PluginScore

Anti-Spam Protection – No API Key, GDPR Friendly

Block spam on Contact Form 7, WPForms & comments. No API key. GDPR compliant. Free for commercial use. No configuration needed.

v3.0.1fullworksUpdated Added 1k+ installs100% rating
WPFormsanti-spamcf7contact form 7spam protection
49
Score
2
Errors
106
Warnings
+0
Change

Category Scores

Security17
Repo100
Performance100
Maintainability71

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

108 findings

Maintainability

78

12 issue groups

Security

30

6 issue groups

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.27
Category
Maintainability
Occurrences
27
Severity
warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().24
Category
Maintainability
Occurrences
24
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching
WARNINGSecurityDatabase parameter is not escapedUnescaped parameter $extra_table used in $wpdb->query()\n$extra_table used without escaping.13
Category
Security
Occurrences
13
Severity
warning

Sample message

Unescaped parameter $extra_table used in $wpdb->query()\n$extra_table used without escaping.

PluginCheck.Security.DirectDB.UnescapedDBParameter
WARNINGSecurityInterpolated SQL is not preparedUse placeholders and $wpdb->prepare(); found interpolated variable $table_name at "INSERT INTO $table_name \n9
Category
Security
Occurrences
9
Severity
warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable $table_name at "INSERT INTO $table_name \n

WordPress.DB.PreparedSQL.InterpolatedNotPrepared
WARNINGMaintainabilityerror log error logerror_log() found. Debug code should not normally be used in production.9
Category
Maintainability
Occurrences
9
Severity
warning

Sample message

error_log() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_error_log
WARNINGMaintainabilityslow db query meta keyDetected usage of meta_key, possible slow query.4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

Detected usage of meta_key, possible slow query.

WordPress.DB.SlowDBQuery.slow_db_query_meta_key
WARNINGMaintainabilityslow db query meta valueDetected usage of meta_value, possible slow query.4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

Detected usage of meta_value, possible slow query.

WordPress.DB.SlowDBQuery.slow_db_query_meta_value
WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.4
Category
Security
Occurrences
4
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing
WARNINGMaintainabilityDiscouraged PHP functionThe use of function set_time_limit() is discouraged2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

The use of function set_time_limit() is discouraged

Squiz.PHP.DiscouragedFunctions.Discouraged
WARNINGMaintainabilitySchema ChangeAttempting a database schema change is discouraged.2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Attempting a database schema change is discouraged.

WordPress.DB.DirectDatabaseQuery.SchemaChange
Show 8 more
WARNINGMaintainabilityDynamic hook name2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$this->settings_page_id . '_settings_page_boxes'".

WordPress.NamingConventions.PrefixAllGlobals.DynamicHooknameFound
WARNINGSecurityRequest data is not unslashed2
Category
Security
Occurrences
2
Severity
warning

Sample message

$_POST[$key] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
ERRORSecuritySQL query is not prepared1
Category
Security
Occurrences
1
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $sql

WordPress.DB.PreparedSQL.NotPrepared
WARNINGMaintainabilityNon-prefixed constant1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "WP_FS__PRODUCT_5065_MULTISITE".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound
WARNINGMaintainabilityNon-prefixed hook name1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "grunion_optimize_table".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
WARNINGMaintainabilityerror log debug backtrace1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

debug_backtrace() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_debug_backtrace
ERRORSecurityOutput is not escaped1
Category
Security
Occurrences
1
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$csv_content'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
WARNINGMaintainabilitymissing composer json file1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

The "/vendor" directory using composer exists, but "composer.json" file is missing.

missing_composer_json_fileReference

External Connections

Potential connections found in static code analysis.

36 domains

Outbound calls

267

External assets

2

Incoming endpoints

9

Notable Domains

fullworks.net26 · outbound
freemius.com10 · outbound
fullworksplugins.com6 · outbound
php.net6 · outbound
benalman.com2 · outbound
checkout.freemius-local.com2 · outbound

Platform / Reference Domains

gnu.org164 · platform/reference
wordpress.org7 · platform/reference
w3.org6 · platform/reference
github.com4 · platform/reference
api.wordpress.org2 · platform/reference
core.trac.wordpress.org2 · platform/reference
make.wordpress.org2 · platform/reference
developer.wordpress.org1 · platform/reference

External Asset Domains

No external asset domains detected.

Incoming Endpoints

wp_ajax_nopriv_fwas_get_keyspublic

wp_ajax

Admin AJAX endpoints8
admin_post_fs_clone_resolutionauthenticated

admin_post

admin_post_fwas_ad_csv_exportauthenticated

admin_post

admin_post_fwas_ad_csv_importauthenticated

admin_post

wp_ajax_fs_dismiss_notice_action_{$ajax_action_suffix}authenticated

wp_ajax

wp_ajax_fs_toggle_debug_modeauthenticated

wp_ajax

wp_ajax_fwantispam_ajax_handlerauthenticated

wp_ajax

wp_ajax_fwas_dismiss_upgrade_noticeauthenticated

wp_ajax

wp_ajax_fwas_get_keysauthenticated

wp_ajax

Score History

2 score snapshots

+0
1007550250Jun 21, 2026, 08:49 PM UTC Score 49/100 Plugin v3.0.0 Plugin Check 2.0.0 2 errors, 106 warningsJun 24, 2026, 05:01 PM UTC Score 49/100 Plugin v3.0.1 Plugin Check 2.0.0 2 errors, 106 warningsJun 21, 2026Jun 24, 2026

v3.0.1

49

Latest

Findings
108
Errors
2
Warnings
106
Check
2.0.0

v3.0.0

49

Score

Findings
108
Errors
2
Warnings
106
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related Plugins

Dam Spam

1k+ active installs

100
DS CF7 Math Captcha

10k+ active installs

100
Email addon for CF7

3k+ active installs

100
HTML Editor for Contact Form 7

1k+ active installs

100
Message Bridge for Contact Form 7 and Telegram

10k+ active installs

100
Style Contact Form 7

1k+ active installs

100