Does Comments Reactions have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Comments Reactions compatible with WordPress 5.0.25?

According to WordPress.org data, Comments Reactions 1.0.0 has been tested up to WordPress 5.0.25. Check the plugin's changelog for the latest compatibility information.

Is Comments Reactions compatible with PHP 7.0+?

Comments Reactions requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Comments Reactions updated?

Comments Reactions was last updated on Oct 27, 2018. Frequent updates are generally a positive security signal.

What is Comments Reactions's security score?

Comments Reactions has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Comments Reactions Security & Risk Analysis

wordpress.org/plugins/comments-reactions

Improve your comment system with funny emoji reactions.

10 active installs v1.0.0 PHP 7.0+ WP 4.9.4+ Updated Oct 27, 2018

commentsemojilikesratingreactions

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Comments Reactions Safe to Use in 2026?

Generally Safe

Score 85/100

Comments Reactions has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The "comments-reactions" v1.0.0 plugin exhibits a mixed security posture. On the positive side, the code analysis reveals excellent practices in several critical areas: all SQL queries use prepared statements, all outputs are properly escaped, and there are no file operations or external HTTP requests. The absence of bundled libraries and recorded historical vulnerabilities further contributes to a seemingly robust foundation. However, a significant concern arises from the attack surface analysis, which highlights one AJAX handler that lacks authentication checks. This represents a direct entry point for unauthenticated users, posing a notable risk despite the absence of identified taint flows or dangerous functions.

Key Concerns

AJAX handler without authentication

Vulnerabilities

None known

Comments Reactions Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Comments Reactions Release Timeline

v1.0.0Current

Code Analysis

Analyzed Mar 16, 2026

Comments Reactions Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped4 total outputs

Attack Surface

1 unprotected

Comments Reactions Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_hscr_save_reactionsrc\Ajax.php:33

WordPress Hooks 4

actionplugins_loadedcomments-reactions.php:43

actionwp_enqueue_scriptssrc\Assets.php:18

filtercomment_reply_link_argssrc\Reactions.php:37

actioninitsrc\Textdomain.php:18

Maintenance & Trust

Comments Reactions Maintenance & Trust

Maintenance Signals

WordPress version tested5.0.25

Last updatedOct 27, 2018

PHP min version7.0

Downloads2K

Community Trust

Rating100/100

Number of ratings2

Active installs10

Alternatives

Comments Reactions Alternatives

Vuukle Comments, Reactions, Share Bar, Revenue

free-comments-for-wordpress-vuukle

Vuukle website is an audience engagement platform which amplifies basic user comments and other attention data (shares, likes) into experiences showin …

300 1 CVE

Emojis for Posts and Pages

emojis-for-posts-and-pages

100

Add colorful emoji reactions to your WordPress posts and pages, similar to Facebook reactions.

10 No CVEs

Reactions

react

💩 reactions.

10 No CVEs

Some Plus Content Reactions

some-plus-content-reactions

100

Add emoji reactions to your posts and pages. Let your visitors express their feelings about your content.

0 No CVEs

Comments Like Dislike

comments-like-dislike

Like Dislike for WordPress Comments

9K 3 CVEs

Developer Profile

Comments Reactions Developer Profile

Henrique Silverio

4 plugins · 50 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Comments Reactions

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/comments-reactions/styles/reactions.min.css/wp-content/plugins/comments-reactions/scripts/reactions.min.js

Script Paths

vendor/autoload.php

Version Parameters

comments-reactions/styles/reactions.min.css?ver=comments-reactions/scripts/reactions.min.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-nonce="hscr-save-reaction"

JS Globals

CommentsReactions

FAQ