[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fKJK_BySnSR4XuFoDklnpaHHkv3NMC3XSfpE2O5mfUng":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":141,"fingerprints":802},"wasp-anti-spam","WASP – Anti Spam","1.1","yehudah","https:\u002F\u002Fprofiles.wordpress.org\u002Fyehudah\u002F","\u003Cp>A unique anti-spam solution to help you fight spam in registration, comments, forms (Contact Form 7).\u003Cbr \u002F>\nWhen the user comment or using contact form 7 his comments or message will not sent or be visible until\u003Cbr \u002F>\nthe user will press a unique link sent to him when he submited his message.\u003C\u002Fp>\n\u003Ch4>For Example:\u003C\u002Fh4>\n\u003Cp>Think like this i’m a spammer registering to your site, after register to your site i see a message about\u003Cbr \u002F>\nthe need to activate my account, if i used fake email address this address will be blocked because it’s never\u003Cbr \u002F>\nactivated, if i used a real address i activated my account with success !\u003Cbr \u002F>\nNow i would like to change my email address so i can spam without getting any messages from your site but oops\u003Cbr \u002F>\ni can’t change my email address because the plugin blocking it !\u003Cbr \u002F>\nOk let’s try my luck and start spam in the commnets, posting my first comment and getting a message:\u003Cbr \u002F>\n“to see the comment you must approve your comment by pressing the link in your email address”.\u003C\u002Fp>\n\u003Cp>I think you got the idea but what would happen if i will not press it the email and the ip address will be blocked because no one press the link, if i did press the link in the second on the third time YOU as site admin can block\u003Cbr \u002F>\nhis ip and email address manually in the plugin options.\u003C\u002Fp>\n\u003Cp>Plugin Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>User activation by email.\u003C\u002Fli>\n\u003Cli>Block user from changing is email address – EVEN BY ROLE !\u003C\u002Fli>\n\u003Cli>Protect from spam commnets by sending unique url approve to the user email address – EVEN BY ROLE !\u003C\u002Fli>\n\u003Cli>Auto learn mode – unverify users or comments will be deleted after time interval you choose.\u003C\u002Fli>\n\u003Cli>Recaptcha protection for registration.\u003C\u002Fli>\n\u003Cli>Recaptcha protection for login.\u003C\u002Fli>\n\u003Cli>Recaptcha protection for commnets – EVEN BY ROLE.\u003C\u002Fli>\n\u003Cli>Ban user from register or comment by ip or email.\u003C\u002Fli>\n\u003Cli>Customise email notification to the users.\u003C\u002Fli>\n\u003Cli>Import and export option to save plugin settings.\u003C\u002Fli>\n\u003C\u002Ful>\n","A unique anti-spam solution to help you fight spam in registration, comments, forms (Contact Form 7).",10,1620,0,"2014-12-25T15:28:00.000Z","4.1.42","3.6","",[19,20,21,22],"activation","block","comments","spam","http:\u002F\u002Fwpdevplus.com\u002Fwasp-anti-spam","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwasp-anti-spam.1.1.zip",85,null,"2026-03-15T14:54:45.397Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},6,2150,30,84,"2026-04-04T11:23:43.395Z",[36,60,81,103,125],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":56,"download_link":57,"security_score":58,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":59},"blacklist-updater","Block List Updater","1.0.2","pluginkollektiv","https:\u002F\u002Fprofiles.wordpress.org\u002Fpluginkollektiv\u002F","\u003Cp>Few users are familiar with the comment block list built into WordPress. Located in the WordPress admin area under “Settings”—“Discussion”, that block list for incoming comments accepts values (words) to identify spam by.\u003C\u002Fp>\n\u003Cp>Additionally to plugins like \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fantispam-bee\u002F\" rel=\"ugc\">Antispam Bee\u003C\u002Fa> in order to fight spam successfully a curated comment block list is recommendable. You can either update the list manually, or utilize a very detailed global \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsplorp\u002Fwordpress-comment-blacklist\" rel=\"nofollow ugc\">comment block list\u003C\u002Fa> that gets updated on a regular basis.\u003C\u002Fp>\n\u003Cp>Block List Updater has been developed to keep your comment block list in your WordPress installation up to speed with the curated global list on GitHub.\u003C\u002Fp>\n\u003Cp>The plugin will check the global comment block list on GitHub multiple times a day. Whenever new anti-spam values have been added to the global list, Block List Updater will read the global list and update your WordPress database accordingly. While the check-up process will run several times a day, the plugin will only update the database when it detects an actual change of the global comment block list on GitHub.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Community support via the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fblacklist-updater\" rel=\"ugc\">support forums on wordpress.org\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>We don’t handle support via e-mail, Twitter, GitHub issues etc.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contribute\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Active development of this plugin is handled \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpluginkollektiv\u002Fblacklist-updater\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Pull requests for documented bugs are highly appreciated.\u003C\u002Fli>\n\u003Cli>If you think you’ve found a bug (e.g. you’re experiencing unexpected behavior), please post at the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fblacklist-updater\" rel=\"ugc\">support forums\u003C\u002Fa> first.