Does Rate My Post – Star Rating Plugin by FeedbackWP have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Rate My Post – Star Rating Plugin by FeedbackWP compatible with WordPress 7.0?

According to WordPress.org data, Rate My Post – Star Rating Plugin by FeedbackWP 4.5.1 has been tested up to WordPress 7.0. Check the plugin's changelog for the latest compatibility information.

Is Rate My Post – Star Rating Plugin by FeedbackWP compatible with PHP 7.4+?

Rate My Post – Star Rating Plugin by FeedbackWP requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Rate My Post – Star Rating Plugin by FeedbackWP updated?

Rate My Post – Star Rating Plugin by FeedbackWP was last updated on Mar 29, 2026. Frequent updates are generally a positive security signal.

What is Rate My Post – Star Rating Plugin by FeedbackWP's security score?

Rate My Post – Star Rating Plugin by FeedbackWP has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Rate My Post – Star Rating Plugin by FeedbackWP Security & Risk Analysis

wordpress.org/plugins/rate-my-post

Add Star Rating to WordPress posts & pages, collect feedbacks from users and improve website SEO with Schema markup for Rich Snippets.

20K active installs v4.5.1 PHP 7.4+ WP 6.0+ Updated Mar 29, 2026

post-ratingrate-pagerate-postrating-systemstar-rating

A · Safe

CVEs total7

Unpatched0

Last CVEDec 12, 2024

Plugin page Download

Safety Verdict

Is Rate My Post – Star Rating Plugin by FeedbackWP Safe to Use in 2026?

Generally Safe

Score 96/100

Rate My Post – Star Rating Plugin by FeedbackWP has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

7 known CVEsLast CVE: Dec 12, 2024Updated 1mo ago

Risk Assessment

The "rate-my-post" plugin v4.5.0 presents a mixed security posture. While the presence of only a moderate number of SQL queries and a reasonable percentage using prepared statements, along with a significant number of capability checks, are positive indicators, several areas raise significant concerns. The large attack surface, particularly with 20 AJAX handlers lacking authentication checks, and the presence of 5 unsanitized path taint flows with 2 high-severity indicators, are critical weaknesses that could be exploited for unauthorized actions or cross-site scripting attacks.

The vulnerability history reveals a recurring pattern of security flaws. The plugin has a history of 7 CVEs, with common types including reliance on IP address for authentication, authorization bypass, cross-site scripting, CSRF, and race conditions. This suggests persistent issues with input validation, access control, and secure coding practices. While there are no currently unpatched vulnerabilities, the sheer number and nature of past vulnerabilities indicate a tendency for the plugin to introduce security flaws.

In conclusion, the "rate-my-post" plugin exhibits concerning security weaknesses due to a large number of unprotected entry points and critical taint flows. The plugin's past vulnerability history further amplifies these concerns. While some good practices are evident, the identified risks necessitate careful consideration and potentially further investigation and remediation to ensure the security of WordPress sites utilizing this plugin.

Key Concerns

Large attack surface, 20 unprotected AJAX handlers
High severity taint flows (2)
Unsanitized paths in taint analysis (5 flows)
Low percentage of properly escaped output (37%)
Vulnerability history: 1 high, 6 medium severity CVEs
Common vulnerability type: Reliance on IP Address for Auth
Common vulnerability type: Authorization Bypass
Common vulnerability type: Improper Input Neutralization (XSS)
Common vulnerability type: Cross-Site Request Forgery (CSRF)
Common vulnerability type: Race Condition

Vulnerabilities

7 published

Rate My Post – Star Rating Plugin by FeedbackWP Security Vulnerabilities

CVEs by Year

3 CVEs in 2022

2022

2 CVEs in 2023

2023

2 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

High

Medium

7 total CVEs

CVE-2024-12309medium · 5.3Authorization Bypass Through User-Controlled Key

Rate My Post – Star Rating Plugin by FeedbackWP <= 4.2.4 - Unauthenticated Voting On Scheduled Posts

Dec 12, 2024 Patched in 4.2.5 (1d)

