Does Tako Movable Comments have any unpatched vulnerabilities?

No. All known vulnerabilities in Tako Movable Comments have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Tako Movable Comments compatible with WordPress 4.6.30?

According to WordPress.org data, Tako Movable Comments 1.0.7 has been tested up to WordPress 4.6.30. Check the plugin's changelog for the latest compatibility information.

How often is Tako Movable Comments updated?

Tako Movable Comments was last updated on Oct 14, 2016. Frequent updates are generally a positive security signal.

What is Tako Movable Comments's security score?

Tako Movable Comments has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Tako Movable Comments Security & Risk Analysis

wordpress.org/plugins/tako-movable-comments

Move WordPress comments easily with Tako Movable Comments.

1K active installs v1.0.7 PHP + WP 3.0+ Updated Oct 14, 2016

change-commentcommentsedit-commentsnested-commentsupdate-comment

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Tako Movable Comments Safe to Use in 2026?

Generally Safe

Score 85/100

Tako Movable Comments has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The "tako-movable-comments" plugin v1.0.7 exhibits a mixed security posture. While the static analysis reports a good number of nonce and capability checks, and no identified critical or high-severity taint flows, there are significant concerns regarding data handling. The complete lack of prepared statements for SQL queries and the absence of output escaping for all analyzed outputs represent a substantial risk. These practices leave the plugin vulnerable to common web attacks such as SQL injection and cross-site scripting (XSS). The vulnerability history showing no recorded CVEs is positive but does not negate the inherent risks identified in the code analysis. Without addressing the unescaped outputs and raw SQL queries, the plugin's security remains compromised.

Key Concerns

Raw SQL queries without prepared statements
All analyzed outputs lack proper escaping

Vulnerabilities

None known

Tako Movable Comments Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Tako Movable Comments Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared3 total queries

Output Escaping

0% escaped8 total outputs

Attack Surface

Tako Movable Comments Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 3

authwp_ajax_tako_chosen_post_typetako.php:51

authwp_ajax_tako_post_typestako.php:54

authwp_ajax_tako_move_bulktako.php:55

WordPress Hooks 5

actionadd_meta_boxestako.php:48

actionedit_commenttako.php:49

actionadmin_enqueue_scriptstako.php:50

actionadmin_footer-edit-comments.phptako.php:52

actionadmin_enqueue_scriptstako.php:53

Maintenance & Trust

Tako Movable Comments Maintenance & Trust

Maintenance Signals

WordPress version tested4.6.30

Last updatedOct 14, 2016

PHP min version

Downloads22K

Community Trust

Rating96/100

Number of ratings77

Active installs1K

Alternatives

Tako Movable Comments Alternatives

Comment Edit Core – Simple Comment Editing

simple-comment-editing

Allow your users to edit their comments for a period of time. Adjust the comment timer and save some admin headaches.

2K 2 CVEs

Update Comments Count

update-comments-count

An easy way to update post comments counters, even for large sites, using WordPress standar function.

70 No CVEs

Nested Comments Unbound

nested-comments-unbound

Enable open-ended maximum depth for nested comments, preserve comment-reply-links for all comments, keep the results readable.

10 No CVEs

Akismet Anti-spam: Spam Protection

akismet

The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.

6.0M 2 CVEs

Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]

disable-comments

Allows administrators to globally disable comments on their site. Comments can be disabled according to post type. Multisite friendly.

1.0M 1 CVE

Developer Profile

Tako Movable Comments Developer Profile

RenettaRenula

1 plugin · 1K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Tako Movable Comments

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/tako-movable-comments/css/tako-chosen.css/wp-content/plugins/tako-movable-comments/js/tako-chosen.js/wp-content/plugins/tako-movable-comments/js/tako-dropdown.js

Script Paths

/wp-content/plugins/tako-movable-comments/js/tako-dropdown.js/wp-content/plugins/tako-movable-comments/js/tako-chosen.js

Version Parameters

tako-movable-comments/css/tako-chosen.css?ver=tako-movable-comments/js/tako-chosen.js?ver=tako-movable-comments/js/tako-dropdown.js?ver=

HTML / DOM Fingerprints

CSS Classes

tako_spinner

Data Attributes

id="tako_current_comment"id="tako_post_type"id="tako_post"id="tako_spinner"name="tako_post_type"name="tako_post"+1 more

JS Globals

tako_objecttako_chosen_post_type_callbacktako_post_types_callbacktako_move_bulk_callbacktako_bulk_action_for_comments

REST Endpoints

/wp-json/tako/

FAQ