[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fcccS6am3F8zRy8am0bWMbB2W7ZDSBrdg0legLwT7Ojc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":40,"analysis":137,"fingerprints":234},"safe-report-comments","Safe Report Comments","0.4.1","Automattic","https:\u002F\u002Fprofiles.wordpress.org\u002Fautomattic\u002F","\u003Cp>This plugin gives your visitors the possibility to report a comment as inappropriate. After a set threshold is reached the comment is put into moderation where the moderator can decide whether or not he want to approve the comment or not. If a comment is approved by a moderator it will not be auto-moderated again while still counting the amount of reports.\u003C\u002Fp>\n\u003Ch3>Customizations\u003C\u002Fh3>\n\u003Cp>By default this script should hook in just fine in most existing themes as it attaches itsself after the comment-reply link via the comment_reply_link filter.\u003Cbr \u002F>\nIn case this does not work out you can place the flagging link manually by defining no_autostart_safe_report_comments in your themes’ functions.php file and initializing the class via \u003Ccode>$safe_report_comments = new Safe_Report_Comments(false);\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>Here is an example of a custom setup via functions.php and placing the link comments callback function.\u003C\u002Fp>\n\u003Cp>In functions.php:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002F\u002Fflag comments plugin included in themes' functions.php - disable plugin.\ndefine( 'no_autostart_safe_report_comments', true );\ninclude_once( 'replace-with-path-to\u002Fsafe-report-comments\u002Fsafe-report-comments.php');\n\u002F\u002F make sure not to auto-attach to comment reply link\n$safe_report_comments = new Safe_Report_Comments(false);\n\n\u002F\u002F change link layout to have a pipe prepended\nadd_filter( 'safe_report_comments_flagging_link', 'adjust_flagging_link' );\nfunction adjust_flagging_link( $link ) {\n    return ' | ' . $link;\n}\n\n\u002F\u002F adjust the text to \"Report abuse\" rather than \"Report comment\"\nadd_filter( 'safe_report_comments_flagging_link_text', 'adjust_flagging_text' );\nfunction adjust_flagging_text( $text ) {\n    return 'Report abuse';\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>In your custom comment callback function used by wp_list_comments: https:\u002F\u002Fcodex.wordpress.org\u002FTemplate_Tags\u002Fwp_list_comments place the following action which will print the link.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php do_action( 'comment_report_abuse_link' ); ?> \n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>A possible callback function could look like this:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>function mytheme_comment($comment, $args, $depth) {\n    $GLOBALS['comment'] = $comment; ?>\n    \u003Cli \u003C?php comment_class(); ?> id=\"li-comment-\u003C?php comment_ID() ?>\">\n        \u003Cdiv id=\"comment-\u003C?php comment_ID(); ?>\">\n            \u003Cdiv class=\"comment-author vcard\">\n                \u003C?php echo get_avatar($comment,$size='48',$default='\u003Cpath_to_url>' ); ?>\n                \u003C?php printf(__('\u003Ccite class=\"fn\">%s\u003C\u002Fcite> \u003Cspan class=\"says\">says:\u003C\u002Fspan>'), get_comment_author_link()) ?>\n            \u003C\u002Fdiv>\n            \u003C?php if ($comment->comment_approved == '0') : ?>\n            \u003Cem>\u003C?php _e('Your comment is awaiting moderation.') ?>\u003C\u002Fem>\n            \u003Cbr \u002F>\n        \u003C?php endif; ?>\n        \u003Cdiv class=\"comment-meta commentmetadata\">\u003Ca href=\"\u003C?php echo htmlspecialchars( get_comment_link( $comment->comment_ID ) ) ?>\">\u003C?php printf(__('%1$s at %2$s'), get_comment_date(),  get_comment_time()) ?>\u003C\u002Fa>\u003C?php edit_comment_link(__('(Edit)'),'    ','') ?>\u003C\u002Fdiv>\n\n        \u003C?php comment_text() ?>\n\n        \u003Cdiv class=\"reply\">\n            \u003C?php comment_reply_link(array_merge( $args, array('depth' => $depth, 'max_depth' => $args['max_depth']))) ?>\n        \u003C\u002Fdiv>\n        \u003Cdiv class=\"report-abuse\">\n            \u003C?php do_action( 'comment_report_abuse_link' ); ?>\n        \u003C\u002Fdiv>\n    \u003C\u002Fdiv>\n    \u003C?php\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Furthermore there are various actions and filters within the script to allow easy alteration of implemented behavior. Please see inline documentation.