[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fUtXJd_WwpYwnl3GK20VudfwZYI51bGjmnL2w2Rw5BpI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":40,"analysis":144,"fingerprints":446},"custom-ratings","Custom Ratings","1.5.1","Steve Puddick","https:\u002F\u002Fprofiles.wordpress.org\u002Fstevepuddick\u002F","\u003Cp>Custom Ratings is a fun and creative tool that allows your visitors to interact and rate your site content.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Choose from a selection of ‘built in’ rating images or upload your own single image. Custom ratings automatically converts the image to grayscale for disabled ratings, and splits images in half for half values.\u003C\u002Fli>\n\u003Cli>All text is fully customizable and translateable.\u003C\u002Fli>\n\u003Cli>WPML compatible with a cumulative tallying system between languages.\u003C\u002Fli>\n\u003Cli>Use the built in CSS or your own.\u003C\u002Fli>\n\u003Cli>Fully compatible with caching plugins such as W3C Total Cache and Super Cache.\u003C\u002Fli>\n\u003Cli>Full control over caching time for AJAX based voting data. \u003C\u002Fli>\n\u003Cli>Option for manual placement of Custom Ratings components in theme templates.   \u003C\u002Fli>\n\u003Cli>Full support for custom post types.\u003C\u002Fli>\n\u003Cli>Compatible with WooCommerce products.\u003C\u002Fli>\n\u003Cli>Control over which templates Custom Ratings appears on.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Add some personality to your website and install Custom Ratings today!\u003C\u002Fp>\n\u003Cp>Thanks to the following open source projects which Custom Ratings has utilized:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.ractivejs.org\u002F\" title=\"Ractive\" rel=\"nofollow ugc\">Ractive\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbgrins.github.io\u002Fspectrum\u002F\" title=\"Spectrum\" rel=\"nofollow ugc\">Spectrum\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","A fun and creative way to let your site visitors rate your posts, pages, and more!",80,6591,82,7,"2023-01-14T14:05:00.000Z","6.1.10","3.5","",[20,21,22,23,24],"post","rating","stars","user-rating","woocommerce","https:\u002F\u002Fen-ca.wordpress.org\u002Fplugins\u002Fcustom-ratings","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-ratings.1.5.1.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":36,"avg_patch_time_days":37,"trust_score":38,"computed_at":39},"stevepuddick",6,1090,89,30,86,"2026-04-04T03:51:35.857Z",[41,63,82,101,118],{"slug":42,"name":43,"version":44,"author":45,"author_profile":46,"description":47,"short_description":48,"active_installs":49,"downloaded":50,"rating":51,"num_ratings":52,"last_updated":53,"tested_up_to":54,"requires_at_least":55,"requires_php":18,"tags":56,"homepage":58,"download_link":59,"security_score":60,"vuln_count":61,"unpatched_count":61,"last_vuln_date":62,"fetched_at":30},"ec-stars-rating","EC Stars Rating","1.0.11","ecoal95","https:\u002F\u002Fprofiles.wordpress.org\u002Fecoal95\u002F","\u003Cp>A \u003Cstrong>super fast\u003C\u002Fstrong> \u003Cstrong>WordPress star rating plugin\u003C\u002Fstrong>, optimized for SEO, and with a really low impact on page load (just CSS + a bit of HTML, plus the strictly required JS for working).\u003C\u002Fp>\n\u003Ch3>Developers\u003C\u002Fh3>\n\u003Cp>The svn repo has been recently synchronized with \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fecoal95\u002Fec-stars-rating\" rel=\"nofollow ugc\">a github one\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Contributions are more than welcome, so feel free to submit a PR there if you wish 🙂\u003C\u002Fp>\n\u003Ch3>How it works\u003C\u002Fh3>\n\u003Cp>Basically we create a new table called \u003Ccode>(prefix)ec_stars_votes\u003C\u002Fcode>, where we store the votes of the people (to prevent duplicate votes).\u003C\u002Fp>\n\u003Cp>The number of votes and the sum of the total votes are stored in the \u003Ccode>(prefix)options\u003C\u002Fcode> table in form of custom meta fields, one for the count, and another for the sum. Both fields get updated when someone votes.