
Comment Plugger Security & Risk Analysis
wordpress.org/plugins/comment-pluggerGives a list of that last people to comment on a post, with a link to their site if they provided one.
Is Comment Plugger Safe to Use in 2026?
Generally Safe
Score 85/100Comment Plugger has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The static analysis of comment-plugger v1.1 reveals a plugin with a seemingly very small attack surface, reporting zero AJAX handlers, REST API routes, shortcodes, and cron events. Furthermore, there are no recorded vulnerabilities in its history, suggesting a history of secure development or minimal exposure. However, the code analysis highlights significant concerns. A total of one SQL query is present, and it is not using prepared statements. Additionally, there is one output in the code that is not properly escaped. The complete absence of nonce and capability checks, combined with the lack of proper output escaping and raw SQL queries, indicates potential vulnerabilities that are not immediately apparent from the attack surface metrics alone. While the plugin boasts a clean vulnerability history and a limited entry point count, the identified code signals point to a lack of fundamental security practices in handling data, which could be exploited if an attacker can find a way to interact with the code, even if indirectly. This plugin exhibits both strengths in its limited attack surface and historical record, but significant weaknesses in its core code practices regarding data security.
Key Concerns
- Raw SQL query without prepared statements
- Unescaped output
- Missing nonce checks
- Missing capability checks
Comment Plugger Security Vulnerabilities
Comment Plugger Release Timeline
Comment Plugger Code Analysis
SQL Query Safety
Output Escaping
Comment Plugger Attack Surface
Maintenance & Trust
Comment Plugger Maintenance & Trust
Maintenance Signals
Community Trust
Comment Plugger Alternatives
No External Links
mihdan-no-external-links
Convert external links into internal links, site wide or post/page specific. Add NoFollow, Click logging, and more...
Nofollow Case by Case
nofollow-case-by-case
"Dofollow" but Nofollow Case by Case allows you to selectively apply nofollow to your comments as well.
SEO Super Comments
seo-super-comments
SEO Super Comments turns your comments into new pages.
WP Open Comment Links in New Window
wp-open-comment-links-in-new-window
Opens all the links (URLs) added in the comments and author URL, in a new tab or window.
Embed Images in Comments
embed-comment-images
Embed direct image links in your comments with an img tag.
Comment Plugger Developer Profile
12 plugins · 3K total installs
How We Detect Comment Plugger
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/comment-plugger/comment-plugger.phpcomment-plugger/comment-plugger.php?ver=HTML / DOM Fingerprints
<ul>