Does kk Star Ratings – Rate Post & Collect User Feedbacks have any unpatched vulnerabilities?

No. All known vulnerabilities in kk Star Ratings – Rate Post & Collect User Feedbacks have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is kk Star Ratings – Rate Post & Collect User Feedbacks compatible with WordPress 6.9.4?

According to WordPress.org data, kk Star Ratings – Rate Post & Collect User Feedbacks 5.4.10.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is kk Star Ratings – Rate Post & Collect User Feedbacks compatible with PHP 7.4+?

kk Star Ratings – Rate Post & Collect User Feedbacks requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

What is kk Star Ratings – Rate Post & Collect User Feedbacks's security score?

kk Star Ratings – Rate Post & Collect User Feedbacks has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

kk Star Ratings – Rate Post & Collect User Feedbacks Security & Risk Analysis

wordpress.org/plugins/kk-star-ratings

kk Star Ratings allows blog visitors to involve and interact more effectively with your website by rating posts.

80K active installs v5.4.10.4 PHP 7.4+ WP 5.0+ Updated Mar 4, 2026

ajax-ratingsfeedbackrate-poststar-ratingsvoting

A · Safe

CVEs total4

Unpatched0

Last CVEDec 20, 2024

Plugin page Download

Safety Verdict

Is kk Star Ratings – Rate Post & Collect User Feedbacks Safe to Use in 2026?

Generally Safe

Score 96/100

kk Star Ratings – Rate Post & Collect User Feedbacks has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Dec 20, 2024Updated 1mo ago

Risk Assessment

The kk-star-ratings plugin version 5.4.10.4 exhibits a mixed security posture. The static analysis reveals a seemingly small attack surface, with no identified AJAX handlers, REST API routes, shortcodes, or cron events that are directly exposed without authentication or proper permission checks. The absence of file operations and external HTTP requests further reduces immediate threat vectors. However, the code signals raise some concerns regarding SQL query security, with a significant portion not utilizing prepared statements, and a moderate percentage of output not being properly escaped. The presence of four known CVEs, including one high-severity vulnerability and three medium-severity ones, despite none being currently unpatched, indicates a history of security flaws. The common vulnerability types such as 'Code Injection', 'Race Condition', and 'Missing Authorization' are particularly worrying and suggest recurring issues in how the plugin handles user input and manages access control. While the plugin has recently addressed past vulnerabilities, its historical pattern warrants continued vigilance.

Key Concerns

High number of known CVEs historically
Medium severity vulnerabilities in history
Significant SQL queries not prepared
Moderate percentage of unescaped output
Bundled outdated Freemius library v1.0

Vulnerabilities

kk Star Ratings – Rate Post & Collect User Feedbacks Security Vulnerabilities

CVEs by Year

3 CVEs in 2023

2023

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

High

Medium

4 total CVEs

CVE-2024-11977high · 7.3Improper Control of Generation of Code ('Code Injection')

kk Star Ratings – Rate Post & Collect User Feedbacks <= 5.4.10 - Unauthenticated Arbitrary Shortcode Execution

Dec 20, 2024 Patched in 5.4.10.2 (26d)

CVE-2023-4642medium · 5.3Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

kk Star Ratings <= 5.4.5 - Race Condition to Multiple User Voting

Nov 6, 2023 Patched in 5.4.6 (78d)

CVE-2023-46639medium · 5.3Missing Authorization

kk Star Ratings <= 5.4.5 - Missing Authorization

Oct 25, 2023 Patched in 5.4.6 (90d)

CVE-2023-36528medium · 5.3Missing Authorization

kk Star Ratings <= 5.4.3 - IP Spoofing to Protection Mechanism Bypass

Jul 17, 2023 Patched in 5.4.4 (190d)

Code Analysis

Analyzed Mar 16, 2026

kk Star Ratings – Rate Post & Collect User Feedbacks Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

138 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

SQL Query Safety

67% prepared3 total queries

Output Escaping

66% escaped209 total outputs

Attack Surface

kk Star Ratings – Rate Post & Collect User Feedbacks Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 6

actionadmin_menuindex.php:26

actionadmin_noticesindex.php:50

actioninitindex.php:75

filterposts_wheresrc\core\functions\upgrade_posts.php:69

filterget_the_excerptsrc\core\index.php:42

filterget_the_excerptsrc\core\index.php:48

Maintenance & Trust

kk Star Ratings – Rate Post & Collect User Feedbacks Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 4, 2026

PHP min version7.4

Downloads2.2M

Community Trust

Rating78/100

Number of ratings171

Active installs80K

Alternatives

kk Star Ratings – Rate Post & Collect User Feedbacks Alternatives

Helpful – Article Feedback Plugin

daext-helpful

100

Easily add a "Was it helpful?" survey on your blog or knowledge base pages with this article feedback plugin.

600 No CVEs

Idea Factory

idea-factory

Front end submission and voting system.

200 No CVEs

WP likes

wp-likes

WP Likes lets your blog visitors 'like' your posts on the go.

100 1 unpatched

Vote It Up

vote-it-up

The Vote It Up plugin enables visitors to vote for and against posts.

90 No CVEs

OpinionCamp – Poll Block

opinioncamp

100

OpinionCamp is a block-based poll plugin for WordPress that lets you collect polls, votes, and opinions directly inside the Gutenberg editor.

20 No CVEs

Developer Profile

kk Star Ratings – Rate Post & Collect User Feedbacks Developer Profile

properfraction

5 plugins · 260K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

273 days

View full developer profile

Detection Fingerprints

How We Detect kk Star Ratings – Rate Post & Collect User Feedbacks

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/kk-star-ratings/lib/public/css/kk-star-ratings.css/wp-content/plugins/kk-star-ratings/lib/public/css/kk-star-ratings.min.css/wp-content/plugins/kk-star-ratings/lib/public/js/kk-star-ratings.js/wp-content/plugins/kk-star-ratings/lib/public/js/kk-star-ratings.min.js/wp-content/plugins/kk-star-ratings/lib/public/js/kksr-migrations.js/wp-content/plugins/kk-star-ratings/lib/public/js/kksr-migrations.min.js

Script Paths

https://cdn.jsdelivr.net/npm/alpinejs@3.x.x/dist/cdn.min.js

Version Parameters

kk-star-ratings/version=5.4.10.4kksr-migrations/version=5.4.10.4

HTML / DOM Fingerprints

CSS Classes

kksr-star-rating

Data Attributes

data-kksr-disabled

JS Globals

kk_star_ratings

REST Endpoints

/wp-json/kk-star-ratings

FAQ