Does Optin Comment Notifications have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Optin Comment Notifications compatible with WordPress 5.1.22?

According to WordPress.org data, Optin Comment Notifications 1.4 has been tested up to WordPress 5.1.22. Check the plugin's changelog for the latest compatibility information.

How often is Optin Comment Notifications updated?

Optin Comment Notifications was last updated on Mar 27, 2019. Frequent updates are generally a positive security signal.

What is Optin Comment Notifications's security score?

Optin Comment Notifications has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Optin Comment Notifications Security & Risk Analysis

wordpress.org/plugins/optin-comment-notifications

Allows users to opt into receiving a notification email whenever a comment is made to the site.

60 active installs v1.4 PHP + WP 4.6+ Updated Mar 27, 2019

commentcommentingcommentsemailnotifications

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Optin Comment Notifications Safe to Use in 2026?

Generally Safe

Score 85/100

Optin Comment Notifications has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

Based on the provided static analysis and vulnerability history, the "optin-comment-notifications" plugin v1.4 exhibits a strong security posture. The lack of identified entry points, such as AJAX handlers, REST API routes, shortcodes, and cron events, significantly limits its attack surface. The code signals are also positive, with no dangerous functions, all SQL queries utilizing prepared statements, and all output being properly escaped. The absence of file operations and external HTTP requests further reduces potential risks. The presence of capability checks, even without explicit mention of nonce checks in the attack surface, suggests a level of input validation is in place.

The vulnerability history is also clear, with no known CVEs, unpatched vulnerabilities, or recorded common vulnerability types. This indicates a history of secure development or effective patching. The taint analysis showing zero flows with unsanitized paths further reinforces the low-risk profile of this plugin. In conclusion, the plugin demonstrates good security practices. While the absence of explicit nonce checks on entry points is noted, the overall low attack surface and positive code signals, combined with a clean vulnerability history, suggest a low risk of exploitation.

Key Concerns

No nonce checks found
No taint flows analyzed

Vulnerabilities

None known

Optin Comment Notifications Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Optin Comment Notifications Release Timeline

v1.4Current

v1.3

v1.2

v1.1

v1.0

Code Analysis

Analyzed Mar 16, 2026

Optin Comment Notifications Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

5 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped5 total outputs

Attack Surface

Optin Comment Notifications Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 10

filteruser_has_capoptin-comment-notifications.php:137

filternotify_post_authoroptin-comment-notifications.php:140

filternotify_moderatoroptin-comment-notifications.php:141

filtercomment_notification_recipientsoptin-comment-notifications.php:144

filtercomment_moderation_recipientsoptin-comment-notifications.php:145

actionpersonal_optionsoptin-comment-notifications.php:148

actionpersonal_options_updateoptin-comment-notifications.php:151

actionedit_user_profile_updateoptin-comment-notifications.php:152

filteruser_has_capoptin-comment-notifications.php:181

actionplugins_loadedoptin-comment-notifications.php:371

Maintenance & Trust

Optin Comment Notifications Maintenance & Trust

Maintenance Signals

WordPress version tested5.1.22

Last updatedMar 27, 2019

PHP min version

Downloads4K

Community Trust

Rating100/100

Number of ratings3

Active installs60

Alternatives

Optin Comment Notifications Alternatives

wp_mail Cyrillic

wp-mail-cyrillic

Allows to receive e-mail messages in character sets different from the blog charset.

30 No CVEs

AJAX Report Comments

report-comments

AJAX Report Comments is a simple yet powerful add-on for any Wordpress blog, particularly larger blogs with a higher volume of user comments.

20 No CVEs

WP Simple Notify

wp-simple-notify

Easiest WP Plugin to manage email notifications for common events such as user's post comments.

10 No CVEs

Notify All Admins on Comment

notify-all-admins-on-comment

100

A simple plugin that ensures all site administrators are notified of new comments, not just the main site admin.

0 No CVEs

Disqus Comment System

disqus-comment-system

Disqus is the web's most popular comment system. Use Disqus to increase engagement, retain readers, and grow your audience.

40K 5 CVEs

Developer Profile

Optin Comment Notifications Developer Profile

Scott Reilly

63 plugins · 92K total installs

trust score

Avg Security Score

88/100

Avg Patch Time

374 days

View full developer profile

Detection Fingerprints

How We Detect Optin Comment Notifications

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Version Parameters

optin-comment-notifications/css/optin-comment-notifications.css?ver=1.4optin-comment-notifications/js/optin-comment-notifications.js?ver=1.4

HTML / DOM Fingerprints

HTML Comments

Data Attributes

data-c2c-optin-comment-notifications-user-id

JS Globals

c2c_optin_comment_notifications_user_idc2c_optin_comment_notifications_user_login

FAQ