WP-Safety

Five Star Restaurant Reviews Security & Risk Analysis

wordpress.org/plugins/good-reviews-wp

Restaurant reviews made easy. Add and display reviews on your restaurant site using SEO friendly schema markup.

500 active installs v2.3.11 PHP + WP 3.9+ Updated Dec 2, 2025
restaurant-feedbackrestaurant-ratingrestaurant-reviewsreviewstestimonials
100
A · Safe
CVEs total1
Unpatched0
Last CVEFeb 2, 2024
Plugin page Download
Safety Verdict

Is Five Star Restaurant Reviews Safe to Use in 2026?

Generally Safe

Score 100/100

Five Star Restaurant Reviews has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Feb 2, 2024Updated 4mo ago
Risk Assessment

The plugin 'good-reviews-wp' v2.3.11 exhibits a mixed security posture. While it demonstrates good practices like using prepared statements for all SQL queries and performing a significant number of nonce and capability checks, there are notable areas of concern. The presence of 4 AJAX handlers without authentication checks represents a substantial attack surface, potentially allowing unauthorized actions if these handlers are not sufficiently secured by other means. The static analysis also indicates that a considerable portion of output (45%) is not properly escaped, raising the risk of Cross-Site Scripting (XSS) vulnerabilities, a pattern echoed by its historical vulnerability data which includes a medium-severity XSS flaw.

Key Concerns

  • Unprotected AJAX handlers
  • Significant unescaped output
  • Historical medium severity XSS vulnerability
Vulnerabilities
1

Five Star Restaurant Reviews Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-24838medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Five Star Restaurant Reviews <= 2.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Review URL

Feb 2, 2024 Patched in 2.3.6 (4d)
Code Analysis
Analyzed Mar 16, 2026

Five Star Restaurant Reviews Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
107
130 escaped
Nonce Checks
7
Capability Checks
8
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

55% escaped237 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
hide_review_ask (includes\ReviewAsk.class.php:84)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Five Star Restaurant Reviews Attack Surface

Entry Points12
Unprotected4

AJAX Handlers 8

authwp_ajax_grfwp_hide_helper_noticegood-reviews-wp.php:173
authwp_ajax_grfwp_send_feature_suggestionincludes\AboutUs.class.php:14
authwp_ajax_grfwp_ajax_load_reviewsincludes\Ajax.class.php:14
noprivwp_ajax_grfwp_ajax_load_reviewsincludes\Ajax.class.php:15
authwp_ajax_fdm_grfwp_handle_submitted_reviewincludes\Integrations.class.php:88
noprivwp_ajax_fdm_grfwp_handle_submitted_reviewincludes\Integrations.class.php:89
authwp_ajax_grfwp_hide_review_askincludes\ReviewAsk.class.php:15
authwp_ajax_grfwp_send_feedbackincludes\ReviewAsk.class.php:16

Shortcodes 4

[good-reviews] includes\template-functions.php:35
[five-star-reviews] includes\template-functions.php:36
[submit-good-review] includes\template-functions.php:50
[five-star-submit-review] includes\template-functions.php:51
WordPress Hooks 56
actionplugins_loadedgood-reviews-wp.php:86
actioninitgood-reviews-wp.php:88
actionadmin_menugood-reviews-wp.php:128
actionwp_enqueue_scriptsgood-reviews-wp.php:146
actionadmin_enqueue_scriptsgood-reviews-wp.php:147
actionwp_footergood-reviews-wp.php:148
actionwp_headgood-reviews-wp.php:151
filterenter_title_heregood-reviews-wp.php:154
filterpre_get_postsgood-reviews-wp.php:157
filterthe_contentgood-reviews-wp.php:160
actionwidgets_initgood-reviews-wp.php:163
filterplugin_action_linksgood-reviews-wp.php:166
actionadmin_noticesgood-reviews-wp.php:169
actionadmin_noticesgood-reviews-wp.php:172
actionthe_contentgood-reviews-wp.php:561
actionadmin_menuincludes\AboutUs.class.php:16
actioninitincludes\Blocks.class.php:14
filterblock_categories_allincludes\Blocks.class.php:16
actioninitincludes\CustomPostTypes.class.php:30
actionadd_meta_boxesincludes\CustomPostTypes.class.php:33
actionadmin_menuincludes\Dashboard.class.php:16
actionadmin_enqueue_scriptsincludes\Dashboard.class.php:18
actioncurrent_screenincludes\DeactivationSurvey.class.php:13
actionadmin_enqueue_scriptsincludes\DeactivationSurvey.class.php:18
actionadmin_footerincludes\DeactivationSurvey.class.php:19
actionadmin_initincludes\ExportHandler.class.php:22
actionadmin_initincludes\ExportHandler.class.php:25
actionmanage_posts_extra_tablenavincludes\ExportHandler.class.php:28
filtergrfwp_reviewed_valuesincludes\Integrations.class.php:24
actioninitincludes\Integrations.class.php:28
actioninitincludes\Integrations.class.php:31
filtersanitize_option_grfwp-settingsincludes\Integrations.class.php:32
filterfdm_menu_item_elementsincludes\Integrations.class.php:58
filterfdm_menu_item_elements_orderincludes\Integrations.class.php:59
filterfdm_content_map_fdmViewItemincludes\Integrations.class.php:60
filterfdm_template_directoriesincludes\Integrations.class.php:62
filtergrfwp_meta_boxesincludes\Integrations.class.php:64
actionsave_post_grfwp-reviewincludes\Integrations.class.php:65
filterfdm_menu_item_elementsincludes\Integrations.class.php:70
filterfdm_menu_item_elements_orderincludes\Integrations.class.php:71
filterfdm_content_map_fdmViewItemincludes\Integrations.class.php:72
filterfdm_template_directoriesincludes\Integrations.class.php:74
filterfdm_menu_item_elementsincludes\Integrations.class.php:79
filterfdm_menu_item_elements_orderincludes\Integrations.class.php:80
filterfdm_content_map_fdmViewItemincludes\Integrations.class.php:81
filterfdm_template_directoriesincludes\Integrations.class.php:83
filtergrfwp-submit-review-post-metaincludes\Integrations.class.php:91
filterrtb_booking_form_before_htmlincludes\Integrations.class.php:129
filterrtb_booking_form_html_postincludes\Integrations.class.php:130
actionthe_contentincludes\Integrations.class.php:381
actionadmin_noticesincludes\ReviewAsk.class.php:13
actionadmin_enqueue_scriptsincludes\ReviewAsk.class.php:18
actioninitincludes\Settings.class.php:49
actioninitincludes\Settings.class.php:51
actionthe_contentincludes\template-functions.php:31
actionthe_contenttemplates\fdm-review.php:15
Maintenance & Trust

