Does CRUDLab Disable Comments have any unpatched vulnerabilities?

No. All known vulnerabilities in CRUDLab Disable Comments have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is CRUDLab Disable Comments compatible with WordPress 4.7.32?

According to WordPress.org data, CRUDLab Disable Comments 1.0.5 has been tested up to WordPress 4.7.32. Check the plugin's changelog for the latest compatibility information.

How often is CRUDLab Disable Comments updated?

CRUDLab Disable Comments was last updated on Dec 8, 2016. Frequent updates are generally a positive security signal.

What is CRUDLab Disable Comments's security score?

CRUDLab Disable Comments has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

CRUDLab Disable Comments Security & Risk Analysis

wordpress.org/plugins/crudlab-disable-comments

CRUDLab Disable Comments plugin allows you to disable comments for any page or post or for whole site.

800 active installs v1.0.5 PHP + WP 3.6+ Updated Dec 8, 2016

close-commmentscommentsdelete-commentsdisable-commentsremove-comments

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is CRUDLab Disable Comments Safe to Use in 2026?

Generally Safe

Score 85/100

CRUDLab Disable Comments has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The "crudlab-disable-comments" v1.0.5 plugin presents a mixed security posture. While it has no recorded vulnerability history, indicating a potentially stable and well-maintained codebase in the past, the static analysis reveals significant concerns. The plugin exposes two AJAX handlers, both of which lack authentication checks, creating a substantial attack surface for unauthorized actions. Furthermore, the presence of the `unserialize` function is a red flag, as it can lead to remote code execution vulnerabilities if used with untrusted input. The absence of any nonce checks on these AJAX endpoints exacerbates this risk, making it easier for attackers to craft malicious requests.

Key Concerns

AJAX handlers without authentication
Usage of 'unserialize' function
No nonce checks on AJAX handlers
No capability checks

Vulnerabilities

None known

CRUDLab Disable Comments Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

CRUDLab Disable Comments Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

5 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$obj["display"] = unserialize($obj["display"]);crudlab-disable-comments-settings.php:80

unserialize$obj["except_ids"] = unserialize($obj["except_ids"]);crudlab-disable-comments-settings.php:81

unserialize$obj["display"] = unserialize($obj["display"]);crudlab-disable-comments-settings.php:135

unserialize$obj["except_ids"] = implode(', ', unserialize($obj["except_ids"]));crudlab-disable-comments-settings.php:136

unserialize$this->settingsData = unserialize(get_option(Crudlab_Disable_Comments::$optionName));crudlab-disable-comments.php:50

unserialize$this->settingsData = unserialize(get_option(Crudlab_Disable_Comments::$optionName));crudlab-disable-comments.php:52

unserialize$settings["display"] = unserialize($settings["display"]);crudlab-disable-comments.php:168

unserialize$settings["except_ids"] = unserialize($settings["except_ids"]);crudlab-disable-comments.php:169

unserialize$settings["display"] = unserialize($settings["display"]);crudlab-disable-comments.php:196

unserialize$settings["except_ids"] = unserialize($settings["except_ids"]);crudlab-disable-comments.php:197

unserialize$this->settingsData = unserialize(get_option(Crudlab_Disable_Comments::$optionName));crudlab-disable-comments.php:225

SQL Query Safety

80% prepared5 total queries

Output Escaping

71% escaped7 total outputs

Attack Surface

2 unprotected

CRUDLab Disable Comments Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_clgbactivecrudlab-disable-comments.php:61

authwp_ajax_clgbphtmlcrudlab-disable-comments.php:62

WordPress Hooks 17

actionwp_enqueue_scriptscrudlab-disable-comments-settings.php:14

actionadmin_menucrudlab-disable-comments.php:59

actionwidgets_initcrudlab-disable-comments.php:78

filterwp_headerscrudlab-disable-comments.php:79

actiontemplate_redirectcrudlab-disable-comments.php:80

actiontemplate_redirectcrudlab-disable-comments.php:83

actionadmin_initcrudlab-disable-comments.php:84

actionwp_loadedcrudlab-disable-comments.php:86

filtercomments_opencrudlab-disable-comments.php:137

filterpings_opencrudlab-disable-comments.php:138

actionadmin_menucrudlab-disable-comments.php:142

actionadmin_headcrudlab-disable-comments.php:143

actionwp_dashboard_setupcrudlab-disable-comments.php:144

filterpre_option_default_pingback_flagcrudlab-disable-comments.php:145

actiontemplate_redirectcrudlab-disable-comments.php:148

actionadmin_print_footer_scriptscrudlab-disable-comments.php:154

filtercomments_templatecrudlab-disable-comments.php:204

Maintenance & Trust

CRUDLab Disable Comments Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.32

Last updatedDec 8, 2016

PHP min version

Downloads10K

Community Trust

Rating90/100

Number of ratings2

Active installs800

Alternatives

CRUDLab Disable Comments Alternatives

Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]

disable-comments

Allows administrators to globally disable comments on their site. Comments can be disabled according to post type. Multisite friendly.

1.0M 1 CVE

WP Comment Cleaner – Delete All Comments, Disable Comments, Bulk Delete & Remove Comments

delete-all-comments-of-website

100

Delete comments, disable comments, and remove comments in one click. Bulk delete spam and all comments to optimize your WordPress database easily.

20K No CVEs

Disable Comments & Delete All Comments

comments-plus

100

Disable comments globally on all posts or certain post types. Delete all comments at once, by post type or comment status. Manage links in comments.

8K No CVEs

Comments Shield – Disable Comments & Stop Spam, Bulk Delete & Remove Comments

comments-shield

100

Delete, disable, and clean all comments in one click. Easily manage, bulk delete, or completely disable comments across your entire WordPress site.

40 No CVEs

Habibur Comment Blocker

habibur-comment-blocker

100

Effortlessly disable comments and pingbacks sitewide to improve performance and security.

0 No CVEs

Developer Profile

CRUDLab Disable Comments Developer Profile

CRUDLab

1 plugin · 800 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect CRUDLab Disable Comments

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/crudlab-disable-comments/crudlab-disable-comments.php/wp-content/plugins/crudlab-disable-comments/crudlab-disable-comments-settings.php

HTML / DOM Fingerprints

Data Attributes

cldisablecomments-options

JS Globals

window.cldcb

FAQ