Does Stars Rating have any unpatched vulnerabilities?

No. All known vulnerabilities in Stars Rating have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Stars Rating compatible with WordPress 6.9.4?

According to WordPress.org data, Stars Rating 4.0.7 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Stars Rating compatible with PHP 8.3+?

Stars Rating requires PHP 8.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Stars Rating updated?

Stars Rating was last updated on Dec 4, 2025. Frequent updates are generally a positive security signal.

What is Stars Rating's security score?

Stars Rating has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Stars Rating Security & Risk Analysis

wordpress.org/plugins/stars-rating

A plugin to turn comments into reviews by adding rating feature.

1K active installs v4.0.7 PHP 8.3+ WP 6.0+ Updated Dec 4, 2025

commentsratingreviewsshortcodestars

A · Safe

CVEs total1

Unpatched0

Last CVEDec 6, 2021

Plugin page Download

Safety Verdict

Is Stars Rating Safe to Use in 2026?

Generally Safe

Score 99/100

Stars Rating has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 6, 2021Updated 4mo ago

Risk Assessment

The "stars-rating" plugin v4.0.7 exhibits a generally good security posture, with no identified critical or high severity vulnerabilities in the static analysis, including no dangerous functions, file operations, or external HTTP requests. The presence of nonce checks and capability checks, along with the consistent use of prepared statements for SQL queries, indicates a commitment to secure coding practices. However, a significant concern is the moderate percentage of output escaping (68%), suggesting that some data might be rendered without proper sanitization, potentially opening avenues for cross-site scripting (XSS) vulnerabilities. While the taint analysis shows no flows with unsanitized paths, this doesn't completely negate the risk from unescaped output. The plugin's vulnerability history reveals one high severity CVE related to Uncontrolled Resource Consumption, last patched in late 2021. The fact that this vulnerability is no longer unpatched is positive, but the historical presence of a high-severity issue warrants vigilance. Overall, the plugin demonstrates strengths in core security implementations but has a notable weakness in output escaping and a past high-severity vulnerability that requires attention.

Key Concerns

Moderate output escaping (68%)
One high severity CVE in history (Uncontrolled Resource Consumption)

Vulnerabilities

Stars Rating Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2021-24893high · 7.5Uncontrolled Resource Consumption

Stars Rating <= 3.5.0 - Denial of Service

Dec 6, 2021 Patched in 3.5.1 (778d)

Code Analysis

Analyzed Mar 16, 2026

Stars Rating Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

36 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

68% escaped53 total outputs

Attack Surface

Stars Rating Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[stars_rating_avg] public\stars-rating-public.php:56

WordPress Hooks 15

filtermanage_edit-comments_columnsadmin\stars-rating-comments-column.php:18

actionmanage_comments_custom_columnadmin\stars-rating-comments-column.php:19

actionadd_meta_boxesadmin\stars-rating-metabox.php:73

actionsave_postadmin\stars-rating-metabox.php:74

actionadmin_menuadmin\Stars_Rating_Settings.php:18

actionadmin_initadmin\Stars_Rating_Settings.php:20

actionadmin_enqueue_scriptsincludes\class-stars-rating.php:26

actionwp_enqueue_scriptsincludes\class-stars-rating.php:27

actioncomment_form_logged_in_beforepublic\stars-rating-public.php:91

actioncomment_form_toppublic\stars-rating-public.php:92

filterpreprocess_commentpublic\stars-rating-public.php:93

actioncomment_postpublic\stars-rating-public.php:94

filtercomment_textpublic\stars-rating-public.php:95

filtercomments_templatepublic\stars-rating-public.php:101

actionwp_headpublic\stars-rating-public.php:104

Maintenance & Trust

Stars Rating Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 4, 2025

PHP min version8.3

Downloads33K

Community Trust

Rating94/100

Number of ratings23

Active installs1K

Alternatives

Stars Rating Alternatives

REVIEWS.io for WooCommerce

reviewscouk-for-woocommerce

REVIEWS.io, helps eCommerce merchants to collect & display verified product and company reviews. A Google Licensed partner.

1K 1 CVE

Five-Star Ratings Shortcode

five-star-ratings-shortcode

100

Simple lightweight shortcode to add 5-star ratings anywhere.

700 No CVEs

Better WooCommerce Stars Shortcode

better-woocommerce-stars-shortcode

Creates a shortcode that displays the rating, in stars, of any WooCommerce product.

60 No CVEs

Integration for BazaarVoice

integration-for-baazarvoice

An plugin that will integrate with the Bazaarvoice rating system.

10 No CVEs

weeComments – Shop & Products Reviews

weecomments

Genera confianza en tu tienda online y aumenta las ventas con weecomments. http://weecomments.com Muestra un widget de opiniones de la tienda online, …

10 No CVEs

Developer Profile

Stars Rating Developer Profile

Fahid Javid

3 plugins · 2K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

789 days

View full developer profile

Detection Fingerprints

How We Detect Stars Rating

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/stars-rating/includes/css/font-awesome.min.css/wp-content/plugins/stars-rating/admin/css/stars-rating-admin.css/wp-content/plugins/stars-rating/public/css/fontawesome-stars.css/wp-content/plugins/stars-rating/public/css/stars-rating-public.css/wp-content/plugins/stars-rating/public/js/jquery.barrating.min.js/wp-content/plugins/stars-rating/public/js/script.js

Script Paths

/wp-content/plugins/stars-rating/public/js/jquery.barrating.min.js/wp-content/plugins/stars-rating/public/js/script.js

Version Parameters

stars-rating/admin/css/stars-rating-admin.css?ver=stars-rating/public/css/stars-rating-public.css?ver=stars-rating/public/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

rating-starsstars-style-regularstars-style-modernstars-style-starstars-style-squarestars-style-filledfarated

Data Attributes

data-rating-value

JS Globals

Stars_Rating_Public

Shortcode Output

[stars_rating_avg]

FAQ