Does Rate have any unpatched vulnerabilities?

No. All known vulnerabilities in Rate have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Rate compatible with WordPress 3.0.5?

According to WordPress.org data, Rate 0.4 has been tested up to WordPress 3.0.5. Check the plugin's changelog for the latest compatibility information.

How often is Rate updated?

Rate was last updated on Jul 30, 2015. Frequent updates are generally a positive security signal.

What is Rate's security score?

Rate has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Rate Security & Risk Analysis

wordpress.org/plugins/rate

Most ratings plugins contain too much code: inline JavaScript, messy markup, weird CSS. Rate is simple, hardly intrusive, and completely overridable.

40 active installs v0.4 PHP + WP 3.0+ Updated Jul 30, 2015

commentspagespostsrateratings

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Rate Safe to Use in 2026?

Generally Safe

Score 85/100

Rate has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The "rate" plugin version 0.4 presents a moderate security risk due to significant concerns in its code analysis, despite a clean vulnerability history. The plugin exposes two AJAX handlers, both of which lack authentication checks, creating a direct entry point for potential attackers. Furthermore, a critical weakness is identified in output escaping, with 100% of analyzed outputs being unescaped. This means any data processed by these handlers and displayed to users could be vulnerable to cross-site scripting (XSS) attacks. The absence of nonce checks further exacerbates this risk. While the plugin uses prepared statements for its SQL queries, which is a positive security practice, this strength is overshadowed by the significant risks associated with unauthenticated entry points and unescaped output. The lack of any recorded vulnerabilities in its history might suggest a low profile or a recent history of limited security attention. In conclusion, while the plugin demonstrates good practices in database interaction, the critical flaws in input validation and output sanitization, coupled with an exposed attack surface, necessitate careful consideration before deployment.

Key Concerns

Unprotected AJAX handlers
Missing nonce checks on AJAX
Unescaped output

Vulnerabilities

None known

Rate Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Rate Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

0% escaped3 total outputs

Attack Surface

2 unprotected

Rate Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

noprivwp_ajax_rate_itemphp\plugin.php:15

authwp_ajax_rate_itemphp\plugin.php:16

WordPress Hooks 6

actiontemplate_redirectphp\plugin.php:14

actioncomment_postphp\plugin.php:17

actioncomment_form_topphp\plugin.php:18

actionwp_print_scriptsphp\plugin.php:98

actionwp_print_stylesphp\plugin.php:99

actionplugins_loadedrate.php:14

Maintenance & Trust

Rate Maintenance & Trust

Maintenance Signals

WordPress version tested3.0.5

Last updatedJul 30, 2015

PHP min version

Downloads23K

Community Trust

Rating86/100

Number of ratings6

Active installs40

Alternatives

Rate Alternatives

No Page Comment

no-page-comment

An admin interface to control the default comment and trackback settings on new posts, pages and custom post types.

10K 2 CVEs

Disable Feeds and Comments

disable-rss-feeds-and-comments

This WordPress plugin, "Disable RSS Feeds and Comments," gives you the ability to turn off both the RSS feeds and comments on pages and/or p …

400 No CVEs

Moving Contents

moving-contents

100

Supports the transfer of Contents between servers.

70 No CVEs

Smart Bulk Delete & Content Cleaner for WordPress

smart-bulk-content-remover

100

Safely bulk delete posts, pages, media, and comments with flexible filters and a clean interface.

60 No CVEs

Zaki Like Dislike Comments

zaki-like-dislike-comments

100

This plugin implements a "like/dislike" rating system for comments

40 No CVEs

Developer Profile

Rate Developer Profile

Scott Taylor

8 plugins · 210 total installs

trust score

Avg Security Score

87/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Rate

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/rate/css/rate.css

Script Paths

/wp-content/plugins/rate/js/rate.js

Version Parameters

rate/js/rate.js?ver=0.4

HTML / DOM Fingerprints

CSS Classes

ratingform-ratingemptywholehalfneeds-rating

Data Attributes

data-ratingdata-iddata-comment-id

REST Endpoints

/wp-json/rate/v1/items

FAQ