WP-Safety

GD Rating System Security & Risk Analysis

wordpress.org/plugins/gd-rating-system

Powerful, highly customizable and versatile ratings plugin to allow your users to vote for anything you want.

1K active installs v3.6.2 PHP 7.4+ WP 5.5+ Updated Nov 15, 2024
dev4presslikeratingstarsvote
80
B · Generally Safe
CVEs total13
Unpatched0
Last CVEApr 29, 2026
Plugin page Download
Safety Verdict

Is GD Rating System Safe to Use in 2026?

Mostly Safe

Score 80/100

GD Rating System is generally safe to use though it hasn't been updated recently. 13 past CVEs were resolved.

13 known CVEsLast CVE: Apr 29, 2026Updated 1yr ago
Risk Assessment

The gd-rating-system plugin v3.6.2 exhibits a concerning security posture, primarily due to its large attack surface with unprotected entry points. All five identified AJAX handlers lack authentication checks, which is a significant risk. Furthermore, the presence of a 'unserialize' function, while not necessarily a vulnerability in itself, is a dangerous function that can lead to vulnerabilities if not handled with extreme care and proper input validation. The taint analysis shows several flows with unsanitized paths, indicating a potential for data manipulation or injection attacks, even though no critical or high severity issues were flagged in this specific analysis. The plugin's vulnerability history is also a major red flag, with 12 known CVEs, including a significant number of high and medium severity issues, particularly related to file inclusion, path traversal, and cross-site scripting. The recentness of the last vulnerability (November 2024) suggests ongoing security challenges.

Key Concerns

  • 5 unprotected AJAX handlers
  • Use of 'unserialize' function
  • 7 unsanitized path flows
  • 12 known CVEs (5 high, 7 medium)
  • Recent vulnerability (2024-11-19)
Vulnerabilities
13 published

GD Rating System Security Vulnerabilities

CVEs by Year

1 CVE in 2017
2017
8 CVEs in 2018
2018
3 CVEs in 2024
2024
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

High
6
Medium
7

13 total CVEs

CVE-2026-42639high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

GD Rating System <= 3.6.2 - Unauthenticated SQL Injection

Apr 29, 2026 Patched in 3.7 (6d)
CVE-2024-11198medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

GD Rating System <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via extra_class Parameter

Nov 19, 2024 Patched in 3.6.2 (1d)
CVE-2024-38709high · 8.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

GD Rating System <= 3.6 - Authenticated (Contributor+) Local File Inclusion

Jul 11, 2024 Patched in 3.6.1 (7d)
CVE-2024-25093medium · 6.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

GD Rating System <= 3.5.0 - Unauthenticated Stored Cross-Site Scripting via IP

Jan 8, 2024 Patched in 3.5.1 (75d)
CVE-2018-5287high · 7.5Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

GD Rating System <= 2.3 - Directory Traversal

Jan 8, 2018 Patched in 2.3.1 (2206d)
CVE-2018-5291high · 7.5Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

GD Rating System <= 2.3 - Directory Traversal

Jan 8, 2018 Patched in 2.3.1 (2206d)
CVE-2018-5290high · 7.5Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

GD Rating System <= 2.3 - Directory Traversal

Jan 8, 2018 Patched in 2.3.1 (2206d)
CVE-2018-5292medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

GD Rating System <= 2.3 - Cross-Site Scripting

Jan 8, 2018 Patched in 2.3.1 (2206d)
CVE-2018-5293medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

GD Rating System <= 2.3 - Cross-Site Scripting

Jan 8, 2018 Patched in 2.3.1 (2206d)
CVE-2018-5286medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

GD Rating System <= 2.3 - Cross-Site Scripting

Jan 8, 2018 Patched in 2.3.1 (2206d)
CVE-2018-5288medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

GD Rating System <= 2.3 - Cross-Site Scripting

Jan 8, 2018 Patched in 2.3.1 (2206d)
CVE-2018-5289high · 7.5Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

