Rate Star Review Vote – AJAX Reviews, Votes, Star Ratings Security & Risk Analysis

The rate-star-review v1.6.4 plugin exhibits a mixed security posture. While it demonstrates good practices by utilizing prepared statements for all SQL queries and has no known critical or high severity vulnerabilities currently unpatched, there are significant concerns regarding its attack surface. A substantial portion of its AJAX handlers lack proper authentication checks, presenting a clear risk. The static analysis reveals that 6 out of 12 entry points are unprotected. Furthermore, 3 out of 6 analyzed taint flows have unsanitized paths, which, although not classified as critical or high severity in this analysis, warrants attention as it indicates potential input sanitization weaknesses. The vulnerability history shows 2 medium severity CVEs related to Cross-site Scripting in the past, suggesting that while these have been addressed, the plugin has had issues with input sanitization and output escaping previously. The plugin also has a moderate percentage of improperly escaped outputs (22%). Overall, the plugin has strengths in its database interaction and has addressed past vulnerabilities, but the unprotected AJAX endpoints and the presence of unsanitized taint flows are significant security weaknesses that need immediate attention.