Does Rating by BestWebSoft have any unpatched vulnerabilities?

Yes — Rating by BestWebSoft currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Rating by BestWebSoft compatible with WordPress 6.8.5?

According to WordPress.org data, Rating by BestWebSoft 1.7 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Rating by BestWebSoft updated?

Rating by BestWebSoft was last updated on Jun 6, 2025. Frequent updates are generally a positive security signal.

What is Rating by BestWebSoft's security score?

Rating by BestWebSoft has a WP-Safety security score of 73/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Rating by BestWebSoft Security & Risk Analysis

wordpress.org/plugins/rating-bws

Add rating plugin to your WordPress website to receive feedback from your customers.

500 active installs v1.7 PHP + WP 5.6+ Updated Jun 6, 2025

5-starsadd-ratingratingrating-pluginstars

B · Generally Safe

CVEs total3

Unpatched1

Last CVEApr 17, 2025

Plugin page Download

Safety Verdict

Is Rating by BestWebSoft Safe to Use in 2026?

Mostly Safe

Score 73/100

Rating by BestWebSoft is generally safe to use. 3 past CVEs were resolved. Keep it updated.

3 known CVEs 1 unpatched Last CVE: Apr 17, 2025Updated 10mo ago

Risk Assessment

The "rating-bws" plugin version 1.7 exhibits a mixed security posture. On the positive side, the static analysis reveals a strong adherence to secure coding practices, with a high percentage of SQL queries using prepared statements and properly escaped output. The plugin also incorporates a substantial number of nonce and capability checks, indicating an effort to protect against common web vulnerabilities. However, the plugin's vulnerability history is a significant concern. With three known CVEs, including one currently unpatched high-severity vulnerability, the plugin has a history of introducing serious security flaws. The types of past vulnerabilities (Deserialization, Resource Consumption, XSS) suggest potential for complex attacks if the unpatched vulnerability is exploitable. While the static analysis doesn't immediately reveal critical flaws in this specific version, the historical pattern necessitates caution. The unpatched high-severity vulnerability from April 17, 2025, is the most pressing issue and suggests that users are at immediate risk from known exploits. Therefore, despite some good development practices, the ongoing unpatched vulnerability overshadows these strengths, making the plugin a moderate to high-risk component.

Key Concerns

Unpatched high severity CVE
History of critical vulnerability types
Moderate number of SQL queries

Vulnerabilities

Rating by BestWebSoft Security Vulnerabilities

CVEs by Year

1 CVE in 2017

2017

1 CVE in 2022

2022

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

High

Medium

3 total CVEs

CVE-2025-39527high · 8.8Deserialization of Untrusted Data

Rating by BestWebSoft <= 1.7 - Authenticated (Subscriber+) PHP Object Injection

Apr 17, 2025Unpatched

CVE-2021-25121medium · 5.3Uncontrolled Resource Consumption

Rating by BestWebSoft <= 1.5 - Rating Denial of Service

May 24, 2022 Patched in 1.6 (609d)

CVE-2017-18530medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Rating by BestWebSoft < 0.2 - Reflected Cross-Site Scripting

Apr 17, 2017 Patched in 0.2 (2472d)

Code Analysis

Analyzed Mar 16, 2026

Rating by BestWebSoft Code Analysis

Dangerous Functions

Raw SQL Queries

14 prepared

Unescaped Output

558 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

64% prepared22 total queries

Output Escaping

96% escaped581 total outputs

Data Flows

All sanitized

Data Flow Analysis

8 flows

bws_add_menu_render (bws_menu\bws_menu.php:12)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Rating by BestWebSoft Attack Surface

Entry Points8

Unprotected0

AJAX Handlers 4

authwp_ajax_bws_submit_request_feature_actionbws_menu\class-bws-settings.php:1452

authwp_ajax_bws_submit_uninstall_reason_actionbws_menu\deactivation-form.php:432

authwp_ajax_rtng_add_rating_dbrating-bws.php:1832

noprivwp_ajax_rtng_add_rating_dbrating-bws.php:1833

Shortcodes 4

[bws-rating] rating-bws.php:1812

[bws-rating-votes] rating-bws.php:1813

[bws-rating-value] rating-bws.php:1814

[bws-rating-max] rating-bws.php:1815

WordPress Hooks 28

filterload_textdomain_mofilebws_menu\bws_functions.php:37

filtermce_external_pluginsbws_menu\bws_functions.php:1085

filtermce_buttonsbws_menu\bws_functions.php:1086

actionadmin_initbws_menu\bws_functions.php:1361

actionadmin_enqueue_scriptsbws_menu\bws_functions.php:1362

actionadmin_headbws_menu\bws_functions.php:1363

actionadmin_footerbws_menu\bws_functions.php:1364

actionadmin_noticesbws_menu\bws_functions.php:1366

actionwp_enqueue_scriptsbws_menu\bws_functions.php:1368

actioncomment_postrating-bws.php:83

actioncomment_form_toprating-bws.php:84

actioncomment_textrating-bws.php:86

filterthe_contentrating-bws.php:92

actionadmin_menurating-bws.php:1803

actionplugins_loadedrating-bws.php:1804

actioninitrating-bws.php:1805

actionadmin_initrating-bws.php:1806

actionadmin_enqueue_scriptsrating-bws.php:1808

actionwp_enqueue_scriptsrating-bws.php:1809

actionwp_footerrating-bws.php:1810

actionadd_meta_boxesrating-bws.php:1817

actionattachment_updatedrating-bws.php:1818

actionsave_postrating-bws.php:1819

filterpgntn_callbackrating-bws.php:1821

filterbws_shortcode_button_contentrating-bws.php:1824

filterplugin_action_linksrating-bws.php:1826

filterplugin_row_metarating-bws.php:1827

actionadmin_noticesrating-bws.php:1829

Maintenance & Trust

Rating by BestWebSoft Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJun 6, 2025

PHP min version

Downloads12K

Community Trust

Rating94/100

Number of ratings7

Active installs500

Alternatives

Rating by BestWebSoft Alternatives

WP Ultimate Review

wp-ultimate-review

WP Ultimate Review is the perfect plugin to collect & display customers' feedback effortlessly on products, services, & content in WordPress.

70K 8 CVEs

GD Rating System

gd-rating-system

Powerful, highly customizable and versatile ratings plugin to allow your users to vote for anything you want.

1K 12 CVEs

REVIEWS.io for WooCommerce

reviewscouk-for-woocommerce

REVIEWS.io, helps eCommerce merchants to collect & display verified product and company reviews. A Google Licensed partner.

1K 1 CVE

Stars Rating

stars-rating

A plugin to turn comments into reviews by adding rating feature.

1K 1 CVE

Five-Star Ratings Shortcode

five-star-ratings-shortcode

100

Simple lightweight shortcode to add 5-star ratings anywhere.

700 No CVEs

Developer Profile

Rating by BestWebSoft Developer Profile

bestweblayout

32 plugins · 17K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

1944 days

View full developer profile

Detection Fingerprints

How We Detect Rating by BestWebSoft

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/rating-bws/assets/css/rating-bws.css/wp-content/plugins/rating-bws/assets/js/rating-bws.js

Script Paths

/wp-content/plugins/rating-bws/assets/js/rating-bws.js

Version Parameters

rating-bws/assets/css/rating-bws.css?ver=rating-bws/assets/js/rating-bws.js?ver=

HTML / DOM Fingerprints

CSS Classes

rtng-starsrtng-ratingrtng-containerrtng-average

Data Attributes

data-rating-avgdata-rating-id

JS Globals

rtng_params

Shortcode Output

[rating-bws]

FAQ