Does Hidden Comment Field have any unpatched vulnerabilities?

No. All known vulnerabilities in Hidden Comment Field have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Hidden Comment Field compatible with WordPress 4.9.29?

According to WordPress.org data, Hidden Comment Field 1.0.1 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

Is Hidden Comment Field compatible with PHP 3.0+?

Hidden Comment Field requires PHP 3.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Hidden Comment Field updated?

Hidden Comment Field was last updated on Apr 30, 2018. Frequent updates are generally a positive security signal.

What is Hidden Comment Field's security score?

Hidden Comment Field has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Hidden Comment Field Security & Risk Analysis

wordpress.org/plugins/hidden-field-to-comments

Hidden Comment Field provides functionality to block more spam by adding hidden field with jquery

0 active installs v1.0.1 PHP 3.0+ WP 3.0+ Updated Apr 30, 2018

capabilitycontenthideroleuser

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Hidden Comment Field Safe to Use in 2026?

Generally Safe

Score 85/100

Hidden Comment Field has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The "hidden-field-to-comments" v1.0.1 plugin presents a concerning security posture despite a lack of recorded vulnerabilities and a seemingly small attack surface. The static analysis reveals a critical weakness: 100% of its output is not properly escaped. This means that any data displayed back to users, even if it originates from a trusted source within the plugin's logic, could be injected with malicious code, potentially leading to cross-site scripting (XSS) attacks. While there are no identified dangerous functions, SQL injection risks, or unsanitized paths from taint analysis, the absence of output escaping is a significant oversight that undermines the overall security. The plugin's clean vulnerability history is positive, but it does not mitigate the immediate risk posed by the unescaped output. Therefore, while the plugin appears to follow good practices in areas like SQL query preparation and avoids bundling external libraries, the lack of output sanitization represents a severe and actionable security flaw that requires immediate attention.

Key Concerns

100% of output is not properly escaped
No nonce checks
No capability checks

Vulnerabilities

None known

Hidden Comment Field Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Hidden Comment Field Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped5 total outputs

Attack Surface

Hidden Comment Field Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actioncomment_form_logged_in_aftermain.php:20

actioncomment_form_after_fieldsmain.php:21

filterpreprocess_commentmain.php:36

Maintenance & Trust

Hidden Comment Field Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedApr 30, 2018

PHP min version3.0

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Hidden Comment Field Alternatives

Hide This

hide-this

This plugin provides a shortcode that lets you hide some parts of the content from your posts and pages.

3K No CVEs

Advanced Access Manager – Access Governance for WordPress

advanced-access-manager

Access Governance for WordPress. Control roles, users, content, admin areas, and APIs to prevent broken access controls and excessive privileges.

100K 11 CVEs

WPFront User Role Editor

wpfront-user-role-editor

Easily allows you to manage WordPress user roles. You can create, edit, delete and manage capabilities, also copy existing roles.

30K 5 CVEs

Hide Admin Bar Based on User Roles

hide-admin-bar-based-on-user-roles

100

Hide the WordPress Admin Bar for specific user roles, capabilities, devices, pages, or time windows. The ultimate toolbar control plugin for membershi …

20K 1 CVE

Hide Admin Menu

hide-admin-menu

100

Using this plugin, we can hide the admin menu easily.

20K No CVEs

Developer Profile

Hidden Comment Field Developer Profile

Jordi Cabot

8 plugins · 40 total installs

trust score

Avg Security Score

93/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Hidden Comment Field

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/hidden-field-to-comments/js/hidden-comment-field.js/wp-content/plugins/hidden-field-to-comments/css/hidden-comment-field.css

Script Paths

/wp-content/plugins/hidden-field-to-comments/js/hidden-comment-field.js

Version Parameters

hidden-field-to-comments/css/hidden-comment-field.css?ver=hidden-field-to-comments/js/hidden-comment-field.js?ver=

HTML / DOM Fingerprints

FAQ