Does SN Rating have any unpatched vulnerabilities?

No. All known vulnerabilities in SN Rating have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is SN Rating compatible with WordPress 3.7.41?

According to WordPress.org data, SN Rating 1.4.7 has been tested up to WordPress 3.7.41. Check the plugin's changelog for the latest compatibility information.

How often is SN Rating updated?

SN Rating was last updated on Dec 26, 2013. Frequent updates are generally a positive security signal.

What is SN Rating's security score?

SN Rating has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

SN Rating Security & Risk Analysis

wordpress.org/plugins/sn-rating

SN Rating is an enhanced rating plugin for WP content which has got unmatched features that are still unavailable in existing rating related plugins.

10 active installs v1.4.7 PHP + WP 2.8+ Updated Dec 26, 2013

demographic-informationratingrating-by-pagerating-by-postrating-by-region

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is SN Rating Safe to Use in 2026?

Generally Safe

Score 85/100

SN Rating has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago

Risk Assessment

The sn-rating plugin v1.4.7 exhibits significant security concerns primarily due to a large, unprotected attack surface and poor code hygiene in general. All six identified AJAX handlers lack authentication and capability checks, presenting a direct entry point for attackers to potentially trigger malicious actions. Furthermore, the plugin demonstrates a severe lack of secure coding practices, with only 2% of SQL queries using prepared statements and a similarly low 2% of output properly escaped. This indicates a high risk of SQL injection and Cross-Site Scripting (XSS) vulnerabilities, especially when combined with the unprotected AJAX endpoints.

The taint analysis reveals two high-severity flows with unsanitized paths, suggesting potential for data to be processed in an insecure manner, although no critical severity issues were identified. The absence of any recorded vulnerability history (CVEs) might initially seem positive, but it doesn't negate the clear and present risks identified in the static analysis. It is possible that no vulnerabilities have been discovered or publicly disclosed yet, or the plugin has not been extensively tested for security flaws. Therefore, while the plugin has no known historical vulnerabilities, the extensive number of unprotected entry points and the prevalence of insecure coding practices make this plugin a considerable security risk.

Key Concerns

Unprotected AJAX handlers
High percentage of raw SQL queries
Low percentage of proper output escaping
High severity taint flows
No nonce checks on AJAX handlers
No capability checks on AJAX handlers
Use of dangerous function create_function

Vulnerabilities

None known

SN Rating Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

SN Rating Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

118

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_action( 'plugins_loaded', create_function( '', '$rating_settings_tabs = new RatingSettings();' sn_rating.php:296

SQL Query Safety

2% prepared41 total queries

Output Escaping

2% escaped121 total outputs

Data Flows

11 unsanitized

Data Flow Analysis

11 flows11 with unsanitized paths

ajax_rating_submission (ajax-rating.php:10)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

SN Rating Attack Surface

Entry Points6

Unprotected6

AJAX Handlers 6

authwp_ajax_ajax_rating_submissionajax-rating.php:47

noprivwp_ajax_ajax_rating_submissionajax-rating.php:48

authwp_ajax_ajax_theme_assignajax-rating.php:50

noprivwp_ajax_ajax_theme_assignajax-rating.php:51

authwp_ajax_ajax_factor_assignajax-rating.php:53

noprivwp_ajax_ajax_factor_assignajax-rating.php:54

WordPress Hooks 18

filterthe_titlerating_html.php:99

actioninitrating_settings.php:32

actionadmin_initrating_settings.php:33

actionadmin_initrating_settings.php:34

actionadmin_initrating_settings.php:35

actionadmin_menurating_settings.php:36

actioninitsn_rating.php:28

actionwp_headsn_rating.php:29

actionthe_contentsn_rating.php:151

actioncomment_textsn_rating.php:152

actionbp_activity_entry_contentsn_rating.php:153

actionplugins_loadedsn_rating.php:296

actioninitsn_rating.php:318

filterthe_contentsn_rating.php:339

actionadmin_headsn_rating.php:356

actionwp_headsn_rating.php:359

actionadmin_menusn_rating.php:362

actionwidgets_initwidget.php:135

Maintenance & Trust

SN Rating Maintenance & Trust

Maintenance Signals

WordPress version tested3.7.41

Last updatedDec 26, 2013

PHP min version

Downloads14K

Community Trust

Rating72/100

Number of ratings18

Active installs10

Alternatives

SN Rating Alternatives

Crowdsignal Dashboard – Polls, Surveys & more

polldaddy

Manage your Crowdsignal polls, surveys, quizzes, and ratings directly from the WordPress dashboard.

100K 9 CVEs

Strong Testimonials

strong-testimonials

An easy-to-use testimonial plugin to collect and show customer feedback in WordPress

90K 14 CVEs

kk Star Ratings – Rate Post & Collect User Feedbacks

kk-star-ratings

kk Star Ratings allows blog visitors to involve and interact more effectively with your website by rating posts.

80K 4 CVEs

Site Reviews

site-reviews

Site Reviews is a complete review management solution that integrates with WooCommerce and SureCart and works similarly to reviews on Amazon, Tripadvi …

70K 13 CVEs

WP Ultimate Review

wp-ultimate-review

WP Ultimate Review is the perfect plugin to collect & display customers' feedback effortlessly on products, services, & content in WordPress.

70K 8 CVEs

Developer Profile

SN Rating Developer Profile

pgautam

2 plugins · 20 total installs

trust score

Avg Security Score

93/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect SN Rating

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/sn-rating/css/rating-styles.css/wp-content/plugins/sn-rating/css/ui-lightness/jquery-ui-1.10.2.custom.css/wp-content/plugins/sn-rating/scripts/rating.js

Script Paths

/wp-content/plugins/sn-rating/scripts/rating.js

Version Parameters

sn-rating/css/rating-styles.css?ver=sn-rating/scripts/rating.js?ver=sn-rating/css/ui-lightness/jquery-ui-1.10.2.custom.css?ver=

HTML / DOM Fingerprints

CSS Classes

most-rated-contentsnRatingBuddyPress

JS Globals

ajax_url

FAQ