\u003C\u002Fli>\n\u003Cli>If you want to help us translate this plugin you can do so \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fblacklist-updater\" rel=\"nofollow ugc\">on WordPress Translate\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Author: \u003Ca href=\"https:\u002F\u002Fsergejmueller.github.io\u002F\" rel=\"nofollow ugc\">Sergej Müller\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Maintainers: \u003Ca href=\"https:\u002F\u002Fpluginkollektiv.org\u002F\" rel=\"nofollow ugc\">pluginkollektiv\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Automatic updating of the comment block list in WordPress with antispam keys from GitHub.",4000,31272,86,4,"2026-03-14T09:16:00.000Z","6.9.4","3.8","5.2",[53,54,55,21,22],"antispam","blacklist","blocklist","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fblacklist-updater\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblacklist-updater.1.0.2.zip",100,"2026-03-15T15:16:48.613Z",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":58,"num_ratings":47,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":73,"tags":74,"homepage":78,"download_link":79,"security_score":80,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":59},"block-comment-spam-bots","Block Comment Spam Bots","2.62","Rick Hellewell","https:\u002F\u002Fprofiles.wordpress.org\u002Frhellewellgmailcom\u002F","\u003Cp>Professional spammers use programs to automate their spamming. The ‘Block Comment Spam Bots’ (BCSB) plugin efficiently blocks their process. No more comment spam!\u003C\u002Fp>\n\u003Cp>As no legitimate user will use the professional spammer’s automated process which relies on cURL and WGET commands, real users will never notice the BCSB plugin at work. There are no CAPTCHAS for your visitors to interact with. No silly questions. Just the comment form as designed in any theme.\u003C\u002Fp>\n\u003Cp>On the admin side, there are no blacklists, special keys (like Askimet), overloaded spam queues, or overworked databases that store spam comments until you manually delete them.\u003C\u002Fp>\n\u003Cp>Install the plugin and that’s it. Invisible, to you and your visitors. The only change you will notice is in your admin area. The list of comments now has a green check next to them. That way you know that comment was made on your website by a real person and was not bypassed by hacking spammers connecting directly to your server.\u003C\u002Fp>\n\u003Cp>All that remains is comments made by real people, and while real people can spam, it takes them time and effort. The amount of spam from real people is a lot more manageable than the tsunami from automated spammers, saving you time to concentrate on the important things in life, like your readers, and making connections.\u003C\u002Fp>\n\u003Cp>We’ve tested it on multiple websites and it wipes out automated spam completely. If it doesn’t on your site, please let us know.\u003C\u002Fp>\n\u003Cp>** Geeky Stuff **\u003Cbr \u002F>\n…in case you are interested in how it works…\u003C\u002Fp>\n\u003Cp>tl;dr – \u003Cstrong>This provides a total and easy solution to comment spam from spam bots.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Comments are processed by the WordPress wp-post-comments.php file. Automated spammers (‘spam bots’) can provide (‘post’) data directly to that page, bypassing any comment processing, by using CURL\u002FWGET commands.\u003C\u002Fp>\n\u003Cp>Bypassing the comment form by posting directly (via CURL or WGET commands), is quite easy. Just send the post ID number, and the bot’s fake name and email, and the spammy content. Boom! Comment spam is on your site!\u003C\u002Fp>\n\u003Cp>The result is comment spam – and that is not always caught by other comment spam checkers. Even if it is caught by programs such as Akismet, processing that spam takes some server resources, including writing to the database.\u003C\u002Fp>\n\u003Cp>This plugin uses several techniques to ‘sense’ a spambot. There are hidden fields that are changed after a delay. There is a delay in displaying the submit button. And it blocks direct access to the WordPress post\u002Fprocessing functions.\u003C\u002Fp>\n\u003Cp>The techniques, also used in our standalone “FormSpemmerTrap” (FST) program, and our other anti-spam plugins (like FormSpammerTrap for Comments), are very effective. They use a bit of JavaScript to block spambots – since automated processes via CURL\u002FWGET\u002Fetc cannot process JS code.\u003C\u002Fp>\n\u003Cp>It’s simple: you install this plugin, activate it, and bot comments will stop. Immediately.\u003C\u002Fp>\n\u003Cp>And it doesn’t add any visual impediments to your comments. No reCaptcha things (which many see as a pain). No silly questions (‘what is 2+8’) on the form. Your comment form does not change. Regular users will not notice a difference. But you will. No more spam comments for you!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>This is the best solution to block comment spam.\u003C\u002Fstrong> We’ve tested it on a site that had 20-40 spam comments a day. With this plugin enabled, the spam comment stopped. Immediately. And there have been none since installing this plugin. ** Not one. Zero.**\u003C\u002Fp>\n\u003Cp>The Admin, Comments list page is modified to show a column with a green checkmark icon if the comment was entered by a real person and not a bot. This is an assurance that the comment was not entered via an automated CURL\u002FWGET to the wp-comments-post.php file. A comment that is on the list that does not show the checkmark was done by a bot. But you won’t see those blocked comments with this plugin enabled. They never get into your database. You can hover over the checkmark icon to see the GUID value indicating a person entered the comment.