[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$foMG-RlC5ftM_NGUagmnjgiif5aehIB4sgar04qu7-fU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":106,"crawl_stats":38,"alternatives":114,"analysis":208,"fingerprints":795},"wp-postratings","WP-PostRatings","1.91.2","Lester Chan","https:\u002F\u002Fprofiles.wordpress.org\u002Fgamerz\u002F","\u003Ch3>Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Open \u003Ccode>wp-content\u002Fthemes\u002F\u003CYOUR THEME NAME>\u002Findex.php\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>You may place it in archive.php, single.php, post.php or page.php also.\u003C\u002Fli>\n\u003Cli>Find: \u003Ccode>\u003C?php while (have_posts()) : the_post(); ?>\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Add Anywhere Below It (The Place You Want The Ratings To Show): \u003Ccode>\u003C?php if(function_exists('the_ratings')) { the_ratings(); } ?>\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cul>\n\u003Cli>If you DO NOT want the ratings to appear in every post\u002Fpage, DO NOT use the code above. Just type in \u003Ccode>[ratings]\u003C\u002Fcode> into the selected post\u002Fpage content and it will embed ratings into that post\u002Fpage only.\u003C\u002Fli>\n\u003Cli>If you want to embed other post ratings use \u003Ccode>[ratings id=\"1\"]\u003C\u002Fcode>, where 1 is the ID of the post\u002Fpage ratings that you want to display.\u003C\u002Fli>\n\u003Cli>If you want to embed other post ratings results, use \u003Ccode>[ratings id=\"1\" results=\"true\"]\u003C\u002Fcode>, where 1 is the ID of the post\u002Fpage ratings results that you want to display.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Development\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Flesterchan\u002Fwp-postratings\" title=\"https:\u002F\u002Fgithub.com\u002Flesterchan\u002Fwp-postratings\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Flesterchan\u002Fwp-postratings\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Plugin icon by \u003Ca href=\"http:\u002F\u002Fwww.freepik.com\" rel=\"nofollow ugc\">Freepik\u003C\u002Fa> from \u003Ca href=\"http:\u002F\u002Fwww.flaticon.com\" rel=\"nofollow ugc\">Flaticon\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Icons courtesy of \u003Ca href=\"http:\u002F\u002Fwww.famfamfam.com\u002F\" title=\"FamFamFam\" rel=\"nofollow ugc\">FamFamFam\u003C\u002Fa> and \u003Ca href=\"http:\u002F\u002Fwww.everaldo.com\" title=\"Everaldo\" rel=\"nofollow ugc\">Everaldo\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Donations\u003C\u002Fh3>\n\u003Cp>I spent most of my free time creating, updating, maintaining and supporting these plugins, if you really love my plugins and could spare me a couple of bucks, I will really appreciate it. If not feel free to use it without any obligations.\u003C\u002Fp>\n","Adds an AJAX rating system for your WordPress site's content.",30000,2263058,86,179,"2024-07-16T13:07:00.000Z","6.6.5","4.9.6","",[20,21,22,23,24],"postrating","postratings","rating","ratings","vote","https:\u002F\u002Flesterchan.net\u002Fportfolio\u002Fprogramming\u002Fphp\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-postratings.1.91.2.zip",88,5,0,"2024-08-01 00:00:00","2026-03-15T15:16:48.613Z",[33,48,63,77,91],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2024-39659","wp-postratings-authenticated-contributor-stored-cross-site-scripting","WP-PostRatings \u003C= 1.91.1 - Authenticated (Contributor+) Stored Cross-Site Scripting","The WP-PostRatings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Google rich text snippets in versions up to, and including, 1.91.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.91.1","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-08-07 16:13:07",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F11dbc647-fa96-4c63-8f13-0c8ea6f33919?source=api-prod",7,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":38,"affected_versions":53,"patched_in_version":54,"severity":40,"cvss_score":55,"cvss_vector":56,"vuln_type":57,"published_date":58,"updated_date":59,"references":60,"days_to_patch":62},"CVE-2023-40332","wp-postratings-ip-spoofing","WP-PostRatings \u003C= 1.91 - IP Spoofing","The WP-PostRatings plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.91. