Does eCommerce Comments and Ratings have any unpatched vulnerabilities?

No. All known vulnerabilities in eCommerce Comments and Ratings have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is eCommerce Comments and Ratings compatible with WordPress 6.8.5?

According to WordPress.org data, eCommerce Comments and Ratings 3.1.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is eCommerce Comments and Ratings compatible with PHP 7.0+?

eCommerce Comments and Ratings requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is eCommerce Comments and Ratings updated?

eCommerce Comments and Ratings was last updated on Dec 2, 2025. Frequent updates are generally a positive security signal.

What is eCommerce Comments and Ratings's security score?

eCommerce Comments and Ratings has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

eCommerce Comments and Ratings Security & Risk Analysis

wordpress.org/plugins/woo-dis-comments-and-ratings

eCommerce Disqus Comments and Ratings gives you better control over palcement

10 active installs v3.1.1 PHP 7.0+ WP 5.0.0+ Updated Dec 2, 2025

commentsratingszamartz

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is eCommerce Comments and Ratings Safe to Use in 2026?

Generally Safe

Score 100/100

eCommerce Comments and Ratings has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The 'woo-dis-comments-and-ratings' plugin v3.1.1 exhibits a mixed security posture. While there is no known vulnerability history or critical issues flagged in taint analysis, the static analysis reveals significant areas of concern. The presence of six AJAX handlers, with four of them lacking authentication checks, creates a considerable attack surface that could be exploited by unauthenticated users. Furthermore, the plugin's handling of SQL queries is problematic, with 100% of them not using prepared statements, increasing the risk of SQL injection vulnerabilities.

The output escaping is also a weakness, with only 5% of outputs being properly escaped, suggesting potential for cross-site scripting (XSS) vulnerabilities. While the plugin does not appear to bundle outdated libraries or make insecure file operations, the lack of capability checks on AJAX handlers and the overall low rate of proper output escaping are critical oversight. The absence of any recorded vulnerabilities is positive, but it does not negate the inherent risks exposed by the code analysis.

In conclusion, the plugin's strength lies in its lack of a known vulnerability history. However, the static analysis highlights critical security weaknesses, particularly the unprotected AJAX endpoints and the unescaped outputs, alongside insecure SQL query practices. These factors present a tangible risk that requires immediate attention and remediation to improve the plugin's overall security.

Key Concerns

AJAX handlers without auth checks
SQL queries not using prepared statements
Low percentage of properly escaped output
No capability checks on entry points

Vulnerabilities

None known

eCommerce Comments and Ratings Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

eCommerce Comments and Ratings Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

5% escaped86 total outputs

Attack Surface

4 unprotected

eCommerce Comments and Ratings Attack Surface

Entry Points6

Unprotected4

AJAX Handlers 6

authwp_ajax_woo_disqus_form_data_ajaxadmin\class-wp-dis-comments-and-ratings-woo-settings.php:80

authwp_ajax_zamartz_review_now_ajaxadmin\class-zamartz-admin-addons.php:125

authwp_ajax_woo_disqus_get_network_api_status_ajaxadmin\class-zamartz-network-admin-addons.php:80

authwp_ajax_woo_disqus_network_addon_form_data_ajaxadmin\class-zamartz-network-admin-addons.php:83

authwp_ajax_wp_zamartz_admin_event_tracker_ajaxadmin\zamartz\class-wp-woo-main-zamartz-admin.php:103

authwp_ajax_wp_zamartz_admin_general_form_data_ajaxadmin\zamartz\class-wp-woo-main-zamartz-admin.php:106

WordPress Hooks 56

filterwoocommerce_get_sections_productsadmin\class-wp-dis-comments-and-ratings-woo-settings.php:73

filterwoocommerce_get_settings_productsadmin\class-wp-dis-comments-and-ratings-woo-settings.php:76

actionadd_meta_boxesadmin\class-wp-dis-comments-and-ratings-woo-settings.php:84

actionwoocommerce_new_productadmin\class-wp-dis-comments-and-ratings-woo-settings.php:87

actionwoocommerce_update_productadmin\class-wp-dis-comments-and-ratings-woo-settings.php:88

actionadmin_footeradmin\class-wp-dis-comments-and-ratings-woo-settings.php:92

filterzamartz_dashboard_accordion_informationadmin\class-zamartz-admin-addons.php:77

filterzamartz_dashboard_accordion_settingsadmin\class-zamartz-admin-addons.php:80

filterzamartz_settings_subnavadmin\class-zamartz-admin-addons.php:83

actionzamartz_admin_addon_informationadmin\class-zamartz-admin-addons.php:86

actionzamartz_admin_addon_settingsadmin\class-zamartz-admin-addons.php:89

filtercron_schedulesadmin\class-zamartz-admin-addons.php:104

actionzamartz_api_cron_schedule_twice_monthlyadmin\class-zamartz-admin-addons.php:107

filtercron_schedulesadmin\class-zamartz-admin-addons.php:110

actionzamartz_api_cron_schedule_admin_noticeadmin\class-zamartz-admin-addons.php:113

actionadmin_noticesadmin\class-zamartz-admin-addons.php:116

filterzamartz_plugin_statusadmin\class-zamartz-admin-status.php:44

filterzamartz_network_dashboard_accordion_informationadmin\class-zamartz-network-admin-addons.php:65

filterzamartz_network_dashboard_accordion_settingsadmin\class-zamartz-network-admin-addons.php:68

filterzamartz_network_dashboard_active_addons_site_listadmin\class-zamartz-network-admin-addons.php:71

actionzamartz_network_addon_settingsadmin\class-zamartz-network-admin-addons.php:74

actionzamartz_network_addon_informationadmin\class-zamartz-network-admin-addons.php:77

