Does Conva Comment System (Beta) have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

How often is Conva Comment System (Beta) updated?

Conva Comment System (Beta) was last updated on May 16, 2015. Frequent updates are generally a positive security signal.

What is Conva Comment System (Beta)'s security score?

Conva Comment System (Beta) has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Conva Comment System (Beta) Security & Risk Analysis

wordpress.org/plugins/because

Requires at least: 3.5.1 Tested up to: 4.0

10 active installs v1.6 PHP + WP + Updated May 16, 2015

commentscommunityopinionspollingspam

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Conva Comment System (Beta) Safe to Use in 2026?

Generally Safe

Score 85/100

Conva Comment System (Beta) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The 'because' plugin v1.6 exhibits a mixed security posture. While it has a clean vulnerability history with no recorded CVEs, the static analysis reveals significant areas of concern. A notable weakness is the presence of 8 AJAX handlers, with half of them lacking proper authentication checks. This creates a substantial attack surface that could be exploited by unauthenticated users. The taint analysis further highlights this risk, with 3 out of 4 flows having unsanitized paths and 2 flows classified as high severity. This strongly suggests potential for code injection or other sensitive operations without adequate validation.

The plugin's code quality, as indicated by SQL query preparation and output escaping, is also suboptimal. Only 22% of SQL queries are prepared, increasing the risk of SQL injection vulnerabilities. Furthermore, 42% of outputs are not properly escaped, which could lead to Cross-Site Scripting (XSS) vulnerabilities. The limited number of nonce and capability checks (3 each) on the identified entry points also contribute to the overall security risk. Despite the lack of a known vulnerability history, the internal code analysis presents clear indicators of potential security weaknesses that require immediate attention.

Key Concerns

4 unprotected AJAX handlers
2 high severity taint flows
3 flows with unsanitized paths
78% of SQL queries not prepared
58% of outputs not properly escaped
Insufficient nonce checks (3)
Insufficient capability checks (3)

Vulnerabilities

None known

Conva Comment System (Beta) Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Conva Comment System (Beta) Release Timeline

v1.1.4

Code Analysis

Analyzed Mar 17, 2026

Conva Comment System (Beta) Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

39 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

22% prepared18 total queries

Output Escaping

42% escaped92 total outputs

Data Flows · Security

3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths

<class-sp_comments> (public\includes\class-sp_comments.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

Conva Comment System (Beta) Attack Surface

Entry Points8

Unprotected4

AJAX Handlers 8

authwp_ajax_social_PollingAjaxpublic\class-social-polling.php:108

noprivwp_ajax_social_PollingAjaxpublic\class-social-polling.php:109

authwp_ajax_social_PollingAjaxpublic\class-social-polling.php:113

noprivwp_ajax_social_PollingAjaxpublic\class-social-polling.php:114

authwp_ajax_sp_Comments_Ajaxpublic\includes\class-sp_comments.php:67

noprivwp_ajax_sp_Comments_Ajaxpublic\includes\class-sp_comments.php:69

authwp_ajax_sp_Comments_Ajaxpublic\includes\class-sp_comments.php:79

authwp_ajax_sp_Comments_Ajaxpublic\includes\class-sp_comments.php:81

WordPress Hooks 29

actionadmin_enqueue_scriptsadmin\class-social-polling-admin.php:77

actionadmin_enqueue_scriptsadmin\class-social-polling-admin.php:78

actionadmin_menuadmin\class-social-polling-admin.php:81

actionplugins_loadedadmin\class-social-polling-admin.php:89

action@TODOadmin\class-social-polling-admin.php:103

filter@TODOadmin\class-social-polling-admin.php:104

actionload-post.phpadmin\includes\voting_box.php:11

actionload-post-new.phpadmin\includes\voting_box.php:12

actionadd_meta_boxesadmin\includes\voting_box.php:24

actionsave_postadmin\includes\voting_box.php:25

actioninitpublic\class-social-polling.php:74

actionwpmu_new_blogpublic\class-social-polling.php:77

actionwp_enqueue_scriptspublic\class-social-polling.php:80

actionwp_enqueue_scriptspublic\class-social-polling.php:81

action@TODOpublic\class-social-polling.php:86

filter@TODOpublic\class-social-polling.php:87

actionoutput_social_poll_actionpublic\class-social-polling.php:92

actionwp_headpublic\class-social-polling.php:105

actioninitpublic\includes\class-sp_comments.php:21

actionwp_headpublic\includes\class-sp_comments.php:61

actioncomment_postpublic\includes\class-sp_comments.php:83

actioncomment_postpublic\includes\class-sp_comments.php:85

actioncomment_postpublic\includes\class-sp_comments.php:87

filtercomment_form_field_commentpublic\includes\class-sp_comments.php:115

filterpre_comment_approvedpublic\includes\class-sp_comments.php:119

filtercomment_form_defaultspublic\includes\class-sp_comments.php:127

filtercomments_templatepublic\includes\class-sp_comments.php:151

actionplugins_loadedsocial-polling.php:234

actionplugins_loadedsocial-polling.php:282

Maintenance & Trust

Conva Comment System (Beta) Maintenance & Trust

Maintenance Signals

WordPress version tested

Last updatedMay 16, 2015

PHP min version

Downloads5K

Community Trust

Rating88/100

Number of ratings8

Active installs10

Alternatives

Conva Comment System (Beta) Alternatives

Respectify

respectify

100

Healthy internet comments! Use Respectify to help your commenters post in a way that builds community.

0 No CVEs

Akismet Anti-spam: Spam Protection

akismet

The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.

6.0M 2 CVEs

Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]

disable-comments

Allows administrators to globally disable comments on their site. Comments can be disabled according to post type. Multisite friendly.

1.0M 1 CVE

Antispam Bee

antispam-bee

100

Sophisticated antispam plugin for effective daily comment and trackback spam-fighting. Built with data protection and privacy in mind.

700K 1 CVE

Spam protection, Honeypot, Anti-Spam by CleanTalk

cleantalk-spam-protect

Blocks spam comments, fake users, contact form spam and more. No impact on SEO. Privacy focused. CAPTCHA free, premium Antispam plugin.

200K 13 CVEs

Developer Profile

Conva Comment System (Beta) Developer Profile

T.J. Santillo

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Conva Comment System (Beta)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