Paginated Comments Security & Risk Analysis
wordpress.org/plugins/paginated-commentsBreaks down comments into a number of search engine optimized pages.
Is Paginated Comments Safe to Use in 2026?
Generally Safe
Score 100/100Paginated Comments has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The paginated-comments plugin v1.0.6 exhibits a generally good security posture due to its use of prepared statements for all SQL queries and a limited attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events. The presence of a nonce check and a capability check further enhances its security. However, concerns arise from the output escaping, where only 38% of the 50 total outputs are properly escaped, indicating a potential risk of cross-site scripting (XSS) vulnerabilities if user-supplied data is rendered without adequate sanitization. Additionally, a taint analysis revealed one flow with an unsanitized path, which could lead to local file inclusion or other path traversal issues, although it was not classified as critical or high severity. The plugin's history of zero known CVEs is a positive indicator, suggesting a history of responsible development. Overall, while the plugin benefits from a small attack surface and secure database interactions, the lack of comprehensive output escaping and the presence of an unsanitized path flow present moderate risks that should be addressed.
Key Concerns
- Output escaping is low (38%)
- Taint analysis shows unsanitized path flow
Paginated Comments Security Vulnerabilities
Paginated Comments Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
Paginated Comments Attack Surface
WordPress Hooks 7
Maintenance & Trust
Paginated Comments Maintenance & Trust
Maintenance Signals
Community Trust
Paginated Comments Alternatives
Paged Comments
paged-comments
Paged Comments enables comment paging. Useful for those popular blog entries receiving many comments, or a simple guestbook page within WordPress.
Akismet Anti-spam: Spam Protection
akismet
The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.
![Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]](https://ps.w.org/disable-comments/assets/icon-128x128.png){kind=icon}
Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]
disable-comments
Allows administrators to globally disable comments on their site. Comments can be disabled according to post type. Multisite friendly.
Antispam Bee
antispam-bee
Sophisticated antispam plugin for effective daily comment and trackback spam-fighting. Built with data protection and privacy in mind.
Spam protection, Honeypot, Anti-Spam by CleanTalk
cleantalk-spam-protect
Blocks spam comments, fake users, contact form spam and more. No impact on SEO. Privacy focused. CAPTCHA free, premium Antispam plugin.
Paginated Comments Developer Profile
1 plugin · 20 total installs
How We Detect Paginated Comments
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/paginated-comments/js/paginated-comments.js/wp-content/plugins/paginated-comments/css/paginated-comments.css/wp-content/plugins/paginated-comments/js/paginated-comments.jspaginated-comments/js/paginated-comments.js?ver=paginated-comments/css/paginated-comments.css?ver=HTML / DOM Fingerprints
comment-paginationcomment-pagination-linkscomment-pagination-nextcomment-pagination-prevcomment-pagination-firstcomment-pagination-lastcomment-pagination-numbercomment-pagination-page+2 more<!-- paginated-comments begin<!-- paginated-comments enddata-paged-comments-pagedata-paged-comments-post-iddata-paged-comments-total-pageswindow.paginatedComments