shield stops bot attacks before they hack your site. Bots CAN be stopped. Shield stops them.

40K 11 CVEs

CloudFilt Bot & Spam Protection

cloudfilt-codes

100

Prevent and stop bots traffic. This plugin inserts in your website the CloudFilt codes for the security tracking available on https://cloudfilt.com/.

600 No CVEs

Zero Budget Bot Shield

zero-budget-bot-shield

100

Free, lightweight WordPress plugin that blocks bots by country and prevents abuse via repeated 404 errors. Perfect for small organizations.

10 No CVEs

Wordfence Security – Firewall, Malware Scan, and Login Security

wordfence

Firewall, Malware Scanner, Two Factor Auth, and Comprehensive Security Features, powered by our 24-hour team. Make security a priority with Wordfence.

5.0M 12 CVEs

Developer Profile

VerifiedVisitors Developer Profile

verifiedvisitors

1 plugin · 0 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect VerifiedVisitors

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/verifiedvisitors/vendor/php-sdk/src/VerifiedVisitors/SDK.php/wp-content/plugins/verifiedvisitors/src/VerifiedVisitors/Api.php/wp-content/plugins/verifiedvisitors/src/VerifiedVisitors/Config.php/wp-content/plugins/verifiedvisitors/src/VerifiedVisitors/Admin.php/wp-content/plugins/verifiedvisitors/src/VerifiedVisitors/Fingerprint.php/wp-content/plugins/verifiedvisitors/templates/blocked.php/wp-content/plugins/verifiedvisitors/templates/captcha.php

Script Paths

https://hcaptcha.com/1/api.js?recaptchacompat=off

HTML / DOM Fingerprints

CSS Classes

h-captcha

Data Attributes

data-sitekeydata-callback

JS Globals

onComplete

FAQ