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings.","\u003C=1.91","1.91.1",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Use of Less Trusted Source","2023-08-16 00:00:00","2024-01-22 19:56:02",[61],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F6aed9434-1681-47d6-bbc1-0815db548a24?source=api-prod",160,{"id":64,"url_slug":65,"title":66,"description":67,"plugin_slug":4,"theme_slug":38,"affected_versions":68,"patched_in_version":69,"severity":40,"cvss_score":70,"cvss_vector":71,"vuln_type":72,"published_date":73,"updated_date":59,"references":74,"days_to_patch":76},"CVE-2022-36422","wp-postratings-race-condition","WP-PostRatings \u003C= 1.89 - Race Condition","The WP-PostRatings plugin for WordPress is vulnerable to Race Condition in versions up to, and including, 1.89. This can lead to unpredictable post rating changes when certain conditions are met.","\u003C=1.89","1.90",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","2022-08-31 00:00:00",[75],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fba27d52e-e43a-4f03-ad99-632c18279413?source=api-prod",510,{"id":78,"url_slug":79,"title":80,"description":81,"plugin_slug":4,"theme_slug":38,"affected_versions":82,"patched_in_version":83,"severity":40,"cvss_score":84,"cvss_vector":85,"vuln_type":43,"published_date":86,"updated_date":87,"references":88,"days_to_patch":90},"CVE-2021-25117","wp-postratings-cross-site-scripting","WP-PostRatings \u003C= 1.86 - Cross-Site Scripting","The WP-PostRatings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘postratings_image’ parameter in versions up to, and including, 1.86 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=1.86","1.86.1",5.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2020-12-24 00:00:00","2024-02-06 15:59:07",[89],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fe8d1c4ab-1207-4414-9351-3ef2a3cd131b?source=api-prod",1140,{"id":92,"url_slug":93,"title":94,"description":95,"plugin_slug":4,"theme_slug":38,"affected_versions":96,"patched_in_version":97,"severity":98,"cvss_score":99,"cvss_vector":100,"vuln_type":101,"published_date":102,"updated_date":59,"references":103,"days_to_patch":105},"CVE-2011-4646","wp-postratings-sql-injection","WP-PostRatings \u003C= 1.61 - SQL Injection","SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode when creating a post. NOTE: some of these details are obtained from third party information.","\u003C=1.61","1.62","high",8.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2011-10-06 00:00:00",[104],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F2b8306b8-1f4c-48fb-8eb7-bf02a2f77e04?source=api-prod",4492,{"slug":107,"display_name":7,"profile_url":8,"plugin_count":108,"total_installs":109,"avg_security_score":110,"avg_patch_time_days":111,"trust_score":112,"computed_at":113},"gamerz",20,889190,89,1377,71,"2026-04-05T02:26:16.220Z",[115,137,151,171,190],{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":123,"downloaded":124,"rating":125,"num_ratings":126,"last_updated":127,"tested_up_to":128,"requires_at_least":129,"requires_php":18,"tags":130,"homepage":133,"download_link":134,"security_score":135,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":136},"pixelpost-importer","Pixelpost Importer","0.1.2","Pierre Bodilis","https:\u002F\u002Fprofiles.wordpress.org\u002Fkerlu\u002F","\u003Cp>Set up your PixelPost database info, and let it work for a while. It’ll import categories, posts and comments. It leaves a new table in the database, used by the provided index.php (see FAQ) to keep the old link alive, by redirecting them to the new uri.\u003C\u002Fp>\n\u003Cp>Imported posts are imported as posts with an “image” format in wordpress, the image attached to the imported post. A “more” separator is inserted between the image and the post content.\u003C\u002Fp>\n","Import your PixelPost database in WordPress (categories, posts, comments, and ratings).",10,3042,100,4,"2015-07-08T12:08:00.000Z","4.2.39","3.3",[131,132,20,21],"importer","pixelpost","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fpixelpost-importer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpixelpost-importer.1.0.zip",85,"2026-03-15T14:54:45.397Z",{"slug":138,"name":138,"version":139,"author":140,"author_profile":141,"description":142,"short_description":143,"active_installs":123,"downloaded":144,"rating":125,"num_ratings":145,"last_updated":18,"tested_up_to":139,"requires_at_least":146,"requires_php":18,"tags":147,"homepage":148,"download_link":149,"security_score":125,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":150},"wp-postratings-my","3.6.1","Calen Fretts","https:\u002F\u002Fprofiles.wordpress.org\u002Ffrettsy\u002F","\u003Cp>Shows users their WP-PostRatings and allows filters.