Advanced Comment Control Security & Risk Analysis
wordpress.org/plugins/advanced-comment-controlEasily control who can comment and when they can comment on any post type.
Is Advanced Comment Control Safe to Use in 2026?
Generally Safe
Score 100/100Advanced Comment Control has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "advanced-comment-control" plugin version 1.2.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries by exclusively using prepared statements and has no known vulnerabilities in its history. The absence of file operations, external HTTP requests, and bundled libraries also contributes to a reduced attack surface in those areas. However, the plugin has significant security concerns related to its AJAX handlers. All three identified AJAX entry points lack authentication checks, creating a substantial risk of unauthorized actions being performed by unauthenticated users. Furthermore, a very low percentage of output is properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. While taint analysis shows no critical or high severity unsanitized flows, the lack of proper output escaping on a large number of outputs is a major weakness that could be exploited.
Key Concerns
- AJAX handlers without authentication
- Low percentage of properly escaped output
- Large attack surface without auth
Advanced Comment Control Security Vulnerabilities
Advanced Comment Control Code Analysis
Output Escaping
Data Flow Analysis
Advanced Comment Control Attack Surface
AJAX Handlers 3
WordPress Hooks 8
Maintenance & Trust
Advanced Comment Control Maintenance & Trust
Maintenance Signals
Community Trust
Advanced Comment Control Alternatives
Really Simple Disable Comments
really-simple-disable-comments
Effortlessly disable all comments and trackback functionality across your entire WordPress site by activating this plugin.
Disable Comments – No Comments & No Spam
nocomments
The easiest way to disable all WordPress comments, trackbacks, and pingbacks with one click. Perfect for business sites and portfolios.
No Comments, Please
no-comments-please
A WordPress plugin that deactivates and hides all comments interface parts and features.
EffortLess Disable All Comments
effortless-disable-all-comments
Completely disables comments, trackbacks, and avatars site-wide or network-wide with a single toggle. Multisite compatible.
![Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]](https://ps.w.org/disable-comments/assets/icon-128x128.png){kind=icon}
Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]
disable-comments
Allows administrators to globally disable comments on their site. Comments can be disabled according to post type. Multisite friendly.
Advanced Comment Control Developer Profile
5 plugins · 270 total installs
How We Detect Advanced Comment Control
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/advanced-comment-control/js/admin.js/wp-content/plugins/advanced-comment-control/css/admin.css/wp-content/plugins/advanced-comment-control/js/admin.jsadvanced-comment-control/js/admin.js?ver=advanced-comment-control/css/admin.css?ver=HTML / DOM Fingerprints
adv_comment_control_admin_tabsadv_comment_control_admin_tabadv_comment_control_admin_tab_contentdata-adv_comment_control_post_iddata-adv_comment_control_post_typedata-adv_comment_control_post_statusdata-adv_comment_control_post_comment_statusadvanced_comment_control_admin_object