Comment Author URL Stripper Security & Risk Analysis

wordpress.org/plugins/comment-author-url-stripper

Removes the comment author URL if it contains any of the specified words.

20 active installs v1.1 PHP + WP + Updated Dec 8, 2015
authorcommenturl
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Comment Author URL Stripper Safe to Use in 2026?

Generally Safe

Score 85/100

Comment Author URL Stripper has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago
Risk Assessment

The "comment-author-url-stripper" plugin v1.1 exhibits a strong security posture based on the provided static analysis. The absence of any identified dangerous functions, SQL queries without prepared statements, unescaped output, file operations, external HTTP requests, and critically, no unprotected entry points (AJAX, REST API, shortcodes, cron) indicates a developer committed to secure coding practices. The taint analysis also found no critical or high-severity flows, suggesting data is handled and processed safely.

However, the analysis does highlight a significant area of concern: the "flows with unsanitized paths." While the taint analysis didn't categorize these as critical or high, two such flows suggest a potential for improper handling of user-supplied data that could lead to unexpected behavior or vulnerabilities if further inputs or contexts were to exploit them. Furthermore, the complete lack of capability checks and nonce checks, while potentially benign due to the zero attack surface, leaves the plugin vulnerable to exploitation if the attack surface were to expand or change in future versions without these essential security measures being implemented.

The plugin's vulnerability history is entirely clean, with no known CVEs. This, combined with the strong static analysis findings, paints a picture of a generally secure plugin. Nevertheless, the presence of unsanitized paths and the absence of capability/nonce checks represent latent risks that warrant attention to ensure ongoing security, especially if the plugin's functionality or integration with WordPress evolves.

Key Concerns

  • Flows with unsanitized paths
  • Missing capability checks
  • Missing nonce checks
Vulnerabilities
None known

Comment Author URL Stripper Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Comment Author URL Stripper Release Timeline

v1.1Current
v1.0
Code Analysis
Analyzed Mar 16, 2026

Comment Author URL Stripper Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
2 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped2 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
update_mdv_caust_options (comment-author-url-stripper.php:24)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Comment Author URL Stripper Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 2
actionadmin_menucomment-author-url-stripper.php:12
filterpre_comment_author_urlcomment-author-url-stripper.php:13
Maintenance & Trust

Comment Author URL Stripper Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34
Last updatedDec 8, 2015
PHP min version
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs20
Developer Profile

Comment Author URL Stripper Developer Profile

Nick Momrik

12 plugins · 3K total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Comment Author URL Stripper

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/comment-author-url-stripper/comment-author-url-stripper.php

HTML / DOM Fingerprints

CSS Classes
wrapupdatedfadefailedoptionscode
Data Attributes
name="mdv_caus_keys"id="moderation_keys"name="action"value="update"name="page_options"value="mdv_caus_keys"
FAQ

Frequently Asked Questions about Comment Author URL Stripper