Does Embedder for Google Reviews have any unpatched vulnerabilities?

No. All known vulnerabilities in Embedder for Google Reviews have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Embedder for Google Reviews compatible with WordPress 6.9.4?

According to WordPress.org data, Embedder for Google Reviews 1.7.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Embedder for Google Reviews compatible with PHP 7.4+?

Embedder for Google Reviews requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Embedder for Google Reviews updated?

Embedder for Google Reviews was last updated on Mar 4, 2026. Frequent updates are generally a positive security signal.

What is Embedder for Google Reviews's security score?

Embedder for Google Reviews has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Embedder for Google Reviews Security & Risk Analysis

wordpress.org/plugins/embedder-for-google-reviews

This Google Reviews Plugin pulls reviews from Google profiles and displays them on your website.

5K active installs v1.7.6 PHP 7.4+ WP 5.4+ Updated Mar 4, 2026

googlegoogle-reviewsratingreviewsreviews-plugin

A · Safe

CVEs total1

Unpatched0

Last CVEAug 14, 2025

Plugin page Download

Safety Verdict

Is Embedder for Google Reviews Safe to Use in 2026?

Generally Safe

Score 99/100

Embedder for Google Reviews has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Aug 14, 2025Updated 1mo ago

Risk Assessment

The "embedder-for-google-reviews" v1.7.6 plugin exhibits a mixed security posture. While it demonstrates strong practices in SQL query handling and output escaping, with 100% of SQL queries using prepared statements and 98% of outputs properly escaped, significant concerns arise from its attack surface. A high proportion of entry points, specifically 5 out of 6, lack authentication checks. This, combined with a taint analysis revealing one flow with unsanitized paths, suggests potential for unauthorized access or data manipulation through these unprotected AJAX handlers.

The plugin's vulnerability history shows a single medium-severity CVE in the past, which is now patched. While this is positive, the pattern of 'Missing Authorization' as a common vulnerability type is a red flag, especially considering the current lack of authentication on several AJAX endpoints. This history, coupled with the static analysis findings, indicates a recurring weakness in authorization controls that could be exploited if not thoroughly addressed.

In conclusion, the plugin has strengths in secure coding practices for database interactions and output rendering. However, the substantial number of unprotected AJAX handlers presents a significant security risk. The past vulnerability further reinforces the need for robust authorization checks on all user-facing functionalities to mitigate potential exploits.

Key Concerns

High number of unprotected AJAX handlers
Taint flow with unsanitized paths
Past medium vulnerability (Missing Authorization)
Bundled Freemius library v1.0

Vulnerabilities

Embedder for Google Reviews Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-54730medium · 5.3Missing Authorization

Embedder for Google Reviews <= 1.7.3 - Missing Authorization

Aug 14, 2025 Patched in 1.7.4 (5d)

Code Analysis

Analyzed Mar 16, 2026

Embedder for Google Reviews Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

175 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

Output Escaping

98% escaped178 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

handle_serp_business_search (admin\includes\class-grwp-free-api-service.php:249)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

5 unprotected

Embedder for Google Reviews Attack Surface

Entry Points6

Unprotected5

AJAX Handlers 5

authwp_ajax_handle_serp_business_searchadmin\includes\class-grwp-free-api-service.php:8

authwp_ajax_handle_get_reviews_pro_apiadmin\includes\class-grwp-free-api-service.php:11

authwp_ajax_handle_language_savingadmin\includes\class-grwp-free-api-service.php:14

authwp_ajax_handle_location_savingadmin\includes\class-grwp-free-api-service.php:17

authwp_ajax_handle_get_reviews_pro_apiadmin\includes\class-grwp-pro-api-service.php:12

Shortcodes 1

[google-reviews] public\includes\class-grwp-shortcode.php:15

WordPress Hooks 11

actionadmin_menuadmin\class-google-reviews-admin.php:31

actionadmin_initadmin\class-google-reviews-admin.php:32

actionget_google_reviewsadmin\includes\class-grwp-wp-cron.php:17

actionplugins_loadedpublic\includes\class-grwp-google-reviews-startup.php:116

actionadmin_enqueue_scriptspublic\includes\class-grwp-google-reviews-startup.php:133

actionadmin_enqueue_scriptspublic\includes\class-grwp-google-reviews-startup.php:134

actionadmin_enqueue_scriptspublic\includes\class-grwp-google-reviews-startup.php:139

actionadmin_enqueue_scriptspublic\includes\class-grwp-google-reviews-startup.php:140

actionwp_enqueue_scriptspublic\includes\class-grwp-google-reviews-startup.php:157

actionwp_enqueue_scriptspublic\includes\class-grwp-google-reviews-startup.php:158

actionplugins_loadedpublic\includes\class-grwp-google-reviews-startup.php:162

Scheduled Events 1

get_google_reviews

Maintenance & Trust

Embedder for Google Reviews Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 4, 2026

PHP min version7.4

Downloads51K

Community Trust

Rating100/100

Number of ratings6

Active installs5K

Alternatives

Embedder for Google Reviews Alternatives

Reviews and Rating – Google Reviews

g-business-reviews-rating

Completely restriction-free Google reviews and rating as Shortcode/Widget. Extensive display options; delicious themes; includes Structured Data.

20K 2 CVEs

Widget for Google Reviews

business-reviews-wp

Shortcode and widget for Google Reviews. Display Google Business Reviews on your WordPress website to increase user confidence and SEO.

1K 2 CVEs

REVIEWS.io for WooCommerce

reviewscouk-for-woocommerce

REVIEWS.io, helps eCommerce merchants to collect & display verified product and company reviews. A Google Licensed partner.

1K 1 CVE

Smart Showcase for Google Reviews

smart-showcase-for-google-reviews

100

Smart Showcase for Google Reviews is a WordPress plugin that lets businesses display Google customer reviews on their websites easily.

90 No CVEs

Get Google Reviews

get-google-reviews

100

Get your Google Reviews and display them on your website. Easily and without needing an API key.

70 No CVEs

Developer Profile

Embedder for Google Reviews Developer Profile

PARETO Digital

2 plugins · 10K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

12 days

View full developer profile

Detection Fingerprints

How We Detect Embedder for Google Reviews

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/embedder-for-google-reviews/dist/js/admin-bundle.js/wp-content/plugins/embedder-for-google-reviews/dist/css/google-reviews-admin.css

Script Paths

/wp-content/plugins/embedder-for-google-reviews/freemius/start.php

Version Parameters

embedder-for-google-reviews/dist/css/google-reviews-admin.css?ver=embedder-for-google-reviews/dist/js/admin-bundle.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-plugin-name="embedder-for-google-reviews"

JS Globals

js_global

FAQ