Does Reviews Widgets for Google, Yelp & TripAdvisor have any unpatched vulnerabilities?

No. All known vulnerabilities in Reviews Widgets for Google, Yelp & TripAdvisor have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Reviews Widgets for Google, Yelp & TripAdvisor compatible with WordPress 6.9.4?

According to WordPress.org data, Reviews Widgets for Google, Yelp & TripAdvisor 2.7.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Reviews Widgets for Google, Yelp & TripAdvisor compatible with PHP 5.2+?

Reviews Widgets for Google, Yelp & TripAdvisor requires PHP 5.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Reviews Widgets for Google, Yelp & TripAdvisor updated?

Reviews Widgets for Google, Yelp & TripAdvisor was last updated on Feb 2, 2026. Frequent updates are generally a positive security signal.

What is Reviews Widgets for Google, Yelp & TripAdvisor's security score?

Reviews Widgets for Google, Yelp & TripAdvisor has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Reviews Widgets for Google, Yelp & TripAdvisor Security Review

Safety Verdict

Is Reviews Widgets for Google, Yelp & TripAdvisor Safe to Use in 2026?

Generally Safe

Score 96/100

Reviews Widgets for Google, Yelp & TripAdvisor has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Dec 8, 2025Updated 2mo ago

Risk Assessment

The 'fb-reviews-widget' v2.7.3 plugin presents a mixed security posture. On the positive side, the static analysis shows no unprotected AJAX handlers or REST API routes, a decent number of capability checks and nonce checks, and a majority of SQL queries utilizing prepared statements. However, concerns arise from the 50% of outputs that are not properly escaped, indicating a potential for Cross-Site Scripting (XSS) vulnerabilities.

The taint analysis reveals four high-severity flows with unsanitized paths, which are significant risks. While no critical severity taint flows were found, these high-severity ones demand immediate attention as they can lead to serious security breaches. The plugin's vulnerability history, with two known CVEs, including a high and medium severity vulnerability, and past occurrences of XSS and Missing Authorization, reinforces the need for vigilance.

Despite strengths in some areas like the absence of unprotected entry points, the prevalent issue of unescaped output and the presence of high-severity taint flows are notable weaknesses. The historical pattern of XSS and authorization vulnerabilities suggests recurring coding flaws that need to be addressed comprehensively to improve the plugin's overall security. A balanced conclusion would be that while the plugin has some good security practices in place, the identified risks in output handling and taint flows, coupled with its vulnerability history, indicate areas that require urgent improvement.

Key Concerns

High severity taint flows found
Half of outputs not properly escaped (XSS risk)
High severity CVE historically
Medium severity CVE historically
Vulnerability history includes XSS
Vulnerability history includes Missing Authorization

Vulnerabilities

2

Reviews Widgets for Google, Yelp & TripAdvisor Security Vulnerabilities

CVEs by Year

2 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

High

1

Medium

1

2 total CVEs

CVE-2025-12705high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Social Reviews & Recommendations <= 2.5 - Unauthenticated Stored Cross-Site Scripting via Social Media Reviews

Dec 8, 2025 Patched in 2.6 (2d)

CVE-2025-30883medium · 4.3Missing Authorization

Trust.Reviews <= 2.3 - Missing Authorization

Mar 27, 2025 Patched in 2.4 (7d)

Code Analysis

Analyzed Mar 16, 2026

Reviews Widgets for Google, Yelp & TripAdvisor Code Analysis

Dangerous Functions

0

Raw SQL Queries

19

35 prepared

Unescaped Output

115

117 escaped

Nonce Checks

7

Capability Checks

7

File Operations

1

External Requests

10

Bundled Libraries

0

SQL Query Safety

65% prepared54 total queries

Output Escaping

50% escaped232 total outputs

Data Flows

11 unsanitized

Data Flow Analysis

18 flows11 with unsanitized paths

init (includes\class-builder-page.php:24)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Reviews Widgets for Google, Yelp & TripAdvisor Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[fbrev] includes\class-feed-shortcode.php:27

