Does WP Kuchikomi have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Kuchikomi compatible with WordPress 4.6.30?

According to WordPress.org data, WP Kuchikomi 1.1.1 has been tested up to WordPress 4.6.30. Check the plugin's changelog for the latest compatibility information.

How often is WP Kuchikomi updated?

WP Kuchikomi was last updated on Jan 16, 2017. Frequent updates are generally a positive security signal.

What is WP Kuchikomi's security score?

WP Kuchikomi has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Kuchikomi Security & Risk Analysis

wordpress.org/plugins/wp-kuchikomi

This plugin add a 5-point rating system for your wordpress, and can also accept ratings from users.

10 active installs v1.1.1 PHP + WP 4.1+ Updated Jan 16, 2017

ratingreview

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Kuchikomi Safe to Use in 2026?

Generally Safe

Score 85/100

WP Kuchikomi has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The wp-kuchikomi plugin v1.1.1 exhibits a mixed security posture. On the positive side, there is a very limited attack surface, with no identified AJAX handlers, REST API routes, shortcodes, or cron events. This significantly reduces the potential avenues for exploitation. Furthermore, the plugin implements nonce and capability checks, and a decent portion of its SQL queries utilize prepared statements. The absence of any known historical vulnerabilities or critical taint flows is also a strong indicator of good security practices.

However, there are significant concerns regarding code quality and potential for vulnerabilities. The presence of two instances of the `create_function` construct is a major red flag, as this function is deprecated and can lead to arbitrary code execution if user-supplied input is not strictly sanitized. Additionally, the very low percentage of properly escaped output (15%) suggests a high risk of Cross-Site Scripting (XSS) vulnerabilities. While taint analysis showed no immediate critical or high severity flows, the lack of comprehensive taint analysis (0 flows analyzed) and the poor output escaping create a fertile ground for such issues to emerge.

In conclusion, while the plugin's minimal attack surface and lack of historical vulnerabilities are strengths, the use of `create_function` and the extensive unescaped output present serious, actionable security risks. The plugin needs significant code refactoring to address these issues before it can be considered secure.

Key Concerns

Use of deprecated and dangerous create_function
Low percentage of properly escaped output
Limited taint analysis coverage

Vulnerabilities

None known

WP Kuchikomi Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

WP Kuchikomi Release Timeline

v1.1.1Current

Code Analysis

Analyzed Mar 17, 2026

WP Kuchikomi Code Analysis

Dangerous Functions

Raw SQL Queries

3 prepared

Unescaped Output

101

18 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_action( 'widgets_init', create_function('', 'register_widget("WP_KckmWidget_RecentRatings");' ))inc\widgets\WP_KckmWidget_RecentRatings.class.php:174

create_functionadd_action( 'widgets_init', create_function('', 'register_widget("WP_KckmWidget_TopRated");' ));inc\widgets\WP_KckmWidget_TopRated.class.php:280

SQL Query Safety

43% prepared7 total queries

Output Escaping

15% escaped119 total outputs

Attack Surface

WP Kuchikomi Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 26

actionadmin_initinc\admin\WP_KckmAdmin.class.php:37

actioninitinc\admin\WP_KckmAdmin.class.php:39

filtermanage_edit-post_columnsinc\admin\WP_KckmAdmin.class.php:41

actionmanage_posts_custom_columninc\admin\WP_KckmAdmin.class.php:42

actionwp_set_comment_statusinc\admin\WP_KckmAdmin.class.php:45

actionadmin_print_scriptsinc\admin\WP_KckmAdmin.class.php:51

actionadmin_print_stylesinc\admin\WP_KckmAdmin.class.php:54

filteradmin_footer_textinc\admin\WP_KckmAdmin.class.php:57

actionadmin_menuinc\admin\WP_KckmAdmin.class.php:103

actionadmin_menuinc\admin\WP_KckmAdmin.class.php:104

actionsave_postinc\admin\WP_KckmAdmin.class.php:105

filterthe_contentinc\frontend\WP_KckmFrontend.class.php:38

filtercomment_form_defaultsinc\frontend\WP_KckmFrontend.class.php:41

actionwp_footerinc\frontend\WP_KckmFrontend.class.php:43

actioncomment_postinc\frontend\WP_KckmFrontend.class.php:45

filterpreprocess_commentinc\frontend\WP_KckmFrontend.class.php:50

filtercomment_textinc\frontend\WP_KckmFrontend.class.php:53

filterthesis_comment_textinc\frontend\WP_KckmFrontend.class.php:54

actionwidgets_initinc\widgets\WP_KckmWidget_RecentRatings.class.php:174

actionsave_postinc\widgets\WP_KckmWidget_TopRated.class.php:21

actiondeleted_postinc\widgets\WP_KckmWidget_TopRated.class.php:22

actionswitch_themeinc\widgets\WP_KckmWidget_TopRated.class.php:23

actionwidgets_initinc\widgets\WP_KckmWidget_TopRated.class.php:280

actioninitinc\WP_Kckm.class.php:42

actionwp_enqueue_scriptsinc\WP_Kckm.class.php:48

actionadmin_enqueue_scriptsinc\WP_Kckm.class.php:51

Maintenance & Trust

WP Kuchikomi Maintenance & Trust

Maintenance Signals

WordPress version tested4.6.30

Last updatedJan 16, 2017

PHP min version

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

WP Kuchikomi Alternatives

WP Ultimate Review

wp-ultimate-review

WP Ultimate Review is the perfect plugin to collect & display customers' feedback effortlessly on products, services, & content in WordPress.

70K 1 unpatched

Site Reviews

site-reviews

Site Reviews is a complete review management solution that integrates with WooCommerce and SureCart and works similarly to reviews on Amazon, Tripadvi …

60K 13 CVEs

Testimonial – Testimonial Slider and Showcase Plugin

testimonial-slider-and-showcase

Display customer testimonials beautifully with responsive slider and grid layouts. Build trust and boost conversions with this WordPress testimonial p …

30K 2 CVEs

Reviews and Rating – Google Reviews

g-business-reviews-rating

Completely restriction-free Google reviews and rating as Shortcode/Widget. Extensive display options; delicious themes; includes Structured Data.

20K 2 CVEs

Review Schema – Review & Structure Data Schema Plugin

review-schema

WordPress Review Plugin with Schema adds Google Rich Snippets markup according to Schema.org guidelines to structure your website for SEO.

10K 3 CVEs

Developer Profile

WP Kuchikomi Developer Profile

superside7

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Kuchikomi

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-kuchikomi/assets/js/admin-scripts.js/wp-content/plugins/wp-kuchikomi/assets/css/github-markdown.css

Script Paths

/wp-content/plugins/wp-kuchikomi/assets/js/admin-scripts.js

Version Parameters

wp-kuchikomi/assets/js/admin-scripts.js?ver=wp-kuchikomi/assets/css/github-markdown.css?ver=

HTML / DOM Fingerprints

HTML Comments

/*
 管理画面での設定
/***********************************************/

/*
 初期化
 @param str $option_name WPのオプション設定に保存する為の名前
 @param str $item_option_name WPの評価項目オプション設定に保存する為の名前
 @param str $doamin 翻訳ファイル識別用ドメイン
 @param str $plugin_slug プラグインのスラッグ
*/

+10 more

Data Attributes

name="wp_kuchikomi_options[post_types]"name="wp_kuchikomi_options[check_multiple]"name="wp_kuchikomi_options[user_rating]"

FAQ