GD Rating System <= 2.3 - Directory Traversal

Jan 8, 2018 Patched in 2.3.1 (2206d)
CVE-2017-18591medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

GD Rating System < 2.1 - Reflected Cross-Site Scripting

Feb 23, 2017 Patched in 2.1 (2525d)
Version History

GD Rating System Release Timeline

v3.6.2Current1 CVE
CVE-2026-42639
v3.6.12 CVEs
CVE-2024-11198 CVE-2026-42639
v3.63 CVEs
CVE-2024-11198 CVE-2024-38709 CVE-2026-42639
v3.5.13 CVEs
CVE-2024-11198 CVE-2024-38709 CVE-2026-42639
v3.54 CVEs
CVE-2024-11198 CVE-2024-38709 CVE-2024-25093 +1 more
v3.44 CVEs
CVE-2024-11198 CVE-2024-38709 CVE-2024-25093 +1 more
v3.3.14 CVEs
CVE-2024-11198 CVE-2024-38709 CVE-2024-25093 +1 more
v3.34 CVEs
CVE-2024-11198 CVE-2024-38709 CVE-2024-25093 +1 more
v3.24 CVEs
CVE-2024-11198 CVE-2024-38709 CVE-2024-25093 +1 more
v3.1.34 CVEs
CVE-2024-11198 CVE-2024-38709 CVE-2024-25093 +1 more
v3.1.24 CVEs
CVE-2024-11198 CVE-2024-38709 CVE-2024-25093 +1 more
v3.1.14 CVEs
CVE-2024-11198 CVE-2024-38709 CVE-2024-25093 +1 more
v3.14 CVEs
CVE-2024-11198 CVE-2024-38709 CVE-2024-25093 +1 more
v3.0.34 CVEs
CVE-2024-11198 CVE-2024-38709 CVE-2024-25093 +1 more
v3.0.24 CVEs
CVE-2024-11198 CVE-2024-38709 CVE-2024-25093 +1 more
v3.0.14 CVEs
CVE-2024-11198 CVE-2024-38709 CVE-2024-25093 +1 more
v3.04 CVEs
CVE-2024-11198 CVE-2024-38709 CVE-2024-25093 +1 more
v2.7.14 CVEs
CVE-2024-11198 CVE-2024-38709 CVE-2024-25093 +1 more
v2.74 CVEs
CVE-2024-11198 CVE-2024-38709 CVE-2024-25093 +1 more
v2.64 CVEs
CVE-2024-11198 CVE-2024-38709 CVE-2024-25093 +1 more
Code Analysis
Analyzed Mar 16, 2026

GD Rating System Code Analysis

Dangerous Functions
1
Raw SQL Queries
9
83 prepared
Unescaped Output
623
407 escaped
Nonce Checks
22
Capability Checks
12
File Operations
15
External Requests
3
Bundled Libraries
0

Dangerous Functions Found

unserialize$this->{$key} = unserialize(serialize($val));d4plib\classes\d4p.base.php:41

SQL Query Safety

90% prepared92 total queries

Output Escaping

40% escaped1030 total outputs
Data Flows · Security
7 unsanitized

Data Flow Analysis

13 flows7 with unsanitized paths
gdrts_rich_snippets_render_single_offer_block (addons\rich-snippets\forms.php:7)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
5 unprotected

