Does DCO Comment Attachment have any unpatched vulnerabilities?

No. All known vulnerabilities in DCO Comment Attachment have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is DCO Comment Attachment compatible with WordPress 6.0.11?

According to WordPress.org data, DCO Comment Attachment 2.4.0 has been tested up to WordPress 6.0.11. Check the plugin's changelog for the latest compatibility information.

Is DCO Comment Attachment compatible with PHP 5.6+?

DCO Comment Attachment requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is DCO Comment Attachment updated?

DCO Comment Attachment was last updated on Oct 2, 2022. Frequent updates are generally a positive security signal.

What is DCO Comment Attachment's security score?

DCO Comment Attachment has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

DCO Comment Attachment Security & Risk Analysis

wordpress.org/plugins/dco-comment-attachment

Allows your visitors to attach files with their comments

9K active installs v2.4.0 PHP 5.6+ WP 4.6+ Updated Oct 2, 2022

attachmentcommentcomment-attachmentimagevideo

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is DCO Comment Attachment Safe to Use in 2026?

Generally Safe

Score 85/100

DCO Comment Attachment has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The "dco-comment-attachment" v2.4.0 plugin exhibits a strong security posture based on the provided static analysis. It demonstrates good practices by having no raw SQL queries, a high percentage of properly escaped output, and robust use of nonce and capability checks for its entry points. The absence of dangerous functions, file operations, and external HTTP requests further contributes to a secure foundation. Furthermore, the plugin has no recorded vulnerability history, suggesting a well-maintained and secure codebase over time.

While the static analysis reveals a very low immediate risk, the total taint flows analyzed being 0 is a minor concern. This could indicate that the analysis tool has limitations or that the plugin's logic is very simple, making it difficult to trace potential data flows. However, given the other strong indicators of secure coding, this is likely not a significant threat. The overall security is good, with no critical or high-risk issues identified in the code or its history.

Key Concerns

Zero taint flows analyzed
Some output not properly escaped

Vulnerabilities

None known

DCO Comment Attachment Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

DCO Comment Attachment Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

46 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

82% escaped56 total outputs

Attack Surface

DCO Comment Attachment Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 1

authwp_ajax_delete_attachmentincludes\class-dco-ca-admin.php:48

Shortcodes 1

[dco_ca] includes\class-dco-ca.php:75

WordPress Hooks 32

actioninitincludes\class-dco-ca-admin.php:30

filtercomment_row_actionsincludes\class-dco-ca-admin.php:41

actionadmin_action_deletecommentattachmentincludes\class-dco-ca-admin.php:42

filterbulk_actions-edit-commentsincludes\class-dco-ca-admin.php:43

actionadmin_action_deleteattachmentincludes\class-dco-ca-admin.php:44

filterngettextincludes\class-dco-ca-admin.php:45

filterremovable_query_argsincludes\class-dco-ca-admin.php:46

actionadmin_enqueue_scriptsincludes\class-dco-ca-admin.php:47

actionadd_meta_boxes_commentincludes\class-dco-ca-admin.php:49

actionedit_commentincludes\class-dco-ca-admin.php:50

actionrest_insert_commentincludes\class-dco-ca-admin.php:51

filtercomment_notification_textincludes\class-dco-ca-admin.php:53

filtercomment_moderation_textincludes\class-dco-ca-admin.php:54

actiondelete_commentincludes\class-dco-ca-admin.php:57

actioninitincludes\class-dco-ca-base.php:37

actioninitincludes\class-dco-ca-settings.php:39

actionadmin_initincludes\class-dco-ca-settings.php:50

actionadmin_menuincludes\class-dco-ca-settings.php:51

actioninitincludes\class-dco-ca.php:39

actioncomment_form_submit_fieldincludes\class-dco-ca.php:51

filterpreprocess_commentincludes\class-dco-ca.php:52

actioncomment_postincludes\class-dco-ca.php:53

filterpre_comment_approvedincludes\class-dco-ca.php:56

filterrest_preprocess_commentincludes\class-dco-ca.php:59

actionrest_insert_commentincludes\class-dco-ca.php:60

filterrest_prepare_commentincludes\class-dco-ca.php:63

actionwp_enqueue_scriptsincludes\class-dco-ca.php:65

filtercomment_textincludes\class-dco-ca.php:68

filtercomment_textincludes\class-dco-ca.php:72

filterupload_mimesincludes\class-dco-ca.php:770

filterdco_ca_admin_thumbnail_sizeincludes\class-dco-ca.php:893

filterdco_ca_get_option_thumbnail_sizeincludes\class-dco-ca.php:894

Maintenance & Trust

DCO Comment Attachment Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11

Last updatedOct 2, 2022

PHP min version5.6

Downloads66K

Community Trust

Rating98/100

Number of ratings10

Active installs9K

Alternatives

DCO Comment Attachment Alternatives

Comment Image

comment-image

Enable readers to attach an image to their comments.

1K No CVEs

Media Post Permalink

media-post-permalink

Media Post Permalink is simply the easiest solution to separate your media/attachment Permalinks.

100 No CVEs

CIO Multimedia Comments

multimedia-comments

Upload media files to comments, add custom fields, interact with readers. Conditional display by page or post, access control by field group*.

10 No CVEs

Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider

ml-slider

Slider, gallery, carousel plugin for WordPress. Build your image slider, video slider, post slider, YouTube slider, or WooCommerce product slider.

500K 12 CVEs

Prime Slider – Addons for Elementor

bdthemes-prime-slider-lite

Create responsive sliders using Elementor for hero sections, posts, logos, images, products, testimonials, and more.

100K 15 CVEs

Developer Profile

DCO Comment Attachment Developer Profile

Denis Yanchevskiy

5 plugins · 13K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect DCO Comment Attachment

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/dco-comment-attachment/assets/css/dco-comment-attachment.css/wp-content/plugins/dco-comment-attachment/assets/js/dco-comment-attachment.js/wp-content/plugins/dco-comment-attachment/assets/js/dco-comment-attachment-admin.js

Script Paths

/wp-content/plugins/dco-comment-attachment/assets/js/dco-comment-attachment.js/wp-content/plugins/dco-comment-attachment/assets/js/dco-comment-attachment-admin.js

Version Parameters

dco-comment-attachment/assets/css/dco-comment-attachment.css?ver=dco-comment-attachment/assets/js/dco-comment-attachment.js?ver=dco-comment-attachment/assets/js/dco-comment-attachment-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

dco-del-attachment

Data Attributes

data-iddata-nonce

JS Globals

dco_comment_attachment_params

FAQ