AJAX Report Comments Security & Risk Analysis
wordpress.org/plugins/report-commentsAJAX Report Comments is a simple yet powerful add-on for any Wordpress blog, particularly larger blogs with a higher volume of user comments.
Is AJAX Report Comments Safe to Use in 2026?
Generally Safe
Score 85/100AJAX Report Comments has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "report-comments" plugin v2.0.4 presents a mixed security picture. While the plugin boasts a commendably small attack surface with no apparent AJAX handlers, REST API routes, shortcodes, or cron events, and a complete absence of known vulnerabilities (CVEs), significant concerns arise from its static analysis and taint analysis. The overwhelmingly low percentage of properly escaped output is a major red flag. Coupled with the discovery of taint flows with unsanitized paths, specifically two of high severity, this indicates a strong potential for cross-site scripting (XSS) vulnerabilities, where malicious data could be injected and executed in the user's browser. The plugin also shows a complete lack of nonce and capability checks, which, while not directly exploitable due to the absence of entry points, represent a deficiency in fundamental WordPress security practices. The vulnerability history is clean, which is a positive indicator of past diligence or luck, but it does not mitigate the risks identified in the current code. In conclusion, the plugin has strong points in its minimal attack surface and lack of CVEs, but the significant issues with output escaping and unsanitized taint flows necessitate immediate attention.
Key Concerns
- High severity taint flows with unsanitized paths
- Low percentage of properly escaped output
- No nonce checks
- No capability checks
AJAX Report Comments Security Vulnerabilities
AJAX Report Comments Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
AJAX Report Comments Attack Surface
WordPress Hooks 4
Maintenance & Trust
AJAX Report Comments Maintenance & Trust
Maintenance Signals
Community Trust
AJAX Report Comments Alternatives
Zeno Report Comments
zeno-report-comments
This plugin gives your visitors the possibility to report a comment as inappropriate. After a set threshold the comment is put into moderation.
Optin Comment Notifications
optin-comment-notifications
Allows users to opt into receiving a notification email whenever a comment is made to the site.
Gossiped Comments
gossiped-comments
Universal commenting system with cross-site profiles, reputation scores, and real-time analytics.
Akismet Anti-spam: Spam Protection
akismet
The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.
![Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]](https://ps.w.org/disable-comments/assets/icon-128x128.png){kind=icon}
Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]
disable-comments
Allows administrators to globally disable comments on their site. Comments can be disabled according to post type. Multisite friendly.
AJAX Report Comments Developer Profile
7 plugins · 110 total installs
How We Detect AJAX Report Comments
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/report-comments/js/report-comments.js/wp-content/plugins/report-comments/css/report-comments.css/wp-content/plugins/report-comments/js/report-comments.jsreport-comments/js/report-comments.js?ver=report-comments/css/report-comments.css?ver=HTML / DOM Fingerprints
rc-report-comment-linkrc-report-comment-link-activerc-report-comment-textrc-report-comment-message<!-- AJAX Report Comments v2.0.4 -->data-comment-iddata-post-iddata-noncedata-reporting-messagedata-reporting-successdata-reporting-already+5 morereportComments