\u003C\u002Fp>\n","A lightweigt, blazing fast star rating plugin for WordPress",400,18491,84,16,"2015-11-04T11:55:00.000Z","4.3.34","3.0",[57,21,22],"posts-rating","http:\u002F\u002Femiliocobos.net\u002Fec-stars-rating-wordpress-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fec-stars-rating.1.0.11.zip",63,1,"2025-06-27 00:00:00",{"slug":64,"name":65,"version":66,"author":67,"author_profile":68,"description":69,"short_description":70,"active_installs":71,"downloaded":72,"rating":71,"num_ratings":73,"last_updated":74,"tested_up_to":75,"requires_at_least":76,"requires_php":18,"tags":77,"homepage":80,"download_link":81,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"author-post-ratings","Author Post Ratings","1.1.1","Philip Newcomer","https:\u002F\u002Fprofiles.wordpress.org\u002Fphilipnewcomer\u002F","\u003Cp>There are plenty of plugins available which allow site \u003Cem>visitors\u003C\u002Fem> to rate posts, but I didn’t find any that gave the post \u003Cem>author\u003C\u002Fem> that functionality, so I wrote this plugin. \u003Cem>Author Post Ratings\u003C\u002Fem> adds a meta box to the post edit screen, allowing you to chose a 1-5 star rating for the post, or to leave it unrated. The plugin will automatically add the post rating (using stars, and an optional label) to the top or bottom of the post. If you wish, you can disable that functionality altogether and use a shortcode to insert the post rating anywhere in the post you choose. The plugin supports ratings for posts, pages, and custom post types, all of which can be individually enabled or disabled in the plugin settings. It is also fully internationalized, with Spanish language translation files included.\u003C\u002Fp>\n\u003Ch3>Translating the Plugin\u003C\u002Fh3>\n\u003Cp>The post rating label text can be changed in the plugin settings, so no translation is required for the frontend (public side) of the site. However, if you wish to translate the backend settings interface, the plugin is fully internationalized and ready for translation. There is a .po and a .mo file included in the plugin’s ‘languages’ directory for your convenience.\u003C\u002Fp>\n\u003Cp>The plugin includes the following translations:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Spanish\u003Cbr \u002F>\n\u003Cem>courtesy of \u003Ca href=\"http:\u002F\u002Fwww.webhostinghub.com\u002F\" rel=\"nofollow ugc\">WebHostingHub\u003C\u002Fa>\u003C\u002Fem>.\u003C\u002Fli>\n\u003C\u002Ful>\n","Allows a post author to assign a simple 1-5 star rating to a post, page, or custom post type, which will then be displayed on the post.",100,15256,8,"2013-12-12T14:53:00.000Z","3.7.41","3.1",[78,79,20,21,22],"author","custom-post-type","http:\u002F\u002Fphilipnewcomer.net\u002Fwordpress-plugins\u002Fauthor-post-ratings\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauthor-post-ratings.1.1.1.zip",{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":90,"downloaded":91,"rating":92,"num_ratings":93,"last_updated":94,"tested_up_to":95,"requires_at_least":55,"requires_php":18,"tags":96,"homepage":99,"download_link":100,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"better-woocommerce-stars-shortcode","Better WooCommerce Stars Shortcode","1.0","Clicknathan","https:\u002F\u002Fprofiles.wordpress.org\u002Fclicknathan\u002F","\u003Cp>Creates a shortcode, \u003Ccode>[woocommerce_rating id=\"n\"]\u003C\u002Fcode>,  that displays the rating, in stars, of any WooCommerce product.  \u003Ccode>[woocommerce_rating]\u003C\u002Fcode> will show the star rating of the current product.  This plugin requires WooCommerce.\u003C\u002Fp>\n","Creates a shortcode that displays the rating, in stars, of any WooCommerce product.",60,4945,74,3,"2015-08-24T17:54:00.000Z","4.8.28",[21,97,98,22,24],"ratings","shortcode","http:\u002F\u002Fclicknathan.com\u002Fweb-design\u002Fbetter-woocommerce-star-ratings-shortcode-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-woocommerce-stars-shortcode.zip",{"slug":102,"name":103,"version":85,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":28,"downloaded":108,"rating":28,"num_ratings":28,"last_updated":18,"tested_up_to":95,"requires_at_least":109,"requires_php":18,"tags":110,"homepage":115,"download_link":116,"security_score":71,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":117},"wcsociality","WCSociality","po5ept","https:\u002F\u002Fprofiles.wordpress.org\u002Fpo5ept\u002F","\u003Cp>The WCSociality plug-in makes it possible to add a rating to the page or record of the system, a button of the likes and the question “Was the article useful?”. All elements work through ajax-requests, without reloading the page.