\u003C\u002Fp>\n\u003Ch4>Don’t forget!\u003C\u002Fh4>\n\u003Cp>If you use wp-postratings-my on your site, please leave a comment at the \u003Ca href=\"http:\u002F\u002Finfinity.calenfretts.com\u002Fcategory\u002Fgeek\u002Fwordpress\u002Fwp-postratings-my\u002F\" rel=\"nofollow ugc\">plugin homepage\u003C\u002Fa> to let us know! We love to see it in action around the interglobe.\u003C\u002Fp>\n","Shows users their WP-PostRatings and allows filters.",8443,1,"2.8",[20,21,22,23,138],"http:\u002F\u002Fhttp:\u002F\u002Finfinity.calenfretts.com\u002Fcategory\u002Fgeek\u002Fwordpress\u002Fwp-postratings-my\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-postratings-my.3.6.1.zip","2026-03-15T10:48:56.248Z",{"slug":152,"name":153,"version":154,"author":155,"author_profile":156,"description":157,"short_description":158,"active_installs":159,"downloaded":160,"rating":161,"num_ratings":162,"last_updated":163,"tested_up_to":164,"requires_at_least":165,"requires_php":18,"tags":166,"homepage":169,"download_link":170,"security_score":135,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"post-ratings","Post Ratings","3.0","digitalnature","https:\u002F\u002Fprofiles.wordpress.org\u002Fdigitalnature\u002F","\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.dfactory.eu\u002Fplugins\u002Fpost-ratings\u002F\" rel=\"nofollow ugc\">Post Ratings\u003C\u002Fa> is a simple, developer-friendly, straightforward post rating plugin. Relies on post meta to store avg. rating \u002F vote count.\u003C\u002Fp>\n\u003Cp>For more information, check out plugin page at \u003Ca href=\"http:\u002F\u002Fwww.dfactory.eu\u002F\" rel=\"nofollow ugc\">dFactory\u003C\u002Fa> or plugin \u003Ca href=\"http:\u002F\u002Fwww.dfactory.eu\u002Fsupport\u002Fforum\u002Fpost-ratings\u002F\" rel=\"nofollow ugc\">support forum\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Features include:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Allow your site users to rate posts (of any kind)\u003C\u002Fli>\n\u003Cli>Display the average post rating, vote count or weighted (bayesian) rating within your posts\u003C\u002Fli>\n\u003Cli>Display a widget with the top rated posts in your sidebar\u003C\u002Fli>\n\u003Cli>Allow you to create your own rating formula\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Why another rating plugin? Because the existing ones are either outdated, bloated with useless functionality, or just too buggy 🙂\u003C\u002Fp>\n","Simple, developer-friendly, straightforward post rating plugin. Relies on post meta to store avg. rating \u002F vote count.",700,76678,90,23,"2017-11-28T21:37:00.000Z","4.5.33","4.0.0",[167,168,20,22,23],"ajax","post","http:\u002F\u002Fwww.dfactory.eu\u002Fplugins\u002Fpost-ratings\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpost-ratings.3.0.zip",{"slug":172,"name":173,"version":174,"author":175,"author_profile":176,"description":177,"short_description":178,"active_installs":123,"downloaded":179,"rating":180,"num_ratings":181,"last_updated":182,"tested_up_to":183,"requires_at_least":154,"requires_php":18,"tags":184,"homepage":188,"download_link":189,"security_score":135,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"rating-review-matrix","Multi Rating & Review Matrix System","1.0.5","phprule","https:\u002F\u002Fprofiles.wordpress.org\u002Fjoshuadamour\u002F","\u003Cp>\u003Cstrong>IMPORTANT UPGRADE INFO 1.0.4 to 1.0.5\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cstrong>Before upgrading from 1.0.4 to 1.0.5 please make sure to deactivate the plugin first. Installations from 1.0.4 may not have the required tables\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin allows your visitors to rate a product or a service based on a series of criteria. It can be used as a simple rating system, or a complex matrix review one of up to 10 different criteria. It can be used for websites such as hotels, hosting review websites, business review websites, services review websites, polling and other kinds of rating systems and much more. It is very lightweight and works with wordpress native functions and hooks.\u003Cbr \u002F>\nIt is fully responsive both the client and admin ends.It is fully localizable and we include the .pot file to make easy.