Does Simple Commenter – Website Feedback tool have any unpatched vulnerabilities?

No. All known vulnerabilities in Simple Commenter – Website Feedback tool have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Simple Commenter – Website Feedback tool compatible with WordPress 6.9.4?

According to WordPress.org data, Simple Commenter – Website Feedback tool 1.0.7 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Simple Commenter – Website Feedback tool compatible with PHP 7.4+?

Simple Commenter – Website Feedback tool requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Simple Commenter – Website Feedback tool updated?

Simple Commenter – Website Feedback tool was last updated on Mar 5, 2026. Frequent updates are generally a positive security signal.

What is Simple Commenter – Website Feedback tool's security score?

Simple Commenter – Website Feedback tool has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Simple Commenter – Website Feedback tool Security & Risk Analysis

wordpress.org/plugins/simple-commenter

The website feedback tool your clients will actually use. Collect visual feedback directly on your site—no training required.

40 active installs v1.0.7 PHP 7.4+ WP 5.0+ Updated Mar 5, 2026

annotationsclient-feedbackfeedbackvisual-feedbackwebsite-feedback

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Simple Commenter – Website Feedback tool Safe to Use in 2026?

Generally Safe

Score 100/100

Simple Commenter – Website Feedback tool has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 29d ago

Risk Assessment

The "simple-commenter" v1.0.7 plugin exhibits a mixed security posture. On the positive side, it shows excellent practices regarding SQL queries, with 100% using prepared statements, and robust output escaping, with 99% of outputs properly escaped. The plugin also has a clean vulnerability history with no recorded CVEs, suggesting a potentially well-maintained codebase. However, a significant concern arises from the large attack surface exposed through AJAX handlers, with 25 out of 30 handlers lacking authentication checks. While the taint analysis did not reveal critical or high-severity issues, the presence of 9 flows with unsanitized paths warrants attention, especially in conjunction with the unprotected AJAX endpoints. The single file operation and two external HTTP requests, while not inherently problematic, should be carefully reviewed for any potential misuses within the context of unprotected entry points. The limited number of capability checks and nonce checks further contributes to the risk associated with the numerous unprotected AJAX actions.

Key Concerns

High number of unprotected AJAX handlers
Flows with unsanitized paths
Limited capability checks
Only one nonce check present

Vulnerabilities

None known

Simple Commenter – Website Feedback tool Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Simple Commenter – Website Feedback tool Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

162 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

99% escaped164 total outputs

Data Flows

9 unsanitized

Data Flow Analysis

9 flows9 with unsanitized paths

ajax_add_reply (includes\class-simco-admin.php:1029)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

