Source evidence

Vulnerability Discovered

Zero Spam for WordPress · support · 2024-04-24T16:14:00+00:00

Zero Spam for WordPress plugin evidence original source source API

complaintsentiment

highseverity

1.0relevance

4replies

Evidence linked to opportunitycommercial context

Proof Health

Open evidence

Commercial opportunities need traceable source links before they are treated as build-worthy.

6 / 32 rows with source links

18.8% of this page's analysis has direct source links.

0 build-decision rows missing links

0 rows here require auditable proof before promotion.

26 rows with no attached evidence

0 rows have source counts but still need direct links.

Conversation

support

PTaubman unresolved

This plugin has been identified as having a security vulnerability (Bypass Vulnerability). Do you have an expected date for the update/patch. Thanks so much! Paul. Here’s the patchstack report on the vulnerability: Patchstack Wordfence is also reporting this plugin as having a critical security issue. I have deactivated it for now but would love to reinstall if this issue is resolved. Can you please update the plugin? It is really a great plugin against spam! 5.5.6 is out, but oddly doesn’t mention the security issue… So… not sure if this is the fix or not??? Here is the reported issue: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/zero-spam/zero-spam-555-spam-protection-bypass They say you can report security bugs here: https://github.com/Highfivery/zero-spam-for-wordpress/security Not sure if they monitor this support section on WordPress or not…

Commercial Context

Opportunity

trust and abuse-prevention operations

Security abuse-prevention assurance for keeping sites trusted, protected, and recoverable

Buyer: site owners, agencies, and maintenance teams

Wedge: test security lockouts, bot/spam defenses, risky access changes, and incident alerts

Proof Blocked card complete market

Analysis

heuristic-v1

Summary: Vulnerability Discovered: users show security, bugs, support pain that may indicate a product gap.

Evidence quote: Vulnerability Discovered This plugin has been identified as having a security vulnerability (Bypass Vulnerability).

Affected feature: spam

security bugs support setup

Plugin

API

Zero Spam for WordPress

20.0K active installs · 1.4M downloads · rating 82.0

firewall protection security spam spam blocker

Comments

4 shown

M Woldt 2024-04-25T14:04:00+00:00

Here’s the patchstack report on the vulnerability: Patchstack

Lynn J.a11n 2024-04-26T17:24:00+00:00

Wordfence is also reporting this plugin as having a critical security issue. I have deactivated it for now but would love to reinstall if this issue is resolved.

Eli 2024-04-30T01:14:00+00:00

Can you please update the plugin? It is really a great plugin against spam!

milkboy31 2024-04-30T17:36:00+00:00

5.5.6 is out, but oddly doesn’t mention the security issue… So… not sure if this is the fix or not??? Here is the reported issue: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/zero-spam/zero-spam-555-spam-protection-bypass They say you can report security bugs here: https://github.com/Highfivery/zero-spam-for-wordpress/security Not sure if they monitor this support section on WordPress or not…