WP-Safety

Comments – wpDiscuz Security & Risk Analysis

wordpress.org/plugins/wpdiscuz

AJAX powered realtime comments. Designed to extend WordPress native comments. Custom comment forms/fields. Making comments has never been so awesome!

80K active installs v7.6.47 PHP 5.6+ WP 5.0+ Updated Mar 11, 2026
ajax-commentscommentcomment-fieldscomment-formcomments
75
B · Generally Safe
CVEs total24
Unpatched0
Last CVEDec 25, 2025
Plugin page Download
Safety Verdict

Is Comments – wpDiscuz Safe to Use in 2026?

Mostly Safe

Score 75/100

Comments – wpDiscuz is generally safe to use. 24 past CVEs were resolved. Keep it updated.

24 known CVEsLast CVE: Dec 25, 2025Updated 23d ago
Risk Assessment

WPdiscuz v7.6.47 presents a mixed security posture. While the plugin demonstrates strong adherence to secure coding practices like prepared statements for SQL queries (96%) and proper output escaping (92%), significant concerns arise from its attack surface and historical vulnerability data. A substantial number of AJAX handlers (54 out of 87) lack authentication checks, creating a broad potential entry point for unauthorized actions. The taint analysis, though limited in scope (14 flows), did identify two flows with unsanitized paths, indicating a risk of potential injection vulnerabilities even with a critical severity of 0. The plugin's history of 24 known CVEs, including 3 critical and 3 high severity vulnerabilities, is a major red flag. While there are currently no unpatched vulnerabilities, the sheer volume and severity of past issues suggest a recurring pattern of security flaws. This historical context, combined with the large unprotected attack surface, points to a plugin that, while improving, has a track record of introducing exploitable weaknesses. Therefore, while improvements in secure coding practices are evident, the plugin's extensive history of severe vulnerabilities and its large, potentially unprotected attack surface necessitate a cautious approach and ongoing vigilance.

Key Concerns

  • 54 unprotected AJAX handlers increase attack surface
  • 2 flows with unsanitized paths
  • Large history of known CVEs (24 total)
  • History includes 3 critical CVEs
  • History includes 3 high CVEs
  • Bundled TinyMCE library (potential for outdated versions)
Vulnerabilities
24

Comments – wpDiscuz Security Vulnerabilities

CVEs by Year

1 CVE in 2016
2016
1 CVE in 2020
2020
3 CVEs in 2021
2021
2 CVEs in 2022
2022
10 CVEs in 2023
2023
4 CVEs in 2024
2024
3 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Critical
3
High
3
Medium
16
Low
2

24 total CVEs

CVE-2025-68997medium · 5.3Authorization Bypass Through User-Controlled Key

wpDiscuz <= 7.6.42 - Unauthenticated Insecure Direct Object Reference

Dec 25, 2025 Patched in 7.6.44 (27d)
CVE-2025-13820high · 8.1Authorization Bypass Through User-Controlled Key

Comments – wpDiscuz <= 7.6.39 - Unauthenticated Authentication Bypass Through Account Takeover

Dec 11, 2025 Patched in 7.6.40 (27d)
CVE-2025-59591medium · 4.3Missing Authorization

wpDiscuz <= 7.6.33 - Missing Authorization

Sep 22, 2025 Patched in 7.6.34 (5d)
CVE-2024-9488critical · 9.8Authentication Bypass Using an Alternate Path or Channel

Comments – wpDiscuz <= 7.6.24 - Authentication Bypass via WordPress.com OAuth provider

Oct 24, 2024 Patched in 7.6.25 (119d)
CVE-2024-6704medium · 5.3Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Comments – wpDiscuz <= 7.6.21 - Unauthenticated HTML Injection

Aug 1, 2024 Patched in 7.6.22 (1d)
CVE-2024-35681medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Comments – wpDiscuz <= 7.6.18 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jun 6, 2024 Patched in 7.6.19 (8d)
CVE-2024-2477medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

wpDiscuz <= 7.6.15 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Image Alternative Text

