Comment Notice Security & Risk Analysis
wordpress.org/plugins/comment-noticeThe main function of this plugin is to display a subscription option on the end of the comment area, so they can be noticed when there are new commen …
Is Comment Notice Safe to Use in 2026?
Generally Safe
Score 85/100Comment Notice has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The comment-notice plugin v1.0.0 exhibits a mixed security posture. On one hand, it has a remarkably small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events exposed. This lack of external entry points is a significant strength. Furthermore, the plugin has no recorded vulnerability history, suggesting a relatively stable and secure past.
However, the static analysis reveals several concerning code-level issues. The presence of the `create_function` function is a red flag due to its potential for security vulnerabilities if not handled with extreme care. The taint analysis indicates that all four analyzed flows have unsanitized paths, with two of them reaching a high severity. This suggests potential for injection vulnerabilities that could be exploited if an attacker can control input that reaches these flows. The low percentage of properly escaped output (25%) is also a significant concern, as it leaves the plugin vulnerable to Cross-Site Scripting (XSS) attacks. The lack of nonce checks on any entry points, while there are no exposed entry points, still represents a missing security best practice that could become a problem if the attack surface expands in future versions.
Key Concerns
- High severity unsanitized taint flows
- Low percentage of properly escaped output
- Dangerous function: create_function
- Taint flows with unsanitized paths (4/4)
- No nonce checks
Comment Notice Security Vulnerabilities
Comment Notice Release Timeline
Comment Notice Code Analysis
Dangerous Functions Found
SQL Query Safety
Output Escaping
Data Flow Analysis
Comment Notice Attack Surface
WordPress Hooks 11
Maintenance & Trust
Comment Notice Maintenance & Trust
Maintenance Signals
Community Trust
Comment Notice Alternatives
WP PHPList Comment Subscriber
phplist-comment-subscriber
This wordpress plugin gives users the option to subscribe to your PHPList newsletter when adding comments to your blog
Kadence WooCommerce Email Designer
kadence-woocommerce-email-designer
Customize the default WooCommerce email templates design and text through the native WordPress customizer. Preview emails and send test emails.
EmailKit – Email Customizer for WooCommerce & WP
emailkit
EmailKit is a powerful WordPress and WooCommerce email customizer tool, free for everyone! It allows users to customize and design templates that show …
FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution
fluent-crm
The easiest and fastest Email Marketing, Newsletter, Marketing Automation Plugin & CRM Solution for WordPress
Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress
email-subscribers
Add subscription forms on the website and send newsletters & automatically send post notification about new blog posts once it gets published.
Comment Notice Developer Profile
16 plugins · 220 total installs
How We Detect Comment Notice
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/comment-notice/css/style.csscomment_notice-adminHTML / DOM Fingerprints
body-bgtext-colorfooter-bgAdmin functions to set and save settings of the
* @package COMMENT_NOTICESet constant path for the plugin directorySet constant path for the plugin urlAdmin functions to set and save settings of the
* @package COMMENT_NOTICEdata-id='comment_notice_email_settings'COMMENT_NOTICE_OPTIONSCOMMENT_NOTICE_VERSIONCOMMENT_NOTICE_DIRCOMMENT_NOTICE_ADMINCOMMENT_NOTICE_INCCOMMENT_NOTICE_URL+2 more