CVE-2024-32823medium · 5.3Authorization Bypass Through User-Controlled Key

Rate My Post – Star Rating Plugin by FeedbackWP <= 3.4.4 - Insecure Direct Object Reference

Apr 22, 2024 Patched in 3.4.5 (8d)

CVE-2023-51667medium · 5.3Reliance on IP Address for Authentication

Rate my Post – WP Rating System <= 3.4.2 - IP Address Spoofing

Dec 27, 2023 Patched in 3.4.3 (27d)

CVE-2023-49765medium · 4.3Authorization Bypass Through User-Controlled Key

Rate my Post - WP Rating System <= 3.4.1 - Insecure Direct Object Reference

Aug 11, 2023 Patched in 3.4.2 (165d)

CVE-2022-4673medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Rate my Post – WP Rating System <= 3.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Dec 27, 2022 Patched in 3.3.9 (392d)

CVE-2022-40671high · 8.8Cross-Site Request Forgery (CSRF)

Rate my Post – WP Rating System <= 3.3.4 - Cross-Site Request Forgery

Sep 14, 2022 Patched in 3.3.5 (496d)

CVE-2022-40310medium · 4.3Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Rate my Post – WP Rating System <= 3.3.4 - Race Condition

Sep 1, 2022 Patched in 3.3.5 (509d)

Version History

Rate My Post – Star Rating Plugin by FeedbackWP Release Timeline

v4.5.1Current

v4.5.0

v4.4.4

v4.4.3

v4.4.2

v4.4.1

v4.4.0

v4.3.2

v4.3.1

v4.3.0

v4.2.5

v4.2.41 CVE

v4.2.31 CVE

v4.2.21 CVE

v4.2.11 CVE

v4.2.01 CVE

v4.1.21 CVE

v4.1.11 CVE

v4.1.01 CVE

v4.0.21 CVE

Code Analysis

Analyzed Mar 16, 2026

Rate My Post – Star Rating Plugin by FeedbackWP Code Analysis

Dangerous Functions

Raw SQL Queries

18 prepared

Unescaped Output

412

247 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

82% prepared22 total queries

Output Escaping

37% escaped659 total outputs

Data Flows · Security

5 unsanitized

Data Flow Analysis

6 flows5 with unsanitized paths

handle_import_upload (includes\class-rmp-data-import-export.php:209)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

