Comment Archive Security & Risk Analysis
wordpress.org/plugins/comment-archiveallow comments to be archived.
Is Comment Archive Safe to Use in 2026?
Generally Safe
Score 85/100Comment Archive has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The comment-archive v0.3 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding output escaping and the use of prepared statements for SQL queries, with 100% of outputs properly escaped and 83% of SQL queries utilizing prepared statements. Furthermore, its vulnerability history is clean, with no recorded CVEs, indicating a potentially stable and well-maintained codebase.
However, significant concerns arise from the analysis of its attack surface and taint analysis. The plugin exposes two AJAX handlers, both of which lack any authentication or capability checks. This creates a substantial risk, as any unauthenticated user could potentially trigger these handlers. The taint analysis further highlights this by revealing four high-severity taint flows with unsanitized paths, directly linked to these unprotected entry points. This strongly suggests a potential for Cross-Site Scripting (XSS) or other injection vulnerabilities if user-controlled data is processed by these AJAX handlers without proper sanitization.
In conclusion, while the plugin avoids common pitfalls like unpatched vulnerabilities or dangerous functions, the unprotected AJAX endpoints combined with high-severity unsanitized taint flows present a critical security risk. The lack of any capability checks on these entry points is a major weakness that needs immediate attention to prevent exploitation.
Key Concerns
- AJAX handlers without auth checks
- High severity unsanitized taint flows
- Total entry points without auth: 2
- Capability checks: 0
Comment Archive Security Vulnerabilities
Comment Archive Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
Comment Archive Attack Surface
AJAX Handlers 2
WordPress Hooks 6
Maintenance & Trust
Comment Archive Maintenance & Trust
Maintenance Signals
Community Trust
Comment Archive Alternatives
Extra Feed Links
extra-feed-links
Adds extra feed auto-discovery links to various page types (categories, tags, search results etc.)
Akismet Anti-spam: Spam Protection
akismet
The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.
![Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]](https://ps.w.org/disable-comments/assets/icon-128x128.png){kind=icon}
Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]
disable-comments
Allows administrators to globally disable comments on their site. Comments can be disabled according to post type. Multisite friendly.
Antispam Bee
antispam-bee
Sophisticated antispam plugin for effective daily comment and trackback spam-fighting. Built with data protection and privacy in mind.
Spam protection, Honeypot, Anti-Spam by CleanTalk
cleantalk-spam-protect
Blocks spam comments, fake users, contact form spam and more. No impact on SEO. Privacy focused. CAPTCHA free, premium Antispam plugin.
Comment Archive Developer Profile
3 plugins · 30 total installs
How We Detect Comment Archive
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/comment-archive/css/comment_archive.css/wp-content/plugins/comment-archive/js/comment_archive.js/wp-content/plugins/comment-archive/js/comment_archive.jscomment-archive/style.css?ver=comment-archive/script.js?ver=HTML / DOM Fingerprints
archive-countrel="{$comment->comment_ID}"rel="{$comment->comment_ID}"ajaxurl