WP-Safety

Easy Spam Filter – Privacy-Friendly CAPTCHA Alternative with Turnstile for Contact Form 7, WPForms, BuddyPress, Elementor Security & Risk Analysis

wordpress.org/plugins/wppool-turnstile-captcha-spam-filter

Add Cloudflare Turnstile to WordPress, Contact Form 7, WooCommerce, WPForms, BuddyPress & Elementor. A CAPTCHA, reCAPTCHA alternative for WordPress.

1K active installs v2.3.11 PHP 5.6+ WP 5.4+ Updated Sep 23, 2025
anti-spamcaptchacloudflarerecaptchaturnstile
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Easy Spam Filter – Privacy-Friendly CAPTCHA Alternative with Turnstile for Contact Form 7, WPForms, BuddyPress, Elementor Safe to Use in 2026?

Generally Safe

Score 100/100

Easy Spam Filter – Privacy-Friendly CAPTCHA Alternative with Turnstile for Contact Form 7, WPForms, BuddyPress, Elementor has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7mo ago
Risk Assessment

The "wppool-turnstile-captcha-spam-filter" plugin v2.3.11 exhibits a generally strong security posture, with excellent practices in place for SQL query sanitization and output escaping. The absence of known vulnerabilities and a history free of CVEs are positive indicators. However, a significant concern arises from the presence of one AJAX handler that lacks authentication checks. This creates a direct entry point for potential exploitation without proper authorization, which is a fundamental security oversight. While the plugin demonstrates good coding hygiene in most areas, this single unprotected AJAX handler represents a clear and present risk that could be leveraged by attackers to execute unintended actions or gather sensitive information if the handler performs any such operations. The taint analysis did not reveal critical or high severity issues, suggesting that even with the unprotected endpoint, the immediate impact might be limited, but it should not be overlooked.

Key Concerns

  • Unprotected AJAX handler
Vulnerabilities
None known

Easy Spam Filter – Privacy-Friendly CAPTCHA Alternative with Turnstile for Contact Form 7, WPForms, BuddyPress, Elementor Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Easy Spam Filter – Privacy-Friendly CAPTCHA Alternative with Turnstile for Contact Form 7, WPForms, BuddyPress, Elementor Release Timeline

v2.3.11Current
v2.3.10
v2.3.9
v2.3.8
v2.3.7
v2.3.6
v2.3.5
v2.3.4
v2.3.3
v2.3.2
v2.3.1
v2.3.0
v2.2.1
v2.2.0
v2.1.2
v2.1.1
v2.1.0
v2.0.7
v2.0.5
v2.0.4
Code Analysis
Analyzed Mar 16, 2026

Easy Spam Filter – Privacy-Friendly CAPTCHA Alternative with Turnstile for Contact Form 7, WPForms, BuddyPress, Elementor Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
141 escaped
Nonce Checks
7
Capability Checks
1
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

99% escaped142 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths
update_store (app\Ajax.php:117)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Easy Spam Filter – Privacy-Friendly CAPTCHA Alternative with Turnstile for Contact Form 7, WPForms, BuddyPress, Elementor Attack Surface

Entry Points8
Unprotected1

AJAX Handlers 7

authwp_ajax_update_storeapp\Ajax.php:30
authwp_ajax_save_settingsapp\Ajax.php:33
authwp_ajax_verify_connectionapp\Ajax.php:36
authwp_ajax_wp_ajax_install_pluginapp\Ajax.php:39
authwp_ajax_active_pluginapp\Ajax.php:40
authwp_ajax_ect_placementapp\Ajax.php:42
authwp_ajax_ect_disabled_idsapp\Ajax.php:43