\u003Cbr \u002F>\nYou can join\u002Ffollow the discussion about the plugin on its home page at http:\u002F\u002Fwww.freelanceresources.net\u002Fforums\u002Fforum\u002Fplugins-and-softwares\u002Freview-matrix\u002F\u003Cbr \u002F>\nIf you have any bug issues, please report them at http:\u002F\u002Fwww.freelanceresources.net\u002Fforums\u002Fforum\u002Fplugins-and-softwares\u002Freview-matrix\u002F because that’s where we intend to keep track of all the information related to the plugin\u003C\u002Fp>\n\u003Ch3>UPCOMING FEATURES\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Shortcode Support\u003C\u002Fli>\n\u003Cli>Cookie based voting\u002Frating (Debatable though)\u003C\u002Fli>\n\u003Cli>Full site activity\u003C\u002Fli>\n\u003Cli>MultiSite support\u003C\u002Fli>\n\u003C\u002Ful>\n","IMPORTANT UPGRADE INFO 1.0.4 to 1.0.5",2940,60,2,"2014-05-26T14:58:00.000Z","3.9.40",[185,22,23,186,187],"rates","reviews","votes","https:\u002F\u002Fwww.FreelanceResources.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frating-review-matrix.1.0.5.zip",{"slug":191,"name":192,"version":193,"author":194,"author_profile":195,"description":196,"short_description":197,"active_installs":123,"downloaded":198,"rating":125,"num_ratings":181,"last_updated":199,"tested_up_to":200,"requires_at_least":201,"requires_php":202,"tags":203,"homepage":206,"download_link":207,"security_score":135,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"wp-post-rating","Wp Post Rating","1.2.2","shmidtelson","https:\u002F\u002Fprofiles.wordpress.org\u002Fshmidtelson\u002F","\u003Ch3>WP-POST-RATING is powerful rating plugin with ajax security requests.\u003C\u002Fh3>\n\u003Ch3>Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>Very faster\u003Cbr \u002F>\n\u003Cem>Plugin use OOP and Vanilla JS, svg icons and CSS variables\u003C\u002Fem>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Seo-friendly\u003Cbr \u002F>\n\u003Cem>Plugin use Schema for show stars rating in google search results\u003C\u002Fem>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Without jQuery (Native js)\u003Cbr \u002F>\n\u003Cem>Native js is very fast\u003C\u002Fem>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Customize color of stars\u003Cbr \u002F>\n\u003Cem>You can customize color of stars and the second color will generate automatic\u003C\u002Fem>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>MultiLanguages\u003Cbr \u002F>\n+English\u003Cbr \u002F>\n+Russian\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Functional:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Widget for show latest (any sort) votes in sidebar (other place)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Shortcodes:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ccode>[wp_rating]\u003C\u002Fcode> show rating\u003C\u002Fli>\n\u003Cli>\u003Ccode>[wp_rating_total]\u003C\u002Fcode> show total votes for current post\u003C\u002Fli>\n\u003Cli>\u003Ccode>[wp_rating_avg]\u003C\u002Fcode> show total votes for current post\u003C\u002Fli>\n\u003C\u002Ful>\n","WP-POST-RATING is powerful rating plugin with ajax security requests.",2053,"2021-07-18T14:15:00.000Z","5.7.15","4.9.8","7.2",[204,205,20,22,23],"5-star","google-rating","https:\u002F\u002Fgithub.com\u002Fshmidtelson\u002Fwp-post-rating","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-post-rating.1.2.2.zip",{"attackSurface":209,"codeSignals":350,"taintFlows":656,"riskAssessment":777,"analyzedAt":794},{"hooks":210,"ajaxHandlers":332,"restRoutes":344,"shortcodes":345,"cronEvents":349,"entryPointCount":126,"unprotectedCount":29},[211,217,222,225,229,232,236,239,244,249,253,258,262,266,270,274,277,281,285,289,293,297,301,304,307,310,313,316,320,324,328],{"type":212,"name":213,"callback":214,"file":215,"line":216},"action","admin_menu","ratings_menu","includes\\postratings-admin.php",32,{"type":218,"name":219,"callback":220,"file":215,"line":221},"filter","manage_posts_columns","postrating_admin_column_title",35,{"type":218,"name":223,"callback":220,"file":215,"line":224},"manage_pages_columns",36,{"type":212,"name":226,"callback":227,"file":215,"line":228},"manage_posts_custom_column","postrating_admin_column_content",39,{"type":212,"name":230,"callback":227,"file":215,"line":231},"manage_pages_custom_column",40,{"type":218,"name":233,"callback":234,"file":215,"line":235},"manage_edit-post_sortable_columns","postrating_admin_column_sort",43,{"type":218,"name":237,"callback":234,"file":215,"line":238},"manage_edit-page_sortable_columns",44,{"type":212,"name":240,"callback":241,"file":242,"line":243},"plugins_loaded","load