\u003C\u002Fp>\n\u003Ch3>Known issues\u003C\u002Fh3>\n\u003Cp>Automatic mode implementation currently does not work with threaded comments in the last level of threading. As the script attaches itself to the comment_reply which is not displayed once the maximum threading level is reached the abuse link is missing at this point. As a workaround set the threading level higher than the likely amount of threading depth.\u003C\u002Fp>\n","This plugin gives your visitors the possibility to report a comment as inappropriate. After a set threshold is reached the comment is put into moderat &hellip;",200,27317,60,7,"2018-11-30T07:00:00.000Z","5.0.25","3.3","",[20,21,22,23,24],"comments","flag","flagging","report","report-comments","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fsafe-report-comments\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsafe-report-comments.0.4.1.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":36,"avg_patch_time_days":37,"trust_score":38,"computed_at":39},"automattic",213,19158100,92,1384,73,"2026-04-03T23:39:33.484Z",[41,57,77,97,116],{"slug":42,"name":43,"version":44,"author":45,"author_profile":46,"description":47,"short_description":48,"active_installs":28,"downloaded":49,"rating":28,"num_ratings":28,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":55,"download_link":56,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"reported-comments","Reported Comments","1.0","Jamel.Z","https:\u002F\u002Fprofiles.wordpress.org\u002Flebleut\u002F","\u003Cp>Reported Comments gives the ability for your sites user to report\u002Fflag a comment\u003Cbr \u002F>\nIt allows you as an administrator or moderator some essential options to specify :\u003Cbr \u002F>\n* The moderator Email\u003Cbr \u002F>\n* The report labels\u002Ftypes\u003Cbr \u002F>\n* The Email title\u003Cbr \u002F>\n* The Email template body (allowing HTML)\u003C\u002Fp>\n\u003Cp>In the E-Mail title and body you can use shortcodes\u002Fmodifiers like :\u003Cbr \u002F>\n* \u003Ccode>%comment%\u003C\u002Fcode> : The comment content\u003Cbr \u002F>\n* \u003Ccode>%comment_link%\u003C\u002Fcode> : The URL to the comment\u003Cbr \u002F>\n* \u003Ccode>%comment_author%\u003C\u002Fcode> : The comment author\u003Cbr \u002F>\n* \u003Ccode>%comment_author_email%\u003C\u002Fcode> : The email of the comment author\u003Cbr \u002F>\n* \u003Ccode>%comment_author_link%\u003C\u002Fcode> : The URL to the comment author\u003Cbr \u002F>\n* \u003Ccode>%comment_author_ip%\u003C\u002Fcode> : The IP of the comment author\u003Cbr \u002F>\n* \u003Ccode>%comment_action_trash%\u003C\u002Fcode> : The link to trash the comment\u003Cbr \u002F>\n* \u003Ccode>%comment_action_spam%\u003C\u002Fcode> : The link to spam the comment\u003Cbr \u002F>\n* \u003Ccode>%report_type%\u003C\u002Fcode> : The report type\u003Cbr \u002F>\n* \u003Ccode>%report_author%\u003C\u002Fcode> : The report author\u003Cbr \u002F>\n* \u003Ccode>%report_author_link%\u003C\u002Fcode> : The URL to the report author\u003Cbr \u002F>\n* \u003Ccode>%post%\u003C\u002Fcode> : The post name\u003C\u002Fp>\n\u003Cp>Your suggestions are welcome\u003C\u002Fp>\n","Reported Comments gives the ability for your sites user to report\u002Fflag a comment",929,"2020-05-12T21:56:00.000Z","5.4.19","4.7","7.0",[22,24],"https:\u002F\u002Fwww.tooltipy.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freported-comments.1.0.zip",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":11,"downloaded":65,"rating":66,"num_ratings":67,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":53,"tags":71,"homepage":75,"download_link":76,"security_score":66,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"zeno-report-comments","Zeno Report Comments","2.3.2","Marcel Pol","https:\u002F\u002Fprofiles.wordpress.org\u002Fmpol\u002F","\u003Cp>This plugin gives your visitors the possibility to report a comment as inappropriate. After a set threshold is reached the comment is put into moderation where the moderator can decide whether or not he want to approve the comment or not. If a comment is approved by a moderator it will not be auto-moderated again while still counting the amount of reports.\u003C\u002Fp>\n\u003Cp>This plugin is a fork of safe-report-comments and has some features incorporated from crowd-control (a different fork).