Apr 22, 2024 Patched in 7.6.16 (2d)
CVE-2023-51691medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

wpDiscuz <= 7.6.12 - Authenticated (Administrator+) Stored Cross-Site Scripting

Nov 17, 2023 Patched in 7.6.13 (67d)
CVE-2023-47775medium · 4.3Cross-Site Request Forgery (CSRF)

wpDiscuz <= 7.6.11 - Cross-Site Request Forgery

Nov 14, 2023 Patched in 7.6.12 (70d)
CVE-2023-47185high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

wpDiscuz <= 7.6.11 - Unauthenticated Stored Cross-Site Scripting via Comment Uploaded Image Filename

Oct 31, 2023 Patched in 7.6.12 (84d)
CVE-2023-46311low · 2.7Authorization Bypass Through User-Controlled Key

wpDiscuz <= 7.6.3 - Authenticated(Author+) Insecure Direct Object Reference

Oct 22, 2023 Patched in 7.6.4 (93d)
CVE-2023-46310medium · 4.3Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

wpDiscuz <= 7.6.10 - Unauthenticated Content Injection

Oct 22, 2023 Patched in 7.6.11 (93d)
CVE-2023-46309medium · 5.3Missing Authorization

wpDiscuz <= 7.6.10 - Insufficient Authorization to Comment Submission on Deleted Posts

Oct 20, 2023 Patched in 7.6.11 (95d)
CVE-2023-45760medium · 5.4Missing Authorization

wpDiscuz <= 7.6.3 - Missing Authorization via AJAX actions

Oct 12, 2023 Patched in 7.6.4 (103d)
WF-9dd1e52c-83b7-4b3e-a791-a2c0ccd856bc-wpdiscuzhigh · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

wpDiscuz <= 7.6.5 - Unauthenticated SQL Injection

Sep 18, 2023 Patched in 7.6.6 (127d)
CVE-2023-3998medium · 5.3Authorization Bypass Through User-Controlled Key

wpDiscuz <= 7.6.3 - Insecure Direct Object Reference to Post Rating Increase/Decrease

Sep 12, 2023 Patched in 7.6.4 (133d)
CVE-2023-3869medium · 5.3Authorization Bypass Through User-Controlled Key

wpDiscuz <= 7.6.3 - Insecure Direct Object Reference to Comment Rating Increase/Decrease

Sep 12, 2023 Patched in 7.6.4 (133d)
CVE-2022-43492medium · 5.4Authorization Bypass Through User-Controlled Key

Comments – wpDiscuz <= 7.4.2 - Insecure Direct Object References

Oct 28, 2022 Patched in 7.5 (452d)
CVE-2022-23984low · 3.7Exposure of Sensitive Information to an Unauthorized Actor

Comments - wpDiscuz <= 7.3.11 Sensitive Information Disclosure

Feb 10, 2022 Patched in 7.3.12 (711d)
CVE-2021-24806medium · 4.3Cross-Site Request Forgery (CSRF)

Comments - wpDiscuz <= 7.3.3 - Arbitrary Comment Addition/Edition/Deletion by Cross-Site Request Forgery

Oct 11, 2021 Patched in 7.3.4 (834d)
CVE-2021-24737medium · 4.8Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Comments - wpDiscuz <= 7.3.0 - Authenticated Stored Cross-Site Scripting

Sep 13, 2021 Patched in 7.3.2 (862d)
CVE-2020-24186critical · 9.8Unrestricted Upload of File with Dangerous Type

Comments - wpDiscuz 7.0 - 7.0.4 - Unauthenticated Arbitrary File Upload leading to Remote Code Execution

Jun 6, 2021 Patched in 7.0.5 (961d)
CVE-2020-13640critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Comments - wpDiscuz <= 5.3.5 - Blind SQL Injection via order Parameter

Jun 12, 2020 Patched in 5.3.6 (1320d)
WF-9c8ff308-712b-4cf6-98ea-200d2fed9c43-wpdiscuzmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Comments - wpDiscuz <= 3.1.4 - Reflected Cross-Site Scripting

May 30, 2016 Patched in 3.2.0 (2794d)
Code Analysis
Analyzed Mar 16, 2026

Comments – wpDiscuz Code Analysis

Dangerous Functions
0
Raw SQL Queries
12
261 prepared
Unescaped Output
381
4599 escaped
Nonce Checks
37
Capability Checks
55
File Operations
20
External Requests
34
Bundled Libraries
1

Bundled Libraries

TinyMCE

SQL Query Safety

96% prepared273 total queries

Output Escaping

92% escaped4980 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

14 flows2 with unsanitized paths
getCommentListArgs (class.WpdiscuzCore.php:1822)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
54 unprotected

