Does Realtime Comments have any unpatched vulnerabilities?

No. All known vulnerabilities in Realtime Comments have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Realtime Comments compatible with WordPress 4.4.34?

According to WordPress.org data, Realtime Comments 0.8 has been tested up to WordPress 4.4.34. Check the plugin's changelog for the latest compatibility information.

How often is Realtime Comments updated?

Realtime Comments was last updated on Feb 13, 2016. Frequent updates are generally a positive security signal.

What is Realtime Comments's security score?

Realtime Comments has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Realtime Comments Security & Risk Analysis

wordpress.org/plugins/realtime-comments

Accepted comments from users are added to pages in real-time, without need to refresh. Makes comments section work interactively, like a chatroom.

10 active installs v0.8 PHP + WP 3.0+ Updated Feb 13, 2016

commentsreal-timerealtimeupdate

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Realtime Comments Safe to Use in 2026?

Generally Safe

Score 85/100

Realtime Comments has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The realtime-comments plugin v0.8 exhibits a mixed security posture. On the positive side, the static analysis reveals no critical or high severity taint flows, a clean vulnerability history with no recorded CVEs, and no apparent file operations or external HTTP requests. This suggests a generally well-contained plugin. However, significant concerns arise from the code signals. The low percentage of SQL queries using prepared statements (33%) and the even lower percentage of properly escaped output (10%) represent substantial risks. Without proper sanitization and escaping, the plugin is vulnerable to SQL injection and cross-site scripting (XSS) attacks, respectively, especially if data originating from user input is involved in these operations. The absence of nonce checks and capability checks on any entry points (though none were identified) could also be a latent risk if new entry points are introduced in future versions without adequate security. The vulnerability history, while currently clean, doesn't guarantee future safety, and the identified code weaknesses could easily lead to new vulnerabilities.

Key Concerns

Low percentage of SQL prepared statements
Very low percentage of output escaping
No nonce checks on entry points
No capability checks on entry points

Vulnerabilities

None known

Realtime Comments Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Realtime Comments Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

33% prepared6 total queries

Output Escaping

10% escaped29 total outputs

Attack Surface

Realtime Comments Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 12

actionwp_set_comment_statusrealtime-comments.php:106

actionwp_insert_commentrealtime-comments.php:107

actionedit_commentrealtime-comments.php:108

actionswitch_themerealtime-comments.php:109

filterwp_list_comments_argsrealtime-comments.php:110

filtercomments_arrayrealtime-comments.php:113

actionwp_enqueue_scriptsrealtime-comments.php:114

actionadmin_enqueue_scriptsrealtime-comments.php:115

actionwp_footerrealtime-comments.php:116

actionadmin_noticesrealtime-comments.php:121

actionadmin_menurealtime-comments.php:124

actionadmin_initrealtime-comments.php:125

Maintenance & Trust

Realtime Comments Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34

Last updatedFeb 13, 2016

PHP min version

Downloads3K

Community Trust

Rating100/100

Number of ratings2

Active installs10

Alternatives

Realtime Comments Alternatives

WP Mercure

wp-mercure

Add WordPress integration of Mercure protocol and add realtime post modification.

0 No CVEs

heatmap for WordPress – Realtime analytics

heatmap-for-wp

Real-time analytics and event tracking for your WordPress sites.

1K No CVEs

Tako Movable Comments

tako-movable-comments

Move WordPress comments easily with Tako Movable Comments.

1K No CVEs

Update Comments Count

update-comments-count

An easy way to update post comments counters, even for large sites, using WordPress standar function.

70 No CVEs

Muut – Commenting and Forums Re-Imagined

muut

Muut represents a complete re-imagination of what internet discussion forums and commenting should be. It’s a modern, fast, highly scalable discussion …

50 No CVEs

Developer Profile

Realtime Comments Developer Profile

Eero Hermlin

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Realtime Comments

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/realtime-comments/css/rtc-admin.css/wp-content/plugins/realtime-comments/js/rtc-admin.js/wp-content/plugins/realtime-comments/js/rtc-client.js

Script Paths

/wp-content/plugins/realtime-comments/js/rtc-client.js

Version Parameters

realtime-comments/css/rtc-admin.css?ver=realtime-comments/js/rtc-admin.js?ver=realtime-comments/js/rtc-client.js?ver=

HTML / DOM Fingerprints

CSS Classes

comment-listchildren

HTML Comments

Data Attributes

data-comment-iddata-comment-status

JS Globals

window.rtc_settingsvar RTC_SETTINGS

REST Endpoints

/wp-json/realtime-comments/v1/comments

FAQ