\u003C\u002Fp>\n\u003Cp>The plugins ‘Settings’ screen has no settings. You don’t even need to look at the Settings screen. If you do, you’ll see information about the plugin. And there is a CURL command you can use to test the effectiveness of blocking (or not blocking) direct access to the wp-comments-post.php file.\u003C\u002Fp>\n\u003Cp>The plugin also adds the hidden GUID field to the comment form after a delay to help block bots that are using the comment form to submit. If the hidden field is not submitted then a bot tried to bypass the comment form. And a short delay happens before the comment submit button is displayed – another bot protection.\u003C\u002Fp>\n","A simple to use plugin that stops automated spam. Install and forget, and any automated spam targeting your native WordPress comments is immediately t &hellip;",800,6808,"2024-04-10T22:16:00.000Z","6.5.8","4.9","5.4",[75,76,77,21,22],"automated-spam","blocking","bots","https:\u002F\u002Fwww.cellarweb.com\u002Fwordpress-plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblock-comment-spam-bots.zip",92,{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":89,"downloaded":90,"rating":58,"num_ratings":91,"last_updated":92,"tested_up_to":93,"requires_at_least":94,"requires_php":95,"tags":96,"homepage":101,"download_link":102,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":59},"toms-recaptcha","TomS reCAPTCHA","1.2.0","TomS Caprice","https:\u002F\u002Fprofiles.wordpress.org\u002Ftomsneddon\u002F","\u003Cp>Integrated Google ReCaptcha for WordPress. Protect the login, register, lostpassword and comment forms. Support Woocommerce, Ultimate Member and more popular forms.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Frecaptcha\" rel=\"nofollow ugc\">\u003Cstrong>Google reCAPTCHA\u003C\u002Fstrong>\u003C\u002Fa> is a free service that protects your site from spam and abuse. It uses advanced risk analysis techniques to tell humans and bots apart.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>Go to \u003Ca href=\"https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fadmin\u002Fcreate\" rel=\"nofollow ugc\">Google reCAPTCHA\u003C\u002Fa> to get the \u003Cstrong>Site key\u003C\u002Fstrong> and \u003Cstrong>Secret key\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4>reCAPTCHA Type:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>reCAPTCHA \u003Cstrong>v3\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>reCAPTCHA \u003Cstrong>v2 Checkbox\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>reCAPTCHA \u003Cstrong>v2 Invisible\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Supported Form List\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress default login form\u003C\u002Fli>\n\u003Cli>WordPress default register form\u003C\u002Fli>\n\u003Cli>WordPress default lostpassword form\u003C\u002Fli>\n\u003Cli>\n\u003Cp>WordPress default comment form\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">\u003Cstrong>Woocommerce\u003C\u002Fstrong>\u003C\u002Fa> login form\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">\u003Cstrong>Woocommerce\u003C\u002Fstrong>\u003C\u002Fa> register form\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">\u003Cstrong>Woocommerce\u003C\u002Fstrong>\u003C\u002Fa> lostpassword form\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">\u003Cstrong>Woocommerce\u003C\u002Fstrong>\u003C\u002Fa> checkout Billing form\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Add a shortcode \u003Cstrong>[toms_woo_register_form]\u003C\u002Fstrong> for \u003Cstrong>woocommerce register form\u003C\u002Fstrong> on any page you want.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fultimate-member\u002F\" rel=\"ugc\">\u003Cstrong>Ultimate Member\u003C\u002Fstrong>\u003C\u002Fa> login form\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fultimate-member\u002F\" rel=\"ugc\">\u003Cstrong>Ultimate Member\u003C\u002Fstrong>\u003C\u002Fa> register form\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fultimate-member\u002F\" rel=\"ugc\">\u003Cstrong>Ultimate Member\u003C\u002Fstrong>\u003C\u002Fa> lostpassword form\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcontact-form-block\u002F\" rel=\"ugc\">\u003Cstrong>Contact Form Block\u003C\u002Fstrong>\u003C\u002Fa> Contact Form Block\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>more support forms comming soon…\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Option settings\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Verify API : \u003Cstrong>Google.com\u003C\u002Fstrong>\u002F\u003Cstrong>Recaptcha.net\u003C\u002Fstrong> \u003Cstrong>—Notice:—\u003C\u002Fstrong> Some country can not use Google verify API, that means Google verify API will not work, even using vpn. If google.com not work try use Recaptcha.net\u003C\u002Fli>\n\u003Cli>reCAPTCHA v2 (Checkbox)  Theme: \u003Cstrong>Light\u003C\u002Fstrong>\u002F\u003Cstrong>Dark\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>reCAPTCHA v2 (Invisible) Badge: \u003Cstrong>Bottom Right\u003C\u002Fstrong>\u002F\u003Cstrong>Bottom Left\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Custom reCAPTCHA Language\u003C\u002Fh4>\n\u003Ch4>Translation ready\u003C\u002Fh4>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cp>Reliance upon any non-English translation is at your own risk; TomS reCAPTCHA can give no guarantees that translations from the original English are accurate.\u003C\u002Fp>\n\u003Cp>We recognise and thank those mentioned at https:\u002F\u002Ftoms-caprice.org\u002Ftranslations for code and\u002For libraries used and\u002For modified under the terms of their open source licences.