WP-Safety

Live Comment Notification Toaster Security & Risk Analysis

wordpress.org/plugins/live-comment-notification-toaster

This plugin can enable the admin to install a live notification toaster to notify all online users whenever any comment is made by any online user.

10 active installs v4.0.0 PHP + WP 3.7+ Updated Sep 9, 2020
commentcomment-notificationcomment-toatserlive-commentnotification
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Live Comment Notification Toaster Safe to Use in 2026?

Generally Safe

Score 85/100

Live Comment Notification Toaster has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The "live-comment-notification-toaster" plugin version 4.0.0 exhibits significant security concerns due to its unprotected entry points and insecure coding practices. The static analysis reveals two AJAX handlers that lack authentication checks, creating a substantial attack surface. Furthermore, the plugin performs SQL queries without using prepared statements and fails to properly escape any of its outputs, leading to potential SQL injection and cross-site scripting (XSS) vulnerabilities.

The taint analysis further exacerbates these concerns, indicating two high-severity tainted flows with unsanitized paths, strongly suggesting the presence of exploitable vulnerabilities that could lead to data breaches or unauthorized actions. While the plugin has no recorded vulnerability history (CVEs), this does not negate the immediate risks identified in the code analysis. The complete absence of nonces and capability checks on its AJAX handlers makes them trivial to exploit by unauthenticated users.

In conclusion, despite the lack of historical vulnerabilities, the current state of the plugin's codebase presents a high-risk profile. The unprotected AJAX endpoints, unsanitized SQL queries, universally unescaped output, and identified high-severity tainted flows necessitate immediate attention and remediation to prevent exploitation.

Key Concerns

  • AJAX handlers without auth checks
  • SQL queries without prepared statements
  • Output escaping missing
  • Taint flows with unsanitized paths (high severity x2)
  • Nonce checks missing on AJAX
  • Capability checks missing on AJAX
Vulnerabilities
None known

Live Comment Notification Toaster Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Live Comment Notification Toaster Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
0 prepared
Unescaped Output
17
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared2 total queries

Output Escaping

0% escaped17 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
prefix_admin_add_toast (live-comment-notification.php:159)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Live Comment Notification Toaster Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

noprivwp_ajax_check_new_comments_ajax_toastlive-comment-notification.php:75
authwp_ajax_check_new_comments_ajax_toastlive-comment-notification.php:76
WordPress Hooks 4
actionadmin_menulive-comment-notification.php:15
actionwp_footerlive-comment-notification.php:44
actionwp_enqueue_scriptslive-comment-notification.php:153
actionadmin_post_add_toastlive-comment-notification.php:158
Maintenance & Trust

Live Comment Notification Toaster Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.18
Last updatedSep 9, 2020
PHP min version
Downloads3K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

Live Comment Notification Toaster Alternatives

Comment Moderation/Notification Recipients

Comment Moderation/Notification Recipients

comment-moderation-e-mail-to-post-author

A
100

Control who will receive new comment and moderation notifications. Light weight, simple, safe and effective.

1K No CVEs
BuddyPress Activity Comment Notifier

BuddyPress Activity Comment Notifier

bp-activity-comment-notifier

A
85

BuddyPress Activity Comment Notifier plugin emulates the facebook style notification for the comments made on user activity.

70 No CVEs
Comment Reply Email Notification

Comment Reply Email Notification

comment-reply-email-notification

A
100

This plugin allows visitors to subscribe to get answers to their comments via e-mail.

3K No CVEs
Lightweight Subscribe To Comments

Lightweight Subscribe To Comments

comment-notifier-no-spammers

A
92

Easiest and most lightweight plugin to let visitors subscribe to comments and get email notifications.

1K No CVEs
24liveblog – live blog tool

24liveblog – live blog tool

24liveblog

A
85

24liveblog is the most popular live blog tool, trusted by thousands of publishers.

700 No CVEs
Developer Profile

Live Comment Notification Toaster Developer Profile

AppJetty

8 plugins · 820 total installs

68
trust score
Avg Security Score
84/100
Avg Patch Time
396 days
View full developer profile
Detection Fingerprints

How We Detect Live Comment Notification Toaster

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/live-comment-notification-toaster/css/toastr.css/wp-content/plugins/live-comment-notification-toaster/js/toastr.js/wp-content/plugins/live-comment-notification-toaster/js/ajaxcall.js
Script Paths
/wp-content/plugins/live-comment-notification-toaster/js/toastr.js/wp-content/plugins/live-comment-notification-toaster/js/ajaxcall.js
Version Parameters
live-comment-notification-toaster/js/toastr.js?ver=1.0.0live-comment-notification-toaster/js/ajaxcall.js?ver=1.0.0

HTML / DOM Fingerprints

CSS Classes
lcn-desclcn-thumb
JS Globals
interval_idtoast_flagajaxurl
REST Endpoints
/wp-json/wp/v2/posts
FAQ

Frequently Asked Questions about Live Comment Notification Toaster