WP-Safety

Blacklist Manager – WooCommerce Anti-Fraud & Checkout Verification & Spam Prevention Security & Risk Analysis

wordpress.org/plugins/wc-blacklist-manager

Anti-fraud, checkout verification and spam prevention plugin for WooCommerce and WordPress forms.

2K active installs v2.1.8 PHP 7.4+ WP 6.3+ Updated Feb 28, 2026
blacklist-customersfraud-preventionprevent-fake-ordersspam-preventionwoocommerce-anti-fraud
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Blacklist Manager – WooCommerce Anti-Fraud & Checkout Verification & Spam Prevention Safe to Use in 2026?

Generally Safe

Score 100/100

Blacklist Manager – WooCommerce Anti-Fraud & Checkout Verification & Spam Prevention has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The wc-blacklist-manager plugin v2.1.8 exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL query sanitization, with 93% using prepared statements, and a substantial number of nonce and capability checks, indicating an effort to secure certain operations. The plugin also has no recorded vulnerability history, which suggests a degree of stability and potentially good security practices over time. However, significant concerns arise from its attack surface and taint analysis. The presence of four unprotected entry points (two AJAX handlers and two REST API routes without permission callbacks) presents a clear vulnerability to unauthorized access and potential manipulation. Furthermore, the taint analysis revealing 14 high-severity flows with unsanitized paths is a critical finding. These unsanitized paths, especially when combined with unprotected entry points, strongly suggest the potential for code injection, cross-site scripting (XSS), or other severe vulnerabilities, despite the absence of publicly known CVEs. The moderate percentage of properly escaped output (63%) also introduces a risk of XSS attacks.

Key Concerns

  • Unprotected AJAX handlers
  • Unprotected REST API routes
  • High severity unsanitized taint flows
  • Moderate output escaping percentage
Vulnerabilities
None known

Blacklist Manager – WooCommerce Anti-Fraud & Checkout Verification & Spam Prevention Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Blacklist Manager – WooCommerce Anti-Fraud & Checkout Verification & Spam Prevention Code Analysis

Dangerous Functions
0
Raw SQL Queries
11
148 prepared
Unescaped Output
639
1096 escaped
Nonce Checks
31
Capability Checks
45
File Operations
13
External Requests
12
Bundled Libraries
0

SQL Query Safety

93% prepared159 total queries

Output Escaping

63% escaped1735 total outputs
Data Flows
18 unsanitized

Data Flow Analysis

25 flows18 with unsanitized paths
init (inc\cores\api\yogb\yogb-register.php:21)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Blacklist Manager – WooCommerce Anti-Fraud & Checkout Verification & Spam Prevention Attack Surface

Entry Points24
Unprotected4

AJAX Handlers 20

authwp_ajax_check_user_blocked_statusinc\backend\actions\settings-blocking-user.php:26
authwp_ajax_verify_email_codeinc\backend\actions\verifications-email.php:31
noprivwp_ajax_verify_email_codeinc\backend\actions\verifications-email.php:32
authwp_ajax_resend_verification_codeinc\backend\actions\verifications-email.php:34
noprivwp_ajax_resend_verification_codeinc\backend\actions\verifications-email.php:35
authwp_ajax_verify_phone_codeinc\backend\actions\verifications-phone.php:33
noprivwp_ajax_verify_phone_codeinc\backend\actions\verifications-phone.php:34
authwp_ajax_resend_phone_verification_codeinc\backend\actions\verifications-phone.php:36
noprivwp_ajax_resend_phone_verification_codeinc\backend\actions\verifications-phone.php:37
authwp_ajax_check_sms_verification_statusinc\backend\actions\verifications-phone.php:39
noprivwp_ajax_check_sms_verification_statusinc\backend\actions\verifications-phone.php:40
authwp_ajax_add_to_blacklistinc\backend\order-action-button.php:15
authwp_ajax_block_customerinc\backend\order-action-button.php:16
authwp_ajax_generate_sms_keyinc\backend\verifications.php:18
noprivwp_ajax_yogb_bm_challengeinc\cores\api\yogb\yogb-register.php:32
authwp_ajax_never_show_wc_blacklist_manager_noticeinc\cores\notices.php:11
authwp_ajax_dismiss_first_time_noticeinc\cores\notices.php:12
authwp_ajax_dismiss_ads_noticeinc\cores\notices.php:13
authwp_ajax_dismiss_gbd_limit_noticeinc\cores\notices.php:14
authwp_ajax_notice_suggest_enable_captchainc\cores\notices.php:357

