Does Ajaxed Comments have any unpatched vulnerabilities?

No. All known vulnerabilities in Ajaxed Comments have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Ajaxed Comments compatible with WordPress 3.7.41?

According to WordPress.org data, Ajaxed Comments 1.0.6 has been tested up to WordPress 3.7.41. Check the plugin's changelog for the latest compatibility information.

How often is Ajaxed Comments updated?

Ajaxed Comments was last updated on Feb 21, 2014. Frequent updates are generally a positive security signal.

What is Ajaxed Comments's security score?

Ajaxed Comments has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Ajaxed Comments Security & Risk Analysis

wordpress.org/plugins/ajaxed-comments

Ajaxed Comments adds AJAX to WordPress comments. It enables editing comments inline, AJAX moderation, error handling and time limited comment editing.

30 active installs v1.0.6 PHP + WP 3.3+ Updated Feb 21, 2014

ajaxcommentcommentsedit

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Ajaxed Comments Safe to Use in 2026?

Generally Safe

Score 85/100

Ajaxed Comments has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago

Risk Assessment

The "ajaxed-comments" v1.0.6 plugin exhibits a generally positive security posture, with no known vulnerabilities recorded and a robust application of security checks.

However, the static analysis reveals some concerning areas. A significant portion of SQL queries are not using prepared statements, which could lead to SQL injection vulnerabilities if user-supplied data is directly incorporated. Furthermore, the low percentage of properly escaped output suggests a risk of Cross-Site Scripting (XSS) vulnerabilities. While the plugin has a good number of nonce and capability checks, the presence of file operations without further context could introduce risks if not handled securely. The taint analysis found no issues, which is a strong indicator, but it's important to note the limited scope of the analysis as indicated by zero flows analyzed.

Overall, the plugin benefits from a clean vulnerability history and proactive security measures like nonce and capability checks. The main weaknesses lie in the handling of SQL queries and output escaping, which are common areas for exploitation. Mitigation of these specific code concerns would significantly improve the plugin's security.

Key Concerns

Raw SQL queries without prepared statements
Low percentage of properly escaped output
File operations present without further checks

Vulnerabilities

None known

Ajaxed Comments Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Ajaxed Comments Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

5% escaped37 total outputs

Attack Surface

Ajaxed Comments Attack Surface

Entry Points12

Unprotected0

AJAX Handlers 12

authwp_ajax_ac-add-new-commentajaxed-comments.php:76

noprivwp_ajax_ac-add-new-commentajaxed-comments.php:77

authwp_ajax_ac-save-commentajaxed-comments.php:78

noprivwp_ajax_ac-save-commentajaxed-comments.php:79

authwp_ajax_ac-trash-commentajaxed-comments.php:80

authwp_ajax_ac-untrash-commentajaxed-comments.php:81

authwp_ajax_ac-spam-commentajaxed-comments.php:82

authwp_ajax_ac-unspam-commentajaxed-comments.php:83

authwp_ajax_ac-approve-commentajaxed-comments.php:84

authwp_ajax_ac-unapprove-commentajaxed-comments.php:85

authwp_ajax_ac-delete-commentajaxed-comments.php:86

noprivwp_ajax_ac-delete-commentajaxed-comments.php:87

WordPress Hooks 19

actionplugins_loadedajaxed-comments.php:72

actionplugins_loadedajaxed-comments.php:73

actionadmin_initajaxed-comments.php:74

actionadmin_menuajaxed-comments.php:75

actionwp_enqueue_scriptsajaxed-comments.php:88

actionadmin_enqueue_scriptsajaxed-comments.php:89

actioncomments_arrayajaxed-comments.php:90

filtercomment_id_fieldsajaxed-comments.php:93

filtercomment_textajaxed-comments.php:94

filtercomment_textajaxed-comments.php:95

filtercomment_classajaxed-comments.php:96

filterget_comments_numberajaxed-comments.php:97

filterplugin_action_linksajaxed-comments.php:98

filterplugin_row_metaajaxed-comments.php:99

filteredit_comment_linkajaxed-comments.php:100

filteruser_has_capajaxed-comments.php:101

filtercomment_post_redirectajaxed-comments.php:354

filtercomment_textajaxed-comments.php:401

filtercomment_textajaxed-comments.php:402

Maintenance & Trust

Ajaxed Comments Maintenance & Trust

Maintenance Signals

WordPress version tested3.7.41

Last updatedFeb 21, 2014

PHP min version

Downloads8K

Community Trust

Rating84/100

Number of ratings11

Active installs30

Alternatives

Ajaxed Comments Alternatives

Comment Edit Core – Simple Comment Editing

simple-comment-editing

Allow your users to edit their comments for a period of time. Adjust the comment timer and save some admin headaches.

2K 2 CVEs

WP Editor Comments Plus

wp-editor-comments-plus

Enhance your site's comments with the built in WordPress TinyMCE editor, inline comment editing and asynchronous comment posting.

200 No CVEs

Comments – wpDiscuz

wpdiscuz

AJAX powered realtime comments. Designed to extend WordPress native comments. Custom comment forms/fields. Making comments has never been so awesome!

80K 24 CVEs

AnyComment

anycomment

AnyComment is blazing-fast commenting plugin based on React for WordPress.

3K 3 unpatched

Ajaxify Comments – Ajax and Lazy Loading Comments

wp-ajaxify-comments

100

Ajaxify Comments hooks into native WordPress comments and allows comment posting without reloading the page.

3K No CVEs

Developer Profile

Ajaxed Comments Developer Profile

dFactory

12 plugins · 357K total installs

trust score

Avg Security Score

87/100

Avg Patch Time

247 days

View full developer profile

Detection Fingerprints

How We Detect Ajaxed Comments

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ajaxed-comments/css/plugin-style.css/wp-content/plugins/ajaxed-comments/js/front-comment.js/wp-content/plugins/ajaxed-comments/js/front-comment-edit.js/wp-content/plugins/ajaxed-comments/js/front-comment-reply.js/wp-content/plugins/ajaxed-comments/js/front-comment-pagination.js/wp-content/plugins/ajaxed-comments/js/front-comment-highlight.js/wp-content/plugins/ajaxed-comments/js/front-comment-form.js

Script Paths

/wp-content/plugins/ajaxed-comments/js/front-comment.js/wp-content/plugins/ajaxed-comments/js/front-comment-edit.js/wp-content/plugins/ajaxed-comments/js/front-comment-reply.js/wp-content/plugins/ajaxed-comments/js/front-comment-pagination.js/wp-content/plugins/ajaxed-comments/js/front-comment-highlight.js/wp-content/plugins/ajaxed-comments/js/front-comment-form.js

Version Parameters

ajaxed-comments/css/plugin-style.css?ver=ajaxed-comments/js/front-comment.js?ver=ajaxed-comments/js/front-comment-edit.js?ver=ajaxed-comments/js/front-comment-reply.js?ver=ajaxed-comments/js/front-comment-pagination.js?ver=ajaxed-comments/js/front-comment-highlight.js?ver=ajaxed-comments/js/front-comment-form.js?ver=

HTML / DOM Fingerprints

CSS Classes

ac-top-commentac-full-holdac-full-approveac-full-spamac-add-comment-wrapac-spinnerac-comment-editac-edit-comment-wrap+13 more

HTML Comments

+4 more

Data Attributes

data-ac-comment-iddata-ac-comment-post-iddata-ac-comment-nonce

JS Globals

ajaxed_comments_varsac_edit_commentac_reply_comment

REST Endpoints

/wp-json/ajaxed-comments/v1/comment

FAQ