Comments – wpDiscuz Attack Surface

Entry Points89
Unprotected54

AJAX Handlers 87

authwp_ajax_wpdShowRepliesclass.WpdiscuzCore.php:114
noprivwp_ajax_wpdShowRepliesclass.WpdiscuzCore.php:115
authwp_ajax_wpdLoadMoreCommentsclass.WpdiscuzCore.php:132
noprivwp_ajax_wpdLoadMoreCommentsclass.WpdiscuzCore.php:133
authwp_ajax_wpdSortingclass.WpdiscuzCore.php:134
noprivwp_ajax_wpdSortingclass.WpdiscuzCore.php:135
authwp_ajax_wpdAddCommentclass.WpdiscuzCore.php:136
noprivwp_ajax_wpdAddCommentclass.WpdiscuzCore.php:137
authwp_ajax_wpdGetSingleCommentclass.WpdiscuzCore.php:138
noprivwp_ajax_wpdGetSingleCommentclass.WpdiscuzCore.php:139
authwp_ajax_wpdMostReactedCommentclass.WpdiscuzCore.php:140
noprivwp_ajax_wpdMostReactedCommentclass.WpdiscuzCore.php:141
authwp_ajax_wpdHottestThreadclass.WpdiscuzCore.php:142
noprivwp_ajax_wpdHottestThreadclass.WpdiscuzCore.php:143
authwp_ajax_wpdSaveEditedCommentclass.WpdiscuzCore.php:149
noprivwp_ajax_wpdSaveEditedCommentclass.WpdiscuzCore.php:150
authwp_ajax_wpdUpdateAutomaticallyclass.WpdiscuzCore.php:153
noprivwp_ajax_wpdUpdateAutomaticallyclass.WpdiscuzCore.php:154
authwp_ajax_wpdBubbleUpdateclass.WpdiscuzCore.php:165
noprivwp_ajax_wpdBubbleUpdateclass.WpdiscuzCore.php:166
authwp_ajax_wpdAddInlineCommentclass.WpdiscuzCore.php:173
noprivwp_ajax_wpdAddInlineCommentclass.WpdiscuzCore.php:174
authwp_ajax_wpd_social_loginforms\wpdFormAttr\Login\SocialLogin.php:24
noprivwp_ajax_wpd_social_loginforms\wpdFormAttr\Login\SocialLogin.php:25
authwp_ajax_wpd_login_callbackforms\wpdFormAttr\Login\SocialLogin.php:26
noprivwp_ajax_wpd_login_callbackforms\wpdFormAttr\Login\SocialLogin.php:27
authwp_ajax_wpdiscuzCustomFieldsforms\wpDiscuzForm.php:35
authwp_ajax_adminFieldFormforms\wpDiscuzForm.php:36
authwp_ajax_dismiss_wpdiscuz_addon_noteoptions\class.WpdiscuzAddons.php:29
authwp_ajax_wpdGetInfoutils\class.WpdiscuzHelper.php:45
noprivwp_ajax_wpdGetInfoutils\class.WpdiscuzHelper.php:46
authwp_ajax_wpdGetActivityPageutils\class.WpdiscuzHelper.php:48
noprivwp_ajax_wpdGetActivityPageutils\class.WpdiscuzHelper.php:49
authwp_ajax_wpdGetSubscriptionsPageutils\class.WpdiscuzHelper.php:52
noprivwp_ajax_wpdGetSubscriptionsPageutils\class.WpdiscuzHelper.php:53
authwp_ajax_wpdGetFollowsPageutils\class.WpdiscuzHelper.php:56
noprivwp_ajax_wpdGetFollowsPageutils\class.WpdiscuzHelper.php:57
authwp_ajax_wpdStickCommentutils\class.WpdiscuzHelperAjax.php:27
authwp_ajax_wpdCloseThreadutils\class.WpdiscuzHelperAjax.php:28
authwp_ajax_wpdDeactivateutils\class.WpdiscuzHelperAjax.php:29
authwp_ajax_wpdImportSTCRutils\class.WpdiscuzHelperAjax.php:30
authwp_ajax_wpdImportLSTCutils\class.WpdiscuzHelperAjax.php:31
authwp_ajax_wpdFollowUserutils\class.WpdiscuzHelperAjax.php:33
authwp_ajax_wpdRegenerateVoteMetasutils\class.WpdiscuzHelperAjax.php:34
authwp_ajax_wpdRegenerateClosedCommentsutils\class.WpdiscuzHelperAjax.php:35
