WP-Safety

Book Review Security & Risk Analysis

wordpress.org/plugins/book-review

Spend more time reading

300 active installs v2.3.9 PHP + WP 3.5+ Updated Jan 11, 2018
affiliateamazonassociatesblogdeprecated
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Book Review Safe to Use in 2026?

Generally Safe

Score 85/100

Book Review has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The "book-review" plugin v2.3.9 exhibits a generally strong security posture, with a commendable adherence to secure coding practices. The extensive use of prepared statements for SQL queries (90%) and proper output escaping (91%) are significant strengths. The absence of reported vulnerabilities and critical taint flows further indicates a well-maintained codebase. However, a notable concern is the presence of an unprotected AJAX handler. This entry point, if not handled with utmost care within the plugin's logic, could be exploited by unauthenticated users, potentially leading to unauthorized actions or information disclosure. While the plugin has no known CVEs, the single unprotected AJAX handler represents a tangible risk that warrants attention.

Key Concerns

  • Unprotected AJAX handler
Vulnerabilities
None known

Book Review Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Book Review Release Timeline

v2.3.9Current
v2.3.8
v2.3.7
v2.3.6
v2.3.5
v2.3.4
v2.3.3
v2.3.2
v2.3.1
v2.3.0
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.14
v2.1.13
v2.1.12
v2.1.11
v2.1.10
v2.1.9
Code Analysis
Analyzed Mar 16, 2026

Book Review Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
9 prepared
Unescaped Output
21
203 escaped
Nonce Checks
2
Capability Checks
0
File Operations
0
External Requests
1
Bundled Libraries
0

SQL Query Safety

90% prepared10 total queries

Output Escaping

91% escaped224 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
get_book_info (admin\class-book-review-meta-box.php:209)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Book Review Attack Surface

Entry Points2
Unprotected1

AJAX Handlers 1

authwp_ajax_get_book_infoincludes\class-book-review.php:280

Shortcodes 1

[book_review_archives] includes\class-book-review.php:302
WordPress Hooks 39
actionadd_meta_boxesadmin\class-book-review-meta-box.php:76
actionsave_postadmin\class-book-review-meta-box.php:77
actionplugins_loadedincludes\class-book-review.php:194
actionwpmu_new_blogincludes\class-book-review.php:203
actionadmin_enqueue_scriptsincludes\class-book-review.php:219
actionadmin_enqueue_scriptsincludes\class-book-review.php:220
actionadmin_menuincludes\class-book-review.php:221
actionadmin_initincludes\class-book-review.php:222
actionmanage_posts_custom_columnincludes\class-book-review.php:223
filtersanitize_book_review_box_positionincludes\class-book-review.php:227
filtersanitize_book_review_bg_colorincludes\class-book-review.php:228
filtersanitize_book_review_border_colorincludes\class-book-review.php:229
filtersanitize_book_review_border_widthincludes\class-book-review.php:230
filtersanitize_book_review_post_typeincludes\class-book-review.php:231
filtersanitize_book_review_rating_homeincludes\class-book-review.php:233
filtersanitize_book_review_rating_defaultincludes\class-book-review.php:234
filtersanitize_book_review_rating_image1includes\class-book-review.php:235
filtersanitize_book_review_rating_image2includes\class-book-review.php:236
filtersanitize_book_review_rating_image3includes\class-book-review.php:237
filtersanitize_book_review_rating_image4includes\class-book-review.php:238
filtersanitize_book_review_rating_image5includes\class-book-review.php:239
filtersanitize_book_review_site_link_activeincludes\class-book-review.php:242
filtersanitize_book_review_site_link_typeincludes\class-book-review.php:243
filtersanitize_book_review_site_link_textincludes\class-book-review.php:244
filtersanitize_book_review_site_link_urlincludes\class-book-review.php:245
filtersanitize_book_review_link_idincludes\class-book-review.php:248
filtersanitize_book_review_link_textincludes\class-book-review.php:249
filtersanitize_book_review_link_urlincludes\class-book-review.php:250
filtersanitize_book_review_link_statusincludes\class-book-review.php:251
filtersanitize_book_review_targetincludes\class-book-review.php:254
filtersanitize_book_review_custom_fieldincludes\class-book-review.php:257
filtersanitize_book_review_api_keyincludes\class-book-review.php:259
filtersanitize_book_review_countryincludes\class-book-review.php:260
filtermanage_posts_columnsincludes\class-book-review.php:264
actionload-post.phpincludes\class-book-review.php:278
actionload-post-new.phpincludes\class-book-review.php:279
actionwp_enqueue_scriptsincludes\class-book-review.php:295
filterthe_excerptincludes\class-book-review.php:298
filterthe_contentincludes\class-book-review.php:299
Maintenance & Trust

Book Review Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28
Last updatedJan 11, 2018
PHP min version
Downloads43K

Community Trust

Rating98/100
Number of ratings17
Active installs300
Alternatives

Book Review Alternatives

Amazon Link Engine

Amazon Link Engine

amazon-link-engine

A
100

Automatically localize and affiliate Amazon product links to improve user experience, increase conversions and earn global commissions.

2K No CVEs
Add & Replace Affiliate Links for Amazon

Add & Replace Affiliate Links for Amazon

add-replace-affiliate-links-for-amazon

C
63

Add & Replace Affiliate Links for Amazon plugin helps you to add or update Amazon Associate tag parameters in links.

600 1 unpatched
AmaSync – Amazon Product Importer & Affiliate for WooCommerce

AmaSync – Amazon Product Importer & Affiliate for WooCommerce

affiliate-products-importer-for-woocommerce

A
100

Easily import Amazon affiliate products into your WooCommerce store.

300 No CVEs
Auto Tagger for Amazon Affiliate Links

Auto Tagger for Amazon Affiliate Links

auto-tagger-for-amazon

A
100

Set your Amazon Affiliate Tracking ID (example-20) for your site just once.

300 No CVEs
Disclosure for Amazon Affiliate

Disclosure for Amazon Affiliate

disclosure-for-amazon-affiliate

A
85

The fastest way to help your site be compliant with Amazon Associates / FTC affiliate and Amazon trademark disclosures

300 No CVEs
Developer Profile

Book Review Developer Profile

Donna Peplinskie (a11n)

3 plugins · 2K total installs

85
trust score
Avg Security Score
87/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Book Review

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/book-review/admin/css/book-review-posts-admin.min.css/wp-content/plugins/book-review/admin/css/book-review-meta-box.min.css/wp-content/plugins/book-review/admin/css/book-review-admin.min.css/wp-content/plugins/book-review/admin/js/book-review-meta-box.min.js
Script Paths
/wp-content/plugins/book-review/admin/js/book-review-meta-box.min.js
Version Parameters
book-review-posts-admin.min.css?ver=book-review-meta-box.min.css?ver=book-review-admin.min.css?ver=book-review-meta-box.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
book-review-posts-adminbook-review-meta-boxbook-review-admin
Data Attributes
data-book-review
JS Globals
book_review_google_api
Shortcode Output
[book-review]
FAQ

Frequently Asked Questions about Book Review