GD Rating System Attack Surface

Entry Points5
Unprotected5

AJAX Handlers 5

authwp_ajax_gdrts_tools_dbfourcore\admin\ajax.php:11
authwp_ajax_gdrts_tools_recalccore\admin\ajax.php:12
authwp_ajax_gdrts_transfer_processcore\admin\ajax.php:13
authwp_ajax_gdrts_live_handlerrating\core.ajax.php:9
noprivwp_ajax_gdrts_live_handlerrating\core.ajax.php:10
WordPress Hooks 160
actiongdrts_load_addon_commentsaddons\comments\init.php:14
filtergdrts_info_addon_commentsaddons\comments\init.php:15
actiongdrts_populate_settingsaddons\comments\load.php:13
filtergdrts_preload_the_commentsaddons\comments\load.php:18
filtercomment_textaddons\comments\load.php:33
actiongdrts_load_addon_dynamic-loadaddons\dynamic-load\init.php:14
filtergdrts_info_addon_dynamic-loadaddons\dynamic-load\init.php:15
filtergdrts_single_block_args_readyaddons\dynamic-load\load.php:18
filtergdrts_engine_single_rendering_overrideaddons\dynamic-load\load.php:19
filtergdrts_ajax_live_handleraddons\dynamic-load\load.php:20
actiongdrts_load_addon_feedsaddons\feeds\init.php:14
filtergdrts_info_addon_feedsaddons\feeds\init.php:15
filtergdrts_engine_single_rendering_overrideaddons\feeds\load.php:19
filtergdrts_stars_rating_loop_single_argsaddons\feeds\load.php:21
filtergdrts_like_this_loop_single_argsaddons\feeds\load.php:22
filtergdrts_admin_metabox_tabsaddons\posts\admin.php:18
actiongdrts_admin_metabox_content_posts-integrationaddons\posts\admin.php:19
actiongdrts_admin_metabox_save_postaddons\posts\admin.php:23
actiongdrts_load_addon_postsaddons\posts\init.php:14
filtergdrts_info_addon_postsaddons\posts\init.php:15
filterget_the_excerptaddons\posts\load.php:26
filterget_the_excerptaddons\posts\load.php:27
actionwp_headaddons\posts\load.php:29
filterthe_contentaddons\posts\load.php:104
actionadd_meta_boxesaddons\rich-snippets\admin.php:14
actionsave_postaddons\rich-snippets\admin.php:16
filtergdrts_rich_snippet_admin_metabox_tabsaddons\rich-snippets\admin.php:18
actiongdrts_rich_snippet_admin_metabox_content_basicaddons\rich-snippets\admin.php:19
actiongdrts_rich_snippet_admin_metabox_content_modesaddons\rich-snippets\admin.php:20
actiongdrts_rich_snippet_admin_metabox_content_previewaddons\rich-snippets\admin.php:21
actiongdrts_rich_snippet_admin_metabox_content_testaddons\rich-snippets\admin.php:22
actiongdrts_rich_snippet_admin_metabox_save_postaddons\rich-snippets\admin.php:23
actiongdrts_rich_snippet_admin_metabox_save_postaddons\rich-snippets\admin.php:24
actiongdrts_admin_enqueue_scripts_postsaddons\rich-snippets\admin.php:26
actiongdrts_load_addon_rich-snippetsaddons\rich-snippets\init.php:14
filtergdrts_info_addon_rich-snippetsaddons\rich-snippets\init.php:15
actiongdrts-template-rating-rich-snippetaddons\rich-snippets\load.php:20
filtergdrts_rating_item_instance_initaddons\rich-snippets\load.php:21
actiongdrts_rich_snippet_admin_meta_content_initaddons\rich-snippets\objects.php:515
filtergdrts_rich_snippet_admin_meta_content_saveaddons\rich-snippets\objects.php:518
actiongdrts_admin_enqueue_scriptsaddons\shortcode-builder\admin.php:9
filtergdrts_admin_menu_itemsaddons\shortcode-builder\admin.php:11
filtergdrts_admin_panel_pathaddons\shortcode-builder\admin.php:12
