Does Comment Notifier have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Comment Notifier compatible with WordPress 6.9.4?

According to WordPress.org data, Comment Notifier 2.3.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Comment Notifier compatible with PHP 7.0+?

Comment Notifier requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Comment Notifier updated?

Comment Notifier was last updated on Feb 3, 2026. Frequent updates are generally a positive security signal.

What is Comment Notifier's security score?

Comment Notifier has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Comment Notifier Security & Risk Analysis

wordpress.org/plugins/comment-notifier

Add comment subscriptions to the blog comment form.

500 active installs v2.3.2 PHP 7.0+ WP 6.1+ Updated Feb 3, 2026

commentsdiscussionemailnotifysubscription

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Comment Notifier Safe to Use in 2026?

Generally Safe

Score 100/100

Comment Notifier has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The "comment-notifier" plugin v2.3.2 demonstrates strong security practices in several key areas. The static analysis reveals a commendable 100% usage of prepared statements for SQL queries and proper output escaping, indicating a low risk of common injection vulnerabilities. Furthermore, the absence of known CVEs in its history suggests a well-maintained and historically secure plugin. The plugin also appears to have a minimal attack surface, with no AJAX handlers, REST API routes, shortcodes, or cron events exposed without authentication, which is a significant security positive.

However, there are two "Taint Analysis" findings related to "unsanitized paths" that warrant attention. While their severity is not explicitly rated as critical or high, the presence of unsanitized paths in any context is a potential concern, as it could lead to path traversal or other file system vulnerabilities if these paths are user-controlled or processed insecurely. The plugin does implement some nonce and capability checks, but the existence of these taint flows suggests that the sanitization of path-related inputs might be incomplete or not universally applied across all potential entry points. Overall, the plugin is built on a solid foundation, but the identified taint flows represent the primary area of concern.

Key Concerns

Taint flows with unsanitized paths (High severity)
Taint flows with unsanitized paths (High severity)

Vulnerabilities

None known

Comment Notifier Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Comment Notifier Release Timeline

v2.3.2Current

v2.3.1

Code Analysis

Analyzed Apr 16, 2026

Comment Notifier Code Analysis

Dangerous Functions

Raw SQL Queries

14 prepared

Unescaped Output

47 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared14 total queries

Output Escaping

100% escaped47 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths

<options> (options.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Comment Notifier Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 8

actionadmin_headplugin.php:19

actioninitplugin.php:259

actionadmin_menuplugin.php:265

filterplugin_action_links_comment-notifier/plugin.phpplugin.php:266

actioncomment_formplugin.php:269

actionwp_set_comment_statusplugin.php:270

actioncomment_postplugin.php:271

actionactivate_comment-notifier/plugin.phpplugin.php:323

Maintenance & Trust

Comment Notifier Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 3, 2026

PHP min version7.0

Downloads47K

Community Trust

Rating100/100

Number of ratings10

Active installs500

Alternatives

Comment Notifier Alternatives

Subscribe to Comments

subscribe-to-comments

Subscribe to Comments allows commenters on an entry to subscribe to e-mail notifications for subsequent comments.

20K 3 CVEs

Subscribe2 – Form, Email Subscribers & Newsletters

subscribe2

Sends a list of subscribers an email notification when you publish new posts.

10K 8 CVEs

Subscribe To Comments Checkbox

comments-subscribe-checkbox

100

This plugin will allow you to add subscribe notification checkbox to comments on your site.

100 No CVEs

Subscribr

subscribr

Allows WordPress users to subscribe to notifications for new posts, pages, and custom types, filterable by taxonomies.

20 No CVEs

Category Subscriptions

category-subscriptions

Allow registered users to subscribe to categories giving them control over delivery times (e.g. daily or weekly digests) and format (html or text).

10 No CVEs

Developer Profile

Comment Notifier Developer Profile

Stefano Lissa

16 plugins · 515K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

650 days

View full developer profile

Detection Fingerprints

How We Detect Comment Notifier

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/comment-notifier/admin.css

Version Parameters

comment-notifier/admin.css?ver=

HTML / DOM Fingerprints

Shortcode Output

<p style="clear:both"><input style="width: 20px" type="checkbox" value="1" name="subscribe" id="subscribe"<label style="margin:0; padding:0; position:relative; left:0; top:0;" for="subscribe">

FAQ