\u003C\u002Fp>\n\u003Cp>Add blocks to the page can be selectively, i.e. you can add 1, 2 or all at once. Depending on the tasks.\u003C\u002Fp>\n\u003Cp>Use this function for display on the page rating – the_wcs_rating();\u003Cbr \u002F>\nUse this function for display on the page like – the_wcs_liker();\u003Cbr \u002F>\nUse this function for display on the page useful – the_wcs_useful();\u003C\u002Fp>\n","The WCSociality plug-in makes it possible to add a rating to the page or record of the system, a button of the likes and the question \"Was the ar &hellip;",1579,"2.7",[111,112,21,113,114],"like","post-rating","stars-rating","wp-post-rating","http:\u002F\u002Fpo5ept.ru\u002Fwp-plugins\u002Fwcsociality.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwcsociality.zip","2026-03-15T14:44:11.924Z",{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":128,"num_ratings":129,"last_updated":130,"tested_up_to":131,"requires_at_least":132,"requires_php":133,"tags":134,"homepage":140,"download_link":141,"security_score":142,"vuln_count":93,"unpatched_count":28,"last_vuln_date":143,"fetched_at":30},"mailpoet","MailPoet – Newsletters, Email Marketing, and Automation","5.22.1","MailPoet","https:\u002F\u002Fprofiles.wordpress.org\u002Fmailpoet\u002F","\u003Cp>Use MailPoet to create, send, manage, and grow your email marketing campaigns – all without leaving your WordPress dashboard.\u003C\u002Fp>\n\u003Cp>Our newsletter builder integrates perfectly with WordPress so any website owner can create beautiful emails from scratch, or by using our responsive templates that display flawlessly across all devices.\u003C\u002Fp>\n\u003Cp>Schedule your newsletters, send them right away, or set up new blog post notifications to send automatically, in just a few clicks.\u003C\u002Fp>\n\u003Cp>Trusted by 500,000 WordPress websites since 2011.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>With a free plan to get started, and scaling paid plans with enhanced functionality available, MailPoet is an email marketing solution suitable for both beginners and proficient email marketers.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.mailpoet.com\u002F\" rel=\"nofollow ugc\">Visit our website for more information on plans and pricing\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>All features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Create and add a newsletter subscription form to your website\u003C\u002Fli>\n\u003Cli>Manage your subscribers and subscriber lists in WordPress\u003C\u002Fli>\n\u003Cli>Build and send newsletters with WordPress\u003C\u002Fli>\n\u003Cli>Create automatic emails to send new post notifications\u003C\u002Fli>\n\u003Cli>Send automated welcome emails\u003C\u002Fli>\n\u003Cli>Behavior and interest-based subscriber segmentation options\u003C\u002Fli>\n\u003Cli>Pre-built and customizable email and subscription form templates\u003C\u002Fli>\n\u003Cli>Multiple subscription form placements: below pages, fixed bar, popup, slide-in, shortcode, on exit intent\u003C\u002Fli>\n\u003Cli>WooCommerce emails: abandoned cart, first purchase, specific product, product category, order status change, review added\u003C\u002Fli>\n\u003Cli>Customize WooCommerce transactional emails\u003C\u002Fli>\n\u003Cli>Automate subscriber management (add\u002Fremove from list, add\u002Fremove tags, update subscriber data) (paid plan required)\u003C\u002Fli>\n\u003Cli>Create custom automation triggers and actions (paid plan required)\u003C\u002Fli>\n\u003Cli>Branch your automations with if\u002Felse conditions to improve engagement (paid plan required)\u003C\u002Fli>\n\u003Cli>Reliable email delivery with MailPoet Sending Service (available for free – plan required)\u003C\u002Fli>\n\u003Cli>Basic engagement statistics (available for free) and detailed engagement statistics (paid plan required)\u003C\u002Fli>\n\u003Cli>Multi-condition segmentation (paid plan required)\u003C\u002Fli>\n\u003Cli>Google Analytics integration (paid plan required)\u003C\u002Fli>\n\u003Cli>Support via our Knowledge Base and Community Forums (available for free), and Priority Customer Support (paid plan required).