[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f0XkI9e5CVN5eS3Nw230wQKmVD3i0JqLrkFwYDzGWaRA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":38,"analysis":146,"fingerprints":348},"vsf-simple-block","VSF Simple Block","1.1","Victoria1221","https:\u002F\u002Fprofiles.wordpress.org\u002Fvictoria1221\u002F","\u003Cp>** If you have an existing installation of this plugin, please make sure you do a database backup before upgrading – Previous versions are available on my blog **\u003C\u002Fp>\n\u003Cp>Simple Block does what it says really.  It’s effectively a software firewall of sorts.  Enter an IP Address (or an IP range) or a host or a browser summary into the block rules table and save it.  Then watch as visitors that match those entries are bounced and cannot access your site.\u003C\u002Fp>\n\u003Cp>Block Rules:\u003Cbr \u002F>\nIP address is an exact match.\u003Cbr \u002F>\nIP range is an exact match to the specified range.\u003Cbr \u002F>\nHost is a like match, so if you enter for example google, anything that has google in the host anywhere will be blocked.\u003Cbr \u002F>\nBrowser summary works just like Host.  Add in a value like spider and any hit on your website that contains spider in the browser summary anywhere will be blocked.\u003C\u002Fp>\n\u003Cp>In the settings page enter a bounce address of your chosing which will be used to “forward” the users on to if they match a record in the block table.\u003C\u002Fp>\n\u003Cp>Filter Rules:\u003Cbr \u002F>\nThere is also a filter table which is read before the bounce address.  Values in this allow hits from users that match in exactly the same way as the block table.  Because this is queried before the block table any matches will be allowed through.\u003C\u002Fp>\n\u003Cp>Block Records:\u003Cbr \u002F>\nIs a list of all hits that have been bounced and also a single reason why.  for example if you have a block record for browser summary – bot – and the google bot arrives on your site, you will get a record that the google bot has been bounced. (I don’t recommend blocking the google bot)\u003C\u002Fp>\n\u003Cp>Also:\u003Cbr \u002F>\nAuto block is not (coded) enabled yet.  Work in progress.\u003C\u002Fp>\n\u003Cp>** Please note that this plugin has the ability to block you if misused!  Please be very careful when using this plugin.  This plugin requires database rights to create tables and also create and run a stored procedure.  Without those database rights this plugin will not be able to function.  **\u003C\u002Fp>\n","VSF Simple Block plugin.  Acts as a sort of software firewall.",10,5641,60,2,"2012-01-01T12:22:00.000Z","3.3.2","3.0","",[20,21,22,23,24],"block","firewall","monitor","traffic","visit","http:\u002F\u002Fblog.v-s-f.co.uk\u002Fsimple-block\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvsf-simple-block.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"victoria1221",1,30,84,"2026-04-06T09:30:42.321Z",[39,57,78,103,124],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":11,"downloaded":47,"rating":28,"num_ratings":28,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":18,"tags":51,"homepage":55,"download_link":56,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"visitoraudit","Visitor Audit","1.0.0","justincampo","https:\u002F\u002Fprofiles.wordpress.org\u002Fjustincampo\u002F","\u003Cp>Visitor Audit is a small\u002Flightweight plugin designed to give you insight into your current visitor’s behaviour.  It will provide you with a simple view of what computers are currently connected to your wordpress instance and what their recent page views are. Geolocation, browser and OS information is provided to make traffic analysis easier. Page load benchmarks let you easily determine your visitor’s experience. An automated slow page report can be configured to email you anytime the visitor experience degrades.  Visitor statistics are instantly compiled to help you determine if a visitor is human\u002Fmachine and useful\u002Fmalicious.  With a simple click you can temporarily or permanently ban any IP address. Automated banning functionality is present but is extremely simple and is not recommended.\u003C\u002Fp>\n\u003Cp>Feature List\u003C\u002Fp>\n\u003Cul>\n\u003Cli>View all visitors on your site\u003C\u002Fli>\n\u003Cli>View all browsing behaviour easily for each visitor\u003C\u002Fli>\n\u003Cli>Automated security reporting to help you identify malicious behaviour easily\u003C\u002Fli>\n\u003Cli>Temporarily or permanently manually ban users\u003C\u002Fli>\n\u003Cli>Automatic banning system\u003C\u002Fli>\n\u003Cli>Automated slow page load reporting\u003C\u002Fli>\n\u003Cli>Extremely small\u002Fefficent plugin\u003C\u002Fli>\n\u003Cli>System designed to minimize database size\u002Fload\u003C\u002Fli>\n\u003Cli>Very customizable\u002Fhighly configurable\u003C\u002Fli>\n\u003C\u002Ful>\n","Allows you to easily view your current visitors, analyze their behaviour, deduce their experience and identify malicious behavior.",1727,"2016-03-15T12:26:00.000Z","4.4.34","4.0.1",[52,20,53,23,54],"audit","security","visitor","http:\u002F\u002FVisitorAudit.