Does Featured Comments have any unpatched vulnerabilities?

No. All known vulnerabilities in Featured Comments have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Featured Comments compatible with WordPress 3.4.2?

According to WordPress.org data, Featured Comments 1.0 has been tested up to WordPress 3.4.2. Check the plugin's changelog for the latest compatibility information.

How often is Featured Comments updated?

Featured Comments was last updated on Oct 18, 2012. Frequent updates are generally a positive security signal.

What is Featured Comments's security score?

Featured Comments has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Featured Comments Security & Risk Analysis

wordpress.org/plugins/featured-comments-widget

This plugin provides a widget that let you select the comments you want to display as featured or important.

10 active installs v1.0 PHP + WP 3.0+ Updated Oct 18, 2012

commentsfeaturedsidebarwidget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Featured Comments Safe to Use in 2026?

Generally Safe

Score 85/100

Featured Comments has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago

Risk Assessment

The "featured-comments-widget" plugin v1.0 exhibits a generally positive security posture based on the provided static analysis. The complete absence of identified entry points, dangerous functions, raw SQL queries, file operations, external HTTP requests, and vulnerabilities in its history are strong indicators of good development practices. The use of prepared statements for SQL queries, if any were present, would further bolster its security.

However, a significant concern arises from the extremely low percentage of properly escaped output (17%). This indicates a high probability of cross-site scripting (XSS) vulnerabilities, where user-supplied data could be injected into the output without proper sanitization, leading to potential exploitation. The lack of nonce and capability checks across all observed code signals also means that if any entry points were introduced in future versions or through unforeseen interactions, they might not be adequately protected against unauthorized access or manipulation.

While the plugin's history is clean, the current static analysis reveals a critical weakness in output escaping. The absence of vulnerabilities so far might be due to a limited attack surface or a lack of targeted auditing. The plugin's strengths lie in its limited attack surface and the apparent avoidance of common high-risk coding patterns. Its primary weakness is the insufficient output escaping, which poses a significant XSS risk that needs immediate attention.

Key Concerns

Low output escaping (17%)
No nonce checks observed
No capability checks observed

Vulnerabilities

None known

Featured Comments Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Featured Comments Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

17% escaped12 total outputs

Attack Surface

Featured Comments Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 1

actioninitfeatured-comments-widget.php:35

Maintenance & Trust

Featured Comments Maintenance & Trust

Maintenance Signals

WordPress version tested3.4.2

Last updatedOct 18, 2012

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Featured Comments Alternatives

Featured Comment Widget

featured-comment-widget

The Featured Comment Widget gives you the ability to shine a spotlight on some of your favorite comments on the site.

30 No CVEs

Feature A Page Widget

feature-a-page-widget

A widget to display an attractive summary of any page in any widget area.

3K No CVEs

Widget Builder

widget-builder

Widget Builder uses native WordPress editing interface to provide a unique tool to build custom widgets for your site(s).

600 No CVEs

Most Popular Posts

most-popular-posts

This is a very simple widget that displays a link to the top commented posts on your blog.

300 No CVEs

Top Commentators Widget

top-commentators-widget

100

Adds a sidebar widget to show the top commentators in your WP site. Demo: http://demo.webgrrrl.net

200 No CVEs

Developer Profile

Featured Comments Developer Profile

andreu

2 plugins · 40 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Featured Comments

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

widget_featured_comments

FAQ