Does Spectacu.la Discussion have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Spectacu.la Discussion compatible with WordPress 3.8.41?

According to WordPress.org data, Spectacu.la Discussion 2.3.4 has been tested up to WordPress 3.8.41. Check the plugin's changelog for the latest compatibility information.

How often is Spectacu.la Discussion updated?

Spectacu.la Discussion was last updated on Oct 9, 2020. Frequent updates are generally a positive security signal.

What is Spectacu.la Discussion's security score?

Spectacu.la Discussion has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Spectacu.la Discussion Security — No Known CVEs

Safety Verdict

Is Spectacu.la Discussion Safe to Use in 2026?

Generally Safe

Score 85/100

Spectacu.la Discussion has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The spectacula-threaded-comments plugin v2.3.4 exhibits a generally good security posture based on the provided static analysis. It has a commendably small attack surface with no apparent unprotected entry points. The code also demonstrates responsible handling of SQL queries, exclusively using prepared statements, and includes a reasonable number of capability checks. The complete absence of known vulnerabilities in its history is a significant positive indicator.

However, there are areas that warrant attention. The taint analysis revealed two flows with unsanitized paths, which, while not classified as critical or high severity, still represent a potential risk of path traversal or unintended file access if exploited. Furthermore, the output escaping is only properly implemented in 67% of cases, leaving a substantial portion of outputs potentially vulnerable to cross-site scripting (XSS) attacks. The presence of file operations without further context raises a minor concern, as does the single nonce check which may indicate insufficient protection for sensitive operations.

Key Concerns

Flows with unsanitized paths
Low percentage of properly escaped output
File operations without further context
Limited nonce checks

Vulnerabilities

None known

Spectacu.la Discussion Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Spectacu.la Discussion Release Timeline

v2.3.2

v2.3.1

v2.3

v2.2.2

v2.2.1

v2.2

v2.1.7

v2.1.6

v2.1.5

v2.1.4

v2.1.3

v2.1.2

v2.1.1

v2.0.1

v2.0.0

v1.0.3

v1.0.2

v1.0.1

v1.0.0

Code Analysis

Analyzed Mar 16, 2026

Spectacu.la Discussion Code Analysis

Dangerous Functions

0

Raw SQL Queries

0

6 prepared

Unescaped Output

27

54 escaped

Nonce Checks

1

Capability Checks

6

File Operations

2

External Requests

0

Bundled Libraries

0

SQL Query Safety

100% prepared6 total queries

Output Escaping

67% escaped81 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths

spec_comments_form (includes\functions.php:151)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Spectacu.la Discussion Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 17

actioninitcommenting.php:59

filterbody_classcommenting.php:77

actionwp_headcommenting.php:78

actionwpcommenting.php:79

actioncomment_formcommenting.php:83

filtercomments_templatecommenting.php:84

actionadmin_initcommenting.php:88

actionsave_postcommenting.php:89

filtercomments_arraycommenting.php:91

filterspec_comment_csscommenting.php:94

actionwp_set_comment_statusincludes\db.php:18

actionwp_insert_commentincludes\db.php:20

actioncomment_postincludes\db.php:25

filtercomment_reply_linkincludes\functions.php:22

actioninitincludes\options-page.php:275

actionadmin_menuincludes\options-page.php:276

filtercomment_post_redirectincludes\spec-ajax.php:33

Maintenance & Trust

Spectacu.la Discussion Maintenance & Trust

Maintenance Signals

WordPress version tested3.8.41

Last updatedOct 9, 2020

PHP min version

Downloads19K

Community Trust

Rating90/100

Number of ratings2

Active installs70

Alternatives

Spectacu.la Discussion Alternatives

WDP AJAX Comments

wdp-ajax-comments

A

85

This plugin will enable AJAX comment posting on your WordPress blog.

10 No CVEs

Comments – wpDiscuz

wpdiscuz

B

75

AJAX powered realtime comments. Designed to extend WordPress native comments. Custom comment forms/fields. Making comments has never been so awesome!

80K 24 CVEs

AnyComment

anycomment

F

17

AnyComment is blazing-fast commenting plugin based on React for WordPress.

3K 3 unpatched

Ajaxify Comments – Ajax and Lazy Loading Comments

wp-ajaxify-comments

A

100

Ajaxify Comments speeds up your comment section, allowing for lazy loading comments, instant comment posting, and seamless success and error messages.

3K No CVEs

Comment Edit Core – Simple Comment Editing

simple-comment-editing

A

98

Allow your users to edit their comments for a period of time. Adjust the comment timer and save some admin headaches.

2K 2 CVEs

Developer Profile

Spectacu.la Discussion Developer Profile

Spectacula

3 plugins · 160 total installs

84

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Spectacu.la Discussion

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/spectacula-threaded-comments/js/json2.js/wp-content/plugins/spectacula-threaded-comments/js/jquery.autogrow-textarea.min.js/wp-content/plugins/spectacula-threaded-comments/js/jquery.autogrow-textarea.js/wp-content/plugins/spectacula-threaded-comments/js/jquery.scrollTo-master/jquery.scrollTo.min.js/wp-content/plugins/spectacula-threaded-comments/js/quote.min.js/wp-content/plugins/spectacula-threaded-comments/js/quote.js/wp-content/plugins/spectacula-threaded-comments/js/commenting.min.js/wp-content/plugins/spectacula-threaded-comments/js/commenting.js

Script Paths

/wp-content/plugins/spectacula-threaded-comments/js/json2.js/wp-content/plugins/spectacula-threaded-comments/js/jquery.autogrow-textarea.min.js/wp-content/plugins/spectacula-threaded-comments/js/jquery.autogrow-textarea.js/wp-content/plugins/spectacula-threaded-comments/js/jquery.scrollTo-master/jquery.scrollTo.min.js/wp-content/plugins/spectacula-threaded-comments/js/quote.min.js/wp-content/plugins/spectacula-threaded-comments/js/quote.js+2 more

Version Parameters

spectacula-threaded-comments/js/json2.js?ver=spectacula-threaded-comments/js/jquery.autogrow-textarea.min.js?ver=spectacula-threaded-comments/js/jquery.scrollTo-master/jquery.scrollTo.min.js?ver=spectacula-threaded-comments/js/quote.min.js?ver=spectacula-threaded-comments/js/commenting.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

spectacula-commenting

HTML Comments

Data Attributes

data-comment-iddata-comment-post-iddata-comment-reply-to

JS Globals

specQuoteLn

REST Endpoints

/wp-json/spectacula-threaded-comments

FAQ

Spectacu.la Discussion Security & Risk Analysis