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvisitoraudit.zip",{"slug":58,"name":59,"version":42,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":28,"downloaded":64,"rating":28,"num_ratings":28,"last_updated":18,"tested_up_to":65,"requires_at_least":66,"requires_php":67,"tags":68,"homepage":74,"download_link":75,"security_score":76,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":77},"7thsky-live-visitor-monitor","7thSky Live Visitor Monitor – Real-Time Visitor Monitoring with Smart IP Blocking","Seventh Sky","https:\u002F\u002Fprofiles.wordpress.org\u002F7thskysoftware\u002F","\u003Cp>Live Visitor Monitor provides real-time tracking and visualization of visitors on your WordPress site. See where your visitors are coming from on an interactive world map.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Real-time World Map\u003C\u002Fstrong> – Visualize visitor locations on an interactive map with live markers\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Live Visitor List\u003C\u002Fstrong> – See active visitors with IP addresses, countries, cities, and pages visited in a sidebar\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP Blocking\u003C\u002Fstrong> – Instantly block unwanted IP addresses from accessing your site with a dedicated Blocklist page\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Geolocation\u003C\u002Fstrong> – Automatic country, region, and city detection using IP geolocation (API or local database)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto-refresh\u003C\u002Fstrong> – Dashboard updates every 5 seconds to show the latest visitors\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Statistics Overlay\u003C\u002Fstrong> – Real-time stats box showing online and active visitor counts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Comprehensive Settings\u003C\u002Fstrong> – Full control over tracking, geolocation, privacy, and data management\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy Compliant\u003C\u002Fstrong> – Includes GDPR compliance notices and IP anonymization options\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>How It Works:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The plugin automatically tracks visitors. Visitor data (IP address, current page, referrer) is sent to WordPress via AJAX and stored in the database. Geolocation data can be fetched from ip-api.com (external API) or from a local MaxMind GeoLite2 database. Results are cached for 1 hour to reduce API calls.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Privacy & Security:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>All inputs are sanitized and validated\u003C\u002Fli>\n\u003Cli>SQL queries use prepared statements\u003C\u002Fli>\n\u003Cli>Admin-only access to visitor data\u003C\u002Fli>\n\u003Cli>GDPR compliance notice included\u003C\u002Fli>\n\u003Cli>IP blocking prevents access at the WordPress level\u003C\u002Fli>\n\u003Cli>Option to disable geolocation to avoid external API calls\u003C\u002Fli>\n\u003Cli>Support for local GeoIP database (MaxMind GeoLite2) to avoid external dependencies\u003C\u002Fli>\n\u003Cli>IP anonymization option for enhanced privacy\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Resources\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>This plugin uses \u003Ca href=\"Leaflet.js\" rel=\"nofollow ugc\">JavaScript Library\u003C\u002Fa> & the following external resources:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"http:\u002F\u002Fip-api.com\" rel=\"nofollow ugc\">Geolocation API\u003C\u002Fa>\u003C\u002Fstrong>: This service performs IP geolocation (country, region, city, coordinates) when geolocation is enabled and no local database is available. It supports 45 requests per minute, caches results for one hour, and sends IP addresses to ip-api.com. To avoid external lookups, disable geolocation or use a local MaxMind GeoLite2 database.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.openstreetmap.org\" rel=\"nofollow ugc\">OpenStreetMap\u003C\u002Fa>\u003C\u002Fstrong>:  This service provides world map tiles for the dashboard and is used only when the live map is enabled. It has no rate limits, sends no user data (only map tile requests), and can be avoided by disabling the live map in Settings.