_textdomain","includes\\postratings-i18n.php",33,{"type":212,"name":245,"callback":246,"file":247,"line":248},"wp_enqueue_scripts","ratings_scripts","includes\\postratings-scripts.php",19,{"type":212,"name":250,"callback":251,"file":247,"line":252},"admin_enqueue_scripts","ratings_scripts_admin",67,{"type":212,"name":254,"callback":255,"file":256,"line":257},"widgets_init","widget_ratings_init","includes\\postratings-widgets.php",204,{"type":212,"name":259,"callback":260,"file":261,"line":112},"init","postratings_init","wp-postratings.php",{"type":212,"name":263,"callback":264,"file":261,"line":265},"loop_start","get_comment_authors_ratings",285,{"type":218,"name":267,"callback":268,"file":261,"line":269},"comment_text","comment_author_ratings_filter",344,{"type":212,"name":271,"callback":272,"file":261,"line":273},"publish_post","add_ratings_fields",498,{"type":212,"name":275,"callback":272,"file":261,"line":276},"publish_page",499,{"type":212,"name":278,"callback":279,"file":261,"line":280},"delete_post","delete_ratings_fields",511,{"type":218,"name":282,"callback":283,"file":261,"line":284},"query_vars","ratings_variables",779,{"type":212,"name":286,"callback":287,"file":261,"line":288},"pre_get_posts","ratings_sorting",788,{"type":218,"name":290,"callback":291,"file":261,"line":292},"posts_fields","ratings_most_fields",791,{"type":218,"name":294,"callback":295,"file":261,"line":296},"posts_join","ratings_most_join",792,{"type":218,"name":298,"callback":299,"file":261,"line":300},"posts_orderby","ratings_most_orderby",793,{"type":218,"name":290,"callback":302,"file":261,"line":303},"ratings_highest_fields",798,{"type":218,"name":294,"callback":305,"file":261,"line":306},"ratings_highest_join",799,{"type":218,"name":298,"callback":308,"file":261,"line":309},"ratings_highest_orderby",800,{"type":212,"name":286,"callback":311,"file":261,"line":312},"sort_postratings",815,{"type":212,"name":240,"callback":314,"file":261,"line":315},"postratings_wp_stats",829,{"type":218,"name":317,"callback":318,"file":261,"line":319},"wp_stats_page_admin_plugins","postratings_page_admin_general_stats",831,{"type":218,"name":321,"callback":322,"file":261,"line":323},"wp_stats_page_admin_most","postratings_page_admin_most_stats",832,{"type":218,"name":325,"callback":326,"file":261,"line":327},"wp_stats_page_plugins","postratings_page_general_stats",833,{"type":218,"name":329,"callback":330,"file":261,"line":331},"wp_stats_page_most","postratings_page_most_stats",834,[333,338,340],{"action":21,"nopriv":334,"callback":335,"hasNonce":336,"hasCapCheck":334,"file":261,"line":337},false,"process_ratings",true,523,{"action":21,"nopriv":336,"callback":335,"hasNonce":336,"hasCapCheck":334,"file":261,"line":339},524,{"action":341,"nopriv":334,"callback":342,"hasNonce":336,"hasCapCheck":334,"file":261,"line":343},"postratings-admin","manage_ratings",623,[],[346],{"tag":23,"callback":347,"file":348,"line":243},"ratings_shortcode","includes\\postratings-shortcodes.php",[],{"dangerousFunctions":351,"sqlUsage":352,"outputEscaping":390,"fileOperations":654,"externalRequests":29,"nonceChecks":28,"capabilityChecks":654,"bundledLibraries":655},[],{"prepared":353,"raw":354,"locations":355},79,14,[356,360,363,365,369,372,373,375,377,379,381,383,385,388],{"file":357,"line":358,"context":359},"includes\\postratings-activation.php",87,"$wpdb->get_results() with variable interpolation",{"file":357,"line":361,"context":362},95,"$wpdb->query() with variable interpolation",{"file":357,"line":364,"context":362},98,{"file":366,"line":367,"context":368},"includes\\postratings-stats.php",956,"$wpdb->get_var() with variable interpolation",{"file":370,"line":371,"context":362},"postratings-manager.php",78,{"file":370,"line":13,"context":362},{"file":370,"line":374,"context":362},116,{"file":370,"line":376,"context":362},130,{"file":370,"line":378,"context":368},226,{"file":370,"line":380,"context":368},227,{"file":370,"line":382,"context":368},228,{"file":370,"line":384,"context":359},456,{"file":386,"line":387,"context":362},"uninstall.php",69,{"file":386,"line":389,"context":362},76,{"escaped":391,"rawEcho":392,"locations":393},157,140,[394,397,399,401,403,405,407,409,411,413,415,417,419,421,423,425,427,429,431,433,434,436,437,439,440,441,443,445,446,447,449,450,452,454,456,457,458,460,462,463,464,466,468,469,470,472,474,475,476,478,480,481,482,484,485,487,489,491,493,495,497,499,501,503,505,507,509,511,512,514,516,518,520,522,524,526,528,530,532,534,536,538,540,542,544,545,547,549,551,553,554,556,559,561,563,565,567,569,571,573,575,577,579,581,583,585,587,589,591,593,595,597,599,601,603,605,606,608,610,612,614,616,618,620,622,624,627,629,631,632,634,636,638,640,642,644,646,648,650,652],{"file":215,"line":395,"context":396},112,"raw