Shortcodes 1

[easy_cloudflare_turnstile] app\Integrations\ContactForm7.php:79
WordPress Hooks 44
actionadmin_menuapp\Admin.php:28
actionadmin_enqueue_scriptsapp\Admin.php:29
actioninitapp\Core.php:202
actionadmin_initapp\Core.php:255
actioninitapp\Integrations\Common.php:30
filterwpcf7_form_elementsapp\Integrations\ContactForm7.php:78
actionwp_enqueue_scriptsapp\Integrations\ContactForm7.php:80
filterwpcf7_validateapp\Integrations\ContactForm7.php:81
actionwpcf7_initapp\Integrations\ContactForm7.php:82
actionwpcf7_admin_initapp\Integrations\ContactForm7.php:83
actionelementor/widget/render_contentapp\Integrations\Elementor.php:79
actionwp_enqueue_scriptsapp\Integrations\Elementor.php:80
actionelementor_pro/forms/validationapp\Integrations\Elementor.php:81
actionwp_enqueue_scriptsapp\Integrations\Formidable.php:91
filterfrm_validate_entryapp\Integrations\Formidable.php:92
filterfrm_submit_button_htmlapp\Integrations\Formidable.php:93
actionwp_enqueue_scriptsapp\Integrations\Forminator.php:80
filterforminator_render_form_submit_markupapp\Integrations\Forminator.php:81
actionforminator_custom_form_submit_errorsapp\Integrations\Forminator.php:82
actionwp_enqueue_scriptsapp\Integrations\GravityForm.php:91
filtergform_pre_submissionapp\Integrations\GravityForm.php:92
filtergform_submit_buttonapp\Integrations\GravityForm.php:93
actionwp_enqueue_scriptsapp\Integrations\HappyForms.php:77
actionhappyforms_form_submit_beforeapp\Integrations\HappyForms.php:78
filterhappyforms_parts_afterapp\Integrations\HappyForms.php:79
actionwp_enqueue_scriptsapp\Integrations\Jetpack.php:78
actionwp_footerapp\Integrations\Jetpack.php:79
filterjetpack_form_verifyapp\Integrations\Jetpack.php:80
actionwp_enqueue_scriptsapp\Integrations\MailChimp.php:80
filtermc4wp_form_contentapp\Integrations\MailChimp.php:81
filtermc4wp_form_validateapp\Integrations\MailChimp.php:82
actionwp_enqueue_scriptsapp\Integrations\WpDiscuz.php:68
actionwpdiscuz_submit_button_beforeapp\Integrations\WpDiscuz.php:69
actionwpdiscuz_before_thread_listapp\Integrations\WpDiscuz.php:70
actionwpdiscuz_after_comment_postapp\Integrations\WpDiscuz.php:71
actionwp_enqueue_scriptsapp\Integrations\WPForms.php:80
actionwpforms_display_fields_afterapp\Integrations\WPForms.php:81
filterwpforms_process_completeapp\Integrations\WPForms.php:82
actionwp_enqueue_scriptsapp\Integrations\WPUF.php:79
actionwpuf_reg_form_bottomapp\Integrations\WPUF.php:80
actionwpuf_login_form_bottomapp\Integrations\WPUF.php:81
actionwpuf_add_post_form_bottomapp\Integrations\WPUF.php:82
actionwpuf_form_submission_restrictionapp\Integrations\WPUF.php:83
actionplugins_loadedeasy-cloudflare-turnstile.php:54
Maintenance & Trust

Easy Spam Filter – Privacy-Friendly CAPTCHA Alternative with Turnstile for Contact Form 7, WPForms, BuddyPress, Elementor Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedSep 23, 2025
PHP min version5.6
Downloads18K

Community Trust

Rating80/100
Number of ratings7
Active installs1K
Alternatives

Easy Spam Filter – Privacy-Friendly CAPTCHA Alternative with Turnstile for Contact Form 7, WPForms, BuddyPress, Elementor Alternatives

CubeMage Login Guard

CubeMage Login Guard

cubemage-login-guard

A
100

Integrates Cloudflare Turnstile, Limits Login Attempts, and Disables XML-RPC to protect WordPress forms.

0 No CVEs
CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress

CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress

advanced-nocaptcha-recaptcha

A
99

Use CAPTCHA to stop spam and allow customers & users to interact with your website easily. Block fake accounts and orders. Avoid false positives.

100K 1 CVE
DoLogin Security

DoLogin Security

dologin

A
98

Easy Login. 2FA login. Passwordless login. Cloudflare Turnstile reCAPTCHA. GeoLocation (Continent/Country/City)/IP range to limit login attempts.

7K 4 CVEs
Kitgenix CAPTCHA for Cloudflare Turnstile

Kitgenix CAPTCHA for Cloudflare Turnstile

kitgenix-captcha-for-cloudflare-turnstile

A
100

Add Cloudflare Turnstile CAPTCHA to WordPress, WooCommerce, Elementor, and popular form plugins with privacy-first server-side verification.

400 No CVEs
BWG CF Turnstile

BWG CF Turnstile

bwg-cf-turnstile

A
100

Add Cloudflare Turnstile protection to your Gravity Forms to prevent spam and bot submissions.

20 No CVEs
Developer Profile

Easy Spam Filter – Privacy-Friendly CAPTCHA Alternative with Turnstile for Contact Form 7, WPForms, BuddyPress, Elementor Developer Profile

WPPOOL

16 plugins · 32K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
322 days
View full developer profile
Detection Fingerprints

How We Detect Easy Spam Filter – Privacy-Friendly CAPTCHA Alternative with Turnstile for Contact Form 7, WPForms, BuddyPress, Elementor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wppool-turnstile-captcha-spam-filter/assets/css/admin.css/wp-content/plugins/wppool-turnstile-captcha-spam-filter/build/index.css/wp-content/plugins/wppool-turnstile-captcha-spam-filter/build/index.js
Version Parameters
/wppool-turnstile-captcha-spam-filter/assets/css/admin.css?ver=/wppool-turnstile-captcha-spam-filter/build/index.css?ver=/wppool-turnstile-captcha-spam-filter/build/index.js?ver=

HTML / DOM Fingerprints

Data Attributes
data-wppool-turnstile-key
JS Globals
ECT_APP
FAQ

Frequently Asked Questions about Easy Spam Filter – Privacy-Friendly CAPTCHA Alternative with Turnstile for Contact Form 7, WPForms, BuddyPress, Elementor