Does WP-Blacklister have any unpatched vulnerabilities?

No. All known vulnerabilities in WP-Blacklister have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP-Blacklister compatible with WordPress 3.5.2?

According to WordPress.org data, WP-Blacklister 1.2.1 has been tested up to WordPress 3.5.2. Check the plugin's changelog for the latest compatibility information.

How often is WP-Blacklister updated?

WP-Blacklister was last updated on Jan 1, 2013. Frequent updates are generally a positive security signal.

What is WP-Blacklister's security score?

WP-Blacklister has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP-Blacklister Security & Risk Analysis

wordpress.org/plugins/wp-blacklister

Plugin tool for assembling lists of IP addresses, emails, and URLs from spam comments.

70 active installs v1.2.1 PHP + WP 2.8+ Updated Jan 1, 2013

blacklistemailipmoderatemoderation

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP-Blacklister Safe to Use in 2026?

Generally Safe

Score 85/100

WP-Blacklister has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago

Risk Assessment

The 'wp-blacklister' v1.2.1 plugin presents a mixed security posture. On the positive side, the static analysis reveals a clean bill of health regarding dangerous functions, SQL injection vulnerabilities (all queries use prepared statements), file operations, and external HTTP requests. The vulnerability history also shows no known CVEs, suggesting a historically stable plugin. However, a significant concern arises from the complete lack of output escaping. With 17 total outputs and 0% properly escaped, this indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities. The absence of nonce and capability checks, while not immediately exploitable due to the lack of an apparent attack surface (0 entry points), leaves the plugin vulnerable should any new entry points be introduced in future updates without corresponding security measures. In conclusion, while the plugin avoids common pitfalls like SQL injection and dangerous functions, the lack of output escaping is a critical weakness that severely undermines its security.

Key Concerns

100% of outputs are not properly escaped
No nonce checks implemented
No capability checks implemented

Vulnerabilities

None known

WP-Blacklister Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP-Blacklister Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped17 total outputs

Attack Surface

WP-Blacklister Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionadmin_menuwp-blacklister.php:207

actionactivate_wp-blacklister/wp-blacklister.phpwp-blacklister.php:208

actionadmin_initwp-blacklister.php:209

filterplugin_row_metawp-blacklister.php:210

Maintenance & Trust

WP-Blacklister Maintenance & Trust

Maintenance Signals

WordPress version tested3.5.2

Last updatedJan 1, 2013

PHP min version

Downloads4K

Community Trust

Rating0/100

Number of ratings0

Active installs70

Alternatives

WP-Blacklister Alternatives

Post Comment Notification

post-comment-notification-to-multiple-user

Notify users other than the admin that new comments or new post have been posted or created

80 No CVEs

Hostinger Reach – AI-Powered Email Marketing for WordPress

hostinger-reach

100

Launch and grow your email marketing effortlessly with Hostinger Reach. Collect contacts, sync subscribers, and send emails – all in one, AI powered.

1.0M No CVEs

Newsletter – Send awesome emails from WordPress

newsletter

An email marketing tool for your blog: subscription forms to create your lists with unlimited subscribers and newsletters.

200K 20 CVEs

Kit (formerly ConvertKit) – Email Newsletter, Email Marketing, Membership, Subscribers and Landing Pages

convertkit

Build your email subscriber lists, send email marketing newsletters, sell more products and build your membership site with Kit (formerly ConvertKit).

40K 4 CVEs

Subscribe to Comments

subscribe-to-comments

Subscribe to Comments allows commenters on an entry to subscribe to e-mail notifications for subsequent comments.

20K 3 CVEs

Developer Profile

WP-Blacklister Developer Profile

Luke Mlsna

11 plugins · 13K total installs

trust score

Avg Security Score

84/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP-Blacklister

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-blacklister/wp-blacklister-options.css/wp-content/plugins/wp-blacklister/wp-blacklister-options.js

Script Paths

/wp-content/plugins/wp-blacklister/wp-blacklister-options.js

HTML / DOM Fingerprints

CSS Classes

wpb-descriptionwpb-sec-titlewpb-countwpb-display-containerwpb-col-containerwpb-col-titlewpb-clear

Data Attributes

draggable="false"

FAQ