WP-Safety

WP Grade Comments Security & Risk Analysis

wordpress.org/plugins/wp-grade-comments

WP Grade Comments makes it easy for instructors who use WordPress in a course setting to give private feedback and/or grades to post authors, all with …

80 active installs v1.6.0 PHP + WP 4.4+ Updated Jul 1, 2025
commentscoursegradeprivacy
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WP Grade Comments Safe to Use in 2026?

Generally Safe

Score 100/100

WP Grade Comments has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9mo ago
Risk Assessment

The "wp-grade-comments" v1.6.0 plugin exhibits a strong security posture based on the provided static analysis. The absence of any identified attack surface points, such as unprotected AJAX handlers, REST API routes, or shortcodes, is a significant positive. Furthermore, the code signals indicate good security practices, with all SQL queries utilizing prepared statements, a high percentage of output being properly escaped, and the presence of nonce and capability checks. The taint analysis revealing no unsanitized flows or critical/high severity issues further bolsters this assessment.

Vulnerabilities
None known

WP Grade Comments Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WP Grade Comments Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
1
12 escaped
Nonce Checks
4
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared1 total queries

Output Escaping

92% escaped13 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
olgc_admin_notice (includes\admin.php:276)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WP Grade Comments Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 28
filtermanage_post_posts_columnsincludes\admin.php:10
actionmanage_post_posts_custom_columnincludes\admin.php:11
filtermanage_edit-comments_columnsincludes\admin.php:14
actionmanage_comments_custom_columnincludes\admin.php:15
actionadd_meta_boxes_commentincludes\admin.php:18
actionedit_commentincludes\admin.php:19
actionadmin_noticesincludes\admin.php:313
actionadmin_initincludes\admin.php:333
actionafter_plugin_rowincludes\admin.php:355
filterolgc_private_comment_textwp-grade-comments.php:21
actioninitwp-grade-comments.php:31
actioncomment_form_logged_in_afterwp-grade-comments.php:77
filtercomment_form_field_commentwp-grade-comments.php:103
actionwp_insert_commentwp-grade-comments.php:138
filterget_comment_textwp-grade-comments.php:229
filtercomment_reply_link_argswp-grade-comments.php:248
actionpre_get_commentswp-grade-comments.php:277
filtercomment_feed_wherewp-grade-comments.php:295
actionpre_get_commentswp-grade-comments.php:339
actionpre_get_commentswp-grade-comments.php:342
filterget_comments_numberwp-grade-comments.php:412
actioncomment_form_beforewp-grade-comments.php:423
filtermap_meta_capwp-grade-comments.php:483
filterallow_empty_commentwp-grade-comments.php:498
actioncomment_postwp-grade-comments.php:525
actionedit_commentwp-grade-comments.php:526
actiontransition_comment_statuswp-grade-comments.php:546
filtercomment_classwp-grade-comments.php:569
Maintenance & Trust

WP Grade Comments Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJul 1, 2025
PHP min version
Downloads7K

Community Trust

Rating100/100
Number of ratings3
Active installs80
Alternatives

WP Grade Comments Alternatives

Gravatar Enhanced – Avatars, Profiles, and Privacy

Gravatar Enhanced – Avatars, Profiles, and Privacy

gravatar-enhanced

A
100

The official Gravatar plugin, featuring privacy-focused settings, easy profile updates, and customizable Gravatar Profile blocks.

90K No CVEs
WP Comment Policy Checkbox

WP Comment Policy Checkbox

wp-comment-policy-checkbox

A
92

Add a checkbox and custom text to the comment forms so that the user can be informed and give consent to the web's privacy policy.

6K No CVEs
WP Discourse

WP Discourse

wp-discourse

A
98

This plugin allows you to use Discourse as a community engine for your WordPress website. The plugin is not a substitute for Disqus type commenting sy …

1K 2 CVEs
GradeBook

GradeBook

an-gradebook

C
58

A gradebook plugin for educators to create, maintain, and share grades quickly and efficiently.

10 2 unpatched
Forget User Info

Forget User Info

forget-user-info

A
85

Inserts a link into the comments form that will clear a user's comment info cookie

10 No CVEs
Developer Profile

WP Grade Comments Developer Profile

Boone Gorges

27 plugins · 12K total installs

71
trust score
Avg Security Score
88/100
Avg Patch Time
1864 days
View full developer profile
Detection Fingerprints

How We Detect WP Grade Comments

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-grade-comments/js/wp-grade-comments.js
Script Paths
/wp-content/plugins/wp-grade-comments/js/wp-grade-comments.js
Version Parameters
wp-grade-comments/style.css?ver=wp-grade-comments/js/wp-grade-comments.js?ver=

HTML / DOM Fingerprints

CSS Classes
olgc-checkboxesolgc-grade-entryolgc-privacy-descriptionolgc-grade-displayolgc-grade-hiddenolgc-grade-labelolgc-show-gradeolgc-grade-toggle+4 more
HTML Comments
<!-- Necessary to ensure that the value is submitted even if the checkbox is disabled --><!-- NOTE: Private response and grade will only be visible to instructors and the post's author. --><!-- Grade has its own column on edit-comments.php. --><!-- Don't ever add on feeds. -->+3 more
Data Attributes
name="olgc-private-comment"id="olgc-private-comment"name="olgc-private-comment-fallback"id="olgc-private-comment-fallback"name="olgc-add-a-grade"id="olgc-add-a-grade"+13 more
FAQ

Frequently Asked Questions about WP Grade Comments