WP-Safety

DX Unanswered Comments Security & Risk Analysis

wordpress.org/plugins/dx-unanswered-comments

Filter your admin comments that have not received a reply by internal user yet.

20 active installs v1.7 PHP + WP 3.2+ Updated Unknown
admincommentsrepliesunanswered
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is DX Unanswered Comments Safe to Use in 2026?

Generally Safe

Score 100/100

DX Unanswered Comments has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The 'dx-unanswered-comments' plugin version 1.7 presents a significant security risk primarily due to its unprotected AJAX handlers. While the plugin has no known historical vulnerabilities and avoids dangerous functions, file operations, and external HTTP requests, the complete absence of authentication and capability checks on all four identified AJAX entry points creates a wide attack surface. This means any unauthenticated user could potentially trigger these functions, leading to unintended actions or information disclosure if these handlers are not inherently benign. The taint analysis did find one flow with unsanitized paths, though it was not classified as critical or high severity, it still warrants attention. The lack of proper output escaping on a portion of outputs also adds to the risk of cross-site scripting (XSS) vulnerabilities. Overall, while the plugin demonstrates good practices in some areas like SQL query preparation, the lack of fundamental security checks on its AJAX endpoints is a major concern.

Key Concerns

  • Unprotected AJAX handlers
  • Flows with unsanitized paths (taint analysis)
  • Unescaped output
  • Missing nonce checks on AJAX
  • Missing capability checks on AJAX
Vulnerabilities
None known

DX Unanswered Comments Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

DX Unanswered Comments Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
3 prepared
Unescaped Output
2
5 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

75% prepared4 total queries

Output Escaping

71% escaped7 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<dxuc-unanswered-comments-admin-page> (dxuc-unanswered-comments-admin-page.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

DX Unanswered Comments Attack Surface

Entry Points4
Unprotected4

AJAX Handlers 4

authwp_ajax_mark_comment_as_replieddxuc-unanswered-comments.php:35
noprivwp_ajax_mark_comment_as_replieddxuc-unanswered-comments.php:36
authwp_ajax_mark_comment_as_non_replieddxuc-unanswered-comments.php:37
noprivwp_ajax_mark_comment_as_non_replieddxuc-unanswered-comments.php:38
WordPress Hooks 11
actionadmin_enqueue_scriptsdxuc-unanswered-comments.php:28
actionadmin_menudxuc-unanswered-comments.php:29
filterviews_edit-commentsdxuc-unanswered-comments.php:30
filtercomments_clausesdxuc-unanswered-comments.php:31
filterinitdxuc-unanswered-comments.php:32
filtermanage_edit-comments_columnsdxuc-unanswered-comments.php:33
filtermanage_comments_custom_columndxuc-unanswered-comments.php:34
filterbulk_actions-edit-commentsdxuc-unanswered-comments.php:39
filterhandle_bulk_actions-edit-commentsdxuc-unanswered-comments.php:40
filterdxuc_non_replied_textinc\dxuc-add-comment-count-top.php:9
filterdxuc_non_replied_top_levelinc\dxuc-add-comment-count-top.php:10
Maintenance & Trust

DX Unanswered Comments Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11
Last updatedUnknown
PHP min version
Downloads4K

Community Trust

Rating68/100
Number of ratings5
Active installs20
Alternatives

DX Unanswered Comments Alternatives

One Click Close Comments

One Click Close Comments

one-click-close-comments

A
99

Conveniently close or open comments for a post or page with one click from the admin listing of posts.

6K 1 CVE
Relative URL

Relative URL

relative-url

A
85

Relative URL applies wp_make_link_relative function to links to convert them to relative URLs.

3K No CVEs
Quotmarks Replacer

Quotmarks Replacer

quotmarks-replacer

A
85

Quotmarks Replacer disables wptexturize function that keeps all quotation marks and suspension points in half-width form.

300 No CVEs
Nofollow Case by Case

Nofollow Case by Case

nofollow-case-by-case

A
85

"Dofollow" but Nofollow Case by Case allows you to selectively apply nofollow to your comments as well.

200 No CVEs
PowerUp – Admin Tools (Login/Logout Redirects, Scripts & Comments Control)

PowerUp – Admin Tools (Login/Logout Redirects, Scripts & Comments Control)

powerup

A
100

Simplify site management with Login/Logout Redirect, Hide Admin Bar, Disable Comments, Header Footer Scripts and Remove Footer Credit.

200 No CVEs
Developer Profile

DX Unanswered Comments Developer Profile

Mario Peshev

13 plugins · 5K total installs

69
trust score
Avg Security Score
86/100
Avg Patch Time
164 days
View full developer profile
Detection Fingerprints

How We Detect DX Unanswered Comments

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/dx-unanswered-comments/js/dxuc-script.js/wp-content/plugins/dx-unanswered-comments/js/dxuc-comments.js/wp-content/plugins/dx-unanswered-comments/css/dxuc-style.css
Script Paths
/wp-content/plugins/dx-unanswered-comments/js/dxuc-script.js/wp-content/plugins/dx-unanswered-comments/js/dxuc-comments.js
Version Parameters
dxuc-script.js?ver=dxuc-comments.js?ver=dxuc-style.css?ver=

HTML / DOM Fingerprints

CSS Classes
mark_as_non_repliedmark_as_replied
Data Attributes
data-value
FAQ

Frequently Asked Questions about DX Unanswered Comments