Comment Plugger Security & Risk Analysis

wordpress.org/plugins/comment-plugger

Gives a list of that last people to comment on a post, with a link to their site if they provided one.

10 active installs v1.1 PHP + WP + Updated Jun 4, 2010
commentslinksplugger
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Comment Plugger Safe to Use in 2026?

Generally Safe

Score 85/100

Comment Plugger has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 16yr ago
Risk Assessment

The static analysis of comment-plugger v1.1 reveals a plugin with a seemingly very small attack surface, reporting zero AJAX handlers, REST API routes, shortcodes, and cron events. Furthermore, there are no recorded vulnerabilities in its history, suggesting a history of secure development or minimal exposure. However, the code analysis highlights significant concerns. A total of one SQL query is present, and it is not using prepared statements. Additionally, there is one output in the code that is not properly escaped. The complete absence of nonce and capability checks, combined with the lack of proper output escaping and raw SQL queries, indicates potential vulnerabilities that are not immediately apparent from the attack surface metrics alone. While the plugin boasts a clean vulnerability history and a limited entry point count, the identified code signals point to a lack of fundamental security practices in handling data, which could be exploited if an attacker can find a way to interact with the code, even if indirectly. This plugin exhibits both strengths in its limited attack surface and historical record, but significant weaknesses in its core code practices regarding data security.

Key Concerns

  • Raw SQL query without prepared statements
  • Unescaped output
  • Missing nonce checks
  • Missing capability checks
Vulnerabilities
None known

Comment Plugger Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Comment Plugger Release Timeline

v1.03
Code Analysis
Analyzed Mar 17, 2026

Comment Plugger Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
1
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared1 total queries

Output Escaping

0% escaped1 total outputs
Attack Surface

Comment Plugger Attack Surface

Entry Points0
Unprotected0
Maintenance & Trust

Comment Plugger Maintenance & Trust

Maintenance Signals

WordPress version tested
Last updatedJun 4, 2010
PHP min version
Downloads6K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

Comment Plugger Developer Profile

Nick Momrik

12 plugins · 3K total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Comment Plugger

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/comment-plugger/comment-plugger.php
Version Parameters
comment-plugger/comment-plugger.php?ver=

HTML / DOM Fingerprints

Shortcode Output
<ul>
FAQ

Frequently Asked Questions about Comment Plugger