20 unprotected

Rate My Post – Star Rating Plugin by FeedbackWP Attack Surface

Entry Points23

Unprotected20

AJAX Handlers 20

authwp_ajax_update_resultsincludes\class-rate-my-post.php:85

authwp_ajax_reset_resultsincludes\class-rate-my-post.php:87

authwp_ajax_delete_feedbackincludes\class-rate-my-post.php:89

authwp_ajax_individually_delete_feedbackincludes\class-rate-my-post.php:91

authwp_ajax_rmp_update_optionsincludes\class-rate-my-post.php:95

authwp_ajax_reset_optionsincludes\class-rate-my-post.php:97

authwp_ajax_update_customizationincludes\class-rate-my-post.php:99

authwp_ajax_reset_customizationincludes\class-rate-my-post.php:101

authwp_ajax_update_securityincludes\class-rate-my-post.php:103

authwp_ajax_migrate_dataincludes\class-rate-my-post.php:107

authwp_ajax_wipe_dataincludes\class-rate-my-post.php:111

authwp_ajax_rmp_dismiss_noticeincludes\class-rate-my-post.php:115

authwp_ajax_load_resultsincludes\class-rate-my-post.php:163

noprivwp_ajax_load_resultsincludes\class-rate-my-post.php:165

authwp_ajax_process_ratingincludes\class-rate-my-post.php:167

noprivwp_ajax_process_ratingincludes\class-rate-my-post.php:169

authwp_ajax_process_feedbackincludes\class-rate-my-post.php:171

noprivwp_ajax_process_feedbackincludes\class-rate-my-post.php:173

authwp_ajax_process_rating_ampincludes\class-rate-my-post.php:175

noprivwp_ajax_process_rating_ampincludes\class-rate-my-post.php:177

Shortcodes 3

[ratemypost] public\class-rate-my-post-public.php:182

[ratemypost-result] public\class-rate-my-post-public.php:184

[ratemypost-top-rated] widgets\top-rated-widget-shortcode.php:7

WordPress Hooks 39

filterset-screen-optionadmin\analytics\analytics.php:11

filterset_screen_option_sync_rules_per_pageadmin\analytics\analytics.php:12

actionadmin_initadmin\analytics\analytics.php:15

actionadmin_noticesadmin\class-rate-my-post-admin.php:30

actionadmin_headadmin\class-rate-my-post-admin.php:32

actionadmin_headadmin\class-rate-my-post-admin.php:1463

filterset-screen-optionadmin\stats\stats.php:11

filterset_screen_option_sync_rules_per_pageadmin\stats\stats.php:12

actionadmin_initadmin\stats\stats.php:15

actioninitcommon\class-rate-my-post-blocks.php:7

actionenqueue_block_assetscommon\class-rate-my-post-blocks.php:9

actionadmin_enqueue_scriptsincludes\class-rate-my-post.php:79

actionadmin_enqueue_scriptsincludes\class-rate-my-post.php:81

actionadd_meta_boxesincludes\class-rate-my-post.php:83

actionadmin_menuincludes\class-rate-my-post.php:93

filteris_protected_metaincludes\class-rate-my-post.php:105

actionwidgets_initincludes\class-rate-my-post.php:109

actionadmin_noticesincludes\class-rate-my-post.php:113

actionawb_remove_third_party_the_content_changesincludes\class-rate-my-post.php:124

actionawb_readd_third_party_the_content_changesincludes\class-rate-my-post.php:132

filterthe_contentincludes\class-rate-my-post.php:136

filterthe_contentincludes\class-rate-my-post.php:137

actionwp_enqueue_scriptsincludes\class-rate-my-post.php:153

actionwp_enqueue_scriptsincludes\class-rate-my-post.php:155

actioninitincludes\class-rate-my-post.php:157

filterthe_contentincludes\class-rate-my-post.php:159

filterthe_contentincludes\class-rate-my-post.php:161

filterthe_titleincludes\class-rate-my-post.php:179

actionwp_headincludes\class-rate-my-post.php:181

actionamp_post_template_cssincludes\class-rate-my-post.php:183

actionwp_headincludes\class-rate-my-post.php:184

actionadmin_initincludes\class-rmp-data-import-export.php:9

actionadmin_noticesincludes\class-rmp-data-import-export.php:24

actionadmin_noticesincludes\class-rmp-data-import-export.php:28

actionadmin_menuincludes\dev-functions.php:3

filterinstall_plugins_table_api_args_featuredincludes\Shogun.php:11

filterplugins_api_resultincludes\Shogun.php:12

actionadmin_noticesrate-my-post.php:21

actionplugins_loadedrate-my-post.php:64

Maintenance & Trust

Rate My Post – Star Rating Plugin by FeedbackWP Maintenance & Trust

Maintenance Signals

WordPress version tested7.0

Last updatedMar 29, 2026

PHP min version7.4

Downloads695K

Community Trust

Rating94/100

Number of ratings157

Active installs20K

Alternatives

Rate My Post – Star Rating Plugin by FeedbackWP Alternatives

RC Post Rating

rc-post-rating

100

This plugin adds the ability for users to provide feedback on pages / posts via up / down rating (up/downvoting) buttons.

0 No CVEs

kk Star Ratings – Rate Post & Collect User Feedbacks

kk-star-ratings

kk Star Ratings allows blog visitors to involve and interact more effectively with your website by rating posts.

80K 4 CVEs

YASR – Yet Another Star Rating Plugin for WordPress

yet-another-stars-rating

Boost the way people interact with your site with an easy WordPress stars rating system! With schema.org rich snippets YASR will improve your SEO

10K 6 CVEs

Helpful – Article Feedback Plugin

daext-helpful

100

Easily add a "Was it helpful?" survey on your blog or knowledge base pages with this article feedback plugin.