REST API Routes 4

POST/wp-json/yoohw/v1/noticeinc\backend\yoohw-news.php:120
POST/wp-json/yoohw-sms/v1/update-sms-quotainc\cores\api\sms\sms-quota.php:14
GET/wp-json/blacklist/v1/challenge/(?P<id>[a-f0-9\-]{32,36})inc\cores\api\yogb\yogb-register.php:24
POST/wp-json/blacklist/v1/tier-webhookinc\cores\api\yogb\yogb-tier.php:13
WordPress Hooks 122
filterwpcf7_validate_email*inc\backend\actions\form\contact-form-7.php:34
filterwpcf7_validate_emailinc\backend\actions\form\contact-form-7.php:35
filterwpcf7_validate_tel*inc\backend\actions\form\contact-form-7.php:36
filterwpcf7_validate_telinc\backend\actions\form\contact-form-7.php:37
filterwpcf7_skip_mailinc\backend\actions\form\contact-form-7.php:40
filterwpcf7_skip_mailinc\backend\actions\form\contact-form-7.php:41
filterwpcf7_feedback_responseinc\backend\actions\form\contact-form-7.php:45
actionwpcf7_submitinc\backend\actions\form\contact-form-7.php:46
filtergform_validationinc\backend\actions\form\gravity-forms.php:23
filtergform_validation_messageinc\backend\actions\form\gravity-forms.php:25
actionwpforms_processinc\backend\actions\form\wp-forms.php:30
actionwoocommerce_checkout_processinc\backend\actions\settings-blocking-domain.php:11
actionwoocommerce_store_api_checkout_order_processedinc\backend\actions\settings-blocking-domain.php:12
filterregistration_errorsinc\backend\actions\settings-blocking-domain.php:13
filterwoocommerce_registration_errorsinc\backend\actions\settings-blocking-domain.php:14
filterpreprocess_commentinc\backend\actions\settings-blocking-domain.php:15
actionwoocommerce_checkout_processinc\backend\actions\settings-blocking-ip.php:11
actionwoocommerce_store_api_checkout_order_processedinc\backend\actions\settings-blocking-ip.php:12
filterregistration_errorsinc\backend\actions\settings-blocking-ip.php:13
filterwoocommerce_registration_errorsinc\backend\actions\settings-blocking-ip.php:14
filterpreprocess_commentinc\backend\actions\settings-blocking-ip.php:15
actionwp_logininc\backend\actions\settings-blocking-user.php:20
actioninitinc\backend\actions\settings-blocking-user.php:21
actionwp_enqueue_scriptsinc\backend\actions\settings-blocking-user.php:22
actionedit_user_profileinc\backend\actions\settings-blocking-user.php:23
actionedit_user_profile_updateinc\backend\actions\settings-blocking-user.php:24
actionadmin_headinc\backend\actions\settings-blocking-user.php:25
actionadmin_noticesinc\backend\actions\settings-blocking-user.php:156
actionwoocommerce_checkout_processinc\backend\actions\settings-blocklist.php:9
actionwoocommerce_store_api_checkout_order_processedinc\backend\actions\settings-blocklist.php:10
filterregistration_errorsinc\backend\actions\settings-blocklist.php:11
filterwoocommerce_registration_errorsinc\backend\actions\settings-blocklist.php:12
actionwoocommerce_order_status_changedinc\backend\actions\settings-blocklist.php:13
actionwc_blacklist_delayed_order_cancelinc\backend\actions\settings-blocklist.php:14
filterpreprocess_commentinc\backend\actions\settings-blocklist.php:15
actionwoocommerce_checkout_order_processedinc\backend\actions\settings-suspects.php:9
actionwoocommerce_store_api_checkout_order_processedinc\backend\actions\settings-suspects.php:10
actionwc_blacklist_check_and_notifyinc\backend\actions\settings-suspects.php:12
actionshutdowninc\backend\actions\sub\send-email.php:163
actionshutdowninc\backend\actions\sub\send-email.php:285
actionshutdowninc\backend\actions\sub\send-email.php:377
actionshutdowninc\backend\actions\sub\send-email.php:468
actionshutdowninc\backend\actions\sub\send-email.php:553
actioninitinc\backend\actions\verifications-email.php:28
actionwp_enqueue_scriptsinc\backend\actions\verifications-email.php:29
actionwoocommerce_checkout_processinc\backend\actions\verifications-email.php:30
actionwoocommerce_checkout_update_order_metainc\backend\actions\verifications-email.php:33
actionwc_blacklist_manager_cleanup_verification_codeinc\backend\actions\verifications-email.php:36
actioninitinc\backend\actions\verifications-email.php:38
actionwp_enqueue_scriptsinc\backend\actions\verifications-phone.php:31
actionwoocommerce_checkout_processinc\backend\actions\verifications-phone.php:32
actionwoocommerce_checkout_update_order_metainc\backend\actions\verifications-phone.php:35
