Does Whisper Comment Reloaded have any unpatched vulnerabilities?

No. All known vulnerabilities in Whisper Comment Reloaded have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Whisper Comment Reloaded compatible with WordPress 3.2.1?

According to WordPress.org data, Whisper Comment Reloaded 1.0 has been tested up to WordPress 3.2.1. Check the plugin's changelog for the latest compatibility information.

How often is Whisper Comment Reloaded updated?

Whisper Comment Reloaded was last updated on Sep 2, 2011. Frequent updates are generally a positive security signal.

What is Whisper Comment Reloaded's security score?

Whisper Comment Reloaded has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Whisper Comment Reloaded Security & Risk Analysis

wordpress.org/plugins/whisper-comment-reloaded

Whisper Comment Reloaded is a WordPress plugin for commenters to control comment visibility for other viewers.

10 active installs v1.0 PHP + WP 2.8+ Updated Sep 2, 2011

commentsprivatesecuritysilentwhisper

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Whisper Comment Reloaded Safe to Use in 2026?

Generally Safe

Score 85/100

Whisper Comment Reloaded has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago

Risk Assessment

The 'whisper-comment-reloaded' v1.0 plugin exhibits significant security concerns despite a seemingly clean vulnerability history. The static analysis reveals a complete lack of any implemented security checks, including nonce checks, capability checks, and proper output escaping. All SQL queries are executed without prepared statements, posing a high risk of SQL injection vulnerabilities. Furthermore, taint analysis indicates flows with unsanitized paths, which could be exploited if these paths are exposed through any of the plugin's entry points, though the current static analysis reports zero entry points. The absence of any recorded vulnerabilities historically might suggest either that the plugin has not been widely used or that previous versions have not been thoroughly audited. However, the current code quality, particularly the absence of fundamental security practices like prepared statements and output escaping, presents a substantial risk, making it highly susceptible to common web attacks.

Key Concerns

All SQL queries use raw strings
No output escaping implemented
No nonce checks implemented
No capability checks implemented
Taint analysis shows unsanitized paths

Vulnerabilities

None known

Whisper Comment Reloaded Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Whisper Comment Reloaded Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared9 total queries

Output Escaping

0% escaped9 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

whisper_comment_options (whisper-comment-reloaded.php:19)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Whisper Comment Reloaded Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 8

actionadmin_menuwhisper-comment-reloaded.php:12

actioncomment_formwhisper-comment-reloaded.php:266

actioncomment_postwhisper-comment-reloaded.php:267

filtercomment_textwhisper-comment-reloaded.php:268

filtercomment_text_rsswhisper-comment-reloaded.php:269

filtercomment_excerptwhisper-comment-reloaded.php:270

filtercomment_edit_prewhisper-comment-reloaded.php:271

filtercomment_row_actionswhisper-comment-reloaded.php:272

Maintenance & Trust

Whisper Comment Reloaded Maintenance & Trust

Maintenance Signals

WordPress version tested3.2.1

Last updatedSep 2, 2011

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Whisper Comment Reloaded Alternatives

underConstruction

underconstruction

Creates a 'Coming Soon' page that will show for all users who are not logged in

40K 5 CVEs

My Private Site

jonradio-private-site

Make your WordPress site private with one click for family, projects, or teams. Protection for content, login, and registration.

20K 2 CVEs

Comment Form CSRF Protection

comment-form-csrf-protection

Prevent Cross-Site Request Forgery attacks on your comments form.

500 No CVEs

WPControl – The Easiest Optimization Plugin for WordPress

wpcontrol

The easiest way to improve your website's security, performance, and user experience.

200 No CVEs

Admin SSL

admin-ssl-secure-admin

Admin SSL secures login page, admin area, posts, pages - whatever you want - using Private SSL.

100 No CVEs

Developer Profile

Whisper Comment Reloaded Developer Profile

Joshua Parker

5 plugins · 130 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Whisper Comment Reloaded

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

wrapmetabox-holdermeta-box-sortablesspostboxinsideform-table

Data Attributes

for="wc_whisper_on"id="wc_whisper_on"name="wc_whisper_on"for="wc_whisper_to"id="wc_whisper_to"name="wc_whisper_to"+15 more

FAQ