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Why choose MailPoet\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easy to use WordPress newsletter builder\u003C\u002Fli>\n\u003Cli>Beautiful templates that work perfectly across all devices\u003C\u002Fli>\n\u003Cli>No configuration needed: works out of the box\u003C\u002Fli>\n\u003Cli>Manage everything within your WordPress dashboard\u003C\u002Fli>\n\u003Cli>Higher delivery rates with the MailPoet Sending Service\u003C\u002Fli>\n\u003Cli>GDPR compliant\u003C\u002Fli>\n\u003Cli>Free plan for small senders or those just starting out\u003C\u002Fli>\n\u003Cli>Advanced functionality available to help achieve growth.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>WooCommerce emails\u003C\u002Fh4>\n\u003Cp>Promote your business, sell more products, and enhance your customer service with MailPoet’s WooCommerce features.\u003C\u002Fp>\n\u003Cp>Use the automated email options to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Welcome your new customers when they make their first purchase\u003C\u002Fli>\n\u003Cli>Upsell by sending emails to customers who purchased a specific product or from a specific product category\u003C\u002Fli>\n\u003Cli>Convert more customers by sending a series of abandoned cart emails\u003C\u002Fli>\n\u003Cli>Re-engage customers who haven’t made a purchase in a while with personalized offers (paid plan required)\u003C\u002Fli>\n\u003Cli>Follow up with customers who left a review to encourage more engagement (paid plan required).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>And with WooCommerce-specific segmentation options, you’ll be able to send targeted emails to your customers based on criteria such as their country, the number of orders they’ve placed, how much they’ve spent, and if they have an active product subscription (powered by \u003Cstrong>WooCommerce Subscriptions\u003C\u002Fstrong>) or membership (powered by \u003Cstrong>WooCommerce Memberships\u003C\u002Fstrong>).\u003C\u002Fp>\n\u003Cp>In addition, you’ll also be able to increase brand recognition by customizing your WooCommerce transactional emails. Create a unified brand experience by changing the layout, colors, and fonts used in your emails, as well as adding any images or additional information to them.\u003C\u002Fp>\n\u003Ch4>MailPoet Sending Service\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>The MailPoet Sending Service is free if you only have a few subscribers, with scaling plans available thereafter. \u003Ca href=\"https:\u002F\u002Fwww.mailpoet.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">Read more.\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Sending emails and newsletters with your host is not a good idea. You might face sending speed limitations and see your emails ending up in the spam box.\u003C\u002Fp>\n\u003Cp>To help your sending go without a hitch, we’ve created an advanced email delivery infrastructure built for WordPress. Our technology allows you to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Reach inboxes, not spam boxes\u003C\u002Fli>\n\u003Cli>Send your emails super fast (up to 50,000 emails per hour)\u003C\u002Fli>\n\u003Cli>Maintain your sender reputation and improve engagement levels with automated bounce and complaint handling. Stop sending to non-deliverable and complaining addresses, automatically\u003C\u002Fli>\n\u003Cli>Authenticate your emails (with SPF and DKIM) to improve deliverability and avoid spam boxes.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The MailPoet Sending Service is very easy to set up, you just have to enter a key in your WordPress dashboard and you’re all set!\u003C\u002Fp>\n\u003Ch4>MailPoet plans and pricing\u003C\u002Fh4>\n\u003Cp>MailPoet is available to download for free. Our free download includes all of the features listed above (with the exception of those indicating a plan requirement) under the following criteria:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Up to 1,000 subscribers\u003C\u002Fli>\n\u003Cli>MailPoet branding in emails\u003C\u002Fli>\n\u003Cli>Send emails with your own sending method (host, SendGrid, Amazon SES, etc).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Or if you opt for a MailPoet plan, you’ll get access to the MailPoet Sending Service.\u003C\u002Fp>\n\u003Cp>A free plan is available for those who want to get started with a few subscribers and would like to use the MailPoet Sending Service. And our paid plans offer features and functionality for those with larger lists who are looking to grow their business using email marketing.\u003C\u002Fp>\n\u003Cp>Take a look at \u003Ca href=\"https:\u002F\u002Fwww.mailpoet.com\u002Fpricing\" rel=\"nofollow ugc\">our pricing page\u003C\u002Fa> for full details on what’s included in each plan.