actionwc_blacklist_manager_cleanup_verification_codeinc\backend\actions\verifications-phone.php:38
actionyoohw_sms_verification_failedinc\backend\actions\verifications-phone.php:41
actioninitinc\backend\actions\verifications-phone.php:43
actionwoocommerce_checkout_order_processedinc\backend\actions\yogb-check-orders.php:67
actionwoocommerce_store_api_checkout_order_processedinc\backend\actions\yogb-check-orders.php:74
actionyogb_gbl_run_check_asyncinc\backend\actions\yogb-check-orders.php:82
actionwoocommerce_after_checkout_validationinc\backend\actions\yogb-check-orders.php:91
actionwoocommerce_store_api_checkout_update_order_metainc\backend\actions\yogb-check-orders.php:98
actionadmin_menuinc\backend\activity.php:11
actionadmin_menuinc\backend\dashboard.php:24
actionadmin_post_enable_global_blacklistinc\backend\dashboard.php:25
actionadmin_post_handle_bulk_actioninc\backend\dashboard.php:26
actionadmin_post_handle_bulk_action_addressinc\backend\dashboard.php:27
actionadmin_post_add_ip_address_actioninc\backend\dashboard.php:28
actionadmin_post_add_address_actioninc\backend\dashboard.php:29
actionadmin_post_add_domain_actioninc\backend\dashboard.php:30
actionadmin_post_add_suspect_actioninc\backend\dashboard.php:31
actionadmin_enqueue_scriptsinc\backend\dashboard.php:1206
actionadmin_footerinc\backend\dashboard.php:1209
actioninitinc\backend\notifications.php:27
actionadmin_menuinc\backend\notifications.php:28
actionadmin_enqueue_scriptsinc\backend\order-action-button.php:13
actionwoocommerce_admin_order_data_after_billing_addressinc\backend\order-action-button.php:14
actionwoocommerce_admin_order_data_after_payment_infoinc\backend\order-action-button.php:17
actionadd_meta_boxesinc\backend\order-risk-score.php:13
actionadmin_menuinc\backend\settings.php:10
actioninitinc\backend\verifications.php:16
actionadmin_menuinc\backend\verifications.php:17
actionadmin_post_refresh_merginginc\backend\verifications.php:19
actionadmin_enqueue_scriptsinc\backend\verifications.php:390
actionadmin_menuinc\backend\yoohw-dashboard.php:19
actionadmin_menuinc\backend\yoohw-license.php:17
actionadmin_menuinc\backend\yoohw-license.php:19
actionyoohw_license_manager_contentinc\backend\yoohw-license.php:64
actionadmin_initinc\backend\yoohw-license.php:65
actionadmin_menuinc\backend\yoohw-news.php:25
actionrest_api_initinc\backend\yoohw-news.php:26
actionadmin_noticesinc\backend\yoohw-news.php:27
actionadmin_initinc\backend\yoohw-news.php:28
actionadmin_initinc\backend\yoohw-news.php:29
actionadmin_menuinc\backend\yoohw-settings.php:15
actionyoohw_settings_contentinc\backend\yoohw-settings.php:56
actionadmin_initinc\backend\yoohw-settings.php:57
actionadmin_initinc\cores\activation.php:34
actionrest_api_initinc\cores\api\sms\sms-quota.php:10
actionrest_api_initinc\cores\api\yogb\yogb-register.php:23
actiontemplate_redirectinc\cores\api\yogb\yogb-register.php:64
filterrest_authentication_errorsinc\cores\api\yogb\yogb-register.php:100
actionadmin_initinc\cores\api\yogb\yogb-register.php:115
actionupdated_optioninc\cores\api\yogb\yogb-register.php:120
actionwc_bm_run_registrationinc\cores\api\yogb\yogb-register.php:130
actionadmin_post_yogb_bm_retry_registrationinc\cores\api\yogb\yogb-register.php:133
actionadmin_noticesinc\cores\api\yogb\yogb-register.php:136
actionadmin_noticesinc\cores\api\yogb\yogb-register.php:509
actionrest_api_initinc\cores\api\yogb\yogb-tier.php:9
actionadmin_enqueue_scriptsinc\cores\backend.php:9
actionadmin_noticesinc\cores\backend.php:20
actionadmin_enqueue_scriptsinc\cores\backend.php:27
actionadmin_initinc\cores\database.php:21
filterwp_mail_frominc\cores\helper\yoohw-debug-log-email.php:62
filterwp_mail_from_nameinc\cores\helper\yoohw-debug-log-email.php:63
actionphpmailer_initinc\cores\helper\yoohw-debug-log-email.php:69
actionadmin_noticesinc\cores\helper\yoohw-debug-log-email.php:94
actionhttp_api_debuginc\cores\helper\yoohw-http-debug.php:34
actionadmin_noticesinc\cores\notices.php:10
actionadmin_enqueue_scriptsinc\cores\notices.php:15
actionwoocommerce_order_status_failedinc\cores\notices.php:352
actionadmin_noticesinc\cores\notices.php:354
actionadmin_enqueue_scriptsinc\cores\notices.php:355
actionplugins_loadedinc\cores\notices.php:588

