CTC Rating ๐ Security & Risk Analysis
wordpress.org/plugins/ctc-rating๐ CTC Rating allows users to easily add a thumbs up ๐ and thumbs down ๐ rating system to your WordPress posts. Users can also view the total number of …
Is CTC Rating ๐ Safe to Use in 2026?
Generally Safe
Score 100/100CTC Rating ๐ has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The ctc-rating plugin v1.8.0 exhibits a concerning security posture primarily due to its unprotected entry points. While the plugin shows good practices in SQL query preparation and output escaping, the presence of four AJAX handlers without any authentication or capability checks creates a significant attack surface. The taint analysis revealing two high-severity flows with unsanitized paths further exacerbates this risk, suggesting potential for arbitrary code execution or data manipulation if these paths are exploitable.
The plugin's vulnerability history is clean, with zero recorded CVEs. This is a positive indicator, suggesting the developers may have a good understanding of secure coding or that the plugin has not been a target of widespread exploitation. However, this clean history should not overshadow the direct findings from the static analysis, particularly the unprotected AJAX endpoints and the high-severity taint flows. The lack of nonce checks on these AJAX handlers is a critical omission that could allow attackers to trigger actions without user consent.
In conclusion, the ctc-rating plugin v1.8.0 presents a notable risk. The strengths lie in its use of prepared statements and output escaping. However, the significant number of unprotected AJAX handlers and the identified high-severity taint flows with unsanitized paths represent critical vulnerabilities that require immediate attention to mitigate potential security breaches.
Key Concerns
- Unprotected AJAX handlers
- High severity unsanitized taint flows
- Missing nonce checks on AJAX
- Missing capability checks on AJAX
CTC Rating ๐ Security Vulnerabilities
CTC Rating ๐ Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
CTC Rating ๐ Attack Surface
AJAX Handlers 4
WordPress Hooks 2
Maintenance & Trust
CTC Rating ๐ Maintenance & Trust
Maintenance Signals
Community Trust
CTC Rating ๐ Alternatives
Comments Like Dislike
comments-like-dislike
Like Dislike for WordPress Comments
Post Engagement โ Like Dislike, Share, Views, Star Rating, Favorites & Copy Posts
like-dislike-posts-products
Add AJAX likes/dislikes, star ratings, views, reactions, favorites, sharing, and copy content for posts or WooCommerce products.
WP Like System
wp-like-system
Rating system for posts, based on Facebook likes. Its not dependent of Facebook.
Youtube Like Rating
youtube-like-rating
Youtube Like Thumbs Up Or Thumbs Down System For Voting On Posts And Comments.
YASR โ Yet Another Star Rating Plugin for WordPress
yet-another-stars-rating
Boost the way people interact with your site with an easy WordPress stars rating system! With schema.org rich snippets YASR will improve your SEO
CTC Rating ๐ Developer Profile
17 plugins ยท 2K total installs
How We Detect CTC Rating ๐
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/ctc-rating/build/index.js/wp-content/plugins/ctc-rating/build/index.css/wp-content/plugins/ctc-rating/build/index.jsctc-rating/build/index.js?ver=ctc-rating/build/index.css?ver=HTML / DOM Fingerprints
ctcItemRatingctcUserThumbUpctcUserThumbDownctcThumbUpctcThumbDownctcThumbsUpStatctcThumbsDownStatdata-ctcr-paramctcRatingAjaxUrlnotLoggedInalreadyThumbedUpalreadyThumbedDownthumbUpthumbDown/wp-json/wp/v2/users/wp-json/ctc-rating/v1/ratings<div class="ctcItemRating"<span id="ctcThumbUp-<span id="ctcThumbUpCount-<span id="ctcThumbDownCount-