Does Rating Widget: Post Rating, 5 Star Rating, Reviews, Thumbs Up & Down, Reaction have any unpatched vulnerabilities?

No. All known vulnerabilities in Rating Widget: Post Rating, 5 Star Rating, Reviews, Thumbs Up & Down, Reaction have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Rating Widget: Post Rating, 5 Star Rating, Reviews, Thumbs Up & Down, Reaction Security & Risk Analysis

wordpress.org/plugins/totalrating

Enhance UX with a customizable rating widget 5 star, smiley, and thumbs up/down. Collect feedback and ratings for your website.

400 active installs v1.8.5 PHP 7.0+ WP 4.8+ Updated Jul 13, 2024

rateratingreactionsatisfactionstars

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Rating Widget: Post Rating, 5 Star Rating, Reviews, Thumbs Up & Down, Reaction Safe to Use in 2026?

Generally Safe

Score 92/100

Rating Widget: Post Rating, 5 Star Rating, Reviews, Thumbs Up & Down, Reaction has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "totalrating" plugin v1.8.5 exhibits a generally strong security posture based on the provided static analysis. The complete absence of critical and high-severity taint flows, coupled with the proper use of prepared statements for all SQL queries and near-perfect output escaping, indicates good development practices in these areas. The lack of external HTTP requests further reduces potential attack vectors. However, a significant concern arises from the absence of any nonce checks or capability checks, particularly when considering the plugin's potential to interact with user input or perform sensitive operations. The lack of any recorded vulnerability history is a positive indicator, suggesting a history of secure development, but it doesn't negate the risks identified in the current code analysis.

Key Concerns

Missing nonce checks
Missing capability checks

Vulnerabilities

None known

Rating Widget: Post Rating, 5 Star Rating, Reviews, Thumbs Up & Down, Reaction Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Rating Widget: Post Rating, 5 Star Rating, Reviews, Thumbs Up & Down, Reaction Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

76 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared4 total queries

Output Escaping

99% escaped77 total outputs

Attack Surface

Rating Widget: Post Rating, 5 Star Rating, Reviews, Thumbs Up & Down, Reaction Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 18

actionpre_get_postssrc\Admin\EntityFilter.php:61

actionrestrict_manage_postssrc\Admin\EntityFilter.php:78

filterposts_join_pagedsrc\Admin\EntityFilter.php:81

filterposts_fieldssrc\Admin\EntityFilter.php:82

filterposts_orderbysrc\Admin\EntityFilter.php:83

filterposts_groupbysrc\Admin\EntityFilter.php:84

filterposts_distinctsrc\Admin\EntityFilter.php:85

actionadd_meta_boxessrc\Metaboxes\RatingMetabox.php:69

actionadmin_enqueue_scriptssrc\Metaboxes\RatingMetabox.php:70

filterquery_varssrc\Tasks\Widget\RegisterRewriteRules.php:32

actioninitsrc\Tasks\Widget\RegisterRewriteRules.php:40

actionwp_footersrc\Tasks\Widget\RenderWidget.php:110

actionadmin_footersrc\Tasks\Widget\RenderWidget.php:111

filterthe_contentsrc\Tasks\Widget\SetupFilter.php:68

filtertemplate_includesrc\Tasks\Widget\SetupPreviewWidget.php:21

actiontemplate_redirectsrc\Tasks\Widget\SetupWidgetsFromContext.php:58

filterwp_title_partssrc\Tasks\Widget\ViewWidget.php:66

actionwp_headsrc\Tasks\Widget\ViewWidget.php:73

Maintenance & Trust

Rating Widget: Post Rating, 5 Star Rating, Reviews, Thumbs Up & Down, Reaction Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8

Last updatedJul 13, 2024

PHP min version7.0

Downloads12K

Community Trust

Rating100/100

Number of ratings9

Active installs400

Alternatives

Rating Widget: Post Rating, 5 Star Rating, Reviews, Thumbs Up & Down, Reaction Alternatives

Rate this Author

rate-this-author

100

This is a very simple and lightweight Plugin for rating authors by visitors.

10 No CVEs

kk Star Ratings – Rate Post & Collect User Feedbacks

kk-star-ratings

kk Star Ratings allows blog visitors to involve and interact more effectively with your website by rating posts.

80K 4 CVEs

Rate My Post – Star Rating Plugin by FeedbackWP

rate-my-post

Add Star Rating to WordPress posts & pages, collect feedbacks from users and improve website SEO with Schema markup for Rich Snippets.

20K 7 CVEs

YASR – Yet Another Star Rating Plugin for WordPress

yet-another-stars-rating

Boost the way people interact with your site with an easy WordPress stars rating system! With schema.org rich snippets YASR will improve your SEO

10K 6 CVEs

GD Rating System

gd-rating-system

Powerful, highly customizable and versatile ratings plugin to allow your users to vote for anything you want.

1K 12 CVEs

Developer Profile

Rating Widget: Post Rating, 5 Star Rating, Reviews, Thumbs Up & Down, Reaction Developer Profile

TotalSuite

5 plugins · 2K total installs

trust score

Avg Security Score

86/100

Avg Patch Time

138 days

View full developer profile

Detection Fingerprints

How We Detect Rating Widget: Post Rating, 5 Star Rating, Reviews, Thumbs Up & Down, Reaction

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/totalrating/assets/css/metabox.css/wp-content/plugins/totalrating/assets/css/metabox.min.css/wp-content/plugins/totalrating/assets/js/app.js/wp-content/plugins/totalrating/assets/js/app.min.js

Script Paths

/wp-content/plugins/totalrating/assets/js/app.js/wp-content/plugins/totalrating/assets/js/app.min.js

Version Parameters

totalrating/assets/css/metaboxtotalrating/assets/js/app

HTML / DOM Fingerprints

CSS Classes

totalrating_metabox_widgettotalrating_metabox_widget_titletotalrating_metabox_widget_contenttotalrating_metabox_sidetotalrating_metabox_top

Data Attributes

data-entity-iddata-widget-uid

JS Globals

window.TotalRating

FAQ