WP-Safety

Comments Analytics – Dashboard & Commenter Profiles Security & Risk Analysis

wordpress.org/plugins/commentswp

Analyze WordPress comments in one dashboard. Track comment stats, identify top commenters, and gain engagement insights.

20 active installs v1.3.1 PHP 7.4+ WP 6.5+ Updated Feb 1, 2026
analyticscomment-dashboardcomment-insightscommenter-profilescomments
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Comments Analytics – Dashboard & Commenter Profiles Safe to Use in 2026?

Generally Safe

Score 100/100

Comments Analytics – Dashboard & Commenter Profiles has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The "commentswp" plugin v1.3.1 demonstrates a strong security posture based on the provided static analysis. All identified entry points (2 AJAX handlers) appear to have authentication checks, and there are no exposed REST API routes or shortcodes. The plugin effectively utilizes prepared statements for all its SQL queries, and all output is properly escaped, indicating good practices for preventing common web vulnerabilities like SQL injection and XSS. The presence of nonce and capability checks further strengthens its defenses.

However, a concerning finding is the "Flows with unsanitized paths" identified in the taint analysis. While classified as not critical or high severity, any unsanitized path is a potential entry point for path traversal or other file system-related vulnerabilities. The single file operation identified needs careful scrutiny in conjunction with this taint flow. The lack of any recorded vulnerability history is positive, suggesting a history of secure development or effective patching by users.

In conclusion, "commentswp" v1.3.1 exhibits many good security practices. The primary area of concern stems from the identified unsanitized path flow, which, despite its low severity classification in the taint analysis, warrants attention due to its nature. The absence of known CVEs and the robust use of prepared statements and output escaping are significant strengths.

Key Concerns

  • Flows with unsanitized paths found
  • Single file operation identified
Vulnerabilities
None known

Comments Analytics – Dashboard & Commenter Profiles Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Comments Analytics – Dashboard & Commenter Profiles Release Timeline

v1.3.1Current
v1.3.0
v1.2.0
v1.1.0
v1.0.0
Code Analysis
Analyzed Apr 16, 2026

Comments Analytics – Dashboard & Commenter Profiles Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
33 prepared
Unescaped Output
1
337 escaped
Nonce Checks
5
Capability Checks
3
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared33 total queries

Output Escaping

100% escaped338 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths
display_admin_notices (src/Admin/Pages/Profiles/ProfilesPage.php:200)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Comments Analytics – Dashboard & Commenter Profiles Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

authwp_ajax_commentswp_dismiss_wporg_reviewsrc/Admin/WPorgReview.php:36
authwp_ajax_commentswp_defer_wporg_reviewsrc/Admin/WPorgReview.php:37
WordPress Hooks 22
actionplugins_loadedcommentswp.php:43
actionadmin_enqueue_scriptssrc/Admin/Admin.php:105
actionadmin_menusrc/Admin/Admin.php:107
filterscript_loader_tagsrc/Admin/Admin.php:111
filteradmin_footer_textsrc/Admin/Admin.php:115
filterupdate_footersrc/Admin/Admin.php:116
actionadmin_bar_menusrc/Admin/AdminBar.php:23
filtercomments_list_table_query_argssrc/Admin/Pages/AllComments.php:19
filtercomments_list_table_query_argssrc/Admin/Pages/AllComments.php:20
filtercomments_list_table_query_argssrc/Admin/Pages/AllComments.php:21
actioninitsrc/Admin/Pages/Dashboard/DashboardPage.php:64
actioncommentswp_admin_register_admin_menusrc/Admin/Pages/Dashboard/DashboardPage.php:100
actioncommentswp_admin_register_admin_menusrc/Admin/Pages/Profiles/ProfilesPage.php:35
actionadmin_noticessrc/Admin/Pages/Profiles/ProfilesPage.php:45
filterscreen_settingssrc/Admin/ScreenOptions.php:43
filterset-screen-optionsrc/Admin/ScreenOptions.php:44
actionadmin_noticessrc/Admin/WPorgReview.php:35
actionwp_insert_commentsrc/CacheBuster.php:28
actiondelete_commentsrc/CacheBuster.php:29
actiontransition_comment_statussrc/CacheBuster.php:31
filterwp_update_comment_datasrc/CacheBuster.php:33
actiondelete_expired_transientssrc/Tasks/Tasks.php:51
Maintenance & Trust

Comments Analytics – Dashboard & Commenter Profiles Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 1, 2026
PHP min version7.4
Downloads2K

Community Trust

Rating100/100
Number of ratings2
Active installs20
Alternatives

Comments Analytics – Dashboard & Commenter Profiles Alternatives

Gossiped Comments

Gossiped Comments

gossiped-comments

A
100

Universal commenting system with cross-site profiles, reputation scores, and real-time analytics.

20 No CVEs
SceneChat – Socially Ignite the Videos on Your Website

SceneChat – Socially Ignite the Videos on Your Website

scenechat-video-sharing-and-commenting-tool

A
85

SceneChat adds an interactive social toolbar to the videos on your site. It helps engage your audience, grow your traffic, and drive conversion.

10 No CVEs
Simple Toolkit

Simple Toolkit

simple-toolkit

A
85

Simple Toolkit is a plugin that provides simple and useful tools for WordPress websites. With this plugin, you can easily disable comments, duplicate …

0 No CVEs
Akismet Anti-spam: Spam Protection

Akismet Anti-spam: Spam Protection

akismet

A
99

The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.

6.0M 2 CVEs
Site Kit by Google – Analytics, Search Console, AdSense, Speed

Site Kit by Google – Analytics, Search Console, AdSense, Speed

google-site-kit

A
100

Site Kit is a one-stop solution for WordPress users to use everything Google has to offer to make them successful on the web.

5.0M 1 CVE
Developer Profile

Comments Analytics – Dashboard & Commenter Profiles Developer Profile

Slava Abakumov

10 plugins · 3K total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
104 days
View full developer profile
Detection Fingerprints

How We Detect Comments Analytics – Dashboard & Commenter Profiles

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/commentswp/assets/css/admin.css/wp-content/plugins/commentswp/assets/js/admin.js/wp-content/plugins/commentswp/assets/js/vendor/alpine.js
Script Paths
/wp-content/plugins/commentswp/assets/js/admin.js/wp-content/plugins/commentswp/assets/js/vendor/alpine.js
Version Parameters
commentswp/assets/css/admin.css?ver=commentswp/assets/js/admin.js?ver=commentswp/assets/js/vendor/alpine.js?ver=

HTML / DOM Fingerprints

CSS Classes
commentswptitle-logotitle-maintitle-separatortitle-secondary
Data Attributes
data-commentswp-admin-url
JS Globals
Alpine
FAQ

Frequently Asked Questions about Comments Analytics – Dashboard & Commenter Profiles