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> All external requests can be avoided by disabling geolocation and the live map in Settings. The plugin will still track visitors, but without location data and map visualization.\u003C\u002Fp>\n\u003Ch3>Settings\u003C\u002Fh3>\n\u003Cp>The plugin includes a comprehensive settings page with two main sections:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>General Settings:\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cstrong>Live Map\u003C\u002Fstrong> – Enable\u002Fdisable the world map display on dashboard\u003Cbr \u002F>\n\u003Cstrong>Data Collection\u003C\u002Fstrong> – Enable\u002Fdisable visitor tracking entirely\u003Cbr \u002F>\n\u003Cstrong>IP Anonymization\u003C\u002Fstrong> – Anonymize IP addresses before storage (GDPR compliance)\u003Cbr \u002F>\n\u003Cstrong>Exclude Logged-in Users\u003C\u002Fstrong> – Do not track WordPress logged-in users\u003Cbr \u002F>\n\u003Cstrong>Geolocation\u003C\u002Fstrong> – Enable\u002Fdisable IP geolocation lookups\u003Cbr \u002F>\n\u003Cstrong>Use Local GeoIP Database\u003C\u002Fstrong> – Use MaxMind GeoLite2 database instead of external API\u003C\u002Fp>\n\u003Cp>Access settings via \u003Cstrong>Live Monitor > Settings\u003C\u002Fstrong> in the WordPress admin menu.\u003C\u002Fp>\n","Monitor live visitors on your WordPress site with a real-time world map, visitor list, and IP blocking capabilities.",244,"6.8.5","5.8","7.4",[69,70,71,72,73],"analytics","geolocation","ip-blocking","monitoring","visitors","https:\u002F\u002F7thskysoftware.com\u002Flive-visitor-monitor\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002F7thsky-live-visitor-monitor.1.0.0.zip",100,"2026-03-15T10:48:56.248Z",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":88,"num_ratings":13,"last_updated":89,"tested_up_to":90,"requires_at_least":91,"requires_php":92,"tags":93,"homepage":98,"download_link":99,"security_score":100,"vuln_count":101,"unpatched_count":28,"last_vuln_date":102,"fetched_at":30},"login-lockdown","Login Lockdown & Protection","2.15","WebFactory","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebfactory\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwploginlockdown.com\u002F\" rel=\"nofollow ugc\">Login Lockdown\u003C\u002Fa> records the IP address and timestamp of failed login attempts. If more than a selected number of attempts are detected within a set period of time from the same IP, then the \u003Cstrong>login is disabled for all requests from that IP address\u003C\u002Fstrong> (or the IP is completely blocked from accessing the site). This secures the site and helps prevent brute force password attacks & discovery.\u003C\u002Fp>\n\u003Cp>The plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified in options. Administrators can release locked out IPs manually from the panel. A detailed log is available for all failed login attempts and all IP locks to control lockdown.\u003C\u002Fp>\n\u003Cp>Configure the plugin from Settings – Login Lockdown.\u003C\u002Fp>\n\u003Ch4>Country blocking (PRO feature)\u003C\u002Fh4>\n\u003Cp>Block unwanted countries from accessing the site, or block them from being able to log in. Display a custom message to blocked visitors so they know why they can’t access the site.\u003C\u002Fp>\n\u003Ch4>Captcha\u003C\u002Fh4>\n\u003Cp>The simplest way to get rid of bots and brute-force password attacks. Choose from 5 different versions – built-in one, two from Google (PRO feature), Cloudflare Turnstile, and hCaptcha (PRO feature). Built-in captcha is GDPR compatible.\u003C\u002Fp>\n\u003Ch4>2FA – Two Factor Authentication (PRO feature)\u003C\u002Fh4>\n\u003Cp>Provide an extra layer of security without 2FA code generating apps such as Google Authenticator. Even if somebody knows your username & password they won’t be able to log in because it needs to be confirmed by clicking a unique link sent to your email. Since you’re the only one that has access to your inbox, you’ll never get hacked.\u003C\u002Fp>\n\u003Ch4>Cloud Protection (PRO feature)\u003C\u002Fh4>\n\u003Cp>Manage IP Whitelists and Blacklists in your Login Lockdown Dashboard (a SaaS service for managing all your sites) and apply them to protect all the sites you manage from a single location.\u003C\u002Fp>\n\u003Ch4>Temporary Access (PRO feature)\u003C\u002Fh4>\n\u003Cp>Give temporary access to other people without giving them a username & password. Set the lifetime of the link and the maximum number of times it can be used to prevent abuse. Access level rights can be any you pick – admin, editor, author…\u003C\u002Fp>\n","Protect, lockdown & secure login form by limiting login attempts from the same IP & banning IPs.",100000,1942877,86,"2025-12-03T19:35:00.000Z","6.9.4","4.0","5.2",[94,95,21,96,97],"block-login","captcha","login","protect-login","https:\u002F\u002Fwploginlockdown.