Five Star Restaurant Reviews Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 2, 2025
PHP min version
Downloads60K

Community Trust

Rating98/100
Number of ratings14
Active installs500
Alternatives

Five Star Restaurant Reviews Alternatives

Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More

Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More

reviews-feed

A
99

No API key required. Display Yelp and Google reviews for any business in a clean, customizable feed on your site.

100K 2 CVEs
Rich Showcase for Google Reviews

Rich Showcase for Google Reviews

widget-google-reviews

A
90

Display up to 10 Google reviews in less than a minute. Continue collecting new reviews. No limits on connected places, widgets, shortcodes and blocks.

100K 5 CVEs
Site Reviews

Site Reviews

site-reviews

A
96

Site Reviews is a complete review management solution that integrates with WooCommerce and SureCart and works similarly to reviews on Amazon, Tripadvi &hellip;

70K 13 CVEs
WP Google Review Slider

WP Google Review Slider

wp-google-places-review-slider

A
92

Display Google reviews on your site and even show user images! No address, no problem! Also works with Service Area Businesses and Products! Lightwei &hellip;

30K 6 CVEs
WP Customer Reviews

WP Customer Reviews

wp-customer-reviews

A
89

Allows your visitors to leave business / product reviews. Testimonials are in Microdata / Microformat and may display star ratings in search results.

20K 8 CVEs
Developer Profile

Five Star Restaurant Reviews Developer Profile

Rustaurius

21 plugins · 66K total installs

72
trust score
Avg Security Score
90/100
Avg Patch Time
705 days
View full developer profile
Detection Fingerprints

How We Detect Five Star Restaurant Reviews

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/good-reviews-wp/css/grfwp-frontend.css/wp-content/plugins/good-reviews-wp/js/grfwp-frontend.js/wp-content/plugins/good-reviews-wp/css/grfwp-admin.css/wp-content/plugins/good-reviews-wp/js/grfwp-admin.js/wp-content/plugins/good-reviews-wp/css/grfwp-admin-new.css
Version Parameters
good-reviews-wp/css/grfwp-frontend.css?ver=good-reviews-wp/js/grfwp-frontend.js?ver=good-reviews-wp/css/grfwp-admin.css?ver=good-reviews-wp/js/grfwp-admin.js?ver=good-reviews-wp/css/grfwp-admin-new.css?ver=

HTML / DOM Fingerprints

CSS Classes
grfwp-dashboard-new-upgrade-bannergrfwp-dashboard-banner-icongrfwp-dashboard-banner-buttonsgrfwp-dashboard-new-upgrade-buttongrfwp-dashboard-banner-textgrfwp-dashboard-banner-titlegrfwp-dashboard-banner-briefgrfwp-admin-header-menu+5 more
HTML Comments
<!-- Review ASK --><!-- End Review ASK --><!-- Deactivation Survey --><!-- End Deactivation Survey -->+1 more
Data Attributes
data-grfwp-review-iddata-grfwp-post