WP-Safety

5sterrenspecialist invite Security & Risk Analysis

wordpress.org/plugins/5sterrenspecialist-wc-invites

This plugin is made by 5sterrenspecialist.nl to automatically invite WooCommerce clients to leave a review.

10 active installs v1.2 PHP + WP 4.6.0+ Updated Jul 22, 2025
5-sterrenspecialist-invite5sterrenspecialistrichsnippets
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is 5sterrenspecialist invite Safe to Use in 2026?

Generally Safe

Score 100/100

5sterrenspecialist invite has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8mo ago
Risk Assessment

The "5sterrenspecialist-wc-invites" v1.2 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of any AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points suggests a limited attack surface. Furthermore, the code signals indicate a positive approach to security, with 100% of SQL queries using prepared statements and a single nonce check in place. The lack of any recorded CVEs or known vulnerabilities also contributes to a positive outlook.

However, there are areas for improvement. The most significant concern is the output escaping, with only 53% of outputs being properly escaped. This leaves a substantial portion of the plugin's output potentially vulnerable to cross-site scripting (XSS) attacks. While taint analysis shows no critical or high-severity flows, the unescaped outputs represent a clear risk. The presence of file operations and an external HTTP request, while not inherently problematic, could become vectors if not handled with extreme care, especially given the lower percentage of properly escaped outputs. The complete absence of capability checks is also a point of concern for access control, particularly if any user-initiated actions were to be introduced in future versions.

Overall, the plugin has a solid foundation in terms of SQL security and input sanitization for entry points. The lack of a vulnerability history is a positive sign of diligent development. The primary weakness lies in the inconsistent output escaping, which needs immediate attention to mitigate XSS risks. The absence of capability checks also warrants consideration for future development to ensure robust access control.

Key Concerns

  • Low percentage of properly escaped output
  • No capability checks implemented
Vulnerabilities
None known

5sterrenspecialist invite Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

5sterrenspecialist invite Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
7
8 escaped
Nonce Checks
1
Capability Checks
0
File Operations
3
External Requests
1
Bundled Libraries
0

Output Escaping

53% escaped15 total outputs
Attack Surface

5sterrenspecialist invite Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 3
actionadmin_menuclasses\FiveSter\Admin.php:13
actionwoocommerce_order_status_changedclasses\FiveSter\Frontend.php:10
actionplugins_loadedinvite.php:52
Maintenance & Trust

5sterrenspecialist invite Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJul 22, 2025
PHP min version
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

5sterrenspecialist invite Alternatives

5sterrenspecialist

5sterrenspecialist

5-sterrenspecialist

A
99

This plugin is made by 5sterrenspecialist.nl in order to provide rich snippets for our clients.

80 1 CVE
Schema & Structured Data for WP & AMP

Schema & Structured Data for WP & AMP

schema-and-structured-data-for-wp

A
95

Schema & Structured Data adds Google Rich Snippets markup according to Schema.org guidelines to structure your site for SEO.

100K 10 CVEs
Schema

Schema

schema

A
100

Get the next generation of Schema Structured Data to enhance your WordPress site presentation in Google search results.

40K No CVEs
Schema – All In One Schema Rich Snippets

Schema – All In One Schema Rich Snippets

all-in-one-schemaorg-rich-snippets

A
99

Improve SEO, elevate rankings and Boost CTR. Supports different types of content and works well with Google, Bing, Yahoo, and Facebook.

30K 2 CVEs
WP SEO Structured Data Schema

WP SEO Structured Data Schema

wp-seo-structured-data-schema

A
99

Comprehensive JSON-LD based Structured Data solution for WordPress for adding schema for organizations, businesses, blog posts, ratings & more.

30K 1 CVE
Developer Profile

5sterrenspecialist invite Developer Profile

5sterrenspecialist

2 plugins · 90 total installs

79
trust score
Avg Security Score
100/100
Avg Patch Time
131 days
View full developer profile
Detection Fingerprints

How We Detect 5sterrenspecialist invite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Script Paths
/wp-content/plugins/5sterrenspecialist-wc-invites/classes/FiveSter/Autoloader.php/wp-content/plugins/5sterrenspecialist-wc-invites/classes/FiveSter/Plugin.php

HTML / DOM Fingerprints

HTML Comments
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License, version 2, as published by the Free Software Foundation.This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USAAbort loading if WordPress is upgrading
FAQ

Frequently Asked Questions about 5sterrenspecialist invite