Reported Comments Security & Risk Analysis
wordpress.org/plugins/reported-commentsReported Comments gives the ability for your sites user to report/flag a comment
Is Reported Comments Safe to Use in 2026?
Generally Safe
Score 85/100Reported Comments has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
Based on the provided static analysis and vulnerability history, the "reported-comments" v1.0 plugin exhibits a strong security posture with no immediate critical risks detected.
The static analysis reveals an extremely limited attack surface, with zero AJAX handlers, REST API routes, shortcodes, or cron events identified. Furthermore, the absence of dangerous functions, raw SQL queries, file operations, and external HTTP requests is highly commendable. The presence of 100% prepared statements for SQL queries further strengthens its security. While 20% of output is not properly escaped, this is a minor concern given the limited attack surface and lack of other vulnerabilities. The taint analysis shows zero flows, indicating no observable paths for malicious input to lead to exploitable conditions.
The vulnerability history is also clean, with zero known CVEs, patched or unpatched. This suggests a history of secure development or a lack of targeted attacks, which is positive. The plugin's strengths lie in its minimal attack surface and the responsible use of prepared statements for database interactions. The primary area for potential improvement is ensuring all output is properly escaped to eliminate any potential for cross-site scripting (XSS) vulnerabilities, however minor the risk might be with the current configuration.
Key Concerns
- Unescaped output detected
Reported Comments Security Vulnerabilities
Reported Comments Code Analysis
Output Escaping
Reported Comments Attack Surface
WordPress Hooks 5
Maintenance & Trust
Reported Comments Maintenance & Trust
Maintenance Signals
Community Trust
Reported Comments Alternatives
Safe Report Comments
safe-report-comments
This plugin gives your visitors the possibility to report a comment as inappropriate. After a set threshold is reached the comment is put into moderat …
Zeno Report Comments
zeno-report-comments
This plugin gives your visitors the possibility to report a comment as inappropriate. After a set threshold the comment is put into moderation.
Fake User Detector
fake-user-detector
Detect and flag suspicious existing user accounts using simple checks to help clean up fake or low-quality registrations.
Crowd Control by Postmatic – Comment moderation decentralized
crowd-control
Comment moderation is a drag. Have your users lend a hand by flagging offensive comments and scrubbing your site clean.
BuddyPress Moderation
bp-moderation
Adds links/buttons to flag inappropriate content and gives a convenient way to moderators to view reports and take actions.
Reported Comments Developer Profile
4 plugins · 1K total installs
How We Detect Reported Comments
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/reported-comments/assets/script.js/wp-content/plugins/reported-comments/assets/style.css/wp-content/plugins/reported-comments/assets/script.jsHTML / DOM Fingerprints
comment-report-flagcomment-report-flag__iconcomment-report-flag__optionscomment-report-flag__options__actioncomment-report-sentdata-commentdata-userdata-actionajaxurlreported_comments_msgs/wp-ajax.php