\u003C\u002Fp>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Cp>This plugin is compatible with \u003Ca href=\"https:\u002F\u002Fwww.classicpress.net\" rel=\"nofollow ugc\">ClassicPress\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Contributions\u003C\u002Fh4>\n\u003Cp>This plugin is also available in \u003Ca href=\"https:\u002F\u002Fcodeberg.org\u002Fcyclotouriste\u002Fzeno-report-comments\" rel=\"nofollow ugc\">Codeberg\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Known issues\u003C\u002Fh3>\n\u003Cp>Automatic mode implementation currently does not work with threaded comments in the last level of threading. As the script attaches itself to the comment_reply which is not displayed once the maximum threading level is reached the abuse link is missing at this point. As a workaround set the threading level higher than the likely amount of threading depth.\u003C\u002Fp>\n","This plugin gives your visitors the possibility to report a comment as inappropriate. After a set threshold the comment is put into moderation.",11875,100,8,"2026-01-10T09:34:00.000Z","6.9.4","4.1",[72,73,24,4,74],"crowd-control","flag-comments","spam-comment","https:\u002F\u002Fzenoweb.nl","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fzeno-report-comments.2.3.2.zip",{"slug":72,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":84,"downloaded":85,"rating":66,"num_ratings":86,"last_updated":87,"tested_up_to":88,"requires_at_least":89,"requires_php":18,"tags":90,"homepage":95,"download_link":96,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"Crowd Control by Postmatic – Comment moderation decentralized","1.1","Postmatic","https:\u002F\u002Fprofiles.wordpress.org\u002Fvernal\u002F","\u003Cp>Crowd Control gives your users the ability to report comments as inappropriate with a single click. If a comment gets flagged multiple times it’ll be removed from the post and marked as pending moderation. We’ll even send you an email to let you know. Now you can still go away on vacation and rest assured the trolls won’t overrun your site.\u003C\u002Fp>\n","Comment moderation is a drag. Have your users lend a hand by flagging offensive comments and scrubbing your site clean.",20,7788,2,"2019-05-17T21:23:00.000Z","5.2.24","4.0",[91,22,92,93,94],"comment-moderation","inappropriate","moderation","reporting","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fcrowd-control\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcrowd-control.1.1.1.zip",{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":105,"downloaded":106,"rating":107,"num_ratings":86,"last_updated":108,"tested_up_to":109,"requires_at_least":110,"requires_php":18,"tags":111,"homepage":114,"download_link":115,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"marctv-ajax-trash-comments","MarcTV Moderate Comments","2.2","Marc Tönsing","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarcdk\u002F","\u003Cp>Adds a link next to the reply link below each comment, which allows visitors to flag comments as inappropriate.\u003Cbr \u002F>\nA sub page to comments in admin is added, where an administrator may review all the flagged comments and decide\u003Cbr \u002F>\nif they should be removed or not.\u003C\u002Fp>\n\u003Cp>Admins or logged-in users with comment moderation permissions are able trash or replace comments with\u003Cbr \u002F>\none click in the frontend. This action can not be undone. A “trash” link will appear bellow all comments.\u003Cbr \u002F>\nDon’t worry: You can untrash them if until you reload. You are also able to replace the comment text with a custom\u003Cbr \u002F>\ntext which can be set in the settings.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Ability for visitors to report comments they find offensive.\u003C\u002Fli>\n\u003Cli>Once a flagged comment has been deemed ok, it wont be able to be flagged again.\u003C\u002Fli>\n\u003Cli>Flagging is done via ajax for smoother experience for the visitors.\u003C\u002Fli>\n\u003Cli>Decide whether all visitors or only logged in users can report comments.\u003C\u002Fli>\n\u003Cli>Trashing and Replacing with ajax in the frontend for faster moderation.\u003C\u002Fli>\n\u003Cli>Fully localized. Comes with English and German translations.\u003C\u002Fli>\n\u003C\u002Ful>\n","Grants visitors the ability to report inappropriate comments and admins to replace and trash them in the frontend.",10,4720,80,"2022-09-24T15:28:00.000Z","6.0.11","3.0",[112,113,20,21,23],"admin","ajax","http:\u002F\u002Fmarctv.de\u002Fblog\u002Fmarctv-wordpress-plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmarctv-ajax-trash-comments.2.2.zip",{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":124,"downloaded":125,"rating":28,"num_ratings":28,"last_updated":126,"tested_up_to":69,"requires_at_least":127,"requires_php":128,"tags":129,"homepage":135,"download_link":136,"security_score":66,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"fake-user-detector","Fake User Detector","1.0.3","PluginRx","https:\u002F\u002Fprofiles.wordpress.org\u002Fapos37\u002F","\u003Cp>Fake User Detector helps WordPress site owners identify and flag suspicious user accounts after they have already registered.