authwp_ajax_wpdRegenerateVoteDatautils\class.WpdiscuzHelperAjax.php:36
authwp_ajax_wpdSyncCommenterDatautils\class.WpdiscuzHelperAjax.php:37
authwp_ajax_wpdRebuildRatingsutils\class.WpdiscuzHelperAjax.php:38
authwp_ajax_wpdFixTablesutils\class.WpdiscuzHelperAjax.php:39
authwp_ajax_wpdDeleteCommentutils\class.WpdiscuzHelperAjax.php:41
authwp_ajax_wpdCancelSubscriptionutils\class.WpdiscuzHelperAjax.php:42
authwp_ajax_wpdCancelFollowutils\class.WpdiscuzHelperAjax.php:43
authwp_ajax_wpdEmailDeleteLinksutils\class.WpdiscuzHelperAjax.php:44
noprivwp_ajax_wpdGuestActionutils\class.WpdiscuzHelperAjax.php:45
authwp_ajax_wpdReadMoreutils\class.WpdiscuzHelperAjax.php:48
noprivwp_ajax_wpdReadMoreutils\class.WpdiscuzHelperAjax.php:49
authwp_ajax_wpdRedirectutils\class.WpdiscuzHelperAjax.php:51
noprivwp_ajax_wpdRedirectutils\class.WpdiscuzHelperAjax.php:52
authwp_ajax_wpdVoteOnCommentutils\class.WpdiscuzHelperAjax.php:54
noprivwp_ajax_wpdVoteOnCommentutils\class.WpdiscuzHelperAjax.php:55
authwp_ajax_wpdGetInlineCommentFormutils\class.WpdiscuzHelperAjax.php:57
noprivwp_ajax_wpdGetInlineCommentFormutils\class.WpdiscuzHelperAjax.php:58
authwp_ajax_wpdGetLastInlineCommentsutils\class.WpdiscuzHelperAjax.php:59
noprivwp_ajax_wpdGetLastInlineCommentsutils\class.WpdiscuzHelperAjax.php:60
authwp_ajax_wpdEditCommentutils\class.WpdiscuzHelperAjax.php:61
noprivwp_ajax_wpdEditCommentutils\class.WpdiscuzHelperAjax.php:62
authwp_ajax_wpdUserRateutils\class.WpdiscuzHelperAjax.php:63
noprivwp_ajax_wpdUserRateutils\class.WpdiscuzHelperAjax.php:64
authwp_ajax_wpdUnsubscribeutils\class.WpdiscuzHelperAjax.php:65
noprivwp_ajax_wpdUnsubscribeutils\class.WpdiscuzHelperAjax.php:66
authwp_ajax_wpd_stat_briefutils\class.WpdiscuzHelperAjax.php:67
authwp_ajax_wpd_stat_subsutils\class.WpdiscuzHelperAjax.php:68
authwp_ajax_wpd_stat_graphutils\class.WpdiscuzHelperAjax.php:69
authwp_ajax_wpd_stat_userutils\class.WpdiscuzHelperAjax.php:70
authwp_ajax_searchOptionutils\class.WpdiscuzHelperAjax.php:71
authwp_ajax_wpdResetPostRatingutils\class.WpdiscuzHelperAjax.php:72
authwp_ajax_wpdResetFieldsRatingsutils\class.WpdiscuzHelperAjax.php:73
authwp_ajax_wpdGetNonceutils\class.WpdiscuzHelperAjax.php:74
noprivwp_ajax_wpdGetNonceutils\class.WpdiscuzHelperAjax.php:75
authwp_ajax_wpdAddSubscriptionutils\class.WpdiscuzHelperEmail.php:29
noprivwp_ajax_wpdAddSubscriptionutils\class.WpdiscuzHelperEmail.php:30
authwp_ajax_wpdCheckNotificationTypeutils\class.WpdiscuzHelperEmail.php:31
noprivwp_ajax_wpdCheckNotificationTypeutils\class.WpdiscuzHelperEmail.php:32
authwp_ajax_wpdiscuzDeleteDataWithEmailutils\class.WpdiscuzHelperEmail.php:33
noprivwp_ajax_wpdiscuzDeleteDataWithEmailutils\class.WpdiscuzHelperEmail.php:34
authwp_ajax_wmuDeleteAttachmentutils\class.WpdiscuzHelperUpload.php:56
noprivwp_ajax_wmuDeleteAttachmentutils\class.WpdiscuzHelperUpload.php:57