\u003C\u002Fp>\n\u003Ch4>Before you install\u003C\u002Fh4>\n\u003Cp>Please note:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Multisite support is limited\u003C\u002Fli>\n\u003Cli>Review \u003Ca href=\"https:\u002F\u002Fkb.mailpoet.com\u002Farticle\u002F152-minimum-requirements-for-mailpoet-3\" rel=\"nofollow ugc\">our minimum requirements\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Albanian\u003C\u002Fli>\n\u003Cli>Arabic\u003C\u002Fli>\n\u003Cli>Catalan\u003C\u002Fli>\n\u003Cli>Czech\u003C\u002Fli>\n\u003Cli>Danish\u003C\u002Fli>\n\u003Cli>Dutch\u003C\u002Fli>\n\u003Cli>Dutch (Formal)\u003C\u002Fli>\n\u003Cli>French (Canada)\u003C\u002Fli>\n\u003Cli>French (France)\u003C\u002Fli>\n\u003Cli>German\u003C\u002Fli>\n\u003Cli>German (Switzerland)\u003C\u002Fli>\n\u003Cli>German (Formal)\u003C\u002Fli>\n\u003Cli>Greek\u003C\u002Fli>\n\u003Cli>Hindi\u003C\u002Fli>\n\u003Cli>Italian\u003C\u002Fli>\n\u003Cli>Japanese\u003C\u002Fli>\n\u003Cli>Polish\u003C\u002Fli>\n\u003Cli>Portuguese (Brazil)\u003C\u002Fli>\n\u003Cli>Portuguese (Portugal)\u003C\u002Fli>\n\u003Cli>Romanian\u003C\u002Fli>\n\u003Cli>Russian\u003C\u002Fli>\n\u003Cli>Serbian\u003C\u002Fli>\n\u003Cli>Slovak\u003C\u002Fli>\n\u003Cli>Spanish (Mexico)\u003C\u002Fli>\n\u003Cli>Spanish (Spain)\u003C\u002Fli>\n\u003Cli>Swedish\u003C\u002Fli>\n\u003Cli>Turkish\u003C\u002Fli>\n\u003Cli>Ukrainian\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>We welcome experienced translators to translate directly on \u003Ca href=\"https:\u002F\u002Fwww.transifex.com\u002Fwysija\u002Fmp3\u002F\" rel=\"nofollow ugc\">our Transifex project\u003C\u002Fa>. Please note that any translations submitted via the “Translating WordPress” website will not work.\u003C\u002Fp>\n\u003Ch4>Security\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmailpoet\u002Fmailpoet\u002F\" rel=\"nofollow ugc\">Our repository\u003C\u002Fa> is public on GitHub.\u003C\u002Fp>\n\u003Cp>Have a question for us? Reach us at security@ our domain, or report security issues to our \u003Ca href=\"https:\u002F\u002Fhackerone.com\u002Fautomattic\" rel=\"nofollow ugc\">Bug Bounty program\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Use of 3rd Party Services\u003C\u002Fh4>\n\u003Cp>MailPoet uses the following services that are necessary for its full functionality:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.com\u002F\" rel=\"nofollow ugc\">Translate WordPress.com\u003C\u002Fa> – used to download translations for the plugin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>To improve user experience, MailPoet may use the following 3rd party libraries if the \u003Cem>Load 3rd-party libraries\u003C\u002Fem> setting is enabled:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ffonts.google.com\u002F\" rel=\"nofollow ugc\">Google Fonts\u003C\u002Fa> – used in Form Editor which you can use to customize your forms, and in the Email Editor to style emails. This can be individually \u003Ca href=\"https:\u002F\u002Fkb.mailpoet.com\u002Farticle\u002F332-how-to-disable-google-fonts\" rel=\"nofollow ugc\">disabled by a filter\u003C\u002Fa>. \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fterms?hl=en\" rel=\"nofollow ugc\">TOS\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fprivacy?hl=en\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublic-api.wordpress.com\u002F\" rel=\"nofollow ugc\">WordPress.com\u003C\u002Fa> – used for searching in Knowledge Base with the help of AI.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmixpanel.com\u002F\" rel=\"nofollow ugc\">Mixpanel\u003C\u002Fa> – used to send data about the usage of the MailPoet plugin when you \u003Ca href=\"https:\u002F\u002Fkb.mailpoet.com\u002Farticle\u002F130-sharing-your-data-with-us\" rel=\"nofollow ugc\">agree with sharing usage data with us\u003C\u002Fa>. \u003Ca href=\"https:\u002F\u002Fmixpanel.com\u002Flegal\u002Fterms-of-use\u002F\" rel=\"nofollow ugc\">TOS\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fmixpanel.com\u002Flegal\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.satismeter.com\u002F\" rel=\"nofollow ugc\">Satismeter\u003C\u002Fa> – used to ask for feedback. \u003Ca href=\"https:\u002F\u002Fwww.satismeter.com\u002Fterms\u002F\" rel=\"nofollow ugc\">TOS\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.satismeter.