Does oEmbed for Comments have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is oEmbed for Comments compatible with WordPress 2.9.2?

According to WordPress.org data, oEmbed for Comments 0.6 has been tested up to WordPress 2.9.2. Check the plugin's changelog for the latest compatibility information.

How often is oEmbed for Comments updated?

oEmbed for Comments was last updated on Mar 17, 2010. Frequent updates are generally a positive security signal.

What is oEmbed for Comments's security score?

oEmbed for Comments has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

oEmbed for Comments Security & Risk Analysis

wordpress.org/plugins/oembed-for-comments

Enable oEmbed support for comments. Requires WP 2.9+.

50 active installs v0.6 PHP + WP 2.9+ Updated Mar 17, 2010

commentcommentsembedoembed

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is oEmbed for Comments Safe to Use in 2026?

Generally Safe

Score 85/100

oEmbed for Comments has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 16yr ago

Risk Assessment

Based on the provided static analysis and vulnerability history, the 'oembed-for-comments' plugin v0.6 exhibits a strong security posture. The code analysis reveals a complete absence of dangerous functions, SQL injection vulnerabilities (all queries use prepared statements), and output escaping issues. There are also no file operations, external HTTP requests, or vulnerabilities related to nonce/capability checks. The attack surface is effectively zero, with no exposed AJAX handlers, REST API routes, shortcodes, or cron events that are not properly secured.

The taint analysis shows no identified flows with unsanitized paths, indicating that data is not being improperly handled within the plugin. Furthermore, the vulnerability history is clean, with no recorded CVEs of any severity. This lack of past vulnerabilities and the excellent static analysis results suggest that the developers have adhered to robust secure coding practices.

In conclusion, this plugin appears to be highly secure as of v0.6. The absence of any identified risks in static analysis and the clean vulnerability history present a very positive security profile. There are no clear weaknesses or concerns stemming from the provided data, making it a low-risk plugin from a security perspective.

Vulnerabilities

None known

oEmbed for Comments Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

oEmbed for Comments Release Timeline

v0.6Current

Code Analysis

Analyzed Apr 16, 2026

oEmbed for Comments Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Attack Surface

oEmbed for Comments Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 1

filtercomment_textoembed-for-comments.php:13

Maintenance & Trust

oEmbed for Comments Maintenance & Trust

Maintenance Signals

WordPress version tested2.9.2

Last updatedMar 17, 2010

PHP min version

Downloads5K

Community Trust

Rating100/100

Number of ratings1

Active installs50

Alternatives

oEmbed for Comments Alternatives

oEmbed in Comments

oembed-in-comments

WordPress supports oEmbed, but only in post content. This adds oEmbed support to comments.

100 No CVEs

oEmbed Gist Plus

gist-amp

This comes from oEmbed Gist plugin with caching support and AMP rendering.

10 No CVEs

Embed Images in Comments

embed-comment-images

Embed direct image links in your comments with an img tag.

100 1 CVE

FixPress

fixpress

Heres a simple plugin that fixes the gallery so it validates by pushing the css into `` and a couple of other little tweaks.

10 No CVEs

Akismet Anti-spam: Spam Protection

akismet

The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.

6.0M 2 CVEs

Developer Profile

oEmbed for Comments Developer Profile

r-a-y

9 plugins · 430 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect oEmbed for Comments

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