WP-Safety

Editorial Rating – Product Review & Rating System Security & Risk Analysis

wordpress.org/plugins/editorial-rating

Add multi-criteria product reviews and star ratings to WordPress posts. Boost engagement, SEO, and sales with editorial ratings.

300 active installs v4.0.3 PHP + WP 4.5+ Updated Dec 19, 2025
editorial-ratingproduct-reviewratingreview-schemastar-rating
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Editorial Rating – Product Review & Rating System Safe to Use in 2026?

Generally Safe

Score 100/100

Editorial Rating – Product Review & Rating System has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The "editorial-rating" v4.0.3 plugin exhibits a generally good security posture with several positive indicators. The complete absence of known CVEs and the use of prepared statements for all SQL queries are strong points. Furthermore, the plugin demonstrates a good level of output escaping, with 70% of outputs being properly handled, and all identified SQL queries are secured. The presence of nonce checks for all identified AJAX handlers is also a positive sign.

However, there are a few areas of concern. The presence of four AJAX handlers without authentication checks represents a significant attack surface that could be exploited by unauthorized users. While taint analysis did not reveal critical or high severity issues, the existence of four flows with unsanitized paths warrants attention, as these could potentially lead to vulnerabilities if not handled carefully in future updates. The plugin also has a moderate attack surface with 16 entry points, four of which are unprotected.

Overall, the plugin is in a reasonably secure state, especially considering its lack of historical vulnerabilities. The main risks lie in the unprotected AJAX handlers and the unsanitized taint flows, which, while not currently exploited, represent potential weaknesses. Addressing these specific issues would further solidify the plugin's security.

Key Concerns

  • AJAX handlers without authentication checks
  • Flows with unsanitized paths
Vulnerabilities
None known

Editorial Rating – Product Review & Rating System Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Editorial Rating – Product Review & Rating System Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
4 prepared
Unescaped Output
508
1166 escaped
Nonce Checks
16
Capability Checks
6
File Operations
2
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared4 total queries

Output Escaping

70% escaped1674 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

10 flows4 with unsanitized paths
wpas_backup_callback (4.0.3\admin\wpas-framework\options\global-options.php:550)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Editorial Rating – Product Review & Rating System Attack Surface

Entry Points16
Unprotected4

AJAX Handlers 14

authwp_ajax_wpas-get-icons4.0.3\admin\wpas-framework\functions\actions.php:50
authwp_ajax_wpas-export4.0.3\admin\wpas-framework\functions\actions.php:87
authwp_ajax_wpas-import4.0.3\admin\wpas-framework\functions\actions.php:123
authwp_ajax_wpas-reset4.0.3\admin\wpas-framework\functions\actions.php:150
authwp_ajax_wpas-chosen4.0.3\admin\wpas-framework\functions\actions.php:189
authwp_ajax_frhd_user_vote4.0.3\includes\class-average-score.php:284
noprivwp_ajax_frhd_user_vote4.0.3\includes\class-average-score.php:285
authwp_ajax_wpas-get-iconsadmin\wpas-framework\functions\actions.php:50
authwp_ajax_wpas-exportadmin\wpas-framework\functions\actions.php:87
authwp_ajax_wpas-importadmin\wpas-framework\functions\actions.php:123
authwp_ajax_wpas-resetadmin\wpas-framework\functions\actions.php:150
authwp_ajax_wpas-chosenadmin\wpas-framework\functions\actions.php:189
authwp_ajax_frhd_user_voteincludes\class-average-score.php:284
noprivwp_ajax_frhd_user_voteincludes\class-average-score.php:285