actiongdrts_load_addon_shortcode-builderaddons\shortcode-builder\init.php:14
filtergdrts_info_addon_shortcode-builderaddons\shortcode-builder\init.php:15
filterset-screen-optioncore\admin\grids.php:14
filtergdrts_admin_grid_votes_columnscore\admin\grids.php:15
actiongdrts_admin_load_hookscore\admin\grids.php:16
actionload-rating-system_page_gd-rating-system-ratingscore\admin\grids.php:38
actionload-rating-system_page_gd-rating-system-logcore\admin\grids.php:45
filtergdrts_load_admin_page_logcore\admin\help.php:9
filtergdrts_load_admin_page_typescore\admin\help.php:10
filtergdrts_load_admin_page_rulescore\admin\help.php:11
actionsave_postcore\admin\plugin.php:21
actiongdrts_corecore\admin\plugin.php:23
actiongdrts_settings_value_changedcore\admin\plugin.php:25
actiongdrts_rule_value_changedcore\admin\plugin.php:26
filterwpmu_drop_tablescore\admin\plugin.php:29
filtergdrts_admin_metabox_tabscore\admin\plugin.php:32
actiongdrts_admin_metabox_content_posts-overridecore\admin\plugin.php:33
actiongdrts_admin_metabox_save_postcore\admin\plugin.php:34
filterplugin_row_metacore\admin\plugin.php:36
actionadmin_noticescore\admin\plugin.php:196
actionadmin_noticescore\admin\plugin.php:198
actionadmin_noticescore\admin\plugin.php:200
actionadmin_initcore\admin\privacy.php:9
actionplugins_loadedcore\plugin.php:27
actionafter_setup_themecore\plugin.php:28
actionwidgets_initcore\plugin.php:37
actioninitcore\plugin.php:43
actioninitcore\plugin.php:44
actiongdrts_cron_daily_maintenance_jobcore\plugin.php:46
actiongdrts_cron_ondemand_maintenance_jobcore\plugin.php:47
actiongdrts-template-rating-block-beforecore\plugin.php:136
actiongdrts_demand_files_enqueuecore\plugin.php:232
actionwp_enqueue_scriptscore\plugin.php:234
actionwp_footercore\plugin.php:300
actiongdrts_early_settingscore\settings.php:73
actiongdrts_load_settingscore\settings.php:74
filterhttp_request_argsd4plib\classes\d4p.four.php:91
actionswitch_blogd4plib\core\d4p.wpdb.php:49
filtersanitize_keyd4plib\core\d4p.wpdb.php:83
filterplugin_action_linksd4plib\plugin\d4p.admin-basic.php:49
filterplugin_row_metad4plib\plugin\d4p.admin-basic.php:50
actionadmin_initd4plib\plugin\d4p.admin-basic.php:88
actionadmin_menud4plib\plugin\d4p.admin-basic.php:89
actioncurrent_screend4plib\plugin\d4p.admin-basic.php:91
actionadmin_enqueue_scriptsd4plib\plugin\d4p.admin-basic.php:92
actionadmin_noticesd4plib\plugin\d4p.admin-options.php:78
actionadmin_noticesd4plib\plugin\d4p.admin-options.php:82
actionadmin_initd4plib\plugin\d4p.admin.php:74
actionadmin_initd4plib\plugin\d4p.admin.php:75
actionadmin_menud4plib\plugin\d4p.admin.php:76
actionadd_meta_boxesd4plib\plugin\d4p.admin.php:77
actioncurrent_screend4plib\plugin\d4p.admin.php:79
actionadmin_enqueue_scriptsd4plib\plugin\d4p.admin.php:81
actioncustomize_controls_enqueue_scriptsd4plib\plugin\d4p.customizer.php:45
actioncustomize_registerd4plib\plugin\d4p.customizer.php:46
actionplugins_loadedd4plib\plugin\d4p.plugin.php:45
actionafter_setup_themed4plib\plugin\d4p.plugin.php:46
actionwidgets_initd4plib\plugin\d4p.plugin.php:74
actionwp_enqueue_scriptsd4plib\plugin\d4p.plugin.php:78
actionshortcode_ui_before_do_shortcoded4plib\plugin\d4p.shortcodes.php:83
actiongdrts_load_method_like-thismethods\like-this\init.php:14