600 No CVEs

KAGG Generator

kagg-fast-post-generator

100

The plugin generates posts/pages. Useful to generate millions of records in the wp_posts table.

20 No CVEs

Developer Profile

Rate My Post – Star Rating Plugin by FeedbackWP Developer Profile

properfraction

5 plugins · 260K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

255 days

View full developer profile

Detection Fingerprints

How We Detect Rate My Post – Star Rating Plugin by FeedbackWP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/rate-my-post/css/rate-my-post.css/wp-content/plugins/rate-my-post/css/admin-style.css/wp-content/plugins/rate-my-post/css/frontend-style.css/wp-content/plugins/rate-my-post/css/frontend-style-star.css/wp-content/plugins/rate-my-post/css/frontend-style-thumb.css/wp-content/plugins/rate-my-post/css/frontend-style-bars.css/wp-content/plugins/rate-my-post/css/frontend-style-smiley.css/wp-content/plugins/rate-my-post/css/frontend-style-text.css+7 more

Script Paths

/wp-content/plugins/rate-my-post/js/admin-script.js/wp-content/plugins/rate-my-post/js/frontend-script.js/wp-content/plugins/rate-my-post/js/frontend-script-star.js/wp-content/plugins/rate-my-post/js/frontend-script-thumb.js/wp-content/plugins/rate-my-post/js/frontend-script-bars.js/wp-content/plugins/rate-my-post/js/frontend-script-smiley.js+1 more

Version Parameters

rate-my-post/css/rate-my-post.css?ver=rate-my-post/css/admin-style.css?ver=rate-my-post/css/frontend-style.css?ver=rate-my-post/css/frontend-style-star.css?ver=rate-my-post/css/frontend-style-thumb.css?ver=rate-my-post/css/frontend-style-bars.css?ver=rate-my-post/css/frontend-style-smiley.css?ver=rate-my-post/css/frontend-style-text.css?ver=rate-my-post/js/admin-script.js?ver=rate-my-post/js/frontend-script.js?ver=rate-my-post/js/frontend-script-star.js?ver=rate-my-post/js/frontend-script-thumb.js?ver=rate-my-post/js/frontend-script-bars.js?ver=rate-my-post/js/frontend-script-smiley.js?ver=rate-my-post/js/frontend-script-text.js?ver=

HTML / DOM Fingerprints

CSS Classes

rmp-header-wraprmp-admin-noticefeedbackwp-link

HTML Comments

Data Attributes

data-rmp-iddata-rmp-post-iddata-rmp-ratingdata-rmp-post-typedata-rmp-post-title

JS Globals

rmp_ajax_objectrmp_ratingsrmp_settings

Shortcode Output

[ratemypost][ratemypost id="1"][ratemypost-result][ratemypost-result id="1"]

FAQ

Rate My Post – Star Rating Plugin by FeedbackWP Security & Risk Analysis

Is Rate My Post – Star Rating Plugin by FeedbackWP Safe to Use in 2026?

Generally Safe

Key Concerns

Rate My Post – Star Rating Plugin by FeedbackWP Security Vulnerabilities

CVEs by Year

Severity Breakdown

Rate My Post – Star Rating Plugin by FeedbackWP Release Timeline

Rate My Post – Star Rating Plugin by FeedbackWP Code Analysis

SQL Query Safety

Output Escaping

Data Flow Analysis

Rate My Post – Star Rating Plugin by FeedbackWP Attack Surface

AJAX Handlers 20

Shortcodes 3

Rate My Post – Star Rating Plugin by FeedbackWP Maintenance & Trust

Maintenance Signals

Community Trust

Rate My Post – Star Rating Plugin by FeedbackWP Alternatives

RC Post Rating

kk Star Ratings – Rate Post & Collect User Feedbacks

YASR – Yet Another Star Rating Plugin for WordPress

Helpful – Article Feedback Plugin

KAGG Generator

Rate My Post – Star Rating Plugin by FeedbackWP Developer Profile

How We Detect Rate My Post – Star Rating Plugin by FeedbackWP

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Rate My Post – Star Rating Plugin by FeedbackWP