\u003C\u002Fp>\n","Integrated Google ReCaptcha for WordPress.Protect the login, register, lostpassword and comment forms. Support Woocommerce, Ultimate Member and more p &hellip;",600,16563,1,"2023-03-29T08:59:00.000Z","6.2.9","5.8","7.0",[97,98,99,100,82],"block-spam-comments","captcha","nocaptcha","recaptcha","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftoms-recaptcha","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftoms-recaptcha.1.2.0.zip",{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":111,"downloaded":112,"rating":58,"num_ratings":113,"last_updated":114,"tested_up_to":115,"requires_at_least":116,"requires_php":117,"tags":118,"homepage":122,"download_link":123,"security_score":25,"vuln_count":91,"unpatched_count":13,"last_vuln_date":124,"fetched_at":59},"vigilantor","VigilanTor","1.3.12","drew010","https:\u002F\u002Fprofiles.wordpress.org\u002Fdrew010\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.torproject.org\u002F\" title=\"Tor\" rel=\"nofollow ugc\">Tor\u003C\u002Fa> is an invaluable tool for protecting free-speech, privacy, and preventing surveillance but when abused it can protect the identity of malicious users and make tracking their activities more difficult.  “Hackers” might use Tor to run security scans on your website or spam websites with comments and fake registrations.\u003C\u002Fp>\n\u003Cp>The purpose of this plugin is to give you the power to block certain Tor activity from your WordPress site.\u003C\u002Fp>\n\u003Cp>Features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Block Tor users from registering on your site\u003C\u002Fli>\n\u003Cli>Allow Tor registrations, but flag them for review\u003C\u002Fli>\n\u003Cli>Block logins from Tor (useful for preventing brute force attacks and securing your admin panel)\u003C\u002Fli>\n\u003Cli>Block Tor users from posting comments to your site\u003C\u002Fli>\n\u003Cli>Block spammy pingbacks & trackbacks from Tor IP addresses\u003C\u002Fli>\n\u003Cli>Block Tor users from your entire WordPress site\u003C\u002Fli>\n\u003Cli>Permit access after solving a CAPTCHA (requires hCaptcha for WordPress plugin)\u003C\u002Fli>\n\u003Cli>Real-time blocking using the Tor DNS exit list service\u003C\u002Fli>\n\u003Cli>Near real time blocking using a cached blocklist which can be updated every 10 minutes or more\u003C\u002Fli>\n\u003Cli>Custom blocklist support.  Block IP addresses or host networks.\u003C\u002Fli>\n\u003Cli>Statistics to show how many Tor actions have been blocked by this plugin\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin is compatible with BuddyPress, the popular Login With Ajax plugin, and hCaptcha.\u003C\u002Fp>\n\u003Cp>If there is a feature missing that you would like, request it!\u003C\u002Fp>\n\u003Cp>If you opt to use the real-time blocking, each IP address looked up is cached for 5 minutes for efficiency.\u003C\u002Fp>\n\u003Cp>The Tor IP lists that are downloaded only contain “exit node” IP addresses so it is relatively small and the list is searched using a binary search so the plugin is very fast!\u003C\u002Fp>\n\u003Cp>This plugin also adds two shortcodes which can be used to display specific content to Tor or non-Tor users. Shortcode usage:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[tor_users]Hi, I see you're using Tor.  I support privacy and free-speech too! Visitors not using Tor will not see this message.[\u002Ftor_users]\n[non_tor_users]Defend yourself against tracking and surveillance. Circumvent censorship. Visit torproject.org to learn more. Visitors already using Tor will not see this message.[\u002Fnon_tor_users]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Support Tor\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Tor is a great thing.  If you agree, consider \u003Ca href=\"https:\u002F\u002Fwww.torproject.org\u002Fgetinvolved\u002Fvolunteer.html.en\" rel=\"nofollow ugc\">volunteering\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.torproject.org\u002Fdonate\u002Fdonate.html.en\" rel=\"nofollow ugc\">donating\u003C\u002Fa> to the Tor project, or expand the Tor network by \u003Ca href=\"https:\u002F\u002Fdrew-phillips.com\u002Ftor-nodes\u002F\" rel=\"nofollow ugc\">sponsoring a Tor relay\u003C\u002Fa> which will be maintained by the plugin author.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Support this plugin\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The author of this plugin values Tor as well as the security of your website.  Considerable effort went into the development of this plugin as well as the code and infrastructure that provides you with the up-to-date exit lists.\u003C\u002Fp>\n\u003Cp>You can support this plugin by installing it, rating it positively, \u003Ca href=\"https:\u002F\u002Fdrew-phillips.com\u002Fdonate\u002F\" title=\"Donating\" rel=\"nofollow ugc\">donating\u003C\u002Fa> to the author, or \u003Ca href=\"https:\u002F\u002Fdrew-phillips.com\u002Ftor-nodes\u002F\" rel=\"nofollow ugc\">sponsoring a Tor relay\u003C\u002Fa> which will be operated by the plugin developer in your honor.\u003C\u002Fp>\n","Add a layer of security to your WordPress site with the ability to block Tor users from commenting, registering, logging in and more.",400,11934,12,"2023-10-19T19:59:00.000Z","6.3.8","4.0","5.6",[21,119,22,120,121],"proxy","tor","tor-blocker","https:\u002F\u002Fdrew-phillips.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvigilantor.1.3.12.zip","2023-03-21 00:00:00",{"slug":126,"name":127,"version":128,"author":129,"author_profile":130,"description":131,"short_description":132,"active_installs":58,"downloaded":133,"rating":58,"num_ratings":91,"last_updated":134,"tested_up_to":135,"requires_at_least":17,"requires_php":17,"tags":136,"homepage":139,"download_link":140,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":59},"spam-ip-blocker","Spam IP Blocker","0.9.2","Aleksei Znaev","https:\u002F\u002Fprofiles.wordpress.org\u002Fznaeff\u002F","\u003Cp>This is a spam IP blocker. It is free. It marks any new comment as spam automatically when commenter’s IP exists in at least one of ‘.zen.spamhaus.org’ & ‘.bl.spamcop.net’.