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-lockdown.2.15.zip",92,5,"2025-12-12 15:27:33",{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":111,"downloaded":112,"rating":36,"num_ratings":113,"last_updated":114,"tested_up_to":90,"requires_at_least":115,"requires_php":18,"tags":116,"homepage":18,"download_link":120,"security_score":121,"vuln_count":122,"unpatched_count":28,"last_vuln_date":123,"fetched_at":30},"visitors-traffic-real-time-statistics","Visitor Traffic Real Time Statistics","8.5","wp-buy","https:\u002F\u002Fprofiles.wordpress.org\u002Fwp-buy\u002F","\u003Cp>\u003Cstrong>Visitor Traffic Real-Time Statistics for WordPress\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Unlock powerful insights into your website traffic with\u003Cstrong>Visitor Traffic Real-Time Statistics\u003C\u002Fstrong>, the ultimate WordPress plugin for tracking visitors, visits, browsers, operating systems, and more — all in one intuitive dashboard.\u003C\u002Fp>\n\u003Cp>With real-time data and easy-to-use shortcodes, you’ll get a complete picture of your site’s performance without the complexity. Whether you’re a blogger, business owner, or marketer, this plugin gives you the tools to understand your audience better and make smarter decisions.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Why Choose Visitor Traffic Real-Time Statistics?\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Real-Time Visitor Tracking:\u003C\u002Fstrong> See who’s visiting your site and when — in real-time.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>User-Friendly Dashboard:\u003C\u002Fstrong> All your key insights are displayed on a single, easy-to-navigate dashboard.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Comprehensive Analytics:\u003C\u002Fstrong> Track visitors by country, device, browser, operating system, referrer, and more.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shortcode Integration:\u003C\u002Fstrong> Display visitor stats anywhere on your site with simple shortcodes.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>SEO Insights:\u003C\u002Fstrong> Monitor keywords, search engine referrals, and traffic sources to improve your SEO performance.  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>Available Shortcodes (Simple & Flexible)\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>Add these shortcodes to any post, page, or widget to showcase your traffic stats:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>[ahc_stats_widget]\u003C\u002Fcode> – Display a site-wide statistics widget on the front end.  \u003C\u002Fli>\n\u003Cli>\u003Ccode>[ahc_stats_widget title=\"Your Title\" fontsize=\"16\" display_today_visitors=true display_total_visitors=true]\u003C\u002Fcode> – Customize the widget with your own parameters.  \u003C\u002Fli>\n\u003Cli>\u003Ccode>[ahc_today_visitors]\u003C\u002Fcode> – Display today’s visitors.  \u003C\u002Fli>\n\u003Cli>\u003Ccode>[ahc_today_visits]\u003C\u002Fcode> – Display today’s page views.  \u003C\u002Fli>\n\u003Cli>\u003Ccode>[ahc_total_visitors]\u003C\u002Fcode> – Show your all-time visitor count.  \u003C\u002Fli>\n\u003Cli>\u003Ccode>[ahc_total_visits]\u003C\u002Fcode> – Display total visits to your site.  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>Free Version Features:\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Real-time visitor tracking and stats.  \u003C\u002Fli>\n\u003Cli>Insights into browsers, countries, hits, referrals, and searches.  \u003C\u002Fli>\n\u003Cli>Track daily, weekly, and monthly visitor trends.  \u003C\u002Fli>\n\u003Cli>Shortcodes to display key stats on your site.  \u003C\u002Fli>\n\u003Cli>Track top referring websites and keywords.  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>Upgrade to Pro for Even More Power!\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>Take your analytics to the next level with\u003Cstrong>Visitor Traffic Real-Time Statistics Pro\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Multisite Support:\u003C\u002Fstrong> Track traffic across multiple sites in one place.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Live User Tracking:\u003C\u002Fstrong> See how many people are online right now.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Interactive Google Maps:\u003C\u002Fstrong> Visualize visitor locations globally.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced Page Tracking:\u003C\u002Fstrong> Identify your most popular posts and pages.