WP Clinic
Log in Sign up

PLUGIN SECURITY

Is Anycomment safe?

Known vulnerabilities, PHP compatibility and safer alternatives for the Anycomment WordPress plugin — checked against WP Clinic's local security database.

Plugin details

  • Slug: anycomment
  • Requires PHP: 5.4+
  • Max supported PHP (analyzed): <8.0

Known vulnerabilities

  • AnyComment [anycomment] < 0.2.18 [CVE-2022-0134, WordPress AnyComment plugin <= 0.2.17 - Arbitrary HyperComments Import/Revert via CSRF vulnerability, AnyComment &lt; 0.2.18 - Arbitrary HyperComments Import/Revert via CSRF, AnyComment <= 0.2.17 - Cross-Site Request Forgery]
  • AnyComment [anycomment] < 0.2.18 [CVE-2022-0279, WordPress AnyComment plugin <= 0.2.17 - Comment Rating Increase/Decrease via Race Condition vulnerability, AnyComment &lt; 0.2.18 - Comment Rating Increase/Decrease via Race Condition, AnyComment <= 0.2.17 - Race Condition]
  • AnyComment [anycomment] < 0.3.5 [CVE-2021-24838, WordPress AnyComment plugin <= 0.3.4 - Open Redirect vulnerability, AnyComment &lt;= 0.3.1 - Open Redirect, AnyComment <= 0.3.4 - Open Redirect via redirect parameter]
  • AnyComment [anycomment] < 0.0.33 [CVE-2018-21001, Anycomment &lt; 0.0.33 - XSS, AnyComment <= 0.0.32 - Cross-Site Scripting]
  • AnyComment [anycomment] < 0.0.99 [CVE-2023-33999, WordPress AnyComment Plugin <= 0.0.98 is vulnerable to Cross Site Scripting (XSS), Freemius SDK &lt; 2.5.10 - Reflected Cross-Site Scripting]
+ 3 more known vulnerabilities
  • AnyComment [anycomment] <= 0.3.6 (unfixed) [CVE-2025-48091, WordPress AnyComment Plugin <= 0.3.6 is vulnerable to SQL Injection, AnyComment <= 0.3.6 - Authenticated (Subscriber+) SQL Injection, EUVD-2025-35568]
  • AnyComment [anycomment] <= 0.3.6 (unfixed) [CVE-2025-60240, AnyComment <= 0.3.6 - Unauthenticated Local File Inclusion]
  • AnyComment [anycomment] <= 0.3.6 (unfixed) [WordPress AnyComment plugin <= 0.3.6 - Broken Access Control vulnerability, AnyComment <= 0.3.6 - Missing Authorization]

Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.

Safer / more established alternatives

Check your own WordPress site

Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.