Does Comment Referrers have any unpatched vulnerabilities?

No. All known vulnerabilities in Comment Referrers have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Comment Referrers compatible with WordPress 4.7.32?

According to WordPress.org data, Comment Referrers 0.2 has been tested up to WordPress 4.7.32. Check the plugin's changelog for the latest compatibility information.

How often is Comment Referrers updated?

Comment Referrers was last updated on Dec 9, 2016. Frequent updates are generally a positive security signal.

What is Comment Referrers's security score?

Comment Referrers has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Comment Referrers Security & Risk Analysis

wordpress.org/plugins/comment-referrers

Adds the referrering link from which a commenting user came from to comment notifications.

90 active installs v0.2 PHP + WP + Updated Dec 9, 2016

commentsnotificationreferrers

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Comment Referrers Safe to Use in 2026?

Generally Safe

Score 85/100

Comment Referrers has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

Based on the provided static analysis, the "comment-referrers" v0.2 plugin exhibits a strong security posture. The absence of any identified dangerous functions, unsanitized taint flows, raw SQL queries, or unescaped output is highly commendable. Furthermore, the plugin has no known vulnerabilities, including no historical CVEs, which suggests a history of secure development. The lack of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the potential attack surface, making it difficult for attackers to find entry points. The code also appears to diligently use prepared statements for any potential database interactions, and there are no file operations or external HTTP requests that could be exploited. The absence of nonce and capability checks in the analyzed entry points is noted, but given the lack of any entry points, this is not currently a direct risk. This plugin demonstrates good security practices and a low-risk profile.

Key Concerns

No AJAX handlers without auth checks found
No REST API routes without permission callbacks found
No shortcodes found
No cron events found
No dangerous functions found
100% SQL queries use prepared statements
100% output properly escaped
No file operations found
No external HTTP requests found
No nonce checks found (given no entry points)
No capability checks found (given no entry points)
No bundled libraries with potential vulnerabilities
No taint flows analyzed with sanitization issues
No known CVEs recorded

Vulnerabilities

None known

Comment Referrers Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Comment Referrers Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Attack Surface

Comment Referrers Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actioncomment_formcomment-referrers.php:22

filtercomment_notification_textcomment-referrers.php:32

filtercomment_moderation_textcomment-referrers.php:33

Maintenance & Trust

Comment Referrers Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.32

Last updatedDec 9, 2016

PHP min version

Downloads11K

Community Trust

Rating0/100

Number of ratings0

Active installs90

Alternatives

Comment Referrers Alternatives

Comment Moderation/Notification Recipients

comment-moderation-e-mail-to-post-author

100

Control who will receive new comment and moderation notifications. Light weight, simple, safe and effective.

1K No CVEs

Lightweight Subscribe To Comments

comment-notifier-no-spammers

Easiest and most lightweight plugin to let visitors subscribe to comments and get email notifications.

1K No CVEs

Comment Email Reply

comment-email-reply

Simply notifies comment-author via email if someone replies to his comment. Zero Configuration.

600 No CVEs

WP Comment Notification

wp-comment-notification

Send email notification to predefined email ids when someone comments on your blog.

500 No CVEs

Subscribe To Comments Checkbox

comments-subscribe-checkbox

100

This plugin will allow you to add subscribe notification checkbox to comments on your site.

100 No CVEs

Developer Profile

Comment Referrers Developer Profile

Donncha O Caoimh (a11n)

12 plugins · 32K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

4657 days

View full developer profile

Detection Fingerprints

How We Detect Comment Referrers

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Script Paths

/wp-content/plugins/comment-referrers/comment-referrers.php

HTML / DOM Fingerprints

HTML Comments

<!--
	ref = escape( document[ 'referrer' ] );
	document.write("<input type='hidden' name='ref' value='"+ref+"'>");
// -->

JS Globals

ref

FAQ