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detailed Visit Graphs:\u003C\u002Fstrong> Analyze visitor activity by the hour.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced SEO Insights:\u003C\u002Fstrong> Discover the keywords driving traffic to your site.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Reports:\u003C\u002Fstrong> Get actionable insights with easy-to-read reports.  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>Who Can Benefit?\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Bloggers who want to track reader engagement.  \u003C\u002Fli>\n\u003Cli>E-commerce store owners looking to understand customer behavior.  \u003C\u002Fli>\n\u003Cli>Marketers seeking to optimize SEO strategies.  \u003C\u002Fli>\n\u003Cli>Website administrators who need detailed traffic analysis.  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>Get Started Today!\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Install the plugin now\u003C\u002Fstrong> to gain valuable insights into your site traffic and grow your online presence.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wp-buy.com\u002Fproduct\u002Fvisitors-traffic-real-time-statistics-pro\u002F#gopro\" rel=\"nofollow ugc\">Go PRO Now\u003C\u002Fa>\u003C\u002Fstrong> to unlock all premium features and maximize your analytics potential!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wp-buy.com\u002Fsupport-center\u002F\" rel=\"nofollow ugc\">Visit Our Support Center\u003C\u002Fa>\u003C\u002Fstrong> for any assistance.\u003C\u002Fp>\n\u003Cp>Your website is getting visitors. Don’t miss out on the insights that can help your business grow.\u003C\u002Fp>\n","This plugin will help you to track your visitors, browsers, operating systems, visits and much more in one dashboard page.",40000,1832736,233,"2026-02-21T04:42:00.000Z","3.0.1",[117,118,119,23,54],"hits-counter","statistics","stats-analytics","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvisitors-traffic-real-time-statistics.8.5.zip",90,8,"2026-04-03 22:10:48",{"slug":125,"name":126,"version":127,"author":128,"author_profile":129,"description":130,"short_description":131,"active_installs":132,"downloaded":133,"rating":134,"num_ratings":135,"last_updated":136,"tested_up_to":90,"requires_at_least":137,"requires_php":138,"tags":139,"homepage":143,"download_link":144,"security_score":100,"vuln_count":101,"unpatched_count":28,"last_vuln_date":145,"fetched_at":30},"zero-spam","Zero Spam for WordPress","5.7.7","Ben Marshall","https:\u002F\u002Fprofiles.wordpress.org\u002Fbmarshall511\u002F","\u003Cp>Protect your WordPress website seamlessly with Zero Spam for WordPress! Eliminate spam and malicious attacks that can harm your online presence. Our plugin integrates effortlessly with \u003Ca href=\"https:\u002F\u002Fwww.zerospam.org\" rel=\"nofollow ugc\">Zero Spam\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.stopforumspam.com\u002F\" rel=\"nofollow ugc\">Stop Forum Spam\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Fwww.projecthoneypot.org\u002F\" rel=\"nofollow ugc\">Project Honeypot\u003C\u002Fa> to offer a strong defense system.\u003C\u002Fp>\n\u003Cp>Rest easy knowing that we utilize multiple detection methods to swiftly identify and halt potential threats. Whether it’s pesky spam, devious trolls, or cunning hackers, Zero Spam is here to protect your website.\u003C\u002Fp>\n\u003Ch4>Worry-free, Powerful Protection at Your Fingertips\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>No captchas or moderation queues — no longer a admin’s problem.\u003C\u002Fli>\n\u003Cli>Our system dynamically blocks threats, keeping your site safe.\u003C\u002Fli>\n\u003Cli>Integration with global IP reputation providers for enhanced security.\u003C\u002Fli>\n\u003Cli>Block IPs temporarily or permanently, keep unwanted visitors out.\u003C\u002Fli>\n\u003Cli>Geolocation tracks origins of threats, providing valuable insights.\u003C\u002Fli>\n\u003Cli>Ability to block countries, regions, zip\u002Fpostal codes & cities.\u003C\u002Fli>\n\u003Cli>REST API for programmatic settings management — perfect for CI\u002FCD, staging syncs, and automation.\u003C\u002Fli>\n\u003Cli>Utilize \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsplorp\u002Fwordpress-comment-blacklist\" rel=\"nofollow ugc\">splorp’s Comment Blacklist\u003C\u002Fa> to strengthen your disallowed list.\u003C\u002Fli>\n\u003Cli>Block disposable & malicious email effortlessly with \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdisposable\" rel=\"nofollow ugc\">disposable\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Multiple techniques, including the renowned solution by \u003Ca href=\"https:\u002F\u002Fdavidwalsh.name\u002Fwordpress-comment-spam\" rel=\"nofollow ugc\">David Walsh\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Seamlessly integrates with popular plugins including:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">WooCommerce\u003C\u002Fa> — Secure customer registrations.