WP-Safety

Subscribe To Comments Checkbox Security & Risk Analysis

wordpress.org/plugins/comments-subscribe-checkbox

This plugin will allow you to add subscribe notification checkbox to comments on your site.

100 active installs v1.2.6 PHP 5.2.4+ WP 5.0+ Updated Dec 10, 2025
comments-checkboxcomments-subscribenotification-subscriptionsubscribe-emailsubscribe-to-comments
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Subscribe To Comments Checkbox Safe to Use in 2026?

Generally Safe

Score 100/100

Subscribe To Comments Checkbox has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The 'comments-subscribe-checkbox' plugin v1.2.6 exhibits a mixed security posture. On the positive side, it has a small attack surface with only two AJAX entry points, and importantly, both appear to have authorization checks. There are also a good number of nonce checks and capability checks present, indicating an awareness of security best practices.

However, significant concerns arise from the static analysis. The most critical issue is that 100% of the SQL queries are not using prepared statements, which exposes the plugin to potential SQL injection vulnerabilities. Furthermore, the taint analysis reveals a flow with an unsanitized path and a high severity, strongly suggesting a path traversal or similar vulnerability that could allow unauthorized file access or modification. The 75% rate of proper output escaping, while not terrible, still leaves room for potential cross-site scripting (XSS) vulnerabilities.

The plugin's vulnerability history is currently clean, with no recorded CVEs. This is a positive indicator, but it does not negate the risks identified in the static and taint analyses. The absence of historical vulnerabilities could be due to luck or the plugin not being extensively targeted or audited. The overall conclusion is that while the plugin has a small attack surface and some good security implementations, the critical issues of raw SQL queries and the identified high-severity taint flow warrant immediate attention and mitigation.

Key Concerns

  • 100% of SQL queries not using prepared statements
  • High severity taint flow with unsanitized path
  • Output escaping is not 100% proper
Vulnerabilities
None known

Subscribe To Comments Checkbox Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Subscribe To Comments Checkbox Code Analysis

Dangerous Functions
0
Raw SQL Queries
10
0 prepared
Unescaped Output
29
88 escaped
Nonce Checks
3
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared10 total queries

Output Escaping

75% escaped117 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
<secondary-page> (include\secondary-page.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Subscribe To Comments Checkbox Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

authwp_ajax_yydev_comments_subscribe_stop_notice_forevernotices.php:62
authwp_ajax_yydev_comments_subscribe_stop_notice_for_nownotices.php:84
WordPress Hooks 11
filtercomment_form_field_commentfront-end\add-checkbox-to-comments.php:65
actioncomment_postinclude\insert-subscriber-to-db.php:72
actioncomment_postinclude\send-mail-to-subscriber.php:149
actionwp_set_comment_statusinclude\send-mail-to-subscriber.php:185
actiondeleted_commentinclude\send-mail-to-subscriber.php:202
filterthe_postsinclude\unsubscribe.php:155
filtertemplate_includeinclude\unsubscribe.php:171
actionplugins_loadedindex.php:21
actionadmin_menuindex.php:71
filterplugin_action_linksindex.php:96
actionadmin_noticesnotices.php:274
Maintenance & Trust

Subscribe To Comments Checkbox Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 10, 2025
PHP min version5.2.4
Downloads5K

Community Trust

Rating98/100
Number of ratings8
Active installs100
Alternatives

Subscribe To Comments Checkbox Alternatives

Subscribe To Comments Reloaded

Subscribe To Comments Reloaded

subscribe-to-comments-reloaded

B
80

Subscribe to Comments Reloaded allows commenters to sign up for e-mail notifications of subsequent replies. Don't miss any comment.

10K 4 CVEs
Lightweight Subscribe To Comments

Lightweight Subscribe To Comments

comment-notifier-no-spammers

A
92

Easiest and most lightweight plugin to let visitors subscribe to comments and get email notifications.

1K No CVEs
Developer Profile

Subscribe To Comments Checkbox Developer Profile

yydevelopment

11 plugins · 51K total installs

88
trust score
Avg Security Score
100/100
Avg Patch Time
67 days
View full developer profile
Detection Fingerprints

How We Detect Subscribe To Comments Checkbox

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/comments-subscribe-checkbox/include/script.js/wp-content/plugins/comments-subscribe-checkbox/include/style.css/wp-content/plugins/comments-subscribe-checkbox/front-end/js/comments-subscribe-checkbox.js
Script Paths
/wp-content/plugins/comments-subscribe-checkbox/include/script.js/wp-content/plugins/comments-subscribe-checkbox/front-end/js/comments-subscribe-checkbox.js
Version Parameters
/wp-content/plugins/comments-subscribe-checkbox/include/style.css?ver=/wp-content/plugins/comments-subscribe-checkbox/include/script.js?ver=/wp-content/plugins/comments-subscribe-checkbox/front-end/js/comments-subscribe-checkbox.js?ver=

HTML / DOM Fingerprints

CSS Classes
comments-subscribe-checkbox-wrappercomments-subscribe-checkbox-form
HTML Comments
<!-- Begin Comments Subscribe Checkbox --><!-- End Comments Subscribe Checkbox -->
Data Attributes
data-csc-noncedata-csc-iddata-csc-email
JS Globals
comments_subscribe_checkbox_ajax_object
FAQ

Frequently Asked Questions about Subscribe To Comments Checkbox