25 unprotected

Simple Commenter – Website Feedback tool Attack Surface

Entry Points30

Unprotected25

AJAX Handlers 30

authwp_ajax_simco_connectincludes\class-simco-admin.php:43

authwp_ajax_simco_registerincludes\class-simco-admin.php:44

authwp_ajax_simco_get_domainsincludes\class-simco-admin.php:45

authwp_ajax_simco_select_domainincludes\class-simco-admin.php:46

authwp_ajax_simco_add_domainincludes\class-simco-admin.php:47

authwp_ajax_simco_save_settingsincludes\class-simco-admin.php:48

authwp_ajax_simco_disconnectincludes\class-simco-admin.php:49

authwp_ajax_simco_refresh_accountincludes\class-simco-admin.php:50

authwp_ajax_simco_get_login_linkincludes\class-simco-admin.php:51

authwp_ajax_simco_save_google_authincludes\class-simco-admin.php:52

authwp_ajax_simco_save_access_modeincludes\class-simco-admin.php:53

authwp_ajax_simco_save_rolesincludes\class-simco-admin.php:54

authwp_ajax_simco_get_membersincludes\class-simco-admin.php:55

authwp_ajax_simco_add_memberincludes\class-simco-admin.php:56

authwp_ajax_simco_remove_memberincludes\class-simco-admin.php:57

authwp_ajax_simco_get_clientsincludes\class-simco-admin.php:58

authwp_ajax_simco_add_clientincludes\class-simco-admin.php:59

authwp_ajax_simco_save_sync_settingsincludes\class-simco-admin.php:60

authwp_ajax_simco_save_admin_rolesincludes\class-simco-admin.php:61

authwp_ajax_simco_send_login_codeincludes\class-simco-admin.php:62

authwp_ajax_simco_verify_login_codeincludes\class-simco-admin.php:63

authwp_ajax_simco_send_register_codeincludes\class-simco-admin.php:64

authwp_ajax_simco_verify_register_codeincludes\class-simco-admin.php:65

authwp_ajax_simco_get_commentsincludes\class-simco-admin.php:66

authwp_ajax_simco_update_commentincludes\class-simco-admin.php:67

authwp_ajax_simco_add_replyincludes\class-simco-admin.php:68

authwp_ajax_simco_mark_comments_seenincludes\class-simco-admin.php:69

authwp_ajax_simco_sync_all_usersincludes\class-simco-admin.php:70

authwp_ajax_simco_get_upgrade_linkincludes\class-simco-admin.php:71

authwp_ajax_simco_sync_current_userincludes\class-simco-admin.php:72

WordPress Hooks 7

actionadmin_menuincludes\class-simco-admin.php:39

actionadmin_enqueue_scriptsincludes\class-simco-admin.php:40

actionwp_enqueue_scriptsincludes\class-simco-script-injector.php:75

actionwp_footerincludes\class-simco-script-injector.php:79

filterscript_loader_tagincludes\class-simco-script-injector.php:178

actioninitsimple-commenter.php:80

actionplugins_loadedsimple-commenter.php:117

Maintenance & Trust

Simple Commenter – Website Feedback tool Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 5, 2026

PHP min version7.4

Downloads671

Community Trust

Rating100/100

Number of ratings12

Active installs40

Alternatives

Simple Commenter – Website Feedback tool Alternatives

SureFeedback Cloud

surefeedback-cloud

100

SureFeedback Cloud helps teams collect visual feedback on WordPress sites and designs. Fast client sharing, zero hosting needed.

10 No CVEs

Marker.io – Visual Website Feedback

marker-io

Collect visual website feedback from colleagues and clients on your WordPress site.

4K 2 CVEs

Atarim – Visual Feedback, Review & AI Collaboration

atarim-visual-collaboration

Make collecting feedback on WordPress sites MUCH faster and easier, with the visual collaboration tool used on over 120,000 websites worldwide.

1K 18 CVEs

Feedbucket – Website Feedback Tool

feedbucket

Enable your clients and team members to submit feedback using screenshot and recordings on your WordPress site.

1K 1 CVE

Mopinion Feedback Form

mopinion-feedback-form

Easy add feedback buttons and feedback forms to your website with the Mopinion.com Wordpress Plugin. Easy install, fast user insights.

100 1 unpatched

Developer Profile

Simple Commenter – Website Feedback tool Developer Profile

Aleksander Kaaberma

1 plugin · 40 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Simple Commenter – Website Feedback tool

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/simple-commenter/admin/css/simco-admin.css/wp-content/plugins/simple-commenter/admin/js/simco-admin.js/wp-content/plugins/simple-commenter/includes/js/simco-api.js/wp-content/plugins/simple-commenter/includes/js/simco-settings.js/wp-content/plugins/simple-commenter/includes/js/simco-script-injector.js/wp-content/plugins/simple-commenter/includes/js/simco-frontend.js

Script Paths

/wp-content/plugins/simple-commenter/admin/js/simco-admin.js/wp-content/plugins/simple-commenter/includes/js/simco-api.js/wp-content/plugins/simple-commenter/includes/js/simco-settings.js/wp-content/plugins/simple-commenter/includes/js/simco-script-injector.js/wp-content/plugins/simple-commenter/includes/js/simco-frontend.js

Version Parameters

/wp-content/plugins/simple-commenter/admin/css/simco-admin.css?ver=/wp-content/plugins/simple-commenter/admin/js/simco-admin.js?ver=/wp-content/plugins/simple-commenter/includes/js/simco-api.js?ver=/wp-content/plugins/simple-commenter/includes/js/simco-settings.js?ver=/wp-content/plugins/simple-commenter/includes/js/simco-script-injector.js?ver=/wp-content/plugins/simple-commenter/includes/js/simco-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

simco-admin-wrapsimco-connect-buttonsimco-settings-form

HTML Comments

Data Attributes

data-simco-tokendata-simco-domain-id

JS Globals

window.SimpleCommenterAdminwindow.SimpleCommenterSettingsvar simco_ajax_object

REST Endpoints

/wp-json/simco/v1/connect/wp-json/simco/v1/settings

FAQ