| #1 | Dam Spam | 100 | | 1 | 1k+ | | | unexpected markdown file |
| #2 | Kitgenix CAPTCHA for Cloudflare Turnstile | 100 | | 0 | 500 | | | No open findings |
| #3 | BotBlocker Security – Firewall & Bot Protection | 99 | | 5 | 3k+ | | | Non-prefixed constant |
| #4 | Email Address Obfuscation | 99 | 3 | 0 | 2k+ | | | wp function not compatible with requires wp |
| #5 | Easy Spam Filter – Privacy-Friendly CAPTCHA Alternative with Turnstile for Contact Form 7, WPForms, BuddyPress, Elementor | 97 | 2 | 14 | 1k+ | | | Dynamic hook name |
| #6 | ActiveLayer Anti-Spam: Spam Protection for Forms & Comments | 96 | | 2 | 2k+ | | | Database parameter is not escaped |
| #7 | Gravity Forms Zero Spam | 94 | 4 | 9 | 100k+ | | | trademarked term |
| #8 | Stop Spammers Classic | 94 | 185 | 1 | 30k+ | | | wp function not compatible with requires wp |
| #9 | Antispam Bee | 80 | 4 | 38 | 700k+ | | | Nonce verification recommended |
| #10 | Honeypot Anti-Spam | 78 | 5 | 7 | 10k+ | | | Missing nonce verification |
| #11 | Disable WP Registration Page Spam | 77 | 5 | 12 | 1k+ | | | Nonce verification recommended |
| #12 | En Spam | 75 | 21 | 6 | 500 | | | wp function not compatible with requires wp |
| #13 | WP referrer spam blacklist (fight 2040+ Referrer Spammers in (Google/Matomo) Analytics) | 69 | 9 | 24 | 700 | | | Non-prefixed constant |
| #14 | Forget Spam Comment | 67 | 5 | 10 | 10k+ | | | Input is not sanitized |
| #15 | Anti-Captcha (anti-spam botblocker) | 56 | 23 | 26 | 1k+ | | | rand mt rand |
| #16 | Anti-Spam Protection – No API Key, GDPR Friendly | 49 | 2 | 106 | 1k+ | | | Direct Query |
| #17 | Antispam | 41 | 11 | 41 | 400 | | | Missing nonce verification |
| #18 | Essential Form – The lightest plugin for contact forms, ultra lightweight and no spam | 41 | 21 | 53 | 500 | | | Missing nonce verification |
| #19 | IP Ban | 41 | 29 | 39 | 2k+ | | | Input is not validated |
| #20 | WP Armour – Honeypot Anti Spam | 40 | 55 | 66 | 400k+ | | | Missing nonce verification |
| #21 | La Sentinelle antispam | 40 | 88 | 46 | 3k+ | | | Output is not escaped |
| #22 | Universal Honey Pot | 40 | 23 | 94 | 1k+ | | | Missing nonce verification |
| #23 | Blackhole for Bad Bots | 39 | 123 | 69 | 30k+ | | | Output is not escaped |
| #24 | Email Encoder – Protect Email Addresses and Phone Numbers | 37 | 10 | 150 | 90k+ | | | Non-prefixed global variable |
| #25 | Spam Destroyer | 37 | 63 | 43 | 6k+ | | | rand rand |
| #26 | Akismet Anti-spam: Spam Protection | 35 | 33 | 99 | 6m+ | | | Non-prefixed global variable |
| #27 | CM E-Mail Blacklist – Simple email filtering for safer registration | 35 | 269 | 205 | 800 | | | Output is not escaped |
| #28 | Human Presence – Stop Form Spam Without ReCaptcha | 33 | 54 | 65 | 1k+ | | | Request data is not unslashed |
| #29 | Restrict Usernames Emails Characters | 32 | 327 | 367 | 1k+ | | | Output is not escaped |
| #30 | Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant | 30 | 264 | 221 | 4k+ | | | Non Singular String Literal Text |
| #31 | CloudSecure WP Security | 29 | 74 | 350 | 100k+ | | | Request data is not unslashed |
| #32 | Maspik – Ultimate Spam Protection | 28 | 212 | 862 | 30k+ | | | Missing nonce verification |
| #33 | Comment Link Remove and Other Comment Tools | 27 | 691 | 132 | 7k+ | | | Text Domain Mismatch |
| #34 | OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA) | 27 | 271 | 568 | 6k+ | | | Request data is not unslashed |
| #35 | WPBruiser {no- Captcha anti-Spam} | 25 | 646 | 259 | 10k+ | | | Non Singular String Literal Domain |
| #36 | CF7 Apps – Honeypot, Database, Redirection, Webhook, and Addons for Contact Form 7 | 24 | 1,034 | 1,396 | 300k+ | | | Non-prefixed global variable |