filtergdrts_info_method_like-thismethods\like-this\init.php:15
actiongdrts_load_method_stars-ratingmethods\stars-rating\init.php:14
filtergdrts_info_method_stars-ratingmethods\stars-rating\init.php:15
filtergdrts_admin_settings_panelsrating\base.classes.php:18
filtergdrts_admin_internal_settingsrating\base.classes.php:19
filtergdrts_votes_grid_content_column_methodrating\base.classes.php:121
filtergdrts_ratings_grid_ratingsrating\base.classes.php:122
actiongdrts_settings_initrating\base.classes.php:146
actiongdrts_register_methods_and_addonsrating\base.classes.php:147
actiongdrts_initrating\base.classes.php:169
actiongdrts_corerating\base.classes.php:170
actiongdrts_admin_load_modulesrating\base.classes.php:172
actiongdrts_populate_settingsrating\base.classes.php:173
actiongdrts_enqueue_core_filesrating\base.classes.php:174
actiongdrts_register_enqueue_filesrating\base.classes.php:176
actiongdrts_register_enqueue_files_earlyrating\base.classes.php:177
filtergdrts_loop_single_json_datarating\base.classes.php:303
filtergdrts_loop_list_json_datarating\base.classes.php:304
filtergdrts_rating_item_instance_initrating\base.classes.php:305
actiongdrts_addon_wp-rest-api_routesrating\base.classes.php:307
actiongdrts_load_settingsrating\base.font.php:29
actiongdrts_register_enqueue_filesrating\base.font.php:61
actiongdrts_enqueue_core_filesrating\base.font.php:62
filtergdrts_list_stars_style_typesrating\base.font.php:64
filtergdrts_list_likes_style_typesrating\base.font.php:65
filtergdrts_embed_function_defaults_methodrating\base.font.php:67
filtergdrts_widget_settings_defaultsrating\base.font.php:69
filtergdrts_widget_settings_saverating\base.font.php:70
actiongdrts_widget_display_typesrating\base.font.php:71
actiongdrts_widget_default_keysrating\base.font.php:72
filtergdrts_shortcode_attributesrating\base.font.php:74
filtergdrts_shared_settings_stars-ratingrating\base.font.php:77
filtergdrts_shortcode_attrs_stars_ratingrating\base.font.php:79
filtergdrts_shortcode_attrs_stars_rating_autorating\base.font.php:80
filtergdrts_shortcode_attrs_stars_rating_listrating\base.font.php:81
filtergdrts_shared_settings_like-thisrating\base.font.php:85
filtergdrts_shortcode_attrs_like_thisrating\base.font.php:87
filtergdrts_shortcode_attrs_like_this_autorating\base.font.php:88
filtergdrts_shortcode_attrs_like_this_listrating\base.font.php:89
actiongdrts_theme_setuprating\base.init.php:51
actiongdrts_loadrating\base.init.php:52
actiongdrts_initrating\base.init.php:53
actiontemplate_redirectrating\base.init.php:54
actionwprating\base.init.php:56
actiongdrts-template-rating-block-afterrating\base.init.php:196
actiongdrts_ajax_request_errorrating\core.ajax.php:12
filtergdrts_vote_limit_render_userrating\core.limiter.php:20
actionthe_commentsrating\core.preload.php:13
actionpre_get_commentsrating\core.sort-comments.php:16
filtercomments_clausesrating\core.sort-comments.php:33
actionparse_queryrating\core.sort-posts.php:16
filterquery_varsrating\core.sort-posts.php:18
actionpre_get_postsrating\core.sort-posts.php:19
filterposts_joinrating\core.sort-posts.php:77
filterposts_orderbyrating\core.sort-posts.php:78
filterposts_whererating\core.sort-posts.php:81

