Does VigilanTor have any unpatched vulnerabilities?

No. All known vulnerabilities in VigilanTor have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is VigilanTor compatible with WordPress 6.3.8?

According to WordPress.org data, VigilanTor 1.3.12 has been tested up to WordPress 6.3.8. Check the plugin's changelog for the latest compatibility information.

Is VigilanTor compatible with PHP 5.6+?

VigilanTor requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is VigilanTor updated?

VigilanTor was last updated on Oct 19, 2023. Frequent updates are generally a positive security signal.

What is VigilanTor's security score?

VigilanTor has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

VigilanTor Security & Risk Analysis

wordpress.org/plugins/vigilantor

Add a layer of security to your WordPress site with the ability to block Tor users from commenting, registering, logging in and more.

400 active installs v1.3.12 PHP 5.6+ WP 4.0+ Updated Oct 19, 2023

commentsproxyspamtortor-blocker

A · Safe

CVEs total1

Unpatched0

Last CVEMar 21, 2023

Plugin page Download

Safety Verdict

Is VigilanTor Safe to Use in 2026?

Generally Safe

Score 85/100

VigilanTor has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Mar 21, 2023Updated 2yr ago

Risk Assessment

The 'vigilantor' v1.3.12 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and includes a reasonable number of nonce and capability checks. The absence of dangerous functions and file operations is also a positive sign.

However, there are significant concerns stemming from the static analysis. The presence of an unprotected AJAX handler presents a direct entry point for potential attacks. Furthermore, the taint analysis reveals two flows with unsanitized paths, indicating a risk of sensitive data being processed without proper validation or sanitization, even though no critical or high severity taint issues were flagged. The output escaping is also a weakness, with only 20% of outputs being properly escaped, which significantly increases the risk of cross-site scripting (XSS) vulnerabilities.

The vulnerability history shows one medium severity CVE related to XSS. While there are no currently unpatched vulnerabilities, the past XSS vulnerability, combined with the low percentage of properly escaped output, suggests a recurring weakness in input sanitization and output encoding. The plugin's strengths lie in its database interaction security, but its handling of user-supplied data for output and its exposed AJAX endpoint are clear areas of concern that require attention.

Key Concerns

Unprotected AJAX handler
Flows with unsanitized paths
Low percentage of output escaping
Medium severity CVE in history

Vulnerabilities

VigilanTor Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-28695medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

VigilanTor <= 1.3.10 - Authenticated (Administrator+) Stored Cross-Site Scripting

Mar 21, 2023 Patched in 1.3.11 (308d)

Code Analysis

Analyzed Mar 16, 2026

VigilanTor Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

20% escaped5 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths

blockWPAccess (vigilantor.php:177)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

VigilanTor Attack Surface

Entry Points3

Unprotected1

AJAX Handlers 1

authwp_ajax_vitor_clear_flagvigilantor.php:83

Shortcodes 2

[tor_users] vigilantor.php:86

[non_tor_users] vigilantor.php:87

WordPress Hooks 20

actionplugins_loadedvigilantor.php:38

actionwpvigilantor.php:80

actionadmin_menuvigilantor.php:81

actionvitor_update_listsvigilantor.php:82

filterwidget_textvigilantor.php:84

filtercron_schedulesvigilantor.php:85

actionpreprocess_commentvigilantor.php:99

actioncomment_form_beforevigilantor.php:102

actionregister_postvigilantor.php:107

actionbp_signup_validatevigilantor.php:111

actionregister_new_uservigilantor.php:117

actionuser_registervigilantor.php:119

actionbp_core_signup_uservigilantor.php:123

filterauthenticatevigilantor.php:128

actionwp_authenticatevigilantor.php:129

actioncomment_form_aftervigilantor.php:333

actionbp_before_account_details_fieldsvigilantor.php:362

actionwp_footervigilantor.php:435

actionadmin_initvigilantor.php:501

filterhttp_headers_useragentvigilantor.php:898

Scheduled Events 1

vitor_update_lists

Maintenance & Trust

VigilanTor Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8

Last updatedOct 19, 2023

PHP min version5.6

Downloads12K

Community Trust

Rating100/100

Number of ratings12

Active installs400

Alternatives

VigilanTor Alternatives

Proxy & VPN Blocker

proxy-vpn-blocker

Block VPNs, proxies, Tor, and spam on WordPress. Strengthen security and stop fake users with smart IP blocking via proxycheck.io.

1K 1 CVE

Identityplus

identity-plus

Identityplus is a novel security solution based on PKI (Public Key Infrastructure) called a network of trust. It features an all-in-one 2 (ocasionally …

10 No CVEs

Free Net of Moderators

moderateit

Maintaining a culture of online communication in the hands of the users themselves.

0 No CVEs

Akismet Anti-spam: Spam Protection

akismet

The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.

6.0M 2 CVEs

Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]

disable-comments

Allows administrators to globally disable comments on their site. Comments can be disabled according to post type. Multisite friendly.

1.0M 1 CVE

Developer Profile

VigilanTor Developer Profile

drew010

1 plugin · 400 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

308 days

View full developer profile

Detection Fingerprints

How We Detect VigilanTor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/vigilantor/css/securimage-style.css/wp-content/plugins/vigilantor/css/admin.css/wp-content/plugins/vigilantor/js/admin.js

Script Paths

/wp-content/plugins/vigilantor/js/admin.js

Version Parameters

vigilantor/css/securimage-style.css?ver=vigilantor/css/admin.css?ver=vigilantor/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

vitor-admin-wrap

HTML Comments

Data Attributes

data-vitor-flag

JS Globals

var vitor_ajax_urlvar vitor_nonce

Shortcode Output

[tor_users][non_tor_users]

FAQ