\u003C\u002Fp>\n\u003Cp>This plugin does not prevent or block registrations. Instead, it analyzes user data post-registration to highlight accounts that appear automated, fake, or low-quality, making it easier to review and remove them manually.\u003C\u002Fp>\n\u003Cp>Fake User Detector is designed as a cleanup and review tool, not a registration firewall. It works well alongside other plugins that handle CAPTCHA, email verification, honeypots, or other signup prevention techniques.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Post-Registration Analysis:\u003C\u002Fstrong> Evaluates user accounts after creation to identify suspicious patterns.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Gibberish Detection:\u003C\u002Fstrong> Flags accounts with non-human patterns like too many uppercase letters, no vowels, or clusters of consonants.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Symbol and Number Filters:\u003C\u002Fstrong> Detects unnatural use of digits or special characters in names.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Detection Rules:\u003C\u002Fstrong> Enable or disable individual checks to suit your site’s user base.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flag for Review:\u003C\u002Fstrong> Suspicious accounts are flagged and marked for potential deletion.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Notice:\u003C\u002Fstrong> Quickly see how many flagged users exist from your admin area.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Scan Existing Users:\u003C\u002Fstrong> Scan the users admin list table for suspicious accounts so you can easily delete them.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Gravity Forms Integration:\u003C\u002Fstrong> If using Gravity Forms User Registration, the plugin optionally runs validation checks on registrations submitted via forms.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Hooks:\u003C\u002Fstrong> Add or customize detection logic with your own functions.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Detection Checks Include:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Manually flagged by admin\u003C\u002Fli>\n\u003Cli>Excessive uppercase letters (more than 5 in a name unless all caps)\u003C\u002Fli>\n\u003Cli>No vowels in names longer than 5 characters\u003C\u002Fli>\n\u003Cli>Six or more consecutive consonants in a name\u003C\u002Fli>\n\u003Cli>Presence of numbers in names\u003C\u002Fli>\n\u003Cli>Presence of special characters other than letters, numbers, and dashes\u003C\u002Fli>\n\u003Cli>Similarity between first and last name (exact match or one includes the other)\u003C\u002Fli>\n\u003Cli>Very short names (2 characters)\u003C\u002Fli>\n\u003Cli>Invalid or disposable email domains\u003C\u002Fli>\n\u003Cli>Excessive periods in email address (more than 3)\u003C\u002Fli>\n\u003Cli>Username containing URL patterns (\u003Ccode>http\u003C\u002Fcode>, \u003Ccode>https\u003C\u002Fcode>, or \u003Ccode>www\u003C\u002Fcode>)\u003C\u002Fli>\n\u003Cli>Known spam words in user bio or name\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Fake User Detector is ideal for membership sites, communities, forums, or any WordPress site that allows user registration and needs a practical way to review and clean up suspicious accounts that already exist.\u003C\u002Fp>\n","Detect and flag suspicious existing user accounts using simple checks to help clean up fake or low-quality registrations.",30,214,"2025-12-24T20:28:00.000Z","5.9","8.0",[130,131,132,133,134],"account-flagging","bot-detection","fake-users","spam","user-registration","https:\u002F\u002Fpluginrx.com\u002Fplugin\u002Ffake-user-detector\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffake-user-detector.1.0.3.zip",{"attackSurface":138,"codeSignals":202,"taintFlows":227,"riskAssessment":228,"analyzedAt":233},{"hooks":139,"ajaxHandlers":190,"restRoutes":199,"shortcodes":200,"cronEvents":201,"entryPointCount":86,"unprotectedCount":28},[140,146,150,154,159,163,167,170,174,178,182,186],{"type":141,"name":142,"callback":143,"file":144,"line":145},"action","init","frontend_init","safe-report-comments.php",49,{"type