Scheduled Events 3

gdrts_cron_daily_maintenance_job
gdrts_cron_ondemand_maintenance_job
gdrts_cron_daily_maintenance_job
Maintenance & Trust

GD Rating System Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedNov 15, 2024
PHP min version7.4
Downloads128K

Community Trust

Rating86/100
Number of ratings24
Active installs1K
Alternatives

GD Rating System Alternatives

Like Button Rating ♥ LikeBtn

Like Button Rating ♥ LikeBtn

likebtn-like-button

A
96

Add Like button to posts, pages, comments, WooCommerce, BuddyPress, bbPress, UM, custom posts! Sort content by likes! Get instant stats and insights!

4K 5 CVEs
Pro Like Button

Pro Like Button

prolike-button

A
85

Adds buttons to posts with the ability to sort them.

10 No CVEs
WCSociality

WCSociality

wcsociality

A
85

The WCSociality plug-in makes it possible to add a rating to the page or record of the system, a button of the likes and the question "Was the ar &hellip;

0 No CVEs
Crowdsignal Dashboard – Polls, Surveys & more

Crowdsignal Dashboard – Polls, Surveys & more

polldaddy

A
96

Manage your Crowdsignal polls, surveys, quizzes, and ratings directly from the WordPress dashboard.

100K 9 CVEs
WP-PostRatings

WP-PostRatings

wp-postratings

A
88

Adds an AJAX rating system for your WordPress site's content.

30K 5 CVEs
Developer Profile

GD Rating System Developer Profile

Milan Petrovic

17 plugins · 12K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
1106 days
View full developer profile
Detection Fingerprints

How We Detect GD Rating System

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gd-rating-system/d4plib/js/d4p.core.js/wp-content/plugins/gd-rating-system/d4plib/css/d4p.core.css/wp-content/plugins/gd-rating-system/rating/css/rating.css/wp-content/plugins/gd-rating-system/rating/js/rating.js/wp-content/plugins/gd-rating-system/methods/stars-rating/css/stars-rating.css/wp-content/plugins/gd-rating-system/methods/stars-rating/js/stars-rating.js/wp-content/plugins/gd-rating-system/methods/like-this/css/like-this.css/wp-content/plugins/gd-rating-system/methods/like-this/js/like-this.js+6 more
Script Paths
/wp-content/plugins/gd-rating-system/d4plib/js/d4p.core.js/wp-content/plugins/gd-rating-system/rating/js/rating.js/wp-content/plugins/gd-rating-system/methods/stars-rating/js/stars-rating.js/wp-content/plugins/gd-rating-system/methods/like-this/js/like-this.js/wp-content/plugins/gd-rating-system/addons/rich-snippets/js/richsnippets.js/wp-content/plugins/gd-rating-system/core/admin/js/admin.js+1 more
Version Parameters
gd-rating-system/d4plib/css/d4p.core.css?ver=gd-rating-system/rating/css/rating.css?ver=gd-rating-system/methods/stars-rating/css/stars-rating.css?ver=gd-rating-system/methods/like-this/css/like-this.css?ver=gd-rating-system/addons/rich-snippets/css/richsnippets.css?ver=gd-rating-system/core/admin/css/admin.css?ver=gd-rating-system/libs/flatpickr/flatpickr.min.css?ver=gd-rating-system/d4plib/js/d4p.core.js?ver=gd-rating-system/rating/js/rating.js?ver=gd-rating-system/methods/stars-rating/js/stars-rating.js?ver=gd-rating-system/methods/like-this/js/like-this.js?ver=gd-rating-system/addons/rich-snippets/js/richsnippets.js?ver=gd-rating-system/core/admin/js/admin.js?ver=gd-rating-system/libs/flatpickr/js/flatpickr.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
gdrts-starsgdrts-rating-itemgdrts-rating-activegdrts-rating-hovergdrts-rating-wrapgdrts-rating-blockgdrts-like-thisgdrts-like-this-active+1 more
HTML Comments
<!-- GD Rating System --><!-- GD Rating System - Rich Snippets Meta Box -->
Data Attributes
data-gdrts-rating-iddata-gdrts-rating-typedata-gdrts-rating-methoddata-gdrts-item-iddata-gdrts-item-typedata-gdrts-rate-status
JS Globals
gdrts_admin_settingsgdrts_admin_metabox_settingsgdrts_admin_metabox_rich_snippets_settingsgdrts_admin_metabox_rich_snippets_tabs
Shortcode Output
[gd_rating_system]
FAQ

Frequently Asked Questions about GD Rating System