\u003Cbr \u002F>\nPlugin is based on public DNSBL class.\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fwww.phpclasses.org\u002Fpackage\u002F6994-PHP-Check-spam-IP-address-in-DNS-black-lists.html\" title=\"DNSBL class on PHPClasses.org\" rel=\"nofollow ugc\">Official page of DNSBL class on PHPClasses.org\u003C\u002Fa>\u003C\u002Fp>\n","Free spam IP blocker according to public DNSBL bases.",7789,"2011-06-27T07:32:00.000Z","3.1.4",[76,21,137,22,138],"dnsbl","spamhaus","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fspam-ip-blocker\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fspam-ip-blocker.0.9.2.zip",{"attackSurface":142,"codeSignals":389,"taintFlows":616,"riskAssessment":787,"analyzedAt":801},{"hooks":143,"ajaxHandlers":352,"restRoutes":380,"shortcodes":381,"cronEvents":382,"entryPointCount":388,"unprotectedCount":294},[144,150,155,159,162,166,170,174,178,181,184,189,193,197,201,204,208,211,215,218,222,227,230,234,238,242,246,249,252,255,259,263,267,270,273,275,278,280,283,287,289,292,296,300,304,307,311,313,316,318,320,322,324,328,330,334,338,342,345,348],{"type":145,"name":146,"callback":147,"file":148,"line":149},"action","template_redirect","admin_redirect_download_files","inc\\admin-page-class\\admin-page-class.php",209,{"type":151,"name":152,"callback":153,"file":148,"line":154},"filter","init","add_query_var_vars",210,{"type":145,"name":156,"callback":157,"file":148,"line":158},"admin_menu","AddMenuSubPage",274,{"type":145,"name":156,"callback":160,"file":148,"line":161},"AddMenuTopPage",278,{"type":151,"name":163,"callback":164,"priority":11,"file":148,"line":165},"attribute_escape","edit_insert_to_post_text",305,{"type":145,"name":167,"callback":168,"file":148,"line":169},"admin_print_styles","load_scripts_styles",376,{"type":145,"name":171,"callback":172,"file":148,"line":173},"post_edit_form_tag","add_enctype",1071,{"type":151,"name":175,"callback":176,"file":148,"line":177},"media_upload_gallery","insert_images",1086,{"type":151,"name":179,"callback":176,"file":148,"line":180},"media_upload_library",1087,{"type":151,"name":182,"callback":176,"file":148,"line":183},"media_upload_image",1088,{"type":145,"name":185,"callback":186,"file":187,"line":188},"ebk_prune_unsent_forms","prune_unsent_forms","inc\\cf7.php",15,{"type":145,"name":190,"callback":191,"file":187,"line":192},"wpcf7_before_send_mail","fire_change_messages",19,{"type":151,"name":194,"callback":195,"file":187,"line":196},"wpcf7_mail_components","save_form_components",20,{"type":151,"name":198,"callback":199,"priority":11,"file":187,"line":200},"wpcf7_validate_email","cf7_ban_check",21,{"type":151,"name":202,"callback":199,"priority":11,"file":187,"line":203},"wpcf7_validate_email*",22,{"type":145,"name":205,"callback":206,"file":187,"line":207},"wp_head","cf7_submit",27,{"type":151,"name":194,"callback":209,"file":187,"line":210},"get_form_com",28,{"type":151,"name":212,"callback":213,"file":187,"line":214},"wpcf7_validate","cf7_val_bypass",29,{"type":145,"name":216,"callback":217,"file":187,"line":32},"wpcf7_mail_sent","mailSent",{"type":151,"name":219,"callback":220,"priority":11,"file":187,"line":221},"wpcf7_display_message","change_form_messages",50,{"type":145,"name":223,"callback":224,"priority":196,"file":225,"line":226},"comment_post","ebk_do_comment_process","inc\\comment.php",14,{"type":145,"name":228,"callback":229,"file":225,"line":188},"ebk_prune_spam_comments_hook","ebk_prune_spam_comments",{"type":145,"name":231,"callback":232,"file":225,"line":233},"pre_comment_on_post","ebk_email_validator",16,{"type":145,"name":235,"callback":236,"file":225,"line":237},"pre_get_comments","check_comment_key",17,{"type":151,"name":239,"callback":240,"priority":11,"file":225,"line":241},"comment_row_actions","add_ban_link",18,{"type":145,"name":243,"callback":244,"priority":11,"file":245,"line":188},"user_profile_update_errors","ebk_prevent_email_change","inc\\profile.php",{"type":145,"name":247,"callback":248,"file":245,"line":233},"all_admin_notices","ebk_new_user_email_admin_notice",{"type":145,"name":250,"callback":251,"priority":11,"file":245,"line":196},"manage_users_custom_column","ebk_show_user_activation_column",{"type":151,"name":253,"callback":254,"file":245,"line":200},"manage_users_sortable_columns","user_sortable_columns",{"type":151,"name":256,"callback":257,"file":245,"line":258},"request","activation_status_column_orderby",23,{"type":151,"name":260,"callback":261,"file":245,"line":262},"manage_users_columns","ebk_add_user_activation_column",24,{"type":145,"name":264,"callback":265,"file":245,"line":266},"show_user_profile","ebk_add_custom_user_profile_fields",25,{"type":145,"name":268,"callback":265,"file":245,"line":269},"edit_user_profile",26,{"type":145,"name":271,"callback":272,"file":245,"line":207},"personal_options_update","ebk_save_custom_user_profile_fields",{"type":145,"name":274,"callback":272,"file":245,"line":210},"edit_user_profile_update",{"type":145,"name":205,"callback":276,"file":277,"line":192},"recaptcha_custom_script","inc\\recaptcha.php",{"type":145,"name":279,"callback":276,"file":277,"line":203},"login_head",{"type":145,"name":281,"callback":282,"file":277,"line":258},"login_form","ebk_add_recaptcha",{"type":151,"name":284,"callback":285,"priority":286,"file":277,"line":262},"authenticate","validate_login_recaptcha",2,{"type":145,"name":288,"callback":282,"priority":58,"file":277,"line":210},"register_form",{"type":151,"name":290,"callback":291,"priority":11,"file":277,"line":214},"registration_errors","validate_register_recaptcha",{"type":145,"name":231,"callback":293,"priority":294,"file":277,"line":295},"ebk_comments_recaptcha_validate",3,34,{"type":145,"name":297,"callback":298,"file":277,"line":299},"comment_form","ebk_comment_recaptcha",35,{"type":145,"name":288,"