WP-Safety

WP Star Reviews, Map, and Testimonials Security & Risk Analysis

wordpress.org/plugins/contempo-reviews

This is a plugin that allows users to leave star reviews and for wp administrators to approve and display them according to service, item or location.

20 active installs v1.2 PHP + WP 3.6.1+ Updated Nov 10, 2013
comment-systemreview-mapseo-reviewstestimonialswordpress-star-reviews
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WP Star Reviews, Map, and Testimonials Safe to Use in 2026?

Generally Safe

Score 85/100

WP Star Reviews, Map, and Testimonials has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago
Risk Assessment

The "contempo-reviews" v1.2 plugin exhibits a mixed security posture. While it demonstrates good practices by exclusively using prepared statements for SQL queries and largely avoiding file operations and external HTTP requests, significant security concerns are present. The plugin has a small but critical attack surface with two of its three AJAX handlers lacking authentication checks, presenting a direct pathway for unauthorized actions. Furthermore, the analysis indicates a concerning lack of output escaping, with only 11% of outputs being properly sanitized, increasing the risk of cross-site scripting (XSS) vulnerabilities. The presence of the `create_function` dangerous function also adds to the potential for code injection issues.

Despite a clean vulnerability history with no known CVEs, the static analysis reveals a significant number of potential weaknesses that could be exploited. The absence of capability checks on AJAX handlers and the limited output escaping are particularly worrying. The bundled outdated jQuery library, while not a direct exploit vector in itself, can become a liability if vulnerabilities are discovered in that specific version. Overall, the plugin has some strengths in its data handling but suffers from critical vulnerabilities in its input handling and output sanitization, requiring immediate attention.

Key Concerns

  • Unprotected AJAX handlers
  • Low percentage of properly escaped output
  • Use of dangerous function (create_function)
  • Bundled outdated jQuery library
  • No capability checks on AJAX handlers
Vulnerabilities
None known

WP Star Reviews, Map, and Testimonials Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WP Star Reviews, Map, and Testimonials Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
83
10 escaped
Nonce Checks
1
Capability Checks
0
File Operations
1
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

create_functionadd_action( 'widgets_init', create_function( '', 'register_widget("contempo_reviews_widget");'));includes\testimonial_widget.php:218

Bundled Libraries

jQuery1.4.4

Output Escaping

11% escaped93 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths
<ctpo-testimonials> (ctpo-testimonials.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

WP Star Reviews, Map, and Testimonials Attack Surface

Entry Points3
Unprotected2

AJAX Handlers 3

authwp_ajax_my_actionctpo-testimonials.php:800
noprivwp_ajax_my_actionctpo-testimonials.php:801
authwp_ajax_ctpo_main_options_saveincludes\admin\ctpo_interface.php:55
WordPress Hooks 23
actionplugins_loadedctpo-testimonials.php:15
actionwp_enqueue_scriptsctpo-testimonials.php:161
actionwp_footerctpo-testimonials.php:338
filtercomment_form_default_fieldsctpo-testimonials.php:345
actioncomment_form_logged_in_afterctpo-testimonials.php:372
actioncomment_form_after_fieldsctpo-testimonials.php:373
actioncomment_postctpo-testimonials.php:610
filterpreprocess_commentctpo-testimonials.php:686
filtercomment_form_default_fieldsctpo-testimonials.php:709
filtercomments_templatectpo-testimonials.php:732
filtercomment_row_actionsctpo-testimonials.php:778
actionadmin_menuincludes\admin\ctpo_interface.php:49
actionadmin_initincludes\admin\ctpo_interface.php:50
actionadmin_headincludes\admin\ctpo_interface.php:51
actionadmin_headincludes\admin\ctpo_interface.php:52
actionadmin_footerincludes\admin\ctpo_interface.php:53
actionadd_meta_boxesincludes\testimonial_admin.php:17
actionadmin_enqueue_scriptsincludes\testimonial_admin.php:39
actionsave_postincludes\testimonial_admin.php:504
actioncomment_form_beforeincludes\testimonial_shortcodes.php:3
filterthe_contentincludes\testimonial_shortcodes.php:26
actionwp_enqueue_scriptsincludes\testimonial_widget.php:9
actionwidgets_initincludes\testimonial_widget.php:218
Maintenance & Trust

WP Star Reviews, Map, and Testimonials Maintenance & Trust

Maintenance Signals

WordPress version tested3.7.41
Last updatedNov 10, 2013
PHP min version
Downloads3K

Community Trust

Rating100/100
Number of ratings1
Active installs20
Alternatives

WP Star Reviews, Map, and Testimonials Alternatives

Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More

Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More

reviews-feed

A
99

No API key required. Display Yelp and Google reviews for any business in a clean, customizable feed on your site.

100K 2 CVEs
Rich Showcase for Google Reviews

Rich Showcase for Google Reviews

widget-google-reviews

A
90

Display up to 10 Google reviews in less than a minute. Continue collecting new reviews. No limits on connected places, widgets, shortcodes and blocks.

100K 5 CVEs
Strong Testimonials

Strong Testimonials

strong-testimonials

A
92

An easy-to-use testimonial plugin to collect and show customer feedback in WordPress

90K 14 CVEs
Site Reviews

Site Reviews

site-reviews

A
96

Site Reviews is a complete review management solution that integrates with WooCommerce and SureCart and works similarly to reviews on Amazon, Tripadvi &hellip;

70K 13 CVEs
Real Testimonials – Testimonial Slider, Collect Customer Reviews and Video Testimonials

Real Testimonials – Testimonial Slider, Collect Customer Reviews and Video Testimonials

testimonial-free

A
97

A Customizable Testimonial plugin to Automate Collecting, Filtering, and Publishing Customer Reviews. Testimonial Slider, Grid & More to Grow Sales

40K 3 CVEs
Developer Profile

WP Star Reviews, Map, and Testimonials Developer Profile

jleo2255

2 plugins · 30 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WP Star Reviews, Map, and Testimonials

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/ctpo-testimonials/js/star-rating/jquery.rating.css/ctpo-testimonials/css/testimonial_client.css/ctpo-testimonials/includes/admin/css/ctpo_client_style.css/ctpo-testimonials/css/colorbox.css/ctpo-testimonials/js/jquery.colorbox-min.js/ctpo-testimonials/js/jquery.ctpotest.js/ctpo-testimonials/js/star-rating/jquery.MetaData.js/ctpo-testimonials/js/star-rating/jquery.rating.pack.js+4 more
Script Paths
/ctpo-testimonials/js/star-rating/jquery.rating.css/ctpo-testimonials/css/testimonial_client.css/ctpo-testimonials/includes/admin/css/ctpo_client_style.css/ctpo-testimonials/css/colorbox.css/ctpo-testimonials/js/jquery.colorbox-min.js/ctpo-testimonials/js/jquery.ctpotest.js+6 more

HTML / DOM Fingerprints

CSS Classes
gmap-areagmap-excerptgmap-dategmap-ratingctpo-map-containercomment-meta-tagscontempo_review_maprelated-posts
Data Attributes
data-rating
JS Globals
ctpo_ajax_objectctpo_js_uri
FAQ

Frequently Asked Questions about WP Star Reviews, Map, and Testimonials