WordPress Hooks 31

filterplugin_action_linksfbrev.php:41

filterplugin_row_metafbrev.php:57

filterget_edit_post_linkincludes\admin\class-admin-feed-columns.php:23

filterpost_row_actionsincludes\admin\class-admin-feed-columns.php:26

filterget_the_excerptincludes\admin\class-admin-feed-columns.php:27

actionadmin_menuincludes\admin\class-admin-menu.php:14

actionadmin_menuincludes\admin\class-admin-menu.php:15

filtersubmenu_fileincludes\admin\class-admin-menu.php:16

filteradmin_body_classincludes\admin\class-admin-menu.php:17

filterremovable_query_argsincludes\admin\class-admin-notice.php:27

actionadmin_noticesincludes\admin\class-admin-notice.php:28

actionadmin_noticesincludes\admin\class-admin-notice.php:29

actionadmin_noticesincludes\admin\class-admin-rev.php:10

actionwp_after_admin_bar_renderincludes\admin\class-admin-tophead.php:10

actioninitincludes\class-activator.php:36

actionadmin_enqueue_scriptsincludes\class-assets.php:36

actionadmin_enqueue_scriptsincludes\class-assets.php:37

actionadmin_enqueue_scriptsincludes\class-assets.php:38

actionadmin_enqueue_scriptsincludes\class-assets.php:39

actionwp_enqueue_scriptsincludes\class-assets.php:41

actionwp_enqueue_scriptsincludes\class-assets.php:42

actionwp_enqueue_scriptsincludes\class-assets.php:46

actionwp_enqueue_scriptsincludes\class-assets.php:47

filterscript_loader_tagincludes\class-assets.php:50

filterget_rocket_option_remove_unused_css_safelistincludes\class-assets.php:52

actioninitincludes\class-feed-block.php:22

actionblock_categories_allincludes\class-feed-block.php:23

actionadmin_initincludes\class-plugin.php:66

actionplugins_loadedincludes\class-plugin.php:67

actionwidgets_initincludes\class-plugin.php:123

actioninitincludes\class-post-types.php:10

Maintenance & Trust

Reviews Widgets for Google, Yelp & TripAdvisor Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 2, 2026

PHP min version5.2

Downloads539K

Community Trust

Rating98/100

Number of ratings324

Active installs10K

Alternatives

Reviews Widgets for Google, Yelp & TripAdvisor Alternatives

Tagembed: Embed Twitter Feed, Google Reviews, YouTube Videos, TikTok, RSS Feed & More Social Media Feeds

tagembed-widget

A

99

Collect & Embed Instagram Feed, Embed Facebook Feed, Embed YouTube Videos, Embed Twitter Feed, Google Reviews & 15+ Social Media Feed on website.

10K 2 CVEs

Taggbox: Social Feed Widgets

taggbox-widget

A

94

Collect, Curate & Publish Instagram, Facebook Feeds, YouTube Videos, Twitter (X) Feeds, Google Reviews & 20+ Social Media Widgets on your website.

1K 5 CVEs

Review Map by RevuKangaroo

review-map-by-revukangaroo

A

85

Show off your customer's online reviews with Review Map by Revukangaroo.

20 No CVEs

Proton Reviews

proton-reviews

A

85

Proton Reviews is the Best Reviews Funnel for Google and Yelp

10 No CVEs

ReviewsTap

reviewstap

A

91

ReviewsTap helps small businesses collect, monitor and manage reviews across a range of online platforms.

10 1 CVE

Developer Profile

Reviews Widgets for Google, Yelp & TripAdvisor Developer Profile

richplugins

5 plugins · 114K total installs

70

trust score

Avg Security Score

87/100

Avg Patch Time

204 days

View full developer profile

Detection Fingerprints

How We Detect Reviews Widgets for Google, Yelp & TripAdvisor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/fb-reviews-widget/css/admin-main.css/wp-content/plugins/fb-reviews-widget/css/public-main.css/wp-content/plugins/fb-reviews-widget/js/admin-main.js/wp-content/plugins/fb-reviews-widget/js/admin-builder.js/wp-content/plugins/fb-reviews-widget/js/admin-apexcharts.js/wp-content/plugins/fb-reviews-widget/js/public-main.js

Script Paths

https://cdn.reviewsplugin.com/assets/js/toast.jshttps://cdn.reviewsplugin.com/assets/js/time.js

Version Parameters

fb-reviews-widget/css/admin-main.css?ver=fb-reviews-widget/css/public-main.css?ver=fb-reviews-widget/js/admin-main.js?ver=fb-reviews-widget/js/admin-builder.js?ver=fb-reviews-widget/js/admin-apexcharts.js?ver=fb-reviews-widget/js/public-main.js?ver=

HTML / DOM Fingerprints

CSS Classes

trustreviews-container

Data Attributes

data-trustreviews-widget-id

JS Globals

TRUSTREVIEWS_VARS

FAQ

Reviews Widgets for Google, Yelp & TripAdvisor Security & Risk Analysis