callback":301,"priority":286,"file":302,"line":303},"ebk_show_extra_register_fields","inc\\register.php",11,{"type":145,"name":305,"callback":306,"priority":11,"file":302,"line":113},"register_post","ebk_check_extra_register_fields",{"type":151,"name":308,"callback":309,"file":302,"line":310},"gettext","ebk_edit_password_email_text",13,{"type":151,"name":284,"callback":312,"priority":286,"file":302,"line":188},"check_activation_status",{"type":151,"name":314,"callback":315,"file":302,"line":233},"login_messages","ebk_activation_message",{"type":145,"name":279,"callback":317,"file":302,"line":237},"ebk_email",{"type":145,"name":319,"callback":319,"file":302,"line":196},"login_enqueue_scripts",{"type":151,"name":290,"callback":321,"priority":11,"file":302,"line":258},"ebk_validate_ban_info",{"type":145,"name":323,"callback":323,"file":302,"line":262},"ebk_prune_unverifyed_users",{"type":151,"name":325,"callback":326,"file":302,"line":327},"login_message","anonymous",63,{"type":151,"name":325,"callback":326,"file":302,"line":329},65,{"type":145,"name":331,"callback":332,"file":333,"line":203},"plugins_loaded","ebk_init","init.php",{"type":151,"name":335,"callback":336,"file":333,"line":337},"cron_schedules","ebk_add_weekly",110,{"type":151,"name":339,"callback":340,"priority":11,"file":333,"line":341},"plugin_row_meta","ebk_plugin_meta_links",128,{"type":145,"name":319,"callback":343,"file":333,"line":344},"ebk_front_scripts",141,{"type":145,"name":346,"callback":343,"file":333,"line":347},"wp_enqueue_scripts",142,{"type":145,"name":349,"callback":350,"file":333,"line":351},"admin_enqueue_scripts","ebk_admin_scripts",162,[353,359,363,367,371,374,377,379],{"action":354,"nopriv":355,"callback":356,"hasNonce":357,"hasCapCheck":355,"file":148,"line":358},"apc_delete_mupload",false,"wp_ajax_delete_image",true,308,{"action":360,"nopriv":355,"callback":361,"hasNonce":357,"hasCapCheck":355,"file":148,"line":362},"plupload_action","Handle_plupload_action",314,{"action":364,"nopriv":355,"callback":365,"hasNonce":355,"hasCapCheck":355,"file":148,"line":366},"at_delete_file","delete_file",1091,{"action":368,"nopriv":355,"callback":369,"hasNonce":357,"hasCapCheck":355,"file":148,"line":370},"at_reorder_images","reorder_images",1092,{"action":372,"nopriv":355,"callback":356,"hasNonce":357,"hasCapCheck":355,"file":148,"line":373},"at_delete_mupload",1094,{"action":375,"nopriv":355,"callback":376,"hasNonce":357,"hasCapCheck":355,"file":225,"line":192},"bancomment","wp_ajax_bancomment",{"action":378,"nopriv":355,"callback":378,"hasNonce":355,"hasCapCheck":355,"file":302,"line":241},"ebk_resend_activation",{"action":378,"nopriv":357,"callback":378,"hasNonce":355,"hasCapCheck":355,"file":302,"line":192},[],[],[383,385,386],{"hook":228,"callback":228,"file":333,"line":384},80,{"hook":323,"callback":323,"file":333,"line":33},{"hook":185,"callback":185,"file":333,"line":387},88,8,{"dangerousFunctions":390,"sqlUsage":403,"outputEscaping":412,"fileOperations":91,"externalRequests":91,"nonceChecks":611,"capabilityChecks":294,"bundledLibraries":612},[391,395,398,401],{"fn":392,"file":148,"line":393,"context":394},"unserialize",3147,"$fontArray = unserialize( $fontsSeraliazed );",{"fn":392,"file":148,"line":396,"context":397},3321,"$import_code = unserialize($import_code);",{"fn":399,"file":302,"line":327,"context":400},"create_function","add_filter('login_message', create_function('$message','return \"\u003Cdiv class=\\\"message\\\">Your account ",{"fn":399,"file":302,"line":329,"context":402},"add_filter('login_message', create_function('$message','return \"\u003Cdiv id=\\\"login_error\\\">\u003Cstrong>ERRO",{"prepared":113,"raw":294,"locations":404},[405,408,410],{"file":187,"line":406,"context":407},37,"$wpdb->query() with variable interpolation",{"file":225,"line":337,"context":409},"$wpdb->get_results() with variable interpolation",{"file":302,"line":411,"context":409},139,{"escaped":203,"rawEcho":413,"locations":414},99,[415,418,420,422,424,426,428,430,432,434,436,438,440,442,444,446,448,450,452,454,456,458,460,462,464,466,468,470,472,474,476,478,480,482,484,486,488,490,492,494,496,498,500,502,504,506,508,510,512,514,516,518,520,522,524,526,528,530,532,534,536,538,540,542,544,546,548,550,552,554,556,558,560,562,564,566,568,570,572,574,576,578,580,582,584,586,588,590,592,594,596,598,600,602,603,605,606,607,609],{"file":148,"line":416,"context":417},413,"raw output",{"file":148,"line":419,"context":417},481,{"file":148,"line":421,"context":417},663,{"file":148,"line":423,"context":417},666,{"file":148,"line":425,"context":417},667,{"file":148,"line":427,"context":417},683,{"file":148,"line":429,"context":417},717,{"file":148,"line":431,"context":417},719,{"file":148,"line":433,"context":417},733,{"file":148,"line":435,"context":417},739,{"file":148,"line":437,"context":417},743,{"file":148,"line":439,"context":417},746,{"file":148,"line":441,"context":417},749,{"file":148,"line":443,"context":417},766,{"file":148,"line":445,"context":417},1236,{"file":148,"line":447,"context":417},1239,{"file":148,"line":449,"context":417},1387,{"file":148,"line":451,"context":417},1399,{"file":148,"line":453,"context":417},1433,{"file":148,"line":455,"context":417},1440,{"file":148,"line":457,"context":417},1444,{"file":148,"line":459,"context":417},1452,{"file":148,"line":461,"context":417},1456,{"file":148,"line":463,"context":417},1484,{"file":148,"line":465,"context":417},1489,{"file":148,"line":467,"context":417},1494,{"file":148,"line":469,"context":417},1538,{"file":148,"line":471,"context":417},1544,{"file":148,"line":473,"context":417},1557,{"file":148,"line":475,"context":417},1590,{"file":148,"line":477,"context":417},1604,{"file":148,"line":479,"context":417},1639,{"file":148,"line":481,"context":417},1654,{"file":148,"line":483,"context":417},