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fcrowdsignal.com\u002F\" rel=\"nofollow ugc\">Crowdsignal\u003C\u002Fa> – used to load our deactivation poll to improve our plugin. \u003Ca href=\"https:\u002F\u002Fcrowdsignal.com\u002Fterms\u002F\" rel=\"nofollow ugc\">TOS\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fautomattic.com\u002Fprivacy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Loading all these libraries is disabled by default. The option can be enabled in the \u003Cem>MailPoet’s Settings > Advanced > Load 3rd-party libraries\u003C\u002Fem>.\u003C\u002Fp>\n","Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & more",500000,63908206,88,1411,"2026-03-10T13:02:00.000Z","6.9.4","6.8","7.4",[135,136,137,138,139],"email-automation","email-marketing","newsletter","post-notification","woocommerce-emails","https:\u002F\u002Fwww.mailpoet.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmailpoet.5.22.1.zip",98,"2025-03-06 00:00:00",{"attackSurface":145,"codeSignals":213,"taintFlows":399,"riskAssessment":436,"analyzedAt":445},{"hooks":146,"ajaxHandlers":196,"restRoutes":209,"shortcodes":210,"cronEvents":211,"entryPointCount":212,"unprotectedCount":212},[147,153,156,158,161,164,167,170,173,176,179,181,184,186,190,193],{"type":148,"name":149,"callback":150,"file":151,"line":152},"action","plugins_loaded","anonymous","includes\\class-custom-ratings.php",140,{"type":148,"name":154,"callback":150,"file":151,"line":155},"admin_enqueue_scripts",155,{"type":148,"name":154,"callback":150,"file":151,"line":157},156,{"type":148,"name":159,"callback":150,"file":151,"line":160},"add_meta_boxes",157,{"type":148,"name":162,"callback":150,"file":151,"line":163},"init",158,{"type":148,"name":165,"callback":150,"file":151,"line":166},"admin_menu",163,{"type":148,"name":168,"callback":150,"file":151,"line":169},"admin_init",164,{"type":148,"name":171,"callback":150,"file":151,"line":172},"pre_get_posts",165,{"type":148,"name":174,"callback":150,"file":151,"line":175},"save_post",166,{"type":148,"name":177,"callback":150,"file":151,"line":178},"update_option_wpcr_post_types",167,{"type":148,"name":149,"callback":150,"file":151,"line":180},168,{"type":148,"name":182,"callback":150,"file":151,"line":183},"wp_enqueue_scripts",270,{"type":148,"name":182,"callback":150,"file":151,"line":185},271,{"type":187,"name":188,"callback":150,"file":151,"line":189},"filter","the_content",272,{"type":187,"name":191,"callback":150,"file":151,"line":192},"get_the_excerpt",273,{"type":148,"name":194,"callback":150,"file":151,"line":195},"wp_footer",274,[197,201,204,207],{"action":198,"nopriv":199,"callback":150,"hasNonce":199,"hasCapCheck":199,"file":151,"line":200},"wpcr_add_vote",false,159,{"action":198,"nopriv":202,"callback":150,"hasNonce":199,"hasCapCheck":199,"file":151,"line":203},true,160,{"action":205,"nopriv":199,"callback":150,"hasNonce":199,"hasCapCheck":199,"file":151,"line":206},"wpcr_get_vote_counts",161,{"action":205,"nopriv":202,"callback":150,"hasNonce":199,"hasCapCheck":199,"file":151,"line":208},162,[],[],[],4,{"dangerousFunctions":214,"sqlUsage":215,"outputEscaping":217,"fileOperations":28,"externalRequests":28,"nonceChecks":61,"capabilityChecks":287,"bundledLibraries":398},[],{"prepared":28,"raw":28,"locations":216},[],{"escaped":218,"rawEcho":219,"locations":220},5,105,[221,225,227,229,231,233,235,237,239,241,243,245,247,249,251,253,254,256,258,260,262,264,266,268,270,272,274,276,278,280,282,285,288,289,290,292,293,294,295,297,298,299,301,302,304,306,307,308,309,311,313,314,316,317,319,321,322,323,324,325,327,328,330,331,333,335,337,339,340,341,343,345,346,348,350,352,353,355,357,359,360,362,364,365,366,368,369,371,372,374,375,376,377,379,380,381,382,384,386,388,389,391,393,395,396],{"file":222,"line":223,"context":224},"admin\\class-custom-ratings-admin.php",128,"raw