WP-Safety

Star Rating Review for Welcart Security & Risk Analysis

wordpress.org/plugins/star-rating-review-w

*** Welcart e-Commerce Version1.6.3 or more *** It is only for this plugin: Welcart e-Commerce. You can only be used when enabled.

20 active installs v1.1 PHP + WP 4.4+ Updated Dec 15, 2015
welcart-e-commerce-starrating-review
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Star Rating Review for Welcart Safe to Use in 2026?

Generally Safe

Score 85/100

Star Rating Review for Welcart has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago
Risk Assessment

The static analysis of "star-rating-review-w" v1.1 reveals a generally strong security posture with no identified dangerous functions, external HTTP requests, file operations, or raw SQL queries. The absence of any identified CVEs and a clean vulnerability history further contribute to a positive outlook. However, a significant concern arises from the 75% of output handling that is not properly escaped. This weakness creates a potential attack vector for cross-site scripting (XSS) vulnerabilities, where malicious scripts could be injected and executed within the user's browser. While the attack surface is currently reported as zero entry points, this could change with future updates, and the lack of robust output sanitization remains a notable deficiency. The plugin demonstrates good practices in avoiding direct SQL injection risks and limiting its external dependencies, but the unescaped output requires immediate attention to mitigate potential XSS risks.

Key Concerns

  • Output not properly escaped (75%)
Vulnerabilities
None known

Star Rating Review for Welcart Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Star Rating Review for Welcart Release Timeline

v1.1Current
v1.0
Code Analysis
Analyzed Mar 16, 2026

Star Rating Review for Welcart Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
6
2 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

25% escaped8 total outputs
Attack Surface

Star Rating Review for Welcart Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 5
actionwp_enqueue_scriptssrrwtx_function.php:12
actioncomment_postsrrwtx_function.php:28
filtercomments_opensrrwtx_function.php:51
filterpre_comment_approvedsrrwtx_function.php:52
actionwp_enqueue_scriptsstar_rating_review.php:28
Maintenance & Trust

Star Rating Review for Welcart Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34
Last updatedDec 15, 2015
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs20
Alternatives

Star Rating Review for Welcart Alternatives

No alternatives data available yet.

Developer Profile

Star Rating Review for Welcart Developer Profile

TEMPLX

1 plugin · 20 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Star Rating Review for Welcart

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/star-rating-review-w/css/srrwtx.css

HTML / DOM Fingerprints

CSS Classes
star-rating-reviewstar-rating-review-metastar-rating-review-authorstar-rating-review-metadatastar-rating-review-contentstar-ratingstar-rating-review-awaiting-moderationsrrwtx-body+5 more
HTML Comments
<!-- Customizing the comment list -->/* * comments.php file is welcart only. * Please use it to enable the welcart. * To the theme, please upload (overwriting) the comments.php file. * Before uploading please always back up. */
Data Attributes
id="star-rating-review-id="div-star-rating-review-datetime="
FAQ

Frequently Asked Questions about Star Rating Review for Welcart