Does Rating have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Rating compatible with WordPress 4.8.28?

According to WordPress.org data, Rating 1.1 has been tested up to WordPress 4.8.28. Check the plugin's changelog for the latest compatibility information.

How often is Rating updated?

Rating was last updated on Sep 11, 2016. Frequent updates are generally a positive security signal.

What is Rating's security score?

Rating has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Rating Security & Risk Analysis

wordpress.org/plugins/rating-add

Add Star rating & Review system to your Posts, Pages & Products of your website easily in minutes.

10 active installs v1.1 PHP + WP 3.6+ Updated Sep 11, 2016

feedbackratingratingsreviewstar-rating

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Rating Safe to Use in 2026?

Generally Safe

Score 85/100

Rating has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The "rating-add" plugin v1.1 presents a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, exclusively using prepared statements, and has no recorded vulnerability history, suggesting a potentially well-maintained or less targeted codebase. However, significant concerns arise from its attack surface. A substantial portion of its entry points, specifically all four AJAX handlers, lack authentication checks. Furthermore, the presence of the `exec` function, a dangerous function, coupled with only 34% of output being properly escaped, indicates potential vulnerabilities related to command injection and cross-site scripting (XSS). The absence of any taint analysis data is also a weakness, as it means potentially dangerous data flows might have gone undetected. While the plugin avoids common pitfalls like unpatched CVEs or raw SQL, the unprotected AJAX endpoints and the `exec` function represent immediate and serious risks.

Key Concerns

AJAX handlers without auth checks
Dangerous function 'exec' found
Low percentage of properly escaped output
Lack of taint analysis data

Vulnerabilities

None known

Rating Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Rating Release Timeline

v1.1Current

Code Analysis

Analyzed Mar 17, 2026

Rating Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

18 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

execexec($command, $output);init\wsrp_init_class.php:130

Output Escaping

34% escaped53 total outputs

Attack Surface

4 unprotected

Rating Attack Surface

Entry Points5

Unprotected4

AJAX Handlers 4

noprivwp_ajax_wsrp_ratinginit\wsrp_init_class.php:22

authwp_ajax_wsrp_ratinginit\wsrp_init_class.php:23

noprivwp_ajax_wsrp_rating_resetinit\wsrp_init_class.php:27

authwp_ajax_wsrp_rating_resetinit\wsrp_init_class.php:28

Shortcodes 1

[wsrp_rating] init\wsrp_init_class.php:31

WordPress Hooks 8

actioninitinit\wsrp_init_class.php:15

actioninitinit\wsrp_init_class.php:16

actionadmin_enqueue_scriptsinit\wsrp_init_class.php:17

actionedit_form_after_titleinit\wsrp_init_class.php:18

actionsave_postinit\wsrp_init_class.php:19

filterthe_contentinit\wsrp_init_class.php:36

filtermanage_wsrp_rating_posts_columnsinit\wsrp_init_class.php:38

actionmanage_wsrp_rating_posts_custom_columninit\wsrp_init_class.php:39

Maintenance & Trust

Rating Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28

Last updatedSep 11, 2016

PHP min version

Downloads5K

Community Trust

Rating74/100

Number of ratings3

Active installs10

Alternatives

Rating Alternatives

kk Star Ratings – Rate Post & Collect User Feedbacks

kk-star-ratings

kk Star Ratings allows blog visitors to involve and interact more effectively with your website by rating posts.

80K 4 CVEs

Testimonial – Testimonial Slider and Showcase Plugin

testimonial-slider-and-showcase

Display customer testimonials beautifully with responsive slider and grid layouts. Build trust and boost conversions with this WordPress testimonial p …

30K 2 CVEs

Review & testimonial widgets

trustmary

Add reviews to your website with Trustmary’s review and testimonial widgets: Google Review Widget, Facebook Review Widget, Tripadvisor Review Widget, …

1K 1 CVE

Star Rating Block for Block Editor

pb-star-rating-block

This block will help you to display star rating using Gutenberg Editor.

600 No CVEs

WPSSO Ratings and Reviews

wpsso-ratings-and-reviews

100

Adds Ratings and Reviews Features to the WordPress Comments System.

200 No CVEs

Developer Profile

Rating Developer Profile

PluginOps

12 plugins · 14K total installs

trust score

Avg Security Score

84/100

Avg Patch Time

422 days

View full developer profile

Detection Fingerprints

How We Detect Rating

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/rating-add/css/wsrpAdminCss.css/wp-content/plugins/rating-add/js/admin.js/wp-content/plugins/rating-add/js/rater.js

Script Paths

/wp-content/plugins/rating-add/js/admin.js/wp-content/plugins/rating-add/js/rater.js

Version Parameters

wsrp-admin-css?ver=1.00

HTML / DOM Fingerprints

CSS Classes

wsrp-rating-containerwsrp-star-rating

Data Attributes

data-wsrp-post-id

JS Globals

WSRP_PLUGIN_URL

Shortcode Output

[wsrp_rating

<div style='padding: 7px 10px 8px 31px;background: #fff;border: 1px solid #D2D2D2;border-radius: 3px;width: 20%; min-width:200px;font-weight: bold;' >[wsrp_rating id='

FAQ