Does Comment Form WP – Customize Default Comment Form have any unpatched vulnerabilities?

Yes — Comment Form WP – Customize Default Comment Form currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Comment Form WP – Customize Default Comment Form compatible with WordPress 6.9.4?

According to WordPress.org data, Comment Form WP – Customize Default Comment Form 2.0.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Comment Form WP – Customize Default Comment Form compatible with PHP 7.0+?

Comment Form WP – Customize Default Comment Form requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

What is Comment Form WP – Customize Default Comment Form's security score?

Comment Form WP – Customize Default Comment Form has a WP-Safety security score of 78/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Comment Form WP – Customize Default Comment Form Security & Risk Analysis

wordpress.org/plugins/comment-form-wp

Comment Form WP is a Default comment form customize/modify WordPress Plugin. You can add/change/remove your website comment form fields, texts.

600 active installs v2.0.1 PHP 7.0+ WP 6.0+ Updated Jan 11, 2026

advanced-comment-formcomment-field-changecomment-formcustomize-comment-formwordpress-comment-form

B · Generally Safe

CVEs total1

Unpatched1

Last CVESep 5, 2025

Plugin page Download

Safety Verdict

Is Comment Form WP – Customize Default Comment Form Safe to Use in 2026?

Mostly Safe

Score 78/100

Comment Form WP – Customize Default Comment Form is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Sep 5, 2025Updated 2mo ago

Risk Assessment

The "comment-form-wp" plugin, version 2.0.1, exhibits a mixed security posture. On the positive side, the static analysis reveals no dangerous functions, no raw SQL queries, and no file operations or external HTTP requests, suggesting a generally clean codebase in these areas. The absence of shortcodes and cron events also limits the potential attack surface. However, several significant concerns emerge. The complete lack of nonce checks and capability checks across all entry points, combined with only 72% of output being properly escaped, creates a substantial risk. This indicates that user-supplied data may not be adequately validated or sanitized before being displayed or processed, leaving the door open for various attacks.

Key Concerns

Unpatched CVE present
Medium severity CVE
No nonce checks implemented
No capability checks implemented
Insufficient output escaping (28%)

Vulnerabilities

Comment Form WP – Customize Default Comment Form Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-58825medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Comment Form WP – Customize Default Comment Form <= 2.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

Sep 5, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Comment Form WP – Customize Default Comment Form Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

72 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

72% escaped100 total outputs

Attack Surface

Comment Form WP – Customize Default Comment Form Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 8

actionplugins_loadedcomment-form-wp.php:27

actionadmin_enqueue_scriptscomment-form-wp.php:62

actionadmin_initcomment-form-wp.php:81

actionadmin_menuform-backend\commentformwp-backend.php:15

filtercomment_form_defaultsform-frontend\commentformwp-frontend.php:17

filtercomment_form_fieldsform-frontend\commentformwp-frontend.php:147

actionwp_headform-frontend\commentformwp-frontend.php:169

actionadmin_menulanguages\form-backend\commentformwp-backend.php:15

Maintenance & Trust

Comment Form WP – Customize Default Comment Form Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 11, 2026

PHP min version7.0

Downloads5K

Community Trust

Rating100/100

Number of ratings3

Active installs600

Alternatives

Comment Form WP – Customize Default Comment Form Alternatives

Comments – wpDiscuz

wpdiscuz

AJAX powered realtime comments. Designed to extend WordPress native comments. Custom comment forms/fields. Making comments has never been so awesome!

80K 24 CVEs

Advanced Comment Form

comment-form

Advanced Comment Form lets you customize plenty of things on the default comment forms in WordPress.

5K 1 CVE

No CAPTCHA reCAPTCHA

no-captcha-recaptcha

Protect WordPress login, registration, comment and BuddyPress registration forms with Google's No CAPTCHA reCAPTCHA.

5K No CVEs

Comment Form Js Validation

comment-form-js-validation

This plugin use for wordpress comments form js validation.

2K No CVEs

Comments Form Star Rating Plugin for WordPress

comments-form-star-rating

Allow your customers to add star rattings in comment form.

2K No CVEs

Developer Profile

Comment Form WP – Customize Default Comment Form Developer Profile

Habibur Rahman

7 plugins · 2K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Comment Form WP – Customize Default Comment Form

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/comment-form-wp/css/commentformwp-backend.css

Version Parameters

commentformwp-style?ver=1.0.0

HTML / DOM Fingerprints

CSS Classes

comment-notescomment-form-authorcomment-form-emailcomment-form-urlcomment-form-comment

Data Attributes

placeholder

FAQ