Does WASP – Anti Spam have any unpatched vulnerabilities?

No. All known vulnerabilities in WASP – Anti Spam have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WASP – Anti Spam compatible with WordPress 4.1.42?

According to WordPress.org data, WASP – Anti Spam 1.1 has been tested up to WordPress 4.1.42. Check the plugin's changelog for the latest compatibility information.

How often is WASP – Anti Spam updated?

WASP – Anti Spam was last updated on Dec 25, 2014. Frequent updates are generally a positive security signal.

What is WASP – Anti Spam's security score?

WASP – Anti Spam has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WASP – Anti Spam Security & Risk Analysis

wordpress.org/plugins/wasp-anti-spam

A unique anti-spam solution to help you fight spam in registration, comments, forms (Contact Form 7).

10 active installs v1.1 PHP + WP 3.6+ Updated Dec 25, 2014

activationblockcommentsspam

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WASP – Anti Spam Safe to Use in 2026?

Generally Safe

Score 85/100

WASP – Anti Spam has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The "wasp-anti-spam" v1.1 plugin exhibits a mixed security posture. While it has no recorded historical vulnerabilities and uses prepared statements for a majority of its SQL queries, significant concerns arise from its static analysis. The presence of dangerous functions like `unserialize` and `create_function` is a notable weakness. Furthermore, a substantial portion of its AJAX handlers lack authentication checks, representing a direct attack vector. The taint analysis reveals flows with unsanitized paths, including two identified as high severity, which strongly suggests potential for exploitation if these flows are triggered with malicious input. The low percentage of properly escaped output also indicates a risk of Cross-Site Scripting (XSS) vulnerabilities.

Despite the absence of known CVEs, the identified code signals and taint analysis findings point to inherent risks within the plugin's current version. The reliance on potentially unsafe functions and the lack of robust input validation on key entry points are critical areas of concern. While the plugin demonstrates some good practices, these are overshadowed by the critical vulnerabilities identified in the static and taint analyses. It is strongly recommended that these issues be addressed to improve the plugin's overall security.

Key Concerns

AJAX handlers without auth checks
Dangerous functions: unserialize, create_function
High severity taint flows
Low percentage of properly escaped output
Flows with unsanitized paths

Vulnerabilities

None known

WASP – Anti Spam Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WASP – Anti Spam Code Analysis

Dangerous Functions

Raw SQL Queries

12 prepared

Unescaped Output

22 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$fontArray = unserialize( $fontsSeraliazed );inc\admin-page-class\admin-page-class.php:3147

unserialize$import_code = unserialize($import_code);inc\admin-page-class\admin-page-class.php:3321

create_functionadd_filter('login_message', create_function('$message','return "<div class=\"message\">Your account inc\register.php:63

create_functionadd_filter('login_message', create_function('$message','return "<div id=\"login_error\"><strong>ERROinc\register.php:65