output",{"file":222,"line":226,"context":224},232,{"file":222,"line":228,"context":224},299,{"file":222,"line":230,"context":224},500,{"file":222,"line":232,"context":224},509,{"file":222,"line":234,"context":224},518,{"file":222,"line":236,"context":224},527,{"file":222,"line":238,"context":224},536,{"file":222,"line":240,"context":224},545,{"file":222,"line":242,"context":224},554,{"file":222,"line":244,"context":224},563,{"file":222,"line":246,"context":224},572,{"file":222,"line":248,"context":224},610,{"file":222,"line":250,"context":224},613,{"file":222,"line":252,"context":224},614,{"file":222,"line":252,"context":224},{"file":222,"line":255,"context":224},629,{"file":222,"line":257,"context":224},642,{"file":222,"line":259,"context":224},655,{"file":222,"line":261,"context":224},668,{"file":222,"line":263,"context":224},681,{"file":222,"line":265,"context":224},694,{"file":222,"line":267,"context":224},708,{"file":222,"line":269,"context":224},734,{"file":222,"line":271,"context":224},737,{"file":222,"line":273,"context":224},807,{"file":222,"line":275,"context":224},808,{"file":222,"line":277,"context":224},977,{"file":222,"line":279,"context":224},1001,{"file":222,"line":281,"context":224},1080,{"file":283,"line":284,"context":224},"admin\\partials\\custom-ratings-post-admin-display.php",28,{"file":286,"line":287,"context":224},"public\\partials\\custom-ratings-excerpt-public-display.php",2,{"file":286,"line":93,"context":224},{"file":286,"line":93,"context":224},{"file":291,"line":287,"context":224},"public\\partials\\custom-ratings-post-public-display.php",{"file":291,"line":93,"context":224},{"file":291,"line":93,"context":224},{"file":291,"line":93,"context":224},{"file":296,"line":34,"context":224},"public\\partials\\custom-ratings-public-ractive-template.php",{"file":296,"line":73,"context":224},{"file":296,"line":73,"context":224},{"file":296,"line":300,"context":224},10,{"file":296,"line":300,"context":224},{"file":296,"line":303,"context":224},12,{"file":296,"line":305,"context":224},14,{"file":296,"line":305,"context":224},{"file":296,"line":52,"context":224},{"file":296,"line":52,"context":224},{"file":296,"line":310,"context":224},18,{"file":296,"line":312,"context":224},20,{"file":296,"line":312,"context":224},{"file":296,"line":315,"context":224},22,{"file":296,"line":315,"context":224},{"file":296,"line":318,"context":224},24,{"file":296,"line":320,"context":224},26,{"file":296,"line":320,"context":224},{"file":296,"line":284,"context":224},{"file":296,"line":284,"context":224},{"file":296,"line":37,"context":224},{"file":296,"line":326,"context":224},32,{"file":296,"line":326,"context":224},{"file":296,"line":329,"context":224},34,{"file":296,"line":329,"context":224},{"file":296,"line":332,"context":224},50,{"file":296,"line":334,"context":224},56,{"file":296,"line":336,"context":224},57,{"file":296,"line":338,"context":224},58,{"file":296,"line":338,"context":224},{"file":296,"line":90,"context":224},{"file":296,"line":342,"context":224},61,{"file":296,"line":344,"context":224},62,{"file":296,"line":344,"context":224},{"file":296,"line":347,"context":224},64,{"file":296,"line":349,"context":224},65,{"file":296,"line":351,"context":224},66,{"file":296,"line":351,"context":224},{"file":296,"line":354,"context":224},68,{"file":296,"line":356,"context":224},69,{"file":296,"line":358,"context":224},70,{"file":296,"line":358,"context":224},{"file":296,"line":361,"context":224},72,{"file":296,"line":363,"context":224},73,{"file":296,"line":92,"context":224},{"file":296,"line":92,"context":224},{"file":296,"line":367,"context":224},79,{"file":296,"line":11,"context":224},{"file":296,"line":370,"context":224},81,{"file":296,"line":370,"context":224},{"file":296,"line":373,"context":224},83,{"file":296,"line":51,"context":224},{"file":296,"line":27,"context":224},{"file":296,"line":27,"context":224},{"file":296,"line":378,"context":224},87,{"file":296,"line":128,"context":224},{"file":296,"line":36,"context":224},{"file":296,"line":36,"context":224},{"file":296,"line":383,"context":224},91,{"file":296,"line":385,"context":224},92,{"file":296,"line":387,"context":224},93,{"file":296,"line":387,"context":224},{"file":296,"line":390,"context":224},95,{"file":296,"line":392,"context":224},96,{"file":296,"line":394,"context":224},97,{"file":296,"line":394,"context":224},{"file":296,"line":397,"context":224},142,[],[400,417,427],{"entryPoint":401,"graph":402,"unsanitizedCount":61,"severity":416},"wpcr_get_vote_counts (admin\\class-custom-ratings-admin.php:249)",{"nodes":403,"edges":414},[404,409],{"id":405,"type":406,"label":407,"file":222,"line":408},"n0","source","$_SERVER['HTTP_REFERER']",301,{"id":410,"type":411,"label":412,"file":222,"line":408,"wp_function":413},"n1","sink","header() [Header Injection]","header",[415],{"from":405,"to":410,"sanitized":199},"medium",{"entryPoint":418,"graph":419,"unsanitizedCount":28,"severity":426},"wpcr_add_vote (admin\\class-custom-ratings-admin.php:196)",{"nodes":420,"edges":424},[421,423],{"id":405,"type":406,"label":407,"file":222,"line":422},235,{"id":410,"type":411,"label":412,"file":222,"line":422,"wp_function":413},[425],{"from":405,"to":410,"sanitized":202},"low",{"entryPoint":428,"graph":429,"unsanitizedCount":28,"severity":426},"\u003Cclass-custom-ratings-admin> (admin\\class-custom-ratings-admin.php:0)",{"nodes":430,"edges":434},[431,433],{"id":405,"type":406,"label":432,"file":222,"line":422},"$_SERVER['HTTP_REFERER'] (x2)",{"id":410,"type":411,"label":412,"file":222,"line":422,"wp_function":413},[435],{"from":405,"to":410,"sanitized":202},{"summary":437,"deductions":438},"The \"custom-ratings\" plugin v1.5.1 presents a mixed security posture. On the positive side, it shows good practices in avoiding dangerous functions, performing all SQL queries with prepared statements, and having no recorded vulnerability history. This suggests a generally well-maintained codebase with a history of security awareness.\n\nHowever, significant concerns arise from the attack surface analysis. The plugin exposes four AJAX handlers, all of which lack authentication checks. This is a critical vulnerability as it allows unauthenticated users to potentially trigger arbitrary actions within the plugin. While taint analysis didn't reveal critical or high severity issues, the presence of one unsanitized path flow is concerning and warrants further investigation. The low rate of proper output escaping (5%) is another notable weakness, increasing the risk of Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not adequately sanitized before being displayed.\n\nIn conclusion, despite a clean vulnerability history and good SQL practices, the unprotected AJAX endpoints and poor output escaping practices create a substantial risk. The lack of authentication on these entry points is the most immediate and severe concern, potentially leading to unauthorized access or malicious actions within the WordPress site. The low rate of output escaping further exacerbates the risk of client-side attacks.",[439,441,443],{"reason":440,"points":300},"AJAX handlers without auth checks",{"reason":442,"points":218},"Low output escaping percentage",{"reason":444,"points":218},"Unsanitized path flow in taint analysis","2026-03-16T21:30:52.752Z",{"wat":447,"direct":467},{"assetPaths":448,"generatorPatterns":455,"scriptPaths":456,"versionParams":461},[449,450,451,452,453,454],"\u002Fwp-content\u002Fplugins\u002Fcustom-ratings\u002Fcss\u002Fcustom-ratings-admin.css","\u002Fwp-content\u002Fplugins\u002Fcustom-ratings\u002Fcss\u002Fspectrum.css","\u002Fwp-content\u002Fplugins\u002Fcustom-ratings\u002Fjs\u002Fspectrum.js","\u002Fwp-content\u002Fplugins\u002Fcustom-ratings\u002Fjs\u002Fjquery.are-you-sure.js","\u002Fwp-content\u002Fplugins\u002Fcustom-ratings\u002Fjs\u002Fays-beforeunload-shim.js","\u002Fwp-content\u002Fplugins\u002Fcustom-ratings\u002Fjs\u002Fcustom-ratings-admin.js",[],[457,458,459,460],"js\u002Fspectrum.js","js\u002Fjquery.are-you-sure.js","js\u002Fays-beforeunload-shim.js","js\u002Fcustom-ratings-admin.js",[462,463,464,465,466],"custom-ratings-admin.css?ver=","spectrum.css?ver=","spectrum.js?ver=","jquery.are-you-sure.js?ver=","custom-ratings-admin.js?ver=",{"cssClasses":468,"htmlComments":471,"htmlAttributes":472,"restEndpoints":508,"jsGlobals":509,"shortcodeOutput":511},[469,470],"wpcr__ratings-column-label","wpcr__admin-rating-icon",[],[473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507],"data-rateit-resetable","data-rateit-step","data-rateit-min","data-rateit-max","data-rateit-backingficlass","data-rateit-backingfivolume","data-rateit-ficlass","data-rateit-fivolume","data-rateit-readonly","data-rateit-ispreset","data-rateit-icon","data-rateit-iconhover","data-rateit-iconselected","data-rateit-icondisabled","data-rateit-iconon","data-rateit-icononhover","data-rateit-icononselected","data-rateit-iconondisabled","data-rateit-stepand","data-rateit-minand","data-rateit-maxand","data-rateit-backingficlassand","data-rateit-backingfivolumeand","data-rateit-ficlassand","data-rateit-fivolumeand","data-rateit-readonlyand","data-rateit-ispresetand","data-rateit-iconand","data-rateit-iconhoverand","data-rateit-iconselectedand","data-rateit-icondisabledand","data-rateit-icononand","data-rateit-icononhoverand","data-rateit-icononselectedand","data-rateit-iconondisabledand",[],[510],"custom_ratings",[]]