Does WP Spam Question Filter have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Spam Question Filter have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Spam Question Filter compatible with WordPress 4.8.28?

According to WordPress.org data, WP Spam Question Filter 1.0.1 has been tested up to WordPress 4.8.28. Check the plugin's changelog for the latest compatibility information.

How often is WP Spam Question Filter updated?

WP Spam Question Filter was last updated on Jul 28, 2020. Frequent updates are generally a positive security signal.

What is WP Spam Question Filter's security score?

WP Spam Question Filter has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Spam Question Filter Security & Risk Analysis

wordpress.org/plugins/wp-spam-question-filter

This plugin fights comment and registration spam on your website.

2K active installs v1.0.1 PHP + WP 3.9.1+ Updated Jul 28, 2020

filterhoneypotquestionseravospam

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Spam Question Filter Safe to Use in 2026?

Generally Safe

Score 85/100

WP Spam Question Filter has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The static analysis of 'wp-spam-question-filter' v1.0.1 reveals a generally good security posture, with no identified dangerous functions, external HTTP requests, or file operations. All SQL queries are properly prepared, which is a significant strength. The plugin also enforces capability checks for its code signals, indicating an attempt to control access to certain functionalities.

However, a notable concern is the low rate of proper output escaping, with only 11% of 18 outputs being correctly escaped. This could lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not handled carefully before being displayed. Furthermore, the complete absence of nonce checks, particularly across the attack surface (even though the attack surface itself is reported as zero), is a potential weakness. The lack of known vulnerabilities in its history is positive, but the low output escaping rate remains the most significant risk identified in this analysis.

Key Concerns

Low output escaping rate
Missing nonce checks

Vulnerabilities

None known

WP Spam Question Filter Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Spam Question Filter Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

11% escaped18 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

wp_spam_question_filter_admin (wp-spam-question-filter.php:251)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP Spam Question Filter Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 7

actioninitwp-spam-question-filter.php:73

actionadmin_menuwp-spam-question-filter.php:81

actioncomment_form_after_fieldswp-spam-question-filter.php:95

actioncomment_form_logged_in_afterwp-spam-question-filter.php:96

actionregister_formwp-spam-question-filter.php:102

filterpreprocess_commentwp-spam-question-filter.php:144

actionuser_registration_emailwp-spam-question-filter.php:145

Maintenance & Trust

WP Spam Question Filter Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28

Last updatedJul 28, 2020

PHP min version

Downloads3K

Community Trust

Rating100/100

Number of ratings4

Active installs2K

Alternatives

WP Spam Question Filter Alternatives

Antispam Bee

antispam-bee

100

Sophisticated antispam plugin for effective daily comment and trackback spam-fighting. Built with data protection and privacy in mind.

700K 1 CVE

CF7 Apps – Honeypot, Database, Redirection, Webhook, and Addons for Contact Form 7

contact-form-7-honeypot

100

Addons for Contact Form 7 — Honeypot, Database Entries, Redirection, Spam Protection, Webhooks, ACF integration for Contact Form 7, and more.

300K No CVEs

Gravity Forms Zero Spam

gravity-forms-zero-spam

100

Enhance your Gravity Forms to include anti-spam measures originally based on the work of David Walsh's "Zero Spam" technique.

100K No CVEs

Blackhole for Bad Bots

blackhole-bad-bots

Blackhole is a WordPress security plugin that detects and traps bad bots in a virtual black hole, where they are denied access to your entire site.

30K 2 CVEs

Maspik – Ultimate Spam Protection

contact-forms-anti-spam

No more fake leads or unwanted submissions — Maspik blocks spam instantly across all forms without using CAPTCHA.

30K 8 CVEs

Developer Profile

WP Spam Question Filter Developer Profile

Otto Kekäläinen

4 plugins · 6K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Spam Question Filter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

comment-form-wp_spam_question_filterform-group

Data Attributes

id="seravo_simple_answer"name="seravo_simple_answer"id="seravo_simple_answer_question"name="seravo_simple_answer_question"id="seravo_simple_answer_question_hash"name="seravo_simple_answer_question_hash"

FAQ