filterzamartz_network_is_remove_adsadmin\class-zamartz-network-admin-addons.php:86

actionadmin_enqueue_scriptsadmin\zamartz\class-wp-woo-main-zamartz-admin.php:59

actionadmin_enqueue_scriptsadmin\zamartz\class-wp-woo-main-zamartz-admin.php:60

actionadmin_menuadmin\zamartz\class-wp-woo-main-zamartz-admin.php:89

actionnetwork_admin_menuadmin\zamartz\class-wp-woo-main-zamartz-admin.php:92

actionadmin_noticesadmin\zamartz\class-wp-woo-main-zamartz-admin.php:99

filterzamartz_is_remove_adsadmin\zamartz\helper\trait-zamartz-general.php:227

filterwp_feed_cache_transient_lifetimeadmin\zamartz\helper\trait-zamartz-rss-methods.php:107

filterplugins_loadedincludes\class-wp-dis-comments-and-ratings-woo.php:143

filterplugins_loadedincludes\class-wp-dis-comments-and-ratings-woo.php:144

actionnetwork_admin_noticesincludes\class-wp-dis-comments-and-ratings-woo.php:148

actionadmin_noticesincludes\class-wp-dis-comments-and-ratings-woo.php:150

actionplugins_loadedincludes\class-wp-dis-comments-and-ratings-woo.php:268

actionadmin_enqueue_scriptsincludes\class-wp-dis-comments-and-ratings-woo.php:283

actionadmin_enqueue_scriptsincludes\class-wp-dis-comments-and-ratings-woo.php:284

actionwp_enqueue_scriptsincludes\class-wp-dis-comments-and-ratings-woo.php:299

actionwp_enqueue_scriptsincludes\class-wp-dis-comments-and-ratings-woo.php:300

actionadmin_initincludes\class-wp-dis-comments-and-ratings-woo.php:402

actionwppublic\class-wp-dis-comments-and-ratings-woo-front.php:59

actionwp_enqueue_scriptspublic\class-wp-dis-comments-and-ratings-woo-front.php:90

actionwp_enqueue_scriptspublic\class-wp-dis-comments-and-ratings-woo-front.php:101

actionwp_enqueue_scriptspublic\class-wp-dis-comments-and-ratings-woo-front.php:102

actionwoocommerce_before_shop_loop_itempublic\class-wp-dis-comments-and-ratings-woo-front.php:127

actionwoocommerce_after_shop_loop_itempublic\class-wp-dis-comments-and-ratings-woo-front.php:128

actionthe_postpublic\class-wp-dis-comments-and-ratings-woo-front.php:137

filterwoocommerce_product_tabspublic\class-wp-dis-comments-and-ratings-woo-front.php:150

filterwoocommerce_product_after_tabspublic\class-wp-dis-comments-and-ratings-woo-front.php:153

filterwoocommerce_after_single_product_summarypublic\class-wp-dis-comments-and-ratings-woo-front.php:157

filterwoocommerce_product_tabspublic\class-wp-dis-comments-and-ratings-woo-front.php:163

actionwoocommerce_single_product_summarypublic\class-wp-dis-comments-and-ratings-woo-front.php:183

actionwoocommerce_single_product_summarypublic\class-wp-dis-comments-and-ratings-woo-front.php:195

actionwoocommerce_shop_loop_item_titlepublic\class-wp-dis-comments-and-ratings-woo-front.php:231

actionwoocommerce_after_shop_loop_item_titlepublic\class-wp-dis-comments-and-ratings-woo-front.php:234

actionwoocommerce_shop_loop_item_titlepublic\class-wp-dis-comments-and-ratings-woo-front.php:240

Maintenance & Trust

eCommerce Comments and Ratings Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedDec 2, 2025

PHP min version7.0

Downloads15K

Community Trust

Rating80/100

Number of ratings4

Active installs10

Alternatives

eCommerce Comments and Ratings Alternatives

Rate

rate

Most ratings plugins contain too much code: inline JavaScript, messy markup, weird CSS. Rate is simple, hardly intrusive, and completely overridable.

40 No CVEs

Integration for BazaarVoice

integration-for-baazarvoice

An plugin that will integrate with the Bazaarvoice rating system.

10 No CVEs

weeComments – Shop & Products Reviews

weecomments

Genera confianza en tu tienda online y aumenta las ventas con weecomments. http://weecomments.com Muestra un widget de opiniones de la tienda online, …

10 No CVEs

NavThemes Employee Ratings

navthemes-employee-ratings

Professionalism Efficiency and technical knowledge Helping your Teammates. Proactiveness Leaves By Timesheet your employees can keep track of time.

0 No CVEs

Akismet Anti-spam: Spam Protection

akismet

The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.

6.0M 2 CVEs

Developer Profile

eCommerce Comments and Ratings Developer Profile

zamartz

3 plugins · 80 total installs

trust score

Avg Security Score

98/100

Avg Patch Time

186 days

View full developer profile

Detection Fingerprints

How We Detect eCommerce Comments and Ratings

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/woo-dis-comments-and-ratings/admin/css/wp-dis-comments-and-ratings-woo-admin.css/wp-content/plugins/woo-dis-comments-and-ratings/admin/js/wp-dis-comments-and-ratings-woo-admin.js

Script Paths

/wp-content/plugins/woo-dis-comments-and-ratings/admin/js/wp-dis-comments-and-ratings-woo-admin.js

Version Parameters

wp-dis-comments-and-ratings/admin/css/wp-dis-comments-and-ratings-woo-admin.css?ver=wp-dis-comments-and-ratings/admin/js/wp-dis-comments-and-ratings-woo-admin.js?ver=

HTML / DOM Fingerprints

JS Globals

Wp_Woo_Dis_Comments_And_Ratings

FAQ