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgivewp.com\u002Fref\u002F1118\u002F\" rel=\"nofollow ugc\">GiveWP\u003C\u002Fa> — Prevents attempts to test stolen credit cards.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-user-avatar\u002F\" rel=\"ugc\">ProfilePress\u003C\u002Fa> — Keeps registrations safe & secure.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmailchimp-for-wp\u002F\" rel=\"ugc\">Mailchimp for WordPress\u003C\u002Fa> — Protects sign-ups from abuse.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.gravityforms.com\u002F\" rel=\"nofollow ugc\">Gravity Forms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcontact-form-7\u002F\" rel=\"ugc\">Contact Form 7\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpforms-lite\u002F\" rel=\"ugc\">WPForms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fformidable\u002F\" rel=\"ugc\">Formidable Form Builder\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffluentform\u002F\" rel=\"ugc\">Fluent Forms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpdiscuz\u002F\" rel=\"ugc\">wpDiscuz\u003C\u002Fa> — Versatile form protection.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>With Zero Spam for WordPress, you not only get exceptional protection but also a reliable support that ensures your peace of mind.\u003C\u002Fp>\n\u003Ch4>Enhance Detection with Optional 3rd-Party Integrations\u003C\u002Fh4>\n\u003Cp>Zero Spam for WordPress can integrate optional services for enhanced spam detection. Before using these, we recommend reviewing their terms and privacy policies.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.zerospam.org\u002F\" rel=\"nofollow ugc\">Zero Spam\u003C\u002Fa>\u003C\u002Fstrong> – Utilize our real-time IP reputation analysis. Take a look at our \u003Ca href=\"https:\u002F\u002Fwww.zerospam.org\u002Fprivacy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.zerospam.org\u002Fterms\u002F\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> for more details.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fipbase.com\u002F\" rel=\"nofollow ugc\">ipbase.com\u003C\u002Fa>\u003C\u002Fstrong> – Access detailed geolocation information of attackers. Familiarize yourself with their \u003Ca href=\"https:\u002F\u002Fipbase.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> & \u003Ca href=\"https:\u002F\u002Fwww.iubenda.com\u002Fterms-and-conditions\u002F41661719\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fipinfo.io\u002F\" rel=\"nofollow ugc\">ipinfo.io\u003C\u002Fa>\u003C\u002Fstrong> – Gather geolocation details of malicious users. Refer to their \u003Ca href=\"https:\u002F\u002Fipinfo.io\u002Fprivacy-policy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> & \u003Ca href=\"https:\u002F\u002Fipinfo.io\u002Fterms-of-service\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> for further information.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fipstack.com\u002F\" rel=\"nofollow ugc\">ipstack\u003C\u002Fa>\u003C\u002Fstrong> – Obtain extensive geolocation insights. Review their \u003Ca href=\"https:\u002F\u002Fwww.ideracorp.com\u002FLegal\u002FAPILayer\u002FPrivacyStatement\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> & \u003Ca href=\"https:\u002F\u002Fipstack.com\u002Fterms\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> to learn more.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.stopforumspam.com\u002F\" rel=\"nofollow ugc\">Stop Forum Spam\u003C\u002Fa>\u003C\u002Fstrong> – Verify if visitors’ IPs have been reported. Explore their \u003Ca href=\"https:\u002F\u002Fwww.stopforumspam.com\u002Fprivacy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.stopforumspam.com\u002Flegal\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> for additional details.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.projecthoneypot.org\u002F\" rel=\"nofollow ugc\">Project Honeypot\u003C\u002Fa>\u003C\u002Fstrong> – Check if visitors’ IPs have been flagged. Refer to their \u003Ca href=\"https:\u002F\u002Fwww.projecthoneypot.org\u002Fprivacy_policy.php\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.projecthoneypot.org\u002Fterms_of_use.php\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> for more information.