WP-Safety

Comment Link Remove and Other Comment Tools Security & Risk Analysis

wordpress.org/plugins/comment-link-remove

Remove Comment Author Link & Links from Comments, Unlink, Disable Comments, Delete All Pending Comments. AI Auto Comment Reply, Voice, Attachments

8K active installs v2.7.2 PHP 5.6+ WP 4.6+ Updated Mar 10, 2026
anti-spamcommentsdisable-comment-linkdisable-commentslink-remover
100
A · Safe
CVEs total1
Unpatched0
Last CVEAug 23, 2021
Plugin page Download
Safety Verdict

Is Comment Link Remove and Other Comment Tools Safe to Use in 2026?

Generally Safe

Score 100/100

Comment Link Remove and Other Comment Tools has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Aug 23, 2021Updated 24d ago
Risk Assessment

The "comment-link-remove" plugin version 2.7.2 presents a generally good security posture with some minor concerns. The static analysis reveals a small attack surface with no directly exposed entry points lacking authentication. The code also demonstrates a strong adherence to security best practices, with a high percentage of SQL queries using prepared statements and a significant portion of output being properly escaped. Furthermore, robust use of nonces and capability checks indicates a conscious effort to prevent unauthorized actions.

However, a single taint flow with an unsanitized path warrants attention, as this could potentially lead to vulnerabilities if exploited, even though no critical or high severity issues were identified in the static analysis. The plugin's vulnerability history shows one past medium severity CVE related to Cross-Site Request Forgery (CSRF). While currently unpatched CVEs are zero, this past CSRF vulnerability suggests that developers should remain vigilant regarding input validation and state-changing operations. Overall, the plugin is relatively secure, but the identified taint flow and historical CSRF issue mean users should ensure they are using the latest patched version and remain aware of potential input validation weaknesses.

Key Concerns

  • Taint flow with unsanitized path
  • Past medium CVE for CSRF
  • Bundled outdated jQuery library
Vulnerabilities
1

Comment Link Remove and Other Comment Tools Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2021-24725medium · 4.3Cross-Site Request Forgery (CSRF)

Comment Link Remove and Other Comment Tools <= 2.1.4 - Arbitrary Comment Deletion via Cross-Site Request Forgery

Aug 23, 2021 Patched in 2.1.6 (883d)
Code Analysis
Analyzed Mar 16, 2026

Comment Link Remove and Other Comment Tools Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
8 prepared
Unescaped Output
37
200 escaped
Nonce Checks
5
Capability Checks
20
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

jQuery2.2.4

SQL Query Safety

89% prepared9 total queries

Output Escaping

84% escaped237 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<qc-clr-email-subscription> (qc-clr-email-subscription.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Comment Link Remove and Other Comment Tools Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

authwp_ajax_qc_clr_comments_process_qc_promo_formqc-support-promo-page\class-qc-support-promo-page.php:116
authwp_ajax_qcld_recommend_support_function_ajaxqc-support-promo-page\qc-clr-recommendbot-support-plugin.php:8
WordPress Hooks 35
actionadmin_headclass-qcld-free-plugin-upgrade-notice.php:36
actionplugin_row_metaclass-qcld-free-plugin-upgrade-notice.php:125
actionadmin_menuclass-qcld-free-plugin-upgrade-notice.php:167
actionwp_enqueue_scriptsqc-clr-assets.php:12
actionadmin_enqueue_scriptsqc-clr-assets.php:32
filtercomment_notification_textqc-clr-cookies-for-comments.php:104
filtercomment_moderation_textqc-clr-cookies-for-comments.php:105
filtercomment_form_default_fieldsqc-clr-main.php:69
filtercomment_form_field_urlqc-clr-main.php:71
filterget_comment_author_linkqc-clr-main.php:93
filterget_comment_author_urlqc-clr-main.php:99
filterget_comment_author_linkqc-clr-main.php:101
filtercomment_textqc-clr-main.php:116
filtercomments_openqc-clr-main.php:135
filterpings_openqc-clr-main.php:136
filtercomments_arrayqc-clr-main.php:149
filtercomment_textqc-clr-main.php:171
actionadmin_menuqc-clr-main.php:221
actionadmin_initqc-clr-main.php:230
actionactivated_pluginqc-clr-main.php:307
actioninitqc-clr-settings-pro.php:39
actionadmin_initqc-clr-settings-pro.php:50
actionadmin_menuqc-clr-settings-pro.php:51
actionadmin_menuqc-clr-settings.php:14
actionadmin_initqc-clr-settings.php:15
actionadmin_initqc-clr-settings.php:16
actionadmin_initqc-clr-settings.php:17
actionadmin_initqc-clr-settings.php:18
actionadmin_initqc-clr-settings.php:19
actionadmin_initqc-clr-settings.php:20
actionadmin_initqc-clr-settings.php:21
actionadmin_initqc-clr-settings.php:22
actionadmin_initqc-clr-settings.php:23
actionadmin_menuqc-support-promo-page\class-qc-support-promo-page.php:32
actionadmin_enqueue_scriptsqc-support-promo-page\class-qc-support-promo-page.php:62
Maintenance & Trust

Comment Link Remove and Other Comment Tools Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 10, 2026
PHP min version5.6
Downloads288K

Community Trust

Rating82/100
Number of ratings15
Active installs8K
Alternatives

Comment Link Remove and Other Comment Tools Alternatives

Remove Website Link Field From Comment Section

Remove Website Link Field From Comment Section

remove-website-link-field-from-comment-section

A
85

Remove Website Link Field From Comment Section is a simple plug & play plugin. It removes website link input field from the comment section.

100 No CVEs
Comments Firewall

Comments Firewall

comments-firewall

A
100

Firewall protection for comments. Blocks spam before it reaches your database with automatic link filtering and zero manual moderation.

0 No CVEs
Akismet Anti-spam: Spam Protection

Akismet Anti-spam: Spam Protection

akismet

A
99

The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.

6.0M 2 CVEs
Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]

Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]

disable-comments

A
99

Allows administrators to globally disable comments on their site. Comments can be disabled according to post type. Multisite friendly.

1.0M 1 CVE
Antispam Bee

Antispam Bee

antispam-bee

A
100

Sophisticated antispam plugin for effective daily comment and trackback spam-fighting. Built with data protection and privacy in mind.

700K 1 CVE
Developer Profile

Comment Link Remove and Other Comment Tools Developer Profile

QuantumCloud

29 plugins · 26K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
255 days
View full developer profile
Detection Fingerprints

How We Detect Comment Link Remove and Other Comment Tools

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/comment-link-remove/assets/css/qc-clr-style.css
Script Paths
/wp-content/plugins/comment-link-remove/assets/js/qc-clr-script.js
Version Parameters
comment-link-remove/assets/css/qc-clr-style.css?ver=comment-link-remove/assets/js/qc-clr-script.js?ver=

HTML / DOM Fingerprints

JS Globals
qc_clr_options
FAQ

Frequently Asked Questions about Comment Link Remove and Other Comment Tools