Does Rate My Stuff have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Rate My Stuff compatible with WordPress 5.7.15?

According to WordPress.org data, Rate My Stuff 1.3 has been tested up to WordPress 5.7.15. Check the plugin's changelog for the latest compatibility information.

Is Rate My Stuff compatible with PHP 5.3+?

Rate My Stuff requires PHP 5.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Rate My Stuff updated?

Rate My Stuff was last updated on Jul 4, 2021. Frequent updates are generally a positive security signal.

What is Rate My Stuff's security score?

Rate My Stuff has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Rate My Stuff Security & Risk Analysis

wordpress.org/plugins/rate-my-stuff

Rate My Stuff is a wordpress plugin for simply displaying a 1-5 review on a wordpress post by simply typing in the following "shortcode".

10 active installs v1.3 PHP 5.3+ WP 4.5.6+ Updated Jul 4, 2021

ratingscoring

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Rate My Stuff Safe to Use in 2026?

Generally Safe

Score 85/100

Rate My Stuff has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

The "rate-my-stuff" v1.3 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events indicates a very limited attack surface. Furthermore, the code signals are mostly positive, with no dangerous functions, no raw SQL queries, and no file operations or external HTTP requests. The plugin also has no known historical vulnerabilities, which suggests a history of secure development or a lack of active exploitation. The lack of any recorded CVEs is a significant positive indicator. However, a critical concern arises from the complete lack of output escaping, meaning any dynamic data displayed to users could potentially be vulnerable to cross-site scripting (XSS) attacks. Additionally, the absence of nonce checks and capability checks, while not directly exploitable due to the limited attack surface, indicates a lack of robust security practices that could become a concern if new entry points were introduced in future versions.

Key Concerns

No output escaping for dynamic content
No nonce checks implemented
No capability checks implemented

Vulnerabilities

None known

Rate My Stuff Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Rate My Stuff Release Timeline

No version history available.

Code Analysis

Analyzed Apr 16, 2026

Rate My Stuff Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped1 total outputs

Attack Surface

Rate My Stuff Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 1

filterthe_contentrate-my-stuff.php:14

Maintenance & Trust

Rate My Stuff Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15

Last updatedJul 4, 2021

PHP min version5.3

Downloads948

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Rate My Stuff Alternatives

Rating Assessor

rating-assessor

100

A custom rating system plugin with multi-question assessments, score calculation, graphical result display, and email notifications.

20 No CVEs

Easy Rating Assessor

easy-rating-assessor

100

A custom rating system plugin with multi-question assessments, score calculation, graphical result display, and email notifications.

0 No CVEs

Crowdsignal Dashboard – Polls, Surveys & more

polldaddy

Manage your Crowdsignal polls, surveys, quizzes, and ratings directly from the WordPress dashboard.

100K 9 CVEs

Strong Testimonials

strong-testimonials

An easy-to-use testimonial plugin to collect and show customer feedback in WordPress

90K 15 CVEs

kk Star Ratings – Rate Post & Collect User Feedbacks

kk-star-ratings

kk Star Ratings allows blog visitors to involve and interact more effectively with your website by rating posts.

80K 4 CVEs

Developer Profile

Rate My Stuff Developer Profile

desbest

2 plugins · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Rate My Stuff

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/rate-my-stuff/rate-my-stuff-custom-field.php/wp-content/plugins/rate-my-stuff/rate-my-stuff.php

HTML / DOM Fingerprints

CSS Classes

rating

Shortcode Output

[rate [rate

FAQ