Shortcodes 2

[wpdiscuz_comments] class.WpdiscuzCore.php:130
[wpdrating] forms\wpDiscuzForm.php:54
WordPress Hooks 155
filtercron_schedulesclass.WpdiscuzCore.php:93
actioninitclass.WpdiscuzCore.php:94
actioninitclass.WpdiscuzCore.php:95
actioninitclass.WpdiscuzCore.php:96
actionwp_insert_siteclass.WpdiscuzCore.php:119
actiondelete_blogclass.WpdiscuzCore.php:120
actionwpclass.WpdiscuzCore.php:121
actionadmin_initclass.WpdiscuzCore.php:123
actionadmin_initclass.WpdiscuzCore.php:125
actionadmin_enqueue_scriptsclass.WpdiscuzCore.php:126
actionwp_enqueue_scriptsclass.WpdiscuzCore.php:127
actionadmin_menuclass.WpdiscuzCore.php:128
actionadmin_headclass.WpdiscuzCore.php:129
filtercomments_clausesclass.WpdiscuzCore.php:147
actionwp_loadedclass.WpdiscuzCore.php:157
filtercomments_template_query_argsclass.WpdiscuzCore.php:158
actionpre_get_commentsclass.WpdiscuzCore.php:159
filterfound_comments_queryclass.WpdiscuzCore.php:160
actionrest_api_initclass.WpdiscuzCore.php:162
actionadmin_footerclass.WpdiscuzCore.php:169
filtermce_buttonsclass.WpdiscuzCore.php:170
filtermce_external_pluginsclass.WpdiscuzCore.php:171
actionwp_footerclass.WpdiscuzCore.php:175
actionenqueue_block_editor_assetsclass.WpdiscuzCore.php:176
filterextra_plugin_headersclass.WpdiscuzCore.php:178
filterauto_update_pluginclass.WpdiscuzCore.php:179
filterpreprocess_commentclass.WpdiscuzCore.php:181
filterpreprocess_commentclass.WpdiscuzCore.php:182
actionadmin_bar_menuclass.WpdiscuzCore.php:184
filterregister_block_type_argsclass.WpdiscuzCore.php:186
actionelementor/editor/after_enqueue_scriptsclass.WpdiscuzCore.php:188
actionelementor/editor/after_enqueue_stylesclass.WpdiscuzCore.php:189
actionelementor/editor/footerclass.WpdiscuzCore.php:190
actionelementor/widgets/registerclass.WpdiscuzCore.php:191
actionenqueue_block_editor_assetsclass.WpdiscuzCore.php:193
filterwp_is_comment_floodclass.WpdiscuzCore.php:618
filtercomments_templateclass.WpdiscuzCore.php:1799
filterdeprecated_file_trigger_errorclass.WpdiscuzCore.php:2699
filterdeprecated_file_trigger_errorclass.WpdiscuzCore.php:2762
actionwpdiscuz_initforms\wpdFormAttr\Login\SocialLogin.php:18
actionwpdiscuz_front_scriptsforms\wpdFormAttr\Login\SocialLogin.php:19
actioncomment_main_form_bar_topforms\wpdFormAttr\Login\SocialLogin.php:20
actioncomment_main_form_after_headforms\wpdFormAttr\Login\SocialLogin.php:21
actioncomment_reply_form_bar_topforms\wpdFormAttr\Login\SocialLogin.php:22
actioncomment_reply_form_bar_topforms\wpdFormAttr\Login\SocialLogin.php:23
filterget_avatarforms\wpdFormAttr\Login\SocialLogin.php:28
filterwp_privacy_personal_data_exportersforms\wpdFormAttr\Tools\PersonalDataExporter.php:17
actionwpdiscuz_initforms\wpDiscuzForm.php:28
actionadmin_initforms\wpDiscuzForm.php:29
actionadmin_menuforms\wpDiscuzForm.php:30
actionadmin_enqueue_scriptsforms\wpDiscuzForm.php:31
actionmanage_wpdiscuz_form_posts_custom_columnforms\wpDiscuzForm.php:32
filtermanage_wpdiscuz_form_posts_columnsforms\wpDiscuzForm.php:33
actionedit_form_after_titleforms\wpDiscuzForm.php:34
actiontransition_comment_statusforms\wpDiscuzForm.php:37