1668,{"file":148,"line":485,"context":417},1679,{"file":148,"line":487,"context":417},1692,{"file":148,"line":489,"context":417},1710,{"file":148,"line":491,"context":417},1712,{"file":148,"line":493,"context":417},1733,{"file":148,"line":495,"context":417},1750,{"file":148,"line":497,"context":417},1769,{"file":148,"line":499,"context":417},1773,{"file":148,"line":501,"context":417},1805,{"file":148,"line":503,"context":417},1829,{"file":148,"line":505,"context":417},1833,{"file":148,"line":507,"context":417},1837,{"file":148,"line":509,"context":417},1844,{"file":148,"line":511,"context":417},1848,{"file":148,"line":513,"context":417},1850,{"file":148,"line":515,"context":417},1877,{"file":148,"line":517,"context":417},1910,{"file":148,"line":519,"context":417},1989,{"file":148,"line":521,"context":417},2008,{"file":148,"line":523,"context":417},2010,{"file":148,"line":525,"context":417},2011,{"file":148,"line":527,"context":417},2012,{"file":148,"line":529,"context":417},2039,{"file":148,"line":531,"context":417},2055,{"file":148,"line":533,"context":417},2069,{"file":148,"line":535,"context":417},2093,{"file":148,"line":537,"context":417},2095,{"file":148,"line":539,"context":417},2100,{"file":148,"line":541,"context":417},2102,{"file":148,"line":543,"context":417},2132,{"file":148,"line":545,"context":417},2134,{"file":148,"line":547,"context":417},2139,{"file":148,"line":549,"context":417},2141,{"file":148,"line":551,"context":417},2173,{"file":148,"line":553,"context":417},2175,{"file":148,"line":555,"context":417},2179,{"file":148,"line":557,"context":417},2183,{"file":148,"line":559,"context":417},2185,{"file":148,"line":561,"context":417},3265,{"file":148,"line":563,"context":417},3283,{"file":148,"line":565,"context":417},3295,{"file":148,"line":567,"context":417},3314,{"file":148,"line":569,"context":417},3330,{"file":148,"line":571,"context":417},3359,{"file":148,"line":573,"context":417},3372,{"file":148,"line":575,"context":417},3404,{"file":148,"line":577,"context":417},3460,{"file":148,"line":579,"context":417},3462,{"file":148,"line":581,"context":417},3464,{"file":245,"line":583,"context":417},67,{"file":277,"line":585,"context":417},40,{"file":277,"line":587,"context":417},51,{"file":277,"line":589,"context":417},68,{"file":277,"line":591,"context":417},70,{"file":277,"line":593,"context":417},71,{"file":277,"line":595,"context":417},75,{"file":277,"line":597,"context":417},76,{"file":277,"line":599,"context":417},77,{"file":277,"line":601,"context":417},79,{"file":277,"line":33,"context":417},{"file":277,"line":604,"context":417},87,{"file":302,"line":295,"context":417},{"file":302,"line":585,"context":417},{"file":302,"line":608,"context":417},45,{"file":302,"line":610,"context":417},52,9,[613],{"name":614,"version":26,"knownCves":615},"Select2",[],[617,635,643,663,681,691,700,711,735],{"entryPoint":618,"graph":619,"unsanitizedCount":91,"severity":634},"redirect (inc\\cf7.php:41)",{"nodes":620,"edges":632},[621,626],{"id":622,"type":623,"label":624,"file":187,"line":625},"n0","source","$_SERVER",42,{"id":627,"type":628,"label":629,"file":187,"line":630,"wp_function":631},"n1","sink","wp_redirect() [Open Redirect]",44,"wp_redirect",[633],{"from":622,"to":627,"sanitized":355},"medium",{"entryPoint":636,"graph":637,"unsanitizedCount":91,"severity":634},"\u003Ccf7> (inc\\cf7.php:0)",{"nodes":638,"edges":641},[639,640],{"id":622,"type":623,"label":624,"file":187,"line":625},{"id":627,"type":628,"label":629,"file":187,"line":630,"wp_function":631},[642],{"from":622,"to":627,"sanitized":355},{"entryPoint":644,"graph":645,"unsanitizedCount":13,"severity":662},"import (inc\\admin-page-class\\admin-page-class.php:3309)",{"nodes":646,"edges":659},[647,650,652,654],{"id":622,"type":623,"label":648,"file":148,"line":649},"$_POST",3317,{"id":627,"type":628,"label":651,"file":148,"line":396,"wp_function":392},"unserialize() [Object Injection]",{"id":653,"type":623,"label":648,"file":148,"line":649},"n2",{"id":655,"type":628,"label":656,"file":148,"line":657,"wp_function":658},"n3","update_option() [Settings Manipulation]",3323,"update_option",[660,661],{"from":622,"to":627,"sanitized":357},{"from":653,"to":655,"sanitized":357},"low",{"entryPoint":664,"graph":665,"unsanitizedCount":13,"severity":662},"download_file (inc\\admin-page-class\\admin-page-class.php:3336)",{"nodes":666,"edges":678},[667,670,674,675],{"id":622,"type":623,"label":668,"file":148,"line":669},"$_REQUEST",3341,{"id":627,"type":628,"label":671,"file":148,"line":672,"wp_function":673},"header() [Header Injection]",3356,"header",{"id":653,"type":623,"label":668,"file":148,"line":669},{"id":655,"type":628,"label":676,"file":148,"line":571,"wp_function":677},"echo() [XSS]","echo",[679,680],{"from":622,"to":627,"sanitized":357},{"from":653,"to":655,"sanitized":357},{"entryPoint":682,"graph":683,"unsanitizedCount":13,"severity":662},"Handle_plupload_action (inc\\admin-page-class\\admin-page-class.php:3395)",{"nodes":684,"edges":689},[685,688],{"id":622,"type":623,"label":686,"file":148,"line":687},"$_FILES",3401,{"id":627,"type":628,"label":676,"file":148,"line":575,"wp_function":677},[690],{"from":622,"to":627,"sanitized":357},{"entryPoint":692,"graph":693,"unsanitizedCount":13,"severity":662},"wp_ajax_bancomment (inc\\comment.php:22)",{"nodes":694,"edges":698},[695,696],{"id":622,"type":623,"label":648,"file":225,"line":406},{"id":627,"type":628,"label":629,"file":225,"line":697,"wp_function":631},39,[699],{"from":622,"to":627,"sanitized":357},{"entryPoint":701,"graph":702,"unsanitizedCount":13,"severity":662},"\u003Ccomment> (inc\\comment.php:0)",{"nodes":703,"edges":708},[704,705,706,707],{"id":622,"type":623,"label":648,"file":225,"line":406},{"id":627,"type":628,"label":629,"file":225,"line":697,"wp_function":631},{"id":653,"type":623,"label":668,"file":225,"line":262},{"id":655,"type":628,"label":629,"file":225,"line":589,"wp_function":631},[709,710],{"from":622,"to":627,"sanitized":357},{"from":653,"to":655,"sanitized":357},{"entryPoint":712,"graph":713,"unsanitizedCount":91,"severity":734},"save (inc\\admin-page-class\\admin-page-class.php:2200)",{"nodes":714,"edges":730},[715,718,722,724,727],{"id":622,"type":623,"label":716,"file":148,"line":717},"$_POST (x2)",2220,{"id":627,"type":628,"label":719,"file":148,"line":720,"wp_function":721},"call_user_func() [RCE]",2227,"call_user_func",{"id":653,"type":623,"label":648,"file":148,"line":723},2232,{"id":655,"type":725,"label":726,"file":148,"line":723},"transform","→ validate_field()",{"id":728,"type":628,"label":719,"file":148,"line":729,"wp_function":721},"n4",3439,[731,732,733],{"from":622,"to":627,"sanitized":357},{"from":653,"to":655,"sanitized":355},{"from":655,"to":728,"sanitized":355},"high",{"entryPoint":736,"graph":737,"unsanitizedCount":91,"severity":734},"\u003Cadmin-page-class> (inc\\admin-page-class\\admin-page-class.php:0)",{"nodes":738,"edges":776},[739,742,744,746,747,748,750,752,754,756,758,760,762,764,766,768,770,772,774],{"id":622,"type":623,"label":740,"file":148,"line":741},"$_GET (x3)",1184,{"id":627,"type":628,"label":719,"file":148,"line":743,"wp_function":721},1422,{"id":653,"type":623,"label":745,"file":148,"line":741},"$_GET (x5)",{"id":655,"type":628,"label":676,"file":148,"line":479,"wp_function":677},{"id":728,"type":623,"label":716,"file":148,"line":717},{"id":749,"type":628,"label":719,"file":148,"line":720,"wp_function":721},"n5",{"id":751,"type":623,"label":648,"file":148,"line":649},"n6",{"id":753,"type":628,"label":651,"file":148,"line":396,"wp_function":392},"n7",{"id":755,"type":623,"label":648,"file":148,"line":649},"n8",{"id":757,"type":628,"label":656,"file":148,"line":657,"wp_function":658},"n9",{"id":759,"type":623,"label":668,"file":148,"line":669},"n10",{"id":761,"type":628,"label":671,"file":148,"line":672,"wp_function":673},"n11",{"id":763,"type":623,"label":668,"file":148,"line":669},"n12",{"id":765,"type":628,"label":676,"file":148,"line":571,"wp_function":677},"n13",{"id":767,"type":623,"label":686,"file":148,"line":687},"n14",{"id":769,"type":628,"label":676,"file":148,"line":575,"wp_function":677},"n15",{"id":771,"type":623,"label":648,"file":148,"line":723},"n16",{"id":773,"type":725,"label":726,"file":148,"line":723},"n17",{"id":775,"type":628,"label":719,"file":148,"line":729,"wp_function":721},"n18",[777,778,779,780,781,782,783,784,785,786],{"from":622,"to":627,"sanitized":357},{"from":653,"to":655,"sanitized":357},{"from":728,"to":749,"sanitized":357},{"from":751,"to":753,"sanitized":357},{"from":755,"to":757,"sanitized":357},{"from":759,"to":761,"sanitized":357},{"from":763,"to":765,"sanitized":357},{"from":767,"to":769,"sanitized":357},{"from":771,"to":773,"sanitized":355},{"from":773,"to":775,"sanitized":355},{"summary":788,"deductions":789},"The \"wasp-anti-spam\" v1.1 plugin exhibits a mixed security posture. While it has no recorded historical vulnerabilities and uses prepared statements for a majority of its SQL queries, significant concerns arise from its static analysis. The presence of dangerous functions like `unserialize` and `create_function` is a notable weakness. Furthermore, a substantial portion of its AJAX handlers lack authentication checks, representing a direct attack vector. The taint analysis reveals flows with unsanitized paths, including two identified as high severity, which strongly suggests potential for exploitation if these flows are triggered with malicious input. The low percentage of properly escaped output also indicates a risk of Cross-Site Scripting (XSS) vulnerabilities.\n\nDespite the absence of known CVEs, the identified code signals and taint analysis findings point to inherent risks within the plugin's current version. The reliance on potentially unsafe functions and the lack of robust input validation on key entry points are critical areas of concern. While the plugin demonstrates some good practices, these are overshadowed by the critical vulnerabilities identified in the static and taint analyses. It is strongly recommended that these issues be addressed to improve the plugin's overall security.",[790,792,794,796,798],{"reason":791,"points":188},"AJAX handlers without auth checks",{"reason":793,"points":188},"Dangerous functions: unserialize, create_function",{"reason":795,"points":113},"High severity taint flows",{"reason":797,"points":11},"Low percentage of properly escaped output",{"reason":799,"points":800},"Flows with unsanitized paths",5,"2026-03-16T23:38:21.926Z",{"wat":803,"direct":820},{"assetPaths":804,"generatorPatterns":811,"scriptPaths":812,"versionParams":813},[805,806,807,808,809,810],"\u002Fwp-content\u002Fplugins\u002Fwasp-anti-spam\u002Fjs\u002Fscript.js","\u002Fwp-content\u002Fplugins\u002Fwasp-anti-spam\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fwasp-anti-spam\u002Fjs\u002Fjquery.qtip.min.js","\u002Fwp-content\u002Fplugins\u002Fwasp-anti-spam\u002Fjs\u002Fadmin.tooltip.js","\u002Fwp-content\u002Fplugins\u002Fwasp-anti-spam\u002Fcss\u002Fjquery.qtip.min.css","\u002Fwp-content\u002Fplugins\u002Fwasp-anti-spam\u002Fcss\u002Fadmin.style.css",[],[805,807,808],[814,815,816,817,818,819],"wasp-anti-spam\u002Fjs\u002Fscript.js?ver=","wasp-anti-spam\u002Fcss\u002Fstyle.css?ver=","wasp-anti-spam\u002Fjs\u002Fjquery.qtip.min.js?ver=","wasp-anti-spam\u002Fjs\u002Fadmin.tooltip.js?ver=","wasp-anti-spam\u002Fcss\u002Fjquery.qtip.min.css?ver=","wasp-anti-spam\u002Fcss\u002Fadmin.style.css?ver=",{"cssClasses":821,"htmlComments":823,"htmlAttributes":824,"restEndpoints":825,"jsGlobals":826,"shortcodeOutput":829},[822],"wasp-anti-spam-admin-page",[],[],[],[827,828],"ebkajax","ebkL10n",[]]