WP-Safety

TechGasp Comments Master Security & Risk Analysis

wordpress.org/plugins/facebook-comments-master

TechGasp Comments Master is the professional integration of facebook comments into heavy duty wordpress websites.

70 active installs v5.1.4 PHP + WP 3.5+ Updated Mar 11, 2021
commentsfacebookshortcodetechgaspwidget
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is TechGasp Comments Master Safe to Use in 2026?

Generally Safe

Score 85/100

TechGasp Comments Master has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The "facebook-comments-master" v5.1.4 plugin exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by not utilizing dangerous functions, performing all SQL queries using prepared statements, and not making external HTTP requests. The presence of a nonce check and the absence of any recorded vulnerabilities (CVEs) are also strong indicators of a secure foundation. However, a significant concern arises from the taint analysis, which revealed 4 flows with unsanitized paths. This suggests that user-supplied input, if not handled carefully, could potentially lead to unintended actions or data exposure. Furthermore, the output escaping is only properly implemented in 20% of cases. This low percentage, combined with the unsanitized paths, increases the risk of cross-site scripting (XSS) vulnerabilities if user input is directly rendered in the frontend without proper sanitization. While the attack surface appears small and primarily lacks auth checks (which is a concern but mitigated by the lack of entry points), the identified taint flows and poor output escaping are the most pressing areas of concern for this plugin.

Key Concerns

  • Flows with unsanitized paths detected
  • Low percentage of proper output escaping
Vulnerabilities
None known

TechGasp Comments Master Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

TechGasp Comments Master Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
97
24 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

20% escaped121 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

6 flows4 with unsanitized paths
widget (includes\facebook-comments-master-widget-basic.php:26)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

TechGasp Comments Master Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 14
filterthe_contentfacebook-comments-master.php:53
filterplugin_action_linksfacebook-comments-master.php:54
actionadmin_menuincludes\facebook-comments-master-admin-addons.php:39
actionadmin_menuincludes\facebook-comments-master-admin-addons.php:42
actionadmin_menuincludes\facebook-comments-master-admin-settings-wide.php:51
actionadmin_menuincludes\facebook-comments-master-admin-settings-wide.php:54
actionnetwork_admin_menuincludes\facebook-comments-master-admin.php:10
actionadmin_menuincludes\facebook-comments-master-admin.php:11
actionadmin_menuincludes\facebook-comments-master-admin.php:14
actionwp_headincludes\facebook-comments-master-settings-wide.php:34
actionadmin_headincludes\facebook-comments-master-settings-wide.php:35
actionwidgets_initincludes\facebook-comments-master-widget-basic.php:3
actionwp_enqueue_scriptsincludes\facebook-comments-master-widget-basic.php:10
actionwidgets_initincludes\facebook-comments-master-widget-viral.php:3
Maintenance & Trust

TechGasp Comments Master Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15
Last updatedMar 11, 2021
PHP min version
Downloads90K

Community Trust

Rating68/100
Number of ratings35
Active installs70
Alternatives

TechGasp Comments Master Alternatives

Better Recent Comments

Better Recent Comments

better-recent-comments

A
85

Provides an improved Recent Comments widget and a shortcode to display your recent comments on any post or page.

3K No CVEs
TechGasp Music Master

TechGasp Music Master

spotify-master

A
85

TechGasp Music Master allows you to display in your wordpress website musics, playlists and albums of the cool and "booming" music network Spotify.

500 No CVEs
TechGasp Video Master

TechGasp Video Master

vimeo-master

A
85

TechGasp Video Master for let's you integrate the superb Vimeo Video quality into any Wordpress widget position. Only for professional websites.

200 No CVEs
TechGasp Ads Master

TechGasp Ads Master

google-ads-master

A
85

TechGasp Ads Master for wordpress is the professional plugin you need to generate google ads income with your website.

100 No CVEs
TechGasp Weather Master

TechGasp Weather Master

weather-master

A
85

TechGasp Weather Master is the heavy duty, professional wordpress weather plugin. Just like on TV.

100 No CVEs
Developer Profile

TechGasp Comments Master Developer Profile

TechGasp

19 plugins · 3K total installs

84
trust score
Avg Security Score
86/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect TechGasp Comments Master

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/facebook-comments-master/facebook-comments-master-style.css
Script Paths
https://connect.facebook.net/en_US/sdk.js

HTML / DOM Fingerprints

CSS Classes
FB Comments Master Basic
HTML Comments
Copyright 2013 TechGasp (email : info@techgasp.com)This program is free software; you can redistribute it and/or modifyit under the terms of the GNU General Public License, version 2, aspublished by the Free Software Foundation.+7 more
Data Attributes
data-hrefdata-widthdata-order-bydata-numpostsdata-colorscheme
JS Globals
FACEBOOK_COMMENTS_MASTER_VERSIONFACEBOOK_COMMENTS_MASTER_NAME
FAQ

Frequently Asked Questions about TechGasp Comments Master