Scheduled Events 20

wc_blacklist_delayed_order_cancel
wc_blacklist_manager_cleanup_verification_code
wc_blacklist_manager_cleanup_verification_code
wc_blacklist_connection_send_to_subsite
wc_blacklist_connection_update_to_subsite
wc_blacklist_connection_update_to_hostsite
wc_blacklist_connection_remove_to_subsite
wc_blacklist_connection_remove_to_subsite
wc_blacklist_connection_send_to_subsite
wc_blacklist_connection_remove_to_subsite
wc_blacklist_connection_send_to_subsite
wc_blacklist_connection_send_to_hostsite
wc_blacklist_connection_send_to_subsite
wc_blacklist_connection_send_to_hostsite
wc_blacklist_connection_update_to_subsite
wc_blacklist_connection_update_to_hostsite
wc_blacklist_connection_send_to_subsite
wc_blacklist_connection_send_to_hostsite
wc_blacklist_connection_send_to_subsite
wc_blacklist_connection_send_to_hostsite
Maintenance & Trust

Blacklist Manager – WooCommerce Anti-Fraud & Checkout Verification & Spam Prevention Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 28, 2026
PHP min version7.4
Downloads48K

Community Trust

Rating80/100
Number of ratings12
Active installs2K
Alternatives

Blacklist Manager – WooCommerce Anti-Fraud & Checkout Verification & Spam Prevention Alternatives

Fraud Prevention For WooCommerce and EDD

Fraud Prevention For WooCommerce and EDD

woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers

A
98

It will Prevent fake orders and Blacklist fraud customers of your store.

5K 2 CVEs
Autentify anti fraud for WooCommerce

Autentify anti fraud for WooCommerce

autentify-anti-fraud-for-woocommerce

A
92

AUTENTIFY é uma plataforma de prevenção a fraude em tempo real que ajuda comerciantes de todos os tamanhos na tomada de decisão.

10 No CVEs
Critical.net – Fraud Detector and Chargeback Prevention Solution

Critical.net – Fraud Detector and Chargeback Prevention Solution

critical-net-fraud-prevention

A
92

We offer fraud detection, prevention solutions and data automation strategies. Critical.net protects your WooCommerce store from any suspicious or fra &hellip;

10 No CVEs
Spam Protect for Contact Form 7

Spam Protect for Contact Form 7

wp-contact-form-7-spam-blocker

A
100

Spam Protect for Contact-Form7 protects from spam and bots. Customize defense strategies and monitor blocked attempts. Protect your time effectively!

10K No CVEs
FraudLabs Pro for WooCommerce

FraudLabs Pro for WooCommerce

fraudlabs-pro-for-woocommerce

A
98

Fraud prevention plugin for WooCommerce to minimize payment fraud and avoid chargebacks. With the FraudLabs Pro Micro Plan, you can get 500 free fraud &hellip;

1K 2 CVEs
Developer Profile

Blacklist Manager – WooCommerce Anti-Fraud & Checkout Verification & Spam Prevention Developer Profile

YoOhw Studio

7 plugins · 3K total installs

92
trust score
Avg Security Score
97/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Blacklist Manager – WooCommerce Anti-Fraud & Checkout Verification & Spam Prevention

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wc-blacklist-manager/assets/css/user-blocking.css/wp-content/plugins/wc-blacklist-manager/assets/js/user-blocking.js
Script Paths
/wp-content/plugins/wc-blacklist-manager/assets/js/user-blocking.js
Version Parameters
wc-blacklist-manager/assets/css/user-blocking.css?ver=wc-blacklist-manager/assets/js/user-blocking.js?ver=

HTML / DOM Fingerprints

CSS Classes
red-button
Data Attributes
data-user-blocked
JS Globals
wc_blacklist_manager_user_blocking_ajax_object
REST Endpoints
/wp-json/wc-blacklist-manager/v1/get-countries-list/wp-json/wc-blacklist-manager/v1/get-ip-info
FAQ

Frequently Asked Questions about Blacklist Manager – WooCommerce Anti-Fraud & Checkout Verification & Spam Prevention