Does FV Thoughtful Comments have any unpatched vulnerabilities?

No. All known vulnerabilities in FV Thoughtful Comments have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is FV Thoughtful Comments compatible with WordPress 6.7.5?

According to WordPress.org data, FV Thoughtful Comments 0.4.1 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

How often is FV Thoughtful Comments updated?

FV Thoughtful Comments was last updated on Mar 14, 2025. Frequent updates are generally a positive security signal.

What is FV Thoughtful Comments's security score?

FV Thoughtful Comments has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

FV Thoughtful Comments Security & Risk Analysis

wordpress.org/plugins/thoughtful-comments

FV Thoughtful Comments adds front end comment moderation including sophisticated banning mechanisms. Say Goodbye to Disqus!

80 active installs v0.4.1 PHP + WP 4.9+ Updated Mar 14, 2025

commentsfrontendmoderationunapproved

A · Safe

CVEs total1

Unpatched0

Last CVEJan 24, 2025

Plugin page Download

Safety Verdict

Is FV Thoughtful Comments Safe to Use in 2026?

Generally Safe

Score 92/100

FV Thoughtful Comments has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 24, 2025Updated 1yr ago

Risk Assessment

The "thoughtful-comments" plugin v0.4.1 exhibits a mixed security posture. While it demonstrates some good security practices, particularly in its protected entry points and the presence of nonce and capability checks, significant concerns remain. The static analysis reveals a critical vulnerability: the use of `unserialize`, which, when combined with unsanitized paths identified in the taint analysis, presents a substantial risk of remote code execution or deserialization vulnerabilities. The plugin also has a history of vulnerabilities, specifically a low-severity "Missing Authorization" issue, indicating a pattern of potential authorization flaws. While the current version has no unpatched CVEs, the past vulnerability and the identified code signals suggest a need for more robust input validation and authorization checks to mitigate future risks. The limited attack surface and the majority of SQL queries using prepared statements are positive, but the core issues around `unserialize` and taint flows are serious enough to warrant caution.

Key Concerns

Dangerous function 'unserialize' found
Taint flow with unsanitized paths (High severity)
Taint flow with unsanitized paths (High severity)
Output escaping is not properly implemented (39%)
History of 'Missing Authorization' vulnerability

Vulnerabilities

FV Thoughtful Comments Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Low

1 total CVE

CVE-2025-24613low · 3.1Missing Authorization

FV Thoughtful Comments <= 0.3.5 - Missing Authorization

Jan 24, 2025 Patched in 0.3.6 (5d)

Code Analysis

Analyzed Mar 16, 2026

FV Thoughtful Comments Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

13 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$this->cache_data = unserialize( file_get_contents( WP_CONTENT_DIR.'/'.$this->cache_filename ) );fv-thoughtful-comments.php:283

SQL Query Safety

53% prepared15 total queries

Output Escaping

39% escaped33 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths

options_panel (fv-thoughtful-comments.php:942)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

FV Thoughtful Comments Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 3

authwp_ajax_fv_tc_approvefv-thoughtful-comments.php:1768

authwp_ajax_fv_tc_deletefv-thoughtful-comments.php:1769

authwp_ajax_fv_tc_moderatedfv-thoughtful-comments.php:1770

WordPress Hooks 47

actionin_plugin_update_message-thoughtful-comments/fv-thoughtful-comments.phpfv-thoughtful-comments.php:90