Shortcodes 2

[editorial-rating] 4.0.3\includes\class-average-score.php:281
[editorial-rating] includes\class-average-score.php:281
WordPress Hooks 88
actionwp_enqueue_scripts4.0.3\admin\wpas-framework\classes\abstract.class.php:21
actionadmin_menu4.0.3\admin\wpas-framework\classes\admin-options.class.php:105
actionadmin_bar_menu4.0.3\admin\wpas-framework\classes\admin-options.class.php:106
actionnetwork_admin_menu4.0.3\admin\wpas-framework\classes\admin-options.class.php:110
filteradmin_footer_text4.0.3\admin\wpas-framework\classes\admin-options.class.php:430
actionadd_meta_boxes_comment4.0.3\admin\wpas-framework\classes\comment-options.class.php:38
actionedit_comment4.0.3\admin\wpas-framework\classes\comment-options.class.php:39
actionadd_meta_boxes4.0.3\admin\wpas-framework\classes\metabox-options.class.php:50
actionsave_post4.0.3\admin\wpas-framework\classes\metabox-options.class.php:51
actionedit_attachment4.0.3\admin\wpas-framework\classes\metabox-options.class.php:52
actionafter_setup_theme4.0.3\admin\wpas-framework\classes\setup.class.php:73
actioninit4.0.3\admin\wpas-framework\classes\setup.class.php:74
actionswitch_theme4.0.3\admin\wpas-framework\classes\setup.class.php:75
actionadmin_enqueue_scripts4.0.3\admin\wpas-framework\classes\setup.class.php:76
actionwp_enqueue_scripts4.0.3\admin\wpas-framework\classes\setup.class.php:77
actionwp_head4.0.3\admin\wpas-framework\classes\setup.class.php:78
filteradmin_body_class4.0.3\admin\wpas-framework\classes\setup.class.php:79
actionadmin_footer4.0.3\admin\wpas-framework\fields\icon\icon.php:41
actioncustomize_controls_print_footer_scripts4.0.3\admin\wpas-framework\fields\icon\icon.php:42
actionadmin_print_footer_scripts4.0.3\admin\wpas-framework\fields\link\link.php:65
actionprint_default_editor_scripts4.0.3\admin\wpas-framework\fields\wp_editor\wp_editor.php:62
actionplugins_loaded4.0.3\includes\class-average-score.php:168
actionadmin_enqueue_scripts4.0.3\includes\class-average-score.php:187
actionadmin_enqueue_scripts4.0.3\includes\class-average-score.php:188
actioninit4.0.3\includes\class-average-score.php:192
filterpost_updated_messages4.0.3\includes\class-average-score.php:193
filterenter_title_here4.0.3\includes\class-average-score.php:194
actionmanage_wpas_blocks_posts_custom_column4.0.3\includes\class-average-score.php:195
actionadmin_menu4.0.3\includes\class-average-score.php:196
filterplugin_action_links4.0.3\includes\class-average-score.php:197
actionactivated_plugin4.0.3\includes\class-average-score.php:198
actionadmin_notices4.0.3\includes\class-average-score.php:199
filtermanage_wpas_review_posts_columns4.0.3\includes\class-average-score.php:202
actionmanage_wpas_review_posts_custom_column4.0.3\includes\class-average-score.php:203
filterblock_categories_all4.0.3\includes\class-average-score.php:221
filterblock_categories4.0.3\includes\class-average-score.php:223
actionadmin_notices4.0.3\includes\class-average-score.php:247
actionadmin_init4.0.3\includes\class-average-score.php:249
actionwp_enqueue_scripts4.0.3\includes\class-average-score.php:270
actionwp_enqueue_scripts4.0.3\includes\class-average-score.php:271
actioninit4.0.3\includes\class-average-score.php:272
filterallowed_block_types_all4.0.3\includes\class-average-score.php:275
actionwpas_action_tag_for_shortcode4.0.3\includes\class-average-score.php:280
actionwp_head4.0.3\includes\class-average-score.php:289
actionwp_enqueue_scriptsadmin\wpas-framework\classes\abstract.class.php:21
actionadmin_menuadmin\wpas-framework\classes\admin-options.class.php:105
actionadmin_bar_menuadmin\wpas-framework\classes\admin-options.class.php:106
actionnetwork_admin_menuadmin\wpas-framework\classes\admin-options.class.php:110
filteradmin_footer_textadmin\wpas-framework\classes\admin-options.class.php:430
actionadd_meta_boxes_commentadmin\wpas-framework\classes\comment-options.class.php:38
actionedit_commentadmin\wpas-framework\classes\comment-options.class.php:39
actionadd_meta_boxesadmin\wpas-framework\classes\metabox-options.class.php:50
actionsave_postadmin\wpas-framework\classes\metabox-options.class.php:51
actionedit_attachmentadmin\wpas-framework\classes\metabox-options.class.php:52
actionafter_setup_themeadmin\wpas-framework\classes\setup.class.php:73
actioninitadmin\wpas-framework\classes\setup.class.php:74
actionswitch_themeadmin\wpas-framework\classes\setup.class.php:75
actionadmin_enqueue_scriptsadmin\wpas-framework\classes\setup.class.php:76
actionwp_enqueue_scriptsadmin\wpas-framework\classes\setup.class.php:77
actionwp_headadmin\wpas-framework\classes\setup.class.php:78
filteradmin_body_classadmin\wpas-framework\classes\setup.class.php:79
actionadmin_footeradmin\wpas-framework\fields\icon\icon.php:41
actioncustomize_controls_print_footer_scriptsadmin\wpas-framework\fields\icon\icon.php:42
actionadmin_print_footer_scriptsadmin\wpas-framework\fields\link\link.php:65
actionprint_default_editor_scriptsadmin\wpas-framework\fields\wp_editor\wp_editor.php:62
actionplugins_loadedincludes\class-average-score.php:168
actionadmin_enqueue_scriptsincludes\class-average-score.php:187
actionadmin_enqueue_scriptsincludes\class-average-score.php:188
actioninitincludes\class-average-score.php:192
filterpost_updated_messagesincludes\class-average-score.php:193
filterenter_title_hereincludes\class-average-score.php:194
actionmanage_wpas_blocks_posts_custom_columnincludes\class-average-score.php:195
actionadmin_menuincludes\class-average-score.php:196
filterplugin_action_linksincludes\class-average-score.php:197
actionactivated_pluginincludes\class-average-score.php:198
actionadmin_noticesincludes\class-average-score.php:199
filtermanage_wpas_review_posts_columnsincludes\class-average-score.php:202
actionmanage_wpas_review_posts_custom_columnincludes\class-average-score.php:203
filterblock_categories_allincludes\class-average-score.php:221
filterblock_categoriesincludes\class-average-score.php:223
actionadmin_noticesincludes\class-average-score.php:247
actionadmin_initincludes\class-average-score.php:249
actionwp_enqueue_scriptsincludes\class-average-score.php:270
actionwp_enqueue_scriptsincludes\class-average-score.php:271
actioninitincludes\class-average-score.php:272
filterallowed_block_types_allincludes\class-average-score.php:275
actionwpas_action_tag_for_shortcodeincludes\class-average-score.php:280
actionwp_headincludes\class-average-score.php:289
Maintenance & Trust