actiondelete_commentforms\wpDiscuzForm.php:38
filterwpdiscuz_before_subscription_addedforms\wpDiscuzForm.php:39
filterwpdiscuz_js_optionsforms\wpDiscuzForm.php:41
actionsave_postforms\wpDiscuzForm.php:42
actionwp_trash_postforms\wpDiscuzForm.php:43
actionadd_meta_boxesforms\wpDiscuzForm.php:44
actionadd_meta_boxes_commentforms\wpDiscuzForm.php:45
filtercomment_save_preforms\wpDiscuzForm.php:46
actioncomment_postforms\wpDiscuzForm.php:47
actionedit_commentforms\wpDiscuzForm.php:48
filtercomment_textforms\wpDiscuzForm.php:49
filterwpdiscuz_after_read_moreforms\wpDiscuzForm.php:50
filterpost_row_actionsforms\wpDiscuzForm.php:51
filteradmin_post_cloneWpdiscuzFormforms\wpDiscuzForm.php:52
filterthe_contentforms\wpDiscuzForm.php:53
actionwpdiscuz_comment_form_beforeforms\wpDiscuzForm.php:55
actionadmin_noticesforms\wpDiscuzForm.php:56
actionwp_loadedforms\wpDiscuzForm.php:57
filterparse_queryforms\wpDiscuzForm.php:524
actionwpdiscuz_submenu_pageoptions\class.WpdiscuzAddons.php:27
actionwpdiscuz_addons_checkoptions\class.WpdiscuzAddons.php:28
actionadmin_noticesoptions\class.WpdiscuzAddons.php:30
actionwpdiscuz_initoptions\class.WpdiscuzOptions.php:79
actionadmin_initoptions\class.WpdiscuzOptions.php:80
actionadmin_initoptions\class.WpdiscuzOptions.php:81
actionadmin_noticesoptions\class.WpdiscuzOptions.php:83
actionswitch_blogoptions\class.WpdiscuzOptions.php:84
filteris_load_wpdiscuzthemes\unsubscription.php:29
actionadmin_post_purgeAllCachesutils\class.WpdiscuzCache.php:17
actionadmin_post_purgePostCachesutils\class.WpdiscuzCache.php:18
actionwpdiscuz_reset_users_cacheutils\class.WpdiscuzCache.php:19
actionwpdiscuz_reset_comments_cacheutils\class.WpdiscuzCache.php:20
actionwpdiscuz_reset_comments_extra_cacheutils\class.WpdiscuzCache.php:21
actioncomment_postutils\class.WpdiscuzCache.php:22
actionedit_commentutils\class.WpdiscuzCache.php:23
filterthe_champ_login_interface_filterutils\class.WpdiscuzHelper.php:26
filterpre_comment_user_iputils\class.WpdiscuzHelper.php:27
filterget_avatar_urlutils\class.WpdiscuzHelper.php:28
filtercomment_textutils\class.WpdiscuzHelper.php:31
filtercomment_textutils\class.WpdiscuzHelper.php:34
filtercomment_textutils\class.WpdiscuzHelper.php:36
filterwp_update_comment_datautils\class.WpdiscuzHelper.php:37
actionpost_updatedutils\class.WpdiscuzHelper.php:38
actionupdate_postmetautils\class.WpdiscuzHelper.php:39
actionadded_post_metautils\class.WpdiscuzHelper.php:40
filtercomment_row_actionsutils\class.WpdiscuzHelper.php:41
filteradmin_comment_types_dropdownutils\class.WpdiscuzHelper.php:42
filterwpdiscuz_after_comment_authorutils\class.WpdiscuzHelper.php:43
actionadmin_post_disableAddonsDemoutils\class.WpdiscuzHelper.php:59
actionadmin_footerutils\class.WpdiscuzHelper.php:62
filterwpdiscuz_comment_authorutils\class.WpdiscuzHelper.php:64
actionadd_meta_boxesutils\class.WpdiscuzHelper.php:65
filternonce_lifeutils\class.WpdiscuzHelper.php:67
actionwpdiscuz_initutils\class.WpdiscuzHelper.php:68
actionwputils\class.WpdiscuzHelper.php:69
actionsave_postutils\class.WpdiscuzHelper.php:72