":141,"name":147,"callback":148,"file":144,"line":149},"admin_init","backend_init",51,{"type":141,"name":151,"callback":152,"priority":105,"file":144,"line":153},"comment_unapproved_to_approved","mark_comment_moderated",53,{"type":155,"name":156,"callback":157,"file":144,"line":158},"filter","manage_edit-comments_columns","add_comment_reported_column",81,{"type":141,"name":160,"callback":161,"priority":105,"file":144,"line":162},"manage_comments_custom_column","manage_comment_reported_column",82,{"type":141,"name":164,"callback":165,"file":144,"line":166},"admin_menu","register_admin_panel",84,{"type":141,"name":168,"callback":169,"file":144,"line":27},"admin_head","admin_header",{"type":141,"name":171,"callback":172,"file":144,"line":173},"wp_enqueue_scripts","action_enqueue_scripts",104,{"type":155,"name":175,"callback":176,"file":144,"line":177},"comment_reply_link","add_flagging_link",107,{"type":141,"name":179,"callback":180,"file":144,"line":181},"comment_report_abuse_link","print_flagging_link",108,{"type":141,"name":183,"callback":184,"file":144,"line":185},"template_redirect","add_test_cookie",110,{"type":141,"name":187,"callback":188,"file":144,"line":189},"admin_notices","print_admin_notice",144,[191,197],{"action":192,"nopriv":193,"callback":194,"hasNonce":195,"hasCapCheck":193,"file":144,"line":196},"safe_report_comments_flag_comment",false,"flag_comment",true,101,{"action":192,"nopriv":195,"callback":194,"hasNonce":195,"hasCapCheck":193,"file":144,"line":198},102,[],[],[],{"dangerousFunctions":203,"sqlUsage":204,"outputEscaping":206,"fileOperations":28,"externalRequests":28,"nonceChecks":225,"capabilityChecks":28,"bundledLibraries":226},[],{"prepared":28,"raw":28,"locations":205},[],{"escaped":28,"rawEcho":105,"locations":207},[208,211,213,215,216,218,219,220,221,223],{"file":144,"line":209,"context":210},172,"raw output",{"file":144,"line":212,"context":210},186,{"file":144,"line":214,"context":210},187,{"file":144,"line":214,"context":210},{"file":144,"line":217,"context":210},199,{"file":144,"line":11,"context":210},{"file":144,"line":11,"context":210},{"file":144,"line":11,"context":210},{"file":144,"line":222,"context":210},384,{"file":144,"line":224,"context":210},459,1,[],[],{"summary":229,"deductions":230},"The \"safe-report-comments\" plugin v0.4.1 exhibits a mixed security posture. On the positive side, the plugin has no known vulnerabilities (CVEs) and a small attack surface with all entry points being protected by some form of authentication or permission check.  Furthermore, it doesn't utilize dangerous functions, perform file operations, or make external HTTP requests, and all its SQL queries use prepared statements, which are excellent security practices.\n\nHowever, a significant concern arises from the complete lack of output escaping. With 10 total outputs and 0% properly escaped, this creates a substantial risk of Cross-Site Scripting (XSS) vulnerabilities. Any dynamic data displayed by the plugin is susceptible to malicious injection, potentially leading to session hijacking, defacement, or further attacks. The absence of taint analysis results is also notable; while this could indicate a lack of complex data flows, it might also mean the analysis tool was not able to effectively trace potentially harmful data through the code, or the plugin simply doesn't have much user-controlled input to analyze in a way that would trigger the tool.\n\nGiven the zero known CVEs and no apparent history of vulnerabilities, the plugin appears to have been developed with some care. However, the critical oversight in output escaping severely undermines its overall security. The strengths in preventing SQL injection and securing entry points are overshadowed by the high likelihood of XSS. Addressing the output escaping issue should be the top priority for improving the plugin's security.",[231],{"reason":232,"points":84},"Unescaped output","2026-03-16T20:22:14.494Z",{"wat":235,"direct":242},{"assetPaths":236,"generatorPatterns":238,"scriptPaths":239,"versionParams":240},[237],"\u002Fwp-content\u002Fplugins\u002Fsafe-report-comments\u002Fjs\u002Fajax.js",[],[237],[241],"safe-report-comments\u002Fjs\u002Fajax.js?ver=",{"cssClasses":243,"htmlComments":245,"htmlAttributes":249,"restEndpoints":252,"jsGlobals":253,"shortcodeOutput":255},[244],"column-comment_reported",[246,247,248],"\u003C!-- nonce invalid -->","\u003C!-- invalid values -->","\u003C!-- already flagged -->",[250,251],"srcmnt_enabled","srcmnt_threshold",[],[254],"SafeCommentsAjax",[]]