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Fmaps\" rel=\"nofollow ugc\">Google Maps\u003C\u002Fa>\u003C\u002Fstrong> – Plot attack locations on Google Maps. Please review their \u003Ca href=\"https:\u002F\u002Fwww.ideracorp.com\u002FLegal\u002FAPILayer\u002FPrivacyStatement\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> & \u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Fterms\u002Fsite-terms\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> for complete details.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Additionally, you have the option to contribute to Zero Spam’s improvement by enabling the sharing of detection information. For further information on the shared data, kindly refer to our \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FHighfivery\u002Fzero-spam-for-wordpress\u002Fwiki\u002FFAQ\" rel=\"nofollow ugc\">FAQ\u003C\u002Fa>.\u003C\u002Fp>\n","No spam, no scams, just seamless experiences with Zero Spam for WordPress - the shield your site deserves.",20000,1423449,82,142,"2026-03-12T13:51:00.000Z","6.9","8.2",[21,140,53,141,142],"protection","spam","spam-blocker","https:\u002F\u002Fwordpress.com\u002Fplugins\u002Fzero-spam\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fzero-spam.5.7.7.zip","2024-04-15 00:00:00",{"attackSurface":147,"codeSignals":159,"taintFlows":254,"riskAssessment":334,"analyzedAt":347},{"hooks":148,"ajaxHandlers":155,"restRoutes":156,"shortcodes":157,"cronEvents":158,"entryPointCount":28,"unprotectedCount":28},[149],{"type":150,"name":151,"callback":152,"file":153,"line":154},"action","admin_menu","vsf_block_create_menu","vsf_simple_block.php",64,[],[],[],[],{"dangerousFunctions":160,"sqlUsage":161,"outputEscaping":163,"fileOperations":14,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":253},[],{"prepared":14,"raw":28,"locations":162},[],{"escaped":34,"rawEcho":164,"locations":165},40,[166,170,173,175,177,180,183,185,187,190,193,196,198,200,202,204,206,209,211,213,215,216,218,220,222,224,226,228,230,232,234,235,237,239,241,243,245,247,249,251],{"file":167,"line":168,"context":169},"pagination.php",78,"raw output",{"file":171,"line":172,"context":169},"vsf_simple_block_essentials.php",26,{"file":171,"line":174,"context":169},39,{"file":171,"line":176,"context":169},89,{"file":178,"line":179,"context":169},"vsf_simple_block_export.php",74,{"file":181,"line":182,"context":169},"vsf_simple_block_import.php",115,{"file":181,"line":184,"context":169},119,{"file":181,"line":186,"context":169},154,{"file":188,"line":189,"context":169},"vsf_simple_block_setup_admin.php",167,{"file":191,"line":192,"context":169},"vsf_simple_block_spidertrap_download.php",33,{"file":194,"line":195,"context":169},"vsf_simple_block_url_admin.php",137,{"file":194,"line":197,"context":169},213,{"file":194,"line":199,"context":169},264,{"file":194,"line":201,"context":169},268,{"file":194,"line":203,"context":169},269,{"file":194,"line":205,"context":169},270,{"file":207,"line":208,"context":169},"vsf_simple_block_user_admin.php",177,{"file":207,"line":210,"context":169},205,{"file":207,"line":212,"context":169},206,{"file":207,"line":214,"context":169},207,{"file":207,"line":214,"context":169},{"file":207,"line":217,"context":169},208,{"file":207,"line":219,"context":169},209,{"file":207,"line":221,"context":169},241,{"file":207,"line":223,"context":169},242,{"file":207,"line":225,"context":169},243,{"file":207,"line":227,"context":169},292,{"file":207,"line":229,"context":169},320,{"file":207,"line":231,"context":169},321,{"file":207,"line":233,"context":169},322,{"file":207,"line":233,"context":169},{"file":207,"line":236,"context":169},323,{"file":207,"line":238,"context":169},324,{"file":207,"line":240,"context":169},378,{"file":207,"line":242,"context":169},408,{"file":207,"line":244,"context":169},409,{"file":207,"line":246,"context":169},410,{"file":207,"line":248,"context":169},411,{"file":207,"line":250,"context":169},412,{"file":207,"line":252,"context":169},413,[],[255,274,282,300,315,323],{"entryPoint":256,"graph":257,"unsanitizedCount":34,"severity":273},"adminOptionsPanel (vsf_simple_block_setup_admin.php:49)",{"nodes":258,"edges":270},[259,264],{"id":260,"type":261,"label":262,"file":188,"line":263},"n0","source","$_FILES",94,{"id":265,"type":266,"label":267,"file":188,"line":268,"wp_function":269},"n1","sink","file_get_contents() [SSRF\u002FLFI]",112,"file_get_contents",[271],{"from":260,"to":265,"sanitized":272},false,"medium",{"entryPoint":275,"graph":276,"unsanitizedCount":34,"severity":273},"\u003Cvsf_simple_block_setup_admin> (vsf_simple_block_setup_admin.php:0)",{"nodes":277,"edges":280},[278,279],{"id":260,"type":261,"label":262,"file":188,"line":263},{"id":265,"type":266,"label":267,"file":188,"line":268,"wp_function":269},[281],{"from":260,"to":265,"sanitized":272},{"entryPoint":283,"graph":284,"unsanitizedCount":299,"severity":273},"buildBlockRulesPanel (vsf_simple_block_user_admin.php:222)",{"nodes":285,"edges":296},[286,288,291,294],{"id":260,"type":261,"label":287,"file":207,"line":221},"$_SERVER['REMOTE_ADDR'] (x2)",{"id":265,"type":266,"label":289,"file":207,"line":221,"wp_function":290},"echo() [XSS]","echo",{"id":292,"type":261,"label":293,"file":207,"line":225},"n2","$_SERVER['HTTP_USER_AGENT']",{"id":295,"type":266,"label":289,"file":207,"line":225,"wp_function":290},"n3",[297,298],{"from":260,"to":265,"sanitized":272},{"from":292,"to":295,"sanitized":272},3,{"entryPoint":301,"graph":302,"unsanitizedCount":14,"severity":314},"handleOptions (vsf_simple_block_settings_admin.php:9)",{"nodes":303,"edges":312},[304,308],{"id":260,"type":261,"label":305,"file":306,"line":307},"$_POST (x2)","vsf_simple_block_settings_admin.php",25,{"id":265,"type":266,"label":309,"file":306,"line":310,"wp_function":311},"update_option() [Settings Manipulation]",29,"update_option",[313],{"from":260,"to":265,"sanitized":272},"low",{"entryPoint":316,"graph":317,"unsanitizedCount":14,"severity":314},"\u003Cvsf_simple_block_settings_admin> (vsf_simple_block_settings_admin.php:0)",{"nodes":318,"edges":321},[319,320],{"id":260,"type":261,"label":305,"file":306,"line":307},{"id":265,"type":266,"label":309,"file":306,"line":310,"wp_function":311},[322],{"from":260,"to":265,"sanitized":272},{"entryPoint":324,"graph":325,"unsanitizedCount":299,"severity":314},"\u003Cvsf_simple_block_user_admin> (vsf_simple_block_user_admin.php:0)",{"nodes":326,"edges":331},[327,328,329,330],{"id":260,"type":261,"label":287,"file":207,"line":221},{"id":265,"type":266,"label":289,"file":207,"line":221,"wp_function":290},{"id":292,"type":261,"label":293,"file":207,"line":225},{"id":295,"type":266,"label":289,"file":207,"line":225,"wp_function":290},[332,333],{"from":260,"to":265,"sanitized":272},{"from":292,"to":295,"sanitized":272},{"summary":335,"deductions":336},"The vsf-simple-block plugin v1.1 exhibits a mixed security posture. On the positive side, there are no known vulnerabilities (CVEs) associated with this plugin, and the static analysis reveals a clean slate regarding dangerous functions, SQL injection risks (all queries use prepared statements), and external HTTP requests.  The attack surface appears to be minimal with zero entry points detected in the static analysis.\n\nHowever, significant concerns arise from the output escaping and taint analysis. A mere 2% of output is properly escaped, leaving a substantial portion vulnerable to cross-site scripting (XSS) attacks. Furthermore, all analyzed taint flows (6 out of 6) exhibit unsanitized paths, indicating potential pathways for malicious data to be processed without proper validation or sanitization. The absence of nonce checks and capability checks, while not directly resulting in an attack surface based on the static analysis, further weakens the plugin's defenses against certain types of attacks if any entry points were to be discovered or introduced in the future. The vulnerability history being clear is a positive indicator of past development practices, but it does not mitigate the current risks identified in the code analysis.\n\nIn conclusion, while the plugin has a clean vulnerability history and avoids common pitfalls like raw SQL and dangerous functions, the severe deficiency in output escaping and the presence of unsanitized taint flows represent critical security risks. The minimal attack surface is a mitigating factor, but the identified code-level weaknesses require immediate attention to prevent potential exploitation, primarily through XSS and data manipulation vulnerabilities.",[337,340,343,345],{"reason":338,"points":339},"Low output escaping (2%)",7,{"reason":341,"points":342},"Unsanitized taint flows (6\u002F6)",12,{"reason":344,"points":101},"No nonce checks",{"reason":346,"points":101},"No capability checks","2026-03-17T00:47:22.894Z",{"wat":349,"direct":358},{"assetPaths":350,"generatorPatterns":353,"scriptPaths":354,"versionParams":355},[351,352],"\u002Fwp-content\u002Fplugins\u002Fvsf-simple-block\u002Fvsf_simple_block_css.css","\u002Fwp-content\u002Fplugins\u002Fvsf-simple-block\u002Fvsf_simple_block_js.js",[],[352],[356,357],"vsf-simple-block\u002Fvsf_simple_block_css.css?ver=","vsf-simple-block\u002Fvsf_simple_block_js.js?ver=",{"cssClasses":359,"htmlComments":365,"htmlAttributes":366,"restEndpoints":367,"jsGlobals":368,"shortcodeOutput":371},[360,361,362,363,364],"vsfBlockForm","vsfBlockSelectedView","vsfBlockExportSettings","vsfBlockImportSettings","vsfBlockImportSettingsFile",[],[361,362,363,364],[],[369,370],"resetSpidertrap","vsfBlockChangeSelectedView",[]]