WP-Safety

2 Step Reviews Security & Risk Analysis

wordpress.org/plugins/2step-reviews-app

List your Google and Facebook reviews in your website.

0 active installs v1.0.1 PHP 7.0+ WP 4.6+ Updated Jun 5, 2019
2stepreviewsappfacebookgooglereviews
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is 2 Step Reviews Safe to Use in 2026?

Generally Safe

Score 85/100

2 Step Reviews has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago
Risk Assessment

The "2step-reviews-app" v1.0.1 plugin exhibits a strong security posture based on the provided static analysis. The absence of dangerous functions, SQL queries utilizing prepared statements, and properly escaped output are significant strengths. Furthermore, the lack of file operations and external HTTP requests reduces the potential for common attack vectors. The plugin also appears to have no recorded vulnerabilities, which is a positive indicator of its development practices and testing.

However, there are some areas for improvement. The absence of nonce checks on the identified entry points (shortcodes) is a potential concern. While the attack surface is small and there are no reported vulnerabilities, this omission could leave the plugin susceptible to Cross-Site Request Forgery (CSRF) attacks if the shortcodes perform any sensitive actions or manipulate data. The presence of bundled libraries, specifically Guzzle, warrants attention; while not inherently a vulnerability, it's crucial to ensure this library is kept up-to-date to mitigate risks associated with known vulnerabilities in older versions.

In conclusion, "2step-reviews-app" v1.0.1 is generally well-secured with good coding practices evident. The primary area of concern is the lack of nonce checks on its shortcodes. The history of no vulnerabilities is encouraging, but ongoing vigilance, particularly regarding library updates and the implementation of robust security measures like nonce checks, is recommended to maintain its secure standing.

Key Concerns

  • Missing nonce checks on shortcodes
  • Bundled library (Guzzle) not specified version
Vulnerabilities
None known

2 Step Reviews Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

2 Step Reviews Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
2 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Guzzle

Output Escaping

100% escaped2 total outputs
Attack Surface

2 Step Reviews Attack Surface

Entry Points2
Unprotected0

Shortcodes 2

[reviews] reviews-shortcode.php:97
[reviews-footer] reviews-shortcode.php:98
WordPress Hooks 6
actionenqueue_block_editor_assetsclass-two-stepreviewsapp.php:39
actionenqueue_block_assetsclass-two-stepreviewsapp.php:40
filterblock_categoriesclass-two-stepreviewsapp.php:41
actionadmin_menuclass-two-stepreviewsapp.php:44
actionwp_footerreviews-shortcode.php:59
actioninittwo-step-reviews-app.php:89
Maintenance & Trust

2 Step Reviews Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.32
Last updatedJun 5, 2019
PHP min version7.0
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

2 Step Reviews Alternatives

Reviews Widgets for Google, Yelp & TripAdvisor

Reviews Widgets for Google, Yelp & TripAdvisor

fb-reviews-widget

A
96

Combine Facebook recommendations with Google, Yelp and TripAdvisor reviews in a widget, block or shortcode. Build a trusted website!

10K 2 CVEs
Tagembed: Embed Twitter Feed, Google Reviews, YouTube Videos, TikTok, RSS Feed & More Social Media Feeds

Tagembed: Embed Twitter Feed, Google Reviews, YouTube Videos, TikTok, RSS Feed & More Social Media Feeds

tagembed-widget

A
99

Collect & Embed Instagram Feed, Embed Facebook Feed, Embed YouTube Videos, Embed Twitter Feed, Google Reviews & 15+ Social Media Feed on website.

10K 2 CVEs
Business Reviews – Display Customer Reviews from Popular Sites

Business Reviews – Display Customer Reviews from Popular Sites

business-review

A
100

Business Reviews helps you display Google, Facebook, and Yelp reviews easily on your WordPress site to build trust and boost your business reputation.

1K No CVEs
Taggbox: Social Feed Widgets

Taggbox: Social Feed Widgets

taggbox-widget

A
94

Collect, Curate & Publish Instagram, Facebook Feeds, YouTube Videos, Twitter (X) Feeds, Google Reviews & 20+ Social Media Widgets on your website.

1K 5 CVEs
Total WP Reviews

Total WP Reviews

total-wp-reviews

A
85

A plugin show Facebook Page Reviews and Google Places Reviews on your websites in fixed position or widget.

10 No CVEs
Developer Profile

2 Step Reviews Developer Profile

ricardoalmira89

1 plugin · 0 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect 2 Step Reviews

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/2step-reviews-app/assets/css/styles.179ce63cd3ba0f7ebb8f.css/wp-content/plugins/2step-reviews-app/assets/css/font-awesome.min.css/wp-content/plugins/2step-reviews-app/assets/fonts/font1.woff2/wp-content/plugins/2step-reviews-app/assets/js/editor.blocks.js
Script Paths
/wp-content/plugins/2step-reviews-app/assets/js/editor.blocks.js
Version Parameters
2step-reviews-app/assets/css/styles.179ce63cd3ba0f7ebb8f.css?ver=2step-reviews-app/assets/css/font-awesome.min.css?ver=2step-reviews-app/assets/fonts/font1.woff2?ver=2step-reviews-app/assets/js/editor.blocks.js?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- begin widget -->
Data Attributes
data-company-id
Shortcode Output
[showReviews]
FAQ

Frequently Asked Questions about 2 Step Reviews