output",{"file":366,"line":398,"context":396},64,{"file":366,"line":400,"context":396},123,{"file":366,"line":402,"context":396},176,{"file":366,"line":404,"context":396},236,{"file":366,"line":406,"context":396},289,{"file":366,"line":408,"context":396},349,{"file":366,"line":410,"context":396},402,{"file":366,"line":412,"context":396},462,{"file":366,"line":414,"context":396},515,{"file":366,"line":416,"context":396},575,{"file":366,"line":418,"context":396},628,{"file":366,"line":420,"context":396},673,{"file":366,"line":422,"context":396},725,{"file":366,"line":424,"context":396},771,{"file":366,"line":426,"context":396},824,{"file":366,"line":428,"context":396},883,{"file":366,"line":430,"context":396},942,{"file":366,"line":432,"context":396},961,{"file":256,"line":235,"context":396},{"file":256,"line":435,"context":396},93,{"file":256,"line":376,"context":396},{"file":256,"line":438,"context":396},131,{"file":256,"line":438,"context":396},{"file":256,"line":438,"context":396},{"file":256,"line":442,"context":396},134,{"file":256,"line":444,"context":396},135,{"file":256,"line":444,"context":396},{"file":256,"line":391,"context":396},{"file":256,"line":448,"context":396},158,{"file":256,"line":448,"context":396},{"file":256,"line":451,"context":396},162,{"file":256,"line":453,"context":396},168,{"file":256,"line":455,"context":396},169,{"file":256,"line":455,"context":396},{"file":256,"line":455,"context":396},{"file":256,"line":459,"context":396},172,{"file":256,"line":461,"context":396},173,{"file":256,"line":461,"context":396},{"file":256,"line":461,"context":396},{"file":256,"line":465,"context":396},177,{"file":256,"line":467,"context":396},178,{"file":256,"line":467,"context":396},{"file":256,"line":467,"context":396},{"file":256,"line":471,"context":396},182,{"file":256,"line":473,"context":396},183,{"file":256,"line":473,"context":396},{"file":256,"line":473,"context":396},{"file":256,"line":477,"context":396},187,{"file":256,"line":479,"context":396},188,{"file":256,"line":479,"context":396},{"file":256,"line":479,"context":396},{"file":256,"line":483,"context":396},195,{"file":256,"line":483,"context":396},{"file":370,"line":486,"context":396},259,{"file":370,"line":488,"context":396},310,{"file":370,"line":490,"context":396},311,{"file":370,"line":492,"context":396},312,{"file":370,"line":494,"context":396},318,{"file":370,"line":496,"context":396},321,{"file":370,"line":498,"context":396},323,{"file":370,"line":500,"context":396},328,{"file":370,"line":502,"context":396},330,{"file":370,"line":504,"context":396},336,{"file":370,"line":506,"context":396},338,{"file":370,"line":508,"context":396},343,{"file":370,"line":510,"context":396},345,{"file":370,"line":408,"context":396},{"file":370,"line":513,"context":396},350,{"file":370,"line":515,"context":396},351,{"file":370,"line":517,"context":396},352,{"file":370,"line":519,"context":396},357,{"file":370,"line":521,"context":396},372,{"file":370,"line":523,"context":396},381,{"file":370,"line":525,"context":396},393,{"file":370,"line":527,"context":396},396,{"file":370,"line":529,"context":396},401,{"file":370,"line":531,"context":396},403,{"file":370,"line":533,"context":396},408,{"file":370,"line":535,"context":396},411,{"file":370,"line":537,"context":396},423,{"file":370,"line":539,"context":396},428,{"file":370,"line":541,"context":396},444,{"file":370,"line":543,"context":396},446,{"file":370,"line":412,"context":396},{"file":370,"line":546,"context":396},464,{"file":370,"line":548,"context":396},495,{"file":370,"line":550,"context":396},497,{"file":370,"line":552,"context":396},519,{"file":370,"line":337,"context":396},{"file":370,"line":555,"context":396},527,{"file":557,"line":558,"context":396},"postratings-options.php",211,{"file":557,"line":560,"context":396},229,{"file":557,"line":562,"context":396},232,{"file":557,"line":564,"context":396},234,{"file":557,"line":566,"context":396},265,{"file":557,"line":568,"context":396},267,{"file":557,"line":570,"context":396},271,{"file":557,"line":572,"context":396},273,{"file":557,"line":574,"context":396},275,{"file":557,"line":576,"context":396},276,{"file":557,"line