actionadmin_initfv-thoughtful-comments.php:91

actiondeleted_commentfv-thoughtful-comments.php:1353

actionwp_set_comment_statusfv-thoughtful-comments.php:1361

filterthread_comments_depth_maxfv-thoughtful-comments.php:1697

filteravatar_defaultsfv-thoughtful-comments.php:1698

filterpersonal_optionsfv-thoughtful-comments.php:1730

filteredit_user_profilefv-thoughtful-comments.php:1731

filterpre_user_nicenamefv-thoughtful-comments.php:1732

filtercomment_row_actionsfv-thoughtful-comments.php:1785

filteradmin_initfv-thoughtful-comments.php:1791

filtermanage_users_columnsfv-thoughtful-comments.php:1794

filtermanage_users_custom_columnfv-thoughtful-comments.php:1796

filtercomment_textfv-thoughtful-comments.php:1800

filterinitfv-thoughtful-comments.php:1802

filtercomment_textfv-thoughtful-comments.php:1805

actionthesis_hook_after_commentfv-thoughtful-comments.php:1808

filterthesis_comment_textfv-thoughtful-comments.php:1810

filterpre_comment_approvedfv-thoughtful-comments.php:1813

actionwp_footerfv-thoughtful-comments.php:1816

actionadmin_footerfv-thoughtful-comments.php:1817

filtercomments_numberfv-thoughtful-comments.php:1820

actionwp_print_stylesfv-thoughtful-comments.php:1824

filtercomment_classfv-thoughtful-comments.php:1827

filtercomments_template_query_argsfv-thoughtful-comments.php:1829

filterinitfv-thoughtful-comments.php:1831

filtercomments_arrayfv-thoughtful-comments.php:1834

actiontransition_comment_statusfv-thoughtful-comments.php:1837

filtercomment_authorfv-thoughtful-comments.php:1840

filterpre_comment_approvedfv-thoughtful-comments.php:1843

actionadmin_initfv-thoughtful-comments.php:1847

actionadmin_initfv-thoughtful-comments.php:1850

filtercomment_moderation_headersfv-thoughtful-comments.php:1858

filtercomment_moderation_textfv-thoughtful-comments.php:1860

actiondeleted_commentfv-thoughtful-comments.php:1864

actionwp_set_comment_statusfv-thoughtful-comments.php:1865

actionadmin_headfv-thoughtful-comments.php:1867

actionadmin_menufv-thoughtful-comments.php:1868

actionadmin_enqueue_scriptsfv-thoughtful-comments.php:1869

filtercomment_reply_linkfv-thoughtful-comments.php:1871

actioninitfv-thoughtful-comments.php:1873

filterget_comment_linkfv-thoughtful-comments.php:1875

filterget_comments_pagenum_linkfv-thoughtful-comments.php:1876

filterpaginate_linksfv-thoughtful-comments.php:1877

filterwp_list_comments_argsfv-thoughtful-comments.php:1880

filteradmin_initfv-thoughtful-comments.php:1881

filtersce_save_beforefv-thoughtful-comments.php:1882

Maintenance & Trust

FV Thoughtful Comments Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedMar 14, 2025

PHP min version

Downloads16K

Community Trust

Rating100/100

Number of ratings3

Active installs80

Alternatives

FV Thoughtful Comments Alternatives

AnyComment

anycomment

AnyComment is blazing-fast commenting plugin based on React for WordPress.

3K 3 unpatched

Comment Edit Core – Simple Comment Editing

simple-comment-editing

Allow your users to edit their comments for a period of time. Adjust the comment timer and save some admin headaches.

2K 2 CVEs

Comment Moderation/Notification Recipients

comment-moderation-e-mail-to-post-author

100

Control who will receive new comment and moderation notifications. Light weight, simple, safe and effective.

1K No CVEs

Bulk Comments Management

bulk-comments-management

This plugin allows administrators to globally delete comments (spam, trash, unapproved comments), enable/disable comments on all posts.

700 No CVEs

Auto Approve Comments

auto-approve-comments

Auto approve comments by Commenter (email, name, url), User and Role (Akismet and wpDiscuz compatible)

200 No CVEs

Developer Profile

FV Thoughtful Comments Developer Profile

FolioVision

19 plugins · 48K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

1121 days

View full developer profile

Detection Fingerprints

How We Detect FV Thoughtful Comments

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/thoughtful-comments/css/admin.css

HTML / DOM Fingerprints

FAQ