Does Disqus Conditional Load have any unpatched vulnerabilities?

No. All known vulnerabilities in Disqus Conditional Load have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Disqus Conditional Load compatible with WordPress 6.9.4?

According to WordPress.org data, Disqus Conditional Load 11.1.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Disqus Conditional Load compatible with PHP 5.6+?

Disqus Conditional Load requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Disqus Conditional Load updated?

Disqus Conditional Load was last updated on Dec 9, 2025. Frequent updates are generally a positive security signal.

What is Disqus Conditional Load's security score?

Disqus Conditional Load has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Disqus Conditional Load Security & Risk Analysis

wordpress.org/plugins/disqus-conditional-load

Use Disqus comments with advanced features like lazy load, shortcode, widgets etc. Don't let Disqus to slow your site down.

3K active installs v11.1.2 PHP 5.6+ WP 5.0+ Updated Dec 9, 2025

comment-hidedisqusdisqus-commentsdisqus-conditional-loadhide-disqus

A · Safe

CVEs total1

Unpatched0

Last CVEMar 21, 2023

Plugin page Download

Safety Verdict

Is Disqus Conditional Load Safe to Use in 2026?

Generally Safe

Score 100/100

Disqus Conditional Load has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Mar 21, 2023Updated 3mo ago

Risk Assessment

The "disqus-conditional-load" plugin v11.1.2 exhibits a generally strong security posture based on the static analysis, with no identified dangerous functions, all SQL queries utilizing prepared statements, and a high percentage of properly escaped output. The attack surface is minimal, consisting of only two shortcodes and no unprotected entry points. Taint analysis also reveals no critical or high-severity issues.

However, the plugin's vulnerability history is a significant concern. It has a known CVE associated with it, specifically a medium-severity Cross-Site Scripting (XSS) vulnerability that was last patched in March 2023. While currently unpatched vulnerabilities are reported as zero, the existence of past XSS issues, even if resolved, suggests a potential for input sanitization weaknesses. The lack of nonce checks and capability checks in any of the identified entry points, while currently showing no direct exploitation paths in static analysis, could become a point of concern if new vulnerabilities are introduced in future versions or if the plugin's functionality evolves.

In conclusion, while the current version of "disqus-conditional-load" appears to have a good technical security foundation with robust sanitization for most outputs and SQL, the historical presence of an XSS vulnerability warrants vigilance. The absence of explicit nonce and capability checks on its entry points is a weakness that could be exploited if other security measures fail or if new vulnerabilities are introduced.

Key Concerns

Past medium severity XSS vulnerability
No nonce checks on entry points
No capability checks on entry points
Some output not properly escaped

Vulnerabilities

Disqus Conditional Load Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-23732medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Disqus Conditional Load <= 11.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings.

Mar 21, 2023 Patched in 11.1.2 (308d)

Code Analysis

Analyzed Mar 16, 2026

Disqus Conditional Load Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

15 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

88% escaped17 total outputs

Attack Surface

Disqus Conditional Load Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[dcl-comments] includes\class-disqus-conditional-load.php:239

[js-disqus] includes\class-disqus-conditional-load.php:241

WordPress Hooks 18

actionadmin_noticesincludes\class-disqus-conditional-load.php:79

actionadmin_menuincludes\class-disqus-conditional-load.php:199

actionadmin_initincludes\class-disqus-conditional-load.php:200

actionadmin_enqueue_scriptsincludes\class-disqus-conditional-load.php:201

filteradmin_footer_textincludes\class-disqus-conditional-load.php:203

filterplugin_action_linksincludes\class-disqus-conditional-load.php:204

filterplugin_row_metaincludes\class-disqus-conditional-load.php:205

actionadmin_noticesincludes\class-disqus-conditional-load.php:208

actionwp_print_scriptsincludes\class-disqus-conditional-load.php:230

actionwp_enqueue_scriptsincludes\class-disqus-conditional-load.php:231

actionwp_enqueue_scriptsincludes\class-disqus-conditional-load.php:232

actioncomments_templateincludes\class-disqus-conditional-load.php:233

filtercomments_templateincludes\class-disqus-conditional-load.php:235

filterscript_loader_tagincludes\class-disqus-conditional-load.php:236

filterrespond_linkincludes\class-disqus-conditional-load.php:244

filterget_comments_linkincludes\class-disqus-conditional-load.php:245

actionplugins_loadedincludes\class-disqus-conditional-load.php:263

filtercomments_templatepublic\class-dcl-public.php:242

Maintenance & Trust

Disqus Conditional Load Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 9, 2025

PHP min version5.6

Downloads233K

Community Trust

Rating90/100

Number of ratings64

Active installs3K

Alternatives

Disqus Conditional Load Alternatives

Social Comments by Heateor

heateor-social-comments

100

Integrate Facebook Comments, Vkontakte Comments and/or Disqus Comments along with default comment form at your website

800 1 CVE

Twenty Fifteen Disqus Style

twenty-fifteen-disqus-style

Style Disqus Comments Plugin for use in the Twenty Fifteen theme.

10 No CVEs

Disqus Comment System

disqus-comment-system

Disqus is the web's most popular comment system. Use Disqus to increase engagement, retain readers, and grow your audience.

40K 5 CVEs

pipDisqus – Lightweight Disqus Comments

pipdisqus

A lightweight solution for adding Disqus to your WordPress blog.

300 1 CVE

Disqus Latest Comments Addon

disqus-latest-comments

Display latest Disqus comments in a page, post or widget

100 No CVEs

Developer Profile

Disqus Conditional Load Developer Profile

Joel James

7 plugins · 117K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

1175 days

View full developer profile

Detection Fingerprints

How We Detect Disqus Conditional Load

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/disqus-conditional-load/assets/css/admin.min.css/wp-content/plugins/disqus-conditional-load/assets/js/admin.min.js/wp-content/plugins/disqus-conditional-load/assets/js/frontend.min.js

Script Paths

assets/js/admin.min.jsassets/js/frontend.min.js

Version Parameters

disqus-conditional-load/assets/css/admin.min.css?ver=disqus-conditional-load/assets/js/admin.min.js?ver=disqus-conditional-load/assets/js/frontend.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

dcl-admin-content

HTML Comments

K. Bye.

JS Globals

dcl_helper

FAQ