":578,"context":396},277,{"file":557,"line":580,"context":396},279,{"file":557,"line":582,"context":396},281,{"file":557,"line":584,"context":396},283,{"file":557,"line":586,"context":396},286,{"file":557,"line":588,"context":396},288,{"file":557,"line":590,"context":396},292,{"file":557,"line":592,"context":396},294,{"file":557,"line":594,"context":396},298,{"file":557,"line":596,"context":396},303,{"file":557,"line":598,"context":396},305,{"file":557,"line":600,"context":396},307,{"file":557,"line":602,"context":396},315,{"file":557,"line":604,"context":396},334,{"file":557,"line":604,"context":396},{"file":557,"line":607,"context":396},353,{"file":557,"line":609,"context":396},355,{"file":557,"line":611,"context":396},359,{"file":557,"line":613,"context":396},362,{"file":557,"line":615,"context":396},367,{"file":557,"line":617,"context":396},371,{"file":557,"line":619,"context":396},373,{"file":557,"line":621,"context":396},377,{"file":557,"line":623,"context":396},380,{"file":625,"line":626,"context":396},"postratings-templates.php",129,{"file":625,"line":628,"context":396},132,{"file":261,"line":630,"context":396},124,{"file":261,"line":438,"context":396},{"file":261,"line":633,"context":396},138,{"file":261,"line":635,"context":396},604,{"file":261,"line":637,"context":396},678,{"file":261,"line":639,"context":396},680,{"file":261,"line":641,"context":396},684,{"file":261,"line":643,"context":396},687,{"file":261,"line":645,"context":396},692,{"file":261,"line":647,"context":396},696,{"file":261,"line":649,"context":396},698,{"file":261,"line":651,"context":396},702,{"file":261,"line":653,"context":396},705,3,[],[657,695,718,744,760,769],{"entryPoint":658,"graph":659,"unsanitizedCount":145,"severity":40},"process_ratings (wp-postratings.php:525)",{"nodes":660,"edges":690},[661,666,672,674,678,681,685],{"id":662,"type":663,"label":664,"file":261,"line":665},"n0","source","$_REQUEST",531,{"id":667,"type":668,"label":669,"file":261,"line":670,"wp_function":671},"n1","sink","query() [SQLi]",599,"query",{"id":673,"type":663,"label":664,"file":261,"line":665},"n2",{"id":675,"type":668,"label":676,"file":261,"line":635,"wp_function":677},"n3","echo() [XSS]","echo",{"id":679,"type":663,"label":664,"file":261,"line":680},"n4",550,{"id":682,"type":683,"label":684,"file":261,"line":680},"n5","transform","→ ratings_acquire_lock()",{"id":686,"type":668,"label":687,"file":688,"line":248,"wp_function":689},"n6","fopen() [File Access]","includes\\postratings-mutex.php","fopen",[691,692,693,694],{"from":662,"to":667,"sanitized":336},{"from":673,"to":675,"sanitized":336},{"from":679,"to":682,"sanitized":334},{"from":682,"to":686,"sanitized":334},{"entryPoint":696,"graph":697,"unsanitizedCount":145,"severity":40},"\u003Cwp-postratings> (wp-postratings.php:0)",{"nodes":698,"edges":712},[699,700,701,702,703,706,707,708,710],{"id":662,"type":663,"label":664,"file":261,"line":665},{"id":667,"type":668,"label":669,"file":261,"line":670,"wp_function":671},{"id":673,"type":663,"label":664,"file":261,"line":665},{"id":675,"type":668,"label":676,"file":261,"line":635,"wp_function":677},{"id":679,"type":663,"label":704,"file":261,"line":705},"$_GET (x7)",639,{"id":682,"type":668,"label":676,"file":261,"line":637,"wp_function":677},{"id":686,"type":663,"label":664,"file":261,"line":680},{"id":709,"type":683,"label":684,"file":261,"line":680},"n7",{"id":711,"type":668,"label":687,"file":688,"line":248,"wp_function":689},"n8",[713,714,715,716,717],{"from":662,"to":667,"sanitized":336},{"from":673,"to":675,"sanitized":336},{"from":679,"to":682,"sanitized":336},{"from":686,"to":709,"sanitized":334},{"from":709,"to":711,"sanitized":334},{"entryPoint":719,"graph":720,"unsanitizedCount":29,"severity":743},"\u003Cpostratings-manager> (postratings-manager.php:0)",{"nodes":721,"edges":738},[722,724,725,728,732,734,735,737],{"id":662,"type":663,"label":723,"file":370,"line":252},"$_POST (x2)",{"id":667,"type":668,"label":669,"file":370,"line":13,"wp_function":671},{"id":673,"type":663,"label":726,"file":370,"line":727},"$_GET",41,{"id":675,"type":668,"label":729,"file":370,"line":730,"wp_function":731},"get_results() [SQLi]",257,"get_results",{"id":679,"type":663,"label":733,"file":370,"line":252},"$_POST",{"id":682,"type":668,"label":676,"file":370,"line":486,"wp_function":677},{"id":686,"type":663,"label":736,"file":370,"line":727},"$_GET (x11)",{"id":709,"type":668,"label":676,"file":370,"line":521,"wp_function":677},[739,740,741,742],{"from":662,"to":667,"sanitized":336},{"from":673,"to":675,"sanitized":336},{"from":679,"to":682,"sanitized":336},{"from":686,"to":709,"sanitized":336},"low",{"entryPoint":745,"graph":746,"unsanitizedCount":29,"severity":743},"\u003Cpostratings-options> (postratings-options.php:0)",{"nodes":747,"edges":757},[748,750,754,756],{"id":662,"type":663,"label":749,"file":557,"line":224},"$_POST (x12)",{"id":667,"type":668,"label":751,"file":557,"line":752,"wp_function":753},"update_option() [Settings Manipulation]",73,"update_option",{"id":673,"type":663,"label":755,"file":557,"line":238},"$_POST (x10)",{"id":675,"type":668,"label":676,"file":557,"line":558,"wp_function":677},[758,759],{"from":662,"to":667,"sanitized":336},{"from":673,"to":675,"sanitized":336},{"entryPoint":761,"graph":762,"unsanitizedCount":29,"severity":743},"\u003Cpostratings-templates> (postratings-templates.php:0)",{"nodes":763,"edges":767},[764,766],{"id":662,"type":663,"label":765,"file":625,"line":224},"$_POST (x6)",{"id":667,"type":668,"label":751,"file":625,"line":238,"wp_function":753},[768],{"from":662,"to":667,"sanitized":336},{"entryPoint":770,"graph":771,"unsanitizedCount":29,"severity":743},"manage_ratings (wp-postratings.php:624)",{"nodes":772,"edges":775},[773,774],{"id":662,"type":663,"label":704,"file":261,"line":705},{"id":667,"type":668,"label":676,"file":261,"line":637,"wp_function":677},[776],{"from":662,"to":667,"sanitized":336},{"summary":778,"deductions":779},"The wp-postratings plugin version 1.91.2 presents a mixed security posture. On the positive side, the static analysis reveals a limited attack surface with all identified entry points (AJAX handlers, shortcodes) having access control mechanisms. The code also demonstrates a relatively good practice of using prepared statements for the majority of SQL queries and includes nonce and capability checks. However, the static analysis also flags a significant concern: only 53% of output is properly escaped, indicating a potential for Cross-Site Scripting vulnerabilities. Furthermore, the taint analysis shows two flows with unsanitized paths, which, while not classified as critical or high severity in this specific analysis, warrant attention due to their potential to lead to security issues if they interact with sensitive operations. The vulnerability history is a more significant area of concern. With five known CVEs, including one high and four medium severity, this plugin has a track record of security flaws. The common types of past vulnerabilities (XSS, SQL Injection, Race Conditions) directly align with the types of risks often introduced by insufficient input sanitization and improper output escaping. The most recent vulnerability being in 2024 further underscores the plugin's ongoing susceptibility to security issues. While there are currently no unpatched CVEs, the historical pattern suggests a need for ongoing vigilance and prompt updates.",[780,783,785,788,791],{"reason":781,"points":782},"Significant portion of output not properly escaped",8,{"reason":784,"points":47},"Taint flows with unsanitized paths identified",{"reason":786,"points":787},"History of high severity vulnerabilities",15,{"reason":789,"points":790},"History of medium severity vulnerabilities",12,{"reason":792,"points":793},"Common vulnerability types: XSS and SQL Injection history",6,"2026-03-16T17:24:35.661Z",{"wat":796,"direct":806},{"assetPaths":797,"generatorPatterns":801,"scriptPaths":802,"versionParams":803},[798,799,800],"\u002Fwp-content\u002Fplugins\u002Fwp-postratings\u002Fimages\u002Floading.gif","\u002Fwp-content\u002Fplugins\u002Fwp-postratings\u002Fcss\u002Fpostratings-style.css","\u002Fwp-content\u002Fplugins\u002Fwp-postratings\u002Fjs\u002Fpostratings-script.js",[],[800],[804,805],"wp-postratings\u002Fcss\u002Fpostratings-style.css?ver=","wp-postratings\u002Fjs\u002Fpostratings-script.js?ver=",{"cssClasses":807,"htmlComments":812,"htmlAttributes":813,"restEndpoints":822,"jsGlobals":824,"shortcodeOutput":827},[808,809,152,810,811],"post-ratings-loading","post-ratings-image","rating-bar","rating-number",[],[814,815,816,817,818,819,820,821],"id=\"post-ratings-","class=\"post-ratings-loading\"","class=\"post-ratings-image\"","class=\"post-ratings\"","data-nonce=\"","id=\"rating-","class=\"rating-bar\"","class=\"rating-number\"",[823],"\u002Fwp-json\u002Fwp-postratings\u002Fv1\u002Frate-post",[825,826],"postRatings","postRatingsAJAX",[]]