WP-Safety

Kento Top Commenters Security & Risk Analysis

wordpress.org/plugins/kento-top-commenters

Top Commentators list By Count Comments

10 active installs v1.0 PHP + WP 3.8+ Updated Jun 9, 2015
top-commentatorstop-commentators-widgettop-contributor
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Kento Top Commenters Safe to Use in 2026?

Generally Safe

Score 85/100

Kento Top Commenters has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago
Risk Assessment

The 'kento-top-commenters' v1.0 plugin presents a concerning security posture despite a clean vulnerability history. Static analysis reveals a complete lack of output escaping for all identified output points, meaning any user-supplied data outputted by the plugin could be vulnerable to cross-site scripting (XSS) attacks. Furthermore, all SQL queries are executed without prepared statements, creating a significant risk of SQL injection vulnerabilities. The presence of two taint analysis flows with unsanitized paths further amplifies these risks, indicating potential pathways for malicious data to be processed without proper sanitization. While the plugin has no recorded vulnerability history, this does not negate the severe weaknesses identified in its current implementation. The absence of any detected CVEs is a positive, but the code itself contains critical security flaws that require immediate attention.

Key Concerns

  • 0% of outputs properly escaped
  • 0% of SQL queries use prepared statements
  • 2 flows with unsanitized paths (taint)
Vulnerabilities
None known

Kento Top Commenters Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Kento Top Commenters Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
0 prepared
Unescaped Output
9
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared2 total queries

Output Escaping

0% escaped9 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
top_commenters_widget_control (index.php:41)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Kento Top Commenters Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 1
actionwp_enqueue_scriptsindex.php:21
Maintenance & Trust

Kento Top Commenters Maintenance & Trust

Maintenance Signals

WordPress version tested4.2.39
Last updatedJun 9, 2015
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Kento Top Commenters Alternatives

Comments Leaderboard

Comments Leaderboard

comments-leaderboard

A
100

Let the games begin! The Comments Leaderboard ranks your top commentators in a way that's sure to spark competition throughout your community.

10 No CVEs
Developer Profile

Kento Top Commenters Developer Profile

PluginsPoint

20 plugins · 600 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
8 days
View full developer profile
Detection Fingerprints

How We Detect Kento Top Commenters

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/kento-top-commenters/css/style.css
Version Parameters
kento-top-commenters/css/style.css?ver=

HTML / DOM Fingerprints

CSS Classes
top_commenterstop_commenters-listtop-commenters-imagetop-commenters-namecommenters-count
Data Attributes
name="widgettitle"name="number"name="ktc_style"value="style1"value="style2"value="style3"
FAQ

Frequently Asked Questions about Kento Top Commenters