Does New Page Comments have any unpatched vulnerabilities?

No. All known vulnerabilities in New Page Comments have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is New Page Comments compatible with WordPress 5.5.18?

According to WordPress.org data, New Page Comments 0.3 has been tested up to WordPress 5.5.18. Check the plugin's changelog for the latest compatibility information.

How often is New Page Comments updated?

New Page Comments was last updated on Unknown. Frequent updates are generally a positive security signal.

What is New Page Comments's security score?

New Page Comments has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

New Page Comments Security & Risk Analysis

wordpress.org/plugins/new-page-comments

Show comments section in new page or load when user wants to see. Reduce load time process of comments functionality on your WordPress site.

0 active installs v0.3 PHP + WP 3.0+ Updated Unknown

commentlazy-commentsnew-page-commentsseowp-comments

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is New Page Comments Safe to Use in 2026?

Generally Safe

Score 100/100

New Page Comments has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The "new-page-comments" plugin v0.3 exhibits a mixed security posture. On the positive side, the absence of any known CVEs, including critical or high-severity ones, and the consistent use of prepared statements for SQL queries are strong indicators of good security practices. The plugin also performs file operations or external HTTP requests, and it utilizes nonce and capability checks on at least one entry point. However, there are significant concerns. The presence of two AJAX handlers, with one lacking authentication checks, creates a direct vulnerability. Additionally, while the taint analysis shows no flows, the relatively low percentage of properly escaped output (67%) suggests a potential risk of cross-site scripting (XSS) vulnerabilities, especially if untrusted data reaches these unescaped outputs. The limited attack surface is a positive, but the unprotected AJAX handler is a notable weakness.

Key Concerns

Unprotected AJAX handler found
Significant portion of output not properly escaped

Vulnerabilities

None known

New Page Comments Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

New Page Comments Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

38 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

67% escaped57 total outputs

Attack Surface

1 unprotected

New Page Comments Attack Surface

Entry Points2

Unprotected1

AJAX Handlers 2

authwp_ajax_new_page_comment_templateinclude\plugin.php:15

authwp_ajax_npc_send_email_query_messageinclude\settings.php:16

WordPress Hooks 11

filtercomments_templateinclude\plugin.php:7

actionwp_enqueue_scriptsinclude\plugin.php:8

actioninitinclude\plugin.php:12

filterquery_varsinclude\plugin.php:13

filtertemplate_includeinclude\plugin.php:14

actionparse_queryinclude\plugin.php:84

actionadmin_menuinclude\settings.php:13

actionadmin_initinclude\settings.php:14

actionadmin_enqueue_scriptsinclude\settings.php:15

filterplugin_row_metainclude\settings.php:18

actionplugins_loadednew-page-comments.php:25

Maintenance & Trust

New Page Comments Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.18

Last updatedUnknown

PHP min version

Downloads1K

Community Trust

Rating100/100

Number of ratings2

Active installs0

Alternatives

New Page Comments Alternatives

Remove Yoast SEO Comments

remove-yoast-seo-comments

Removes the Yoast SEO advertisement HTML comments from your front-end source code.

10K No CVEs

No External Links

mihdan-no-external-links

Convert external links into internal links, site wide or post/page specific. Add NoFollow, Click logging, and more...

6K 2 CVEs

AnyComment

anycomment

AnyComment is blazing-fast commenting plugin based on React for WordPress.

3K 3 unpatched

Lazy Load for Comments

lazy-load-for-comments

100

Lazy load default WordPress commenting system on scroll or click. Improve page speed.

2K No CVEs

Lazy Social Comments

lazy-facebook-comments

Use Facebook Comments with lazy loading feature. Load FB comments after button click or scroll down.

1K 1 CVE

Developer Profile

New Page Comments Developer Profile

CodeInitiator

2 plugins · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect New Page Comments

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/new-page-comments/assets/cmnt.css/wp-content/plugins/new-page-comments/assets/npc-cmnt.js/wp-content/plugins/new-page-comments/assets/admin-main.css/wp-content/plugins/new-page-comments/assets/admin-main.js

Script Paths

/wp-content/plugins/new-page-comments/assets/npc-cmnt.js/wp-content/plugins/new-page-comments/assets/admin-main.js

Version Parameters

new-page-comments/assets/cmnt.css?ver=new-page-comments/assets/npc-cmnt.js?ver=new-page-comments/assets/admin-main.css?ver=new-page-comments/assets/admin-main.js?ver=

HTML / DOM Fingerprints

CSS Classes

npc-main-wrapper

JS Globals

npc_vars

REST Endpoints

/wp-json/new-page-comments/v1/...

FAQ