Does Absolute Reviews have any unpatched vulnerabilities?

No. All known vulnerabilities in Absolute Reviews have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Absolute Reviews compatible with WordPress 6.9.4?

According to WordPress.org data, Absolute Reviews 1.1.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Absolute Reviews compatible with PHP 5.4+?

Absolute Reviews requires PHP 5.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Absolute Reviews updated?

Absolute Reviews was last updated on Dec 3, 2025. Frequent updates are generally a positive security signal.

What is Absolute Reviews's security score?

Absolute Reviews has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Absolute Reviews Security & Risk Analysis

wordpress.org/plugins/absolute-reviews

Add beautiful responsive and modern review boxes with valid JSON-LD schema to your posts with the “Advanced Reviews” plugin.

7K active installs v1.1.6 PHP 5.4+ WP 4.0+ Updated Dec 3, 2025

ratingreviewreviewsschema-org

A · Safe

CVEs total2

Unpatched0

Last CVESep 26, 2024

Download

Safety Verdict

Is Absolute Reviews Safe to Use in 2026?

Generally Safe

Score 99/100

Absolute Reviews has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Sep 26, 2024Updated 4mo ago

Risk Assessment

The static analysis of the 'absolute-reviews' plugin v1.1.6 reveals a generally good security posture regarding its current code. The plugin has a very small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events, and importantly, all entry points are protected. The code demonstrates strong adherence to secure coding practices, with 100% of SQL queries using prepared statements and a very high rate of output escaping (98%). Nonce and capability checks are present, further reinforcing secure operations. Taint analysis shows no critical or high severity unsanitized flows, indicating a low risk of direct code injection vulnerabilities within the analyzed code paths.

However, the plugin's vulnerability history is a significant concern. It has a history of 2 known medium-severity CVEs, including Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF). The fact that the last vulnerability was recently discovered (2024-09-26) suggests that the plugin may have recurring security issues or that its past vulnerabilities might not have been thoroughly addressed in subsequent updates. While there are currently no unpatched CVEs, this history indicates a pattern of past security weaknesses that users should be aware of. The plugin's strengths lie in its current clean code and well-defined, protected attack surface. Its primary weakness is its historical vulnerability record, which warrants cautious consideration.

Key Concerns

2 medium severity CVEs in history
Recent vulnerability discovered

Vulnerabilities

Absolute Reviews Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2024-8965medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Absolute Reviews <= 1.1.3 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Criteria Name

Sep 26, 2024 Patched in 1.1.4 (1d)

CVE-2021-4426medium · 4.3Cross-Site Request Forgery (CSRF)

Absolute Reviews <= 1.0.8 - Cross-Site Request Forgery Bypass

Jun 21, 2021 Patched in 1.0.9 (946d)

Code Analysis

Analyzed Mar 16, 2026

Absolute Reviews Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

346 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

98% escaped352 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

save_options_page (admin\class-absolute-reviews-admin.php:160)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Absolute Reviews Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 14

actionplugins_loadedincludes\class-absolute-reviews.php:164

actionadmin_menuincludes\class-absolute-reviews.php:177

actionadd_meta_boxesincludes\class-absolute-reviews.php:178

actionsave_postincludes\class-absolute-reviews.php:179

actionadmin_enqueue_scriptsincludes\class-absolute-reviews.php:180

actionwp_headincludes\class-absolute-reviews.php:193

actionthe_contentincludes\class-absolute-reviews.php:194

actionabr_reviews_posts_templatesincludes\class-absolute-reviews.php:195

actionwp_enqueue_scriptsincludes\class-absolute-reviews.php:196

actioninitpublic\class-absolute-reviews-block.php:21

filtercanvas_register_block_typepublic\class-absolute-reviews-block.php:22

filtercanvas_block_layouts_canvas/postspublic\class-absolute-reviews-posts-block.php:21

filtercanvas_block_posts_query_argspublic\class-absolute-reviews-posts-block.php:22

actionwidgets_initpublic\class-absolute-reviews-posts-widget.php:461

Maintenance & Trust

Absolute Reviews Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 3, 2025

PHP min version5.4

Downloads133K

Community Trust

Rating80/100

Number of ratings8

Active installs7K

Alternatives

Absolute Reviews Alternatives

Schema Review

schema-review

Add schema.org review markup and Structured Data in JSON-LD format for editor reviews, an extension for the Schema plugin.

300 No CVEs

Site Reviews

site-reviews

Site Reviews is a complete review management solution that integrates with WooCommerce and SureCart and works similarly to reviews on Amazon, Tripadvi …

70K 13 CVEs

Reviews and Rating – Google Reviews

g-business-reviews-rating

Completely restriction-free Google reviews and rating as Shortcode/Widget. Extensive display options; delicious themes; includes Structured Data.

20K 2 CVEs

WP Customer Reviews

wp-customer-reviews

Allows your visitors to leave business / product reviews. Testimonials are in Microdata / Microformat and may display star ratings in search results.

20K 8 CVEs

Review Schema – Review & Structure Data Schema Plugin

review-schema

WordPress Review Plugin with Schema adds Google Rich Snippets markup according to Schema.org guidelines to structure your website for SEO.

10K 2 CVEs

Developer Profile

Absolute Reviews Developer Profile

codesupplyco

5 plugins · 111K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

1041 days

View full developer profile

Detection Fingerprints

How We Detect Absolute Reviews

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/absolute-reviews/assets/css/absolute-reviews.css/wp-content/plugins/absolute-reviews/assets/js/absolute-reviews.js/wp-content/plugins/absolute-reviews/assets/js/absolute-reviews-admin.js

Script Paths

/wp-content/plugins/absolute-reviews/assets/js/absolute-reviews.js/wp-content/plugins/absolute-reviews/assets/js/absolute-reviews-admin.js

Version Parameters

absolute-reviews/assets/css/absolute-reviews.css?ver=absolute-reviews/assets/js/absolute-reviews.js?ver=absolute-reviews/assets/js/absolute-reviews-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

abr-wrapabr-settings

HTML Comments

Plugin Activation.Plugin Deactivation.

The core plugin class that is used to define internationalization,
 * admin-specific hooks, and public-facing site hooks.

Begins execution of the plugin.+10 more

Data Attributes

abr_review_indicator_label_abr_review_disable_indicatorsabr_review_post_types

JS Globals

abr_default_indicatorsabr_default_post_types

FAQ