Wp Multiratings Security & Risk Analysis
wordpress.org/plugins/wp-multiratingsWP-Multiratings plugin allows site administrators, webmasters and theme developers to include post rating functionality on their website.
Is Wp Multiratings Safe to Use in 2026?
Generally Safe
Score 100/100Wp Multiratings has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The wp-multiratings plugin version 1.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for all SQL queries and avoids external HTTP requests or file operations, reducing common attack vectors. The absence of any recorded vulnerabilities or CVEs is also a strong indicator of past stability and diligent maintenance.
However, significant concerns arise from the static and taint analysis. The plugin exposes two AJAX handlers without authentication checks, creating a substantial attack surface for unauthorized actions. Furthermore, the taint analysis revealed one flow with an unsanitized path, classified as high severity, indicating a potential for attackers to exploit this to execute arbitrary code or manipulate data. The critical lack of nonce checks on AJAX endpoints and the low percentage of properly escaped output (6%) are also significant weaknesses that could lead to Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) vulnerabilities, respectively.
In conclusion, while the plugin has a clean vulnerability history and good SQL hygiene, the identified critical issues in its handling of AJAX requests, unsanitized data flows, and output escaping present a notable risk. These factors, particularly the unprotected AJAX endpoints and the high-severity taint flow, demand immediate attention to prevent potential exploitation.
Key Concerns
- AJAX handlers without auth checks
- High severity unsanitized path flow
- Missing nonce checks
- Low percentage of properly escaped output
Wp Multiratings Security Vulnerabilities
Wp Multiratings Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
Wp Multiratings Attack Surface
AJAX Handlers 2
Shortcodes 1
WordPress Hooks 7
Maintenance & Trust
Wp Multiratings Maintenance & Trust
Maintenance Signals
Community Trust
Wp Multiratings Alternatives
Rate My Post – Star Rating Plugin by FeedbackWP
rate-my-post
Add Star Rating to WordPress posts & pages, collect feedbacks from users and improve website SEO with Schema markup for Rich Snippets.
Helpful – Article Feedback Plugin
daext-helpful
Easily add a "Was it helpful?" survey on your blog or knowledge base pages with this article feedback plugin.
Emoji Reaction Rating
emoji-reaction-rating
A useful plugin to create Emoji based Reaction Ratings for post types by DynaThemes.com
Rating Plus
rating-plus
A simple and clean rating widget plugin allowing to add a sexy rate button to the widgets area.
TechHolds Addons For Elementor
techholds-addons-for-elementor
TechHolds Addons For Elementor is a Easy to use plugin by TechHolds that adds widgets.
Wp Multiratings Developer Profile
1 plugin · 10 total installs
How We Detect Wp Multiratings
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/wp-multiratings/wpmrwidget.php/wp-content/plugins/wp-multiratings/wp-constants.php/wp-content/plugins/wp-multiratings/wp-db.php/wp-content/plugins/wp-multiratings/jquery.js/wp-content/plugins/wp-multiratings/wp-multiratings.js/wp-content/plugins/wp-multiratings/wp-multiratings.css/wp-content/plugins/wp-multiratings/jquery.js/wp-content/plugins/wp-multiratings/wp-multiratings.jsHTML / DOM Fingerprints
wpmr-rating-stars<!-- Widget for the sidebar--><!--The constants used for plugin--><!--The core functions for plugin--><!--Shortcode support-->+11 moredata-postiddata-ratingtypeWPMRAjax/wp-json/wp-multiratings/v1/rate[wpmrrating]