Does Comment Pub have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Comment Pub compatible with WordPress 3.5.2?

According to WordPress.org data, Comment Pub 1.0.0 has been tested up to WordPress 3.5.2. Check the plugin's changelog for the latest compatibility information.

How often is Comment Pub updated?

Comment Pub was last updated on Jan 28, 2013. Frequent updates are generally a positive security signal.

What is Comment Pub's security score?

Comment Pub has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Comment Pub Security & Risk Analysis

wordpress.org/plugins/comment-pub

Create a guestbook or local avatars or unique comments. The images be will resized on upload and originals deleted.

20 active installs v1.0.0 PHP + WP 3.4.1+ Updated Jan 28, 2013

commentsguestguestbookimage-uploadresize-images

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Comment Pub Safe to Use in 2026?

Generally Safe

Score 85/100

Comment Pub has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago

Risk Assessment

The "comment-pub" v1.0.0 plugin demonstrates a generally good security posture with several strengths. Notably, all identified SQL queries utilize prepared statements, which is a crucial defense against SQL injection vulnerabilities. The absence of known CVEs and a clean vulnerability history further suggest a commitment to security or a lack of past exploitation. However, the static analysis reveals some areas for concern. A significant portion of output (67%) is not properly escaped, presenting a risk of Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the taint analysis indicates two flows with unsanitized paths, one of which is flagged as high severity. While the total attack surface is zero, these unsanitized flows could still be exploited if an attacker can control the input to these paths. The presence of file operations and a limited number of nonce and capability checks also warrants attention, as these can sometimes be entry points for further attacks if not implemented with utmost care. In conclusion, while the plugin avoids common pitfalls like raw SQL and a public attack surface, the unescaped output and the high-severity taint flow represent significant risks that need to be addressed.

Key Concerns

High severity taint flow
Unsanitized path flows
Low output escaping percentage

Vulnerabilities

None known

Comment Pub Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Comment Pub Release Timeline

v1.0.0Current

Code Analysis

Analyzed Mar 16, 2026

Comment Pub Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

15 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared4 total queries

Output Escaping

33% escaped46 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths

<comments_pub_admin> (comments_pub_admin.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Comment Pub Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 15

actioncomment_formcomments_pub_comments.php:150

actionwp_enqueue_scriptscomment_pub.php:48

actionadmin_enqueue_scriptscomment_pub.php:49

actionwp_enqueue_scriptscomment_pub.php:50

filterwp_insert_commentcomment_pub.php:52

filtercomments_arraycomment_pub.php:53

filtercomments_templatecomment_pub.php:59

filtercomment_form_field_emailcomment_pub.php:64

actionadmin_noticescomment_pub.php:74

actioncomment_form_after_fieldscomment_pub.php:97

actioncomment_form_logged_in_aftercomment_pub.php:103

actioncomment_formcomment_pub.php:111

actionadmin_noticescomment_pub.php:119

actionadmin_menucomment_pub.php:587

actionadmin_menucomment_pub.php:601

Maintenance & Trust

Comment Pub Maintenance & Trust

Maintenance Signals

WordPress version tested3.5.2

Last updatedJan 28, 2013

PHP min version

Downloads7K

Community Trust

Rating100/100

Number of ratings2

Active installs20

Alternatives

Comment Pub Alternatives

Reverse Order Comments

reverse-order-comments

Allows to display the comments in reverse order. Latest comment first, oldest last.

100 No CVEs

Simple Guestbook

simple-guestbook

100

A simple guestbook plugin based on WordPress page comments.

70 No CVEs

LIBRO DE VISITAS – GUESTBOOK

libro-de-visitas-guestbook

For live example click here!!!

40 No CVEs

WP CommentWidgetizer

wp-commentwidgetizer

WP CommentWidgetizer is a simple widget that takes one of the approved comments made on any page or post of your site and displays it in the sidebar.

10 No CVEs

Gwolle Guestbook

gwolle-gb

Gwolle Guestbook is the WordPress guestbook you've just been looking for. Beautiful and easy.

20K 7 CVEs

Developer Profile

Comment Pub Developer Profile

nowmediagroup

1 plugin · 20 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Comment Pub

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/comment-pub/css/plugin.css/wp-content/plugins/comment-pub/css/admin.css

Script Paths

/wp-content/plugins/comment-pub/js/plugin.min.js

HTML / DOM Fingerprints

CSS Classes

nocomments

HTML Comments

FAQ