Bundled Libraries

Select2

SQL Query Safety

80% prepared15 total queries

Output Escaping

18% escaped121 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

9 flows4 with unsanitized paths

redirect (inc\cf7.php:41)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

WASP – Anti Spam Attack Surface

Entry Points8

Unprotected3

AJAX Handlers 8

authwp_ajax_apc_delete_muploadinc\admin-page-class\admin-page-class.php:308

authwp_ajax_plupload_actioninc\admin-page-class\admin-page-class.php:314

authwp_ajax_at_delete_fileinc\admin-page-class\admin-page-class.php:1091

authwp_ajax_at_reorder_imagesinc\admin-page-class\admin-page-class.php:1092

authwp_ajax_at_delete_muploadinc\admin-page-class\admin-page-class.php:1094

authwp_ajax_bancommentinc\comment.php:19

authwp_ajax_ebk_resend_activationinc\register.php:18

noprivwp_ajax_ebk_resend_activationinc\register.php:19

WordPress Hooks 60

actiontemplate_redirectinc\admin-page-class\admin-page-class.php:209

filterinitinc\admin-page-class\admin-page-class.php:210

actionadmin_menuinc\admin-page-class\admin-page-class.php:274

actionadmin_menuinc\admin-page-class\admin-page-class.php:278

filterattribute_escapeinc\admin-page-class\admin-page-class.php:305

actionadmin_print_stylesinc\admin-page-class\admin-page-class.php:376

actionpost_edit_form_taginc\admin-page-class\admin-page-class.php:1071

filtermedia_upload_galleryinc\admin-page-class\admin-page-class.php:1086

filtermedia_upload_libraryinc\admin-page-class\admin-page-class.php:1087

filtermedia_upload_imageinc\admin-page-class\admin-page-class.php:1088

actionebk_prune_unsent_formsinc\cf7.php:15

actionwpcf7_before_send_mailinc\cf7.php:19

filterwpcf7_mail_componentsinc\cf7.php:20

filterwpcf7_validate_emailinc\cf7.php:21

filterwpcf7_validate_email*inc\cf7.php:22

actionwp_headinc\cf7.php:27

filterwpcf7_mail_componentsinc\cf7.php:28

filterwpcf7_validateinc\cf7.php:29

actionwpcf7_mail_sentinc\cf7.php:30

filterwpcf7_display_messageinc\cf7.php:50

actioncomment_postinc\comment.php:14

actionebk_prune_spam_comments_hookinc\comment.php:15

actionpre_comment_on_postinc\comment.php:16

actionpre_get_commentsinc\comment.php:17

filtercomment_row_actionsinc\comment.php:18

actionuser_profile_update_errorsinc\profile.php:15

actionall_admin_noticesinc\profile.php:16

actionmanage_users_custom_columninc\profile.php:20

filtermanage_users_sortable_columnsinc\profile.php:21

filterrequestinc\profile.php:23

filtermanage_users_columnsinc\profile.php:24

actionshow_user_profileinc\profile.php:25

actionedit_user_profileinc\profile.php:26

actionpersonal_options_updateinc\profile.php:27

actionedit_user_profile_updateinc\profile.php:28

actionwp_headinc\recaptcha.php:19

actionlogin_headinc\recaptcha.php:22

actionlogin_forminc\recaptcha.php:23

filterauthenticateinc\recaptcha.php:24

actionregister_forminc\recaptcha.php:28

filterregistration_errorsinc\recaptcha.php:29

actionpre_comment_on_postinc\recaptcha.php:34

actioncomment_forminc\recaptcha.php:35

actionregister_forminc\register.php:11

actionregister_postinc\register.php:12

filtergettextinc\register.php:13

filterauthenticateinc\register.php:15

filterlogin_messagesinc\register.php:16

actionlogin_headinc\register.php:17

actionlogin_enqueue_scriptsinc\register.php:20

filterregistration_errorsinc\register.php:23

actionebk_prune_unverifyed_usersinc\register.php:24

filterlogin_messageinc\register.php:63

filterlogin_messageinc\register.php:65

actionplugins_loadedinit.php:22

filtercron_schedulesinit.php:110

filterplugin_row_metainit.php:128

actionlogin_enqueue_scriptsinit.php:141

actionwp_enqueue_scriptsinit.php:142

actionadmin_enqueue_scriptsinit.php:162

Scheduled Events 3

ebk_prune_spam_comments_hook

ebk_prune_unverifyed_users

ebk_prune_unsent_forms

Maintenance & Trust

WASP – Anti Spam Maintenance & Trust

Maintenance Signals

WordPress version tested4.1.42

Last updatedDec 25, 2014

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

WASP – Anti Spam Alternatives

Block List Updater

blacklist-updater

100

Automatic updating of the comment block list in WordPress with antispam keys from GitHub.

4K No CVEs

Block Comment Spam Bots

block-comment-spam-bots

A simple to use plugin that stops automated spam. Install and forget, and any automated spam targeting your native WordPress comments is immediately t …

800 No CVEs

TomS reCAPTCHA

toms-recaptcha

Integrated Google ReCaptcha for WordPress.Protect the login, register, lostpassword and comment forms. Support Woocommerce, Ultimate Member and more p …

600 No CVEs

VigilanTor

vigilantor

Add a layer of security to your WordPress site with the ability to block Tor users from commenting, registering, logging in and more.

400 1 CVE

Spam IP Blocker

spam-ip-blocker

Free spam IP blocker according to public DNSBL bases.

100 No CVEs

Developer Profile

WASP – Anti Spam Developer Profile

yehudah

6 plugins · 2K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WASP – Anti Spam

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wasp-anti-spam/js/script.js/wp-content/plugins/wasp-anti-spam/css/style.css/wp-content/plugins/wasp-anti-spam/js/jquery.qtip.min.js/wp-content/plugins/wasp-anti-spam/js/admin.tooltip.js/wp-content/plugins/wasp-anti-spam/css/jquery.qtip.min.css/wp-content/plugins/wasp-anti-spam/css/admin.style.css

Script Paths

/wp-content/plugins/wasp-anti-spam/js/script.js/wp-content/plugins/wasp-anti-spam/js/jquery.qtip.min.js/wp-content/plugins/wasp-anti-spam/js/admin.tooltip.js

Version Parameters

wasp-anti-spam/js/script.js?ver=wasp-anti-spam/css/style.css?ver=wasp-anti-spam/js/jquery.qtip.min.js?ver=wasp-anti-spam/js/admin.tooltip.js?ver=wasp-anti-spam/css/jquery.qtip.min.css?ver=wasp-anti-spam/css/admin.style.css?ver=

HTML / DOM Fingerprints

CSS Classes

wasp-anti-spam-admin-page

JS Globals

ebkajaxebkL10n

FAQ

WASP – Anti Spam Security & Risk Analysis

Is WASP – Anti Spam Safe to Use in 2026?

Generally Safe

Key Concerns

WASP – Anti Spam Security Vulnerabilities

WASP – Anti Spam Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

WASP – Anti Spam Attack Surface

AJAX Handlers 8

Scheduled Events 3

WASP – Anti Spam Maintenance & Trust

Maintenance Signals

Community Trust

WASP – Anti Spam Alternatives

Block List Updater

Block Comment Spam Bots

TomS reCAPTCHA

VigilanTor

Spam IP Blocker

WASP – Anti Spam Developer Profile

How We Detect WASP – Anti Spam

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about WASP – Anti Spam