Editorial Rating – Product Review & Rating System Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 19, 2025
PHP min version
Downloads7K

Community Trust

Rating88/100
Number of ratings13
Active installs300
Alternatives

Editorial Rating – Product Review & Rating System Alternatives

WPSSO Ratings and Reviews

WPSSO Ratings and Reviews

wpsso-ratings-and-reviews

A
100

Adds Ratings and Reviews Features to the WordPress Comments System.

200 No CVEs
Review & Product Review by Review Builder

Review & Product Review by Review Builder

review-builder

A
85

Review & Product Review by Review Builder plugin allows you to build a review and star rating section so customers can leave a review for your pro …

90 No CVEs
Strong Testimonials

Strong Testimonials

strong-testimonials

A
92

An easy-to-use testimonial plugin to collect and show customer feedback in WordPress

90K 14 CVEs
kk Star Ratings – Rate Post & Collect User Feedbacks

kk Star Ratings – Rate Post & Collect User Feedbacks

kk-star-ratings

A
96

kk Star Ratings allows blog visitors to involve and interact more effectively with your website by rating posts.

80K 4 CVEs
Site Reviews

Site Reviews

site-reviews

A
96

Site Reviews is a complete review management solution that integrates with WooCommerce and SureCart and works similarly to reviews on Amazon, Tripadvi …

70K 13 CVEs
Developer Profile

Editorial Rating – Product Review & Rating System Developer Profile

Pluginic

7 plugins · 3K total installs

90
trust score
Avg Security Score
94/100
Avg Patch Time
12 days
View full developer profile
Detection Fingerprints

How We Detect Editorial Rating – Product Review & Rating System

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/editorial-rating/public/css/editorial-rating-public.css/wp-content/plugins/editorial-rating/public/js/editorial-rating-public.js/wp-content/plugins/editorial-rating/admin/css/average-score-admin.css/wp-content/plugins/editorial-rating/admin/js/average-score-admin.js
Script Paths
/wp-content/plugins/editorial-rating/public/js/editorial-rating-public.js/wp-content/plugins/editorial-rating/admin/js/average-score-admin.js
Version Parameters
editorial-rating/public/css/editorial-rating-public.css?ver=editorial-rating/public/js/editorial-rating-public.js?ver=editorial-rating/admin/css/average-score-admin.css?ver=editorial-rating/admin/js/average-score-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpas-rating-wrappereditorial-rating-scoreeditorial-rating-pros-conseditorial-rating-sidebar-sticky
HTML Comments
<!-- Editorial Rating Plugin --><!-- END Editorial Rating Plugin -->
Data Attributes
data-wpas-rating-iddata-wpas-rating-score
JS Globals
editorialRatingPublic
REST Endpoints
/wp-json/editorial-rating/v1/settings/wp-json/editorial-rating/v1/rate
Shortcode Output
[editorial_rating_display][editorial_rating_pros_cons][editorial_rating_sidebar]
FAQ

Frequently Asked Questions about Editorial Rating – Product Review & Rating System