WP-Safety

Comentario Via E-mail Security & Risk Analysis

wordpress.org/plugins/comentario-via-e-mail

Permite que o usuário inscreva-se e um comentário e recebe atualizações via e-mail.

10 active installs v0.0.6 PHP + WP 3.0+ Updated Mar 26, 2012
assiaturacometarioscommentsemailsubscription
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Comentario Via E-mail Safe to Use in 2026?

Generally Safe

Score 85/100

Comentario Via E-mail has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago
Risk Assessment

The "comentario-via-e-mail" v0.0.6 plugin exhibits a significant security risk primarily due to its complete lack of input sanitization and output escaping. While the plugin has a zero attack surface in terms of traditional entry points like AJAX, REST API, or shortcodes, the static analysis reveals a concerning pattern of insecure coding practices. The presence of 7 instances of the deprecated `create_function()` function is a strong indicator of potential code injection vulnerabilities, especially when combined with the fact that 0% of its 21 SQL queries use prepared statements. Furthermore, 0% of its 50 output operations are properly escaped, opening the door for cross-site scripting (XSS) attacks. The taint analysis showing 5 unsanitized flows, even without critical or high severity ratings, reinforces the widespread issue of unchecked data handling.

The plugin's vulnerability history is currently clean, with no recorded CVEs. This might suggest that the plugin has not been widely targeted or that its limited functionality has not yet been exploited. However, the inherent insecure coding practices identified in the static analysis are a ticking time bomb. The absence of any vulnerabilities in its history should not be mistaken for a secure codebase; rather, it signifies a high potential for undiscovered vulnerabilities. In conclusion, while the plugin appears to have a minimal attack surface and no documented vulnerabilities, the identified code quality issues, particularly the use of dangerous functions, raw SQL queries, and lack of output escaping, present a severe security risk that demands immediate attention.

Key Concerns

  • SQL queries not using prepared statements
  • Dangerous functions (create_function)
  • Output escaping is not properly implemented
  • Taint analysis shows unsanitized flows
Vulnerabilities
None known

Comentario Via E-mail Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Comentario Via E-mail Code Analysis

Dangerous Functions
7
Raw SQL Queries
21
0 prepared
Unescaped Output
50
0 escaped
Nonce Checks
1
Capability Checks
5
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

create_functionadd_action('comment_post', create_function('$a', 'global $sg_subscribe; sg_subscribe_start(); returncomentario-via-e-mail.php:838
create_functionadd_action('comment_post', create_function('$a', 'global $sg_subscribe; sg_subscribe_start(); returncomentario-via-e-mail.php:839
create_functionadd_action('wp_set_comment_status', create_function('$a', 'global $sg_subscribe; sg_subscribe_start(comentario-via-e-mail.php:841
create_functionadd_action('admin_menu', create_function('$a', 'global $sg_subscribe; sg_subscribe_start(); $sg_subscomentario-via-e-mail.php:842
create_functionadd_action('admin_head', create_function('$a', 'global $sg_subscribe; sg_subscribe_start(); $sg_subscomentario-via-e-mail.php:843
create_functionadd_action('init', create_function('$a','global $sg_subscribe; if ( $_POST[\'solo-comment-subscribe\comentario-via-e-mail.php:851
create_functionob_start(create_function('$a', 'return str_replace("<title>", "<title> " . __("Subscription Manager"comentario-via-e-mail.php:872

SQL Query Safety

0% prepared21 total queries

Output Escaping

0% escaped50 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

5 flows5 with unsanitized paths
show_manual_subscription_form (comentario-via-e-mail.php:69)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Comentario Via E-mail Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 10
actioncomment_formcomentario-via-e-mail.php:835
actioncomment_postcomentario-via-e-mail.php:838
actioncomment_postcomentario-via-e-mail.php:839
actionwp_set_comment_statuscomentario-via-e-mail.php:841
actionadmin_menucomentario-via-e-mail.php:842
actionadmin_headcomentario-via-e-mail.php:843
actionedit_commentcomentario-via-e-mail.php:844
filterpreprocess_commentcomentario-via-e-mail.php:847
actioninitcomentario-via-e-mail.php:851
actiontemplate_redirectcomentario-via-e-mail.php:858
Maintenance & Trust

Comentario Via E-mail Maintenance & Trust

Maintenance Signals

WordPress version tested3.3.2
Last updatedMar 26, 2012
PHP min version
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Comentario Via E-mail Alternatives

Subscribe to Comments

Subscribe to Comments

subscribe-to-comments

A
89

Subscribe to Comments allows commenters on an entry to subscribe to e-mail notifications for subsequent comments.

20K 3 CVEs
Subscribe To Comments Checkbox

Subscribe To Comments Checkbox

comments-subscribe-checkbox

A
100

This plugin will allow you to add subscribe notification checkbox to comments on your site.

100 No CVEs
Hostinger Reach – AI-Powered Email Marketing for WordPress

Hostinger Reach – AI-Powered Email Marketing for WordPress

hostinger-reach

A
100

Launch and grow your email marketing effortlessly with Hostinger Reach. Collect contacts, sync subscribers, and send emails – all in one, AI powered.

1.0M No CVEs
Newsletter – Send awesome emails from WordPress

Newsletter – Send awesome emails from WordPress

newsletter

A
89

An email marketing tool for your blog: subscription forms to create your lists with unlimited subscribers and newsletters.

200K 20 CVEs
Disqus Comment System

Disqus Comment System

disqus-comment-system

A
96

Disqus is the web's most popular comment system. Use Disqus to increase engagement, retain readers, and grow your audience.

40K 5 CVEs
Developer Profile

Comentario Via E-mail Developer Profile

Gerlis

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Comentario Via E-mail

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes
subscribe-to-commentssolo-subscribe-to-commentssolo-subscribe-errors
HTML Comments
Este é o código que é inserido no formulário de comentárioEste é o texto que é exibido para os usuários que não está inscritoEste é o texto que é exibido para o autor do postEste é o texto que é exibido para os usuários que estão inscritos+16 more
Data Attributes
sg_subscribe_settings[name]sg_subscribe_settings[email]sg_subscribe_settings[clear_both]sg_subscribe_settings[not_subscribed_text]sg_subscribe_settings[subscribed_text]sg_subscribe_settings[author_text]+4 more
FAQ

Frequently Asked Questions about Comentario Via E-mail