actionwpdiscuz_initutils\class.WpdiscuzHelperEmail.php:28
actioncomment_postutils\class.WpdiscuzHelperEmail.php:35
filtertemplate_includeutils\class.WpdiscuzHelperEmail.php:36
filterquery_varsutils\class.WpdiscuzHelperEmail.php:37
actiondeleted_commentutils\class.WpdiscuzHelperOptimization.php:25
actiondelete_userutils\class.WpdiscuzHelperOptimization.php:26
actionprofile_updateutils\class.WpdiscuzHelperOptimization.php:27
actionadmin_post_removeVoteDatautils\class.WpdiscuzHelperOptimization.php:28
actionadmin_post_removeSocialAvatarsutils\class.WpdiscuzHelperOptimization.php:29
actionadmin_post_resetPhrasesutils\class.WpdiscuzHelperOptimization.php:30
actiontransition_comment_statusutils\class.WpdiscuzHelperOptimization.php:31
actionedit_commentutils\class.WpdiscuzHelperOptimization.php:32
actionpost_updatedutils\class.WpdiscuzHelperOptimization.php:33
actiondeleted_postutils\class.WpdiscuzHelperOptimization.php:34
actionupdated_optionutils\class.WpdiscuzHelperOptimization.php:35
actionbp_members_avatar_uploadedutils\class.WpdiscuzHelperOptimization.php:36
actionwpforo_update_profile_afterutils\class.WpdiscuzHelperOptimization.php:37
actiondeactivate_pluginutils\class.WpdiscuzHelperOptimization.php:38
actionwpdiscuz_clean_post_cacheutils\class.WpdiscuzHelperOptimization.php:39
actionwpdiscuz_clean_all_cachesutils\class.WpdiscuzHelperOptimization.php:40
filtercomments_pre_queryutils\class.WpdiscuzHelperOptimization.php:42
filterthe_commentsutils\class.WpdiscuzHelperOptimization.php:43
actionwpdiscuz_initutils\class.WpdiscuzHelperUpload.php:40
filterwpdiscuz_editor_buttons_htmlutils\class.WpdiscuzHelperUpload.php:42
actionwpdiscuz_button_actionsutils\class.WpdiscuzHelperUpload.php:43
filterwpdiscuz_comment_list_argsutils\class.WpdiscuzHelperUpload.php:45
filtercomment_textutils\class.WpdiscuzHelperUpload.php:46
filterwpdiscuz_after_read_moreutils\class.WpdiscuzHelperUpload.php:47
filterwpdiscuz_comment_postutils\class.WpdiscuzHelperUpload.php:50
filterwpdiscuz_ajax_callbacksutils\class.WpdiscuzHelperUpload.php:51
actionwpdiscuz_before_wp_new_commentutils\class.WpdiscuzHelperUpload.php:53
actionwpdiscuz_add_comment_before_wp_list_commentsutils\class.WpdiscuzHelperUpload.php:54
actiondelete_commentutils\class.WpdiscuzHelperUpload.php:59
actiondelete_attachmentutils\class.WpdiscuzHelperUpload.php:60
filterwpdiscuz_privacy_personal_data_exportutils\class.WpdiscuzHelperUpload.php:62
filterwpdiscuz_do_export_personal_datautils\class.WpdiscuzHelperUpload.php:63
actionwpdiscuz_initutils\class.WpdiscuzHelperUpload.php:66
actionwpdiscuz_initutils\class.WpdiscuzHelperUpload.php:67
filtercron_schedulesutils\class.WpdiscuzHelperUpload.php:70
actionrestrict_manage_postsutils\class.WpdiscuzHelperUpload.php:73
filterparse_queryutils\class.WpdiscuzHelperUpload.php:74
filterjetpack_photon_admin_allow_image_downsizeutils\class.WpdiscuzHelperUpload.php:133
filterintermediate_image_sizesutils\class.WpdiscuzHelperUpload.php:889
filterdeprecated_file_trigger_errorutils\WpdiscuzElementorIntegration.php:40
Maintenance & Trust

Comments – wpDiscuz Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 11, 2026
PHP min version5.6
Downloads4.4M

Community Trust

Rating94/100
Number of ratings578
Active installs80K
Alternatives

Comments – wpDiscuz Alternatives

Comments Extra Fields For Post,Pages and CPT

Comments Extra Fields For Post,Pages and CPT

wp-comment-fields

B
84

This plugin allow admin to add extra fields in comment area. These fields are saved as comment meta and is displayed under comment text.

600 3 CVEs
JC Ajax Comments

JC Ajax Comments

jc-ajax-comment

A
85

Ajax in wordpress comments, this plugin makes the error message is displayed in a popup and updates the comments.

10 No CVEs
Advanced Comment Form

Advanced Comment Form

comment-form

A
92

Advanced Comment Form lets you customize plenty of things on the default comment forms in WordPress.

5K 1 CVE
AnyComment

AnyComment

anycomment

F
17

AnyComment is blazing-fast commenting plugin based on React for WordPress.

3K 3 unpatched
Comments Form Star Rating Plugin for WordPress

Comments Form Star Rating Plugin for WordPress

comments-form-star-rating

A
92

Allow your customers to add star rattings in comment form.

2K No CVEs
Developer Profile

Comments – wpDiscuz Developer Profile

AdvancedCoding

1 plugin · 80K total installs

62
trust score
Avg Security Score
75/100
Avg Patch Time
380 days
View full developer profile
Detection Fingerprints

How We Detect Comments – wpDiscuz

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wpdiscuz/assets/css/wpdiscuz-frontend.css/wp-content/plugins/wpdiscuz/assets/css/wpdiscuz-backend.css/wp-content/plugins/wpdiscuz/assets/js/wpdiscuz-frontend.js/wp-content/plugins/wpdiscuz/assets/js/wpdiscuz-backend.js/wp-content/plugins/wpdiscuz/assets/js/wpdiscuz-all.js/wp-content/plugins/wpdiscuz/assets/js/wpdiscuz-lazy-load.js
Generator Patterns
wpDiscuz
Script Paths
/wp-content/plugins/wpdiscuz/assets/js/wpdiscuz-frontend.js/wp-content/plugins/wpdiscuz/assets/js/wpdiscuz-backend.js/wp-content/plugins/wpdiscuz/assets/js/wpdiscuz-all.js/wp-content/plugins/wpdiscuz/assets/js/wpdiscuz-lazy-load.js
Version Parameters
wpdiscuz/assets/css/wpdiscuz-frontend.css?ver=wpdiscuz/assets/css/wpdiscuz-backend.css?ver=wpdiscuz/assets/js/wpdiscuz-frontend.js?ver=wpdiscuz/assets/js/wpdiscuz-backend.js?ver=wpdiscuz/assets/js/wpdiscuz-all.js?ver=wpdiscuz/assets/js/wpdiscuz-lazy-load.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpd-comment-authorwpd-comment-datewpd-comment-textwpd-comment-replywpd-comment-likewpd-comment-user-avatarwpd-comment-contentwpd-form+13 more
HTML Comments
<!-- wpDiscuz comment form --><!-- wpDiscuz comment list --><!-- wpDiscuz comment --><!-- wpDiscuz reply button -->+1 more
Data Attributes
data-post-iddata-commentiddata-parentiddata-wpdiscuz-iddata-comment-authordata-comment-date+1 more
JS Globals
wpdiscuzAjaxObjwpdiscuzForm
REST Endpoints
/wp-json/wpdiscuz/v1/comments/wp-json/wpdiscuz/v1/add-comment/wp-json/wpdiscuz/v1/load-more/wp-json/wpdiscuz/v1/sorting/wp-json/wpdiscuz/v1/save-edit/wp-json/wpdiscuz/v1/update-automatically/wp-json/wpdiscuz/v1/bubble-update/wp-json/wpdiscuz/v1/feedback-dialog/wp-json/wpdiscuz/v1/add-inline-comment
Shortcode Output
[wpdiscuz_comments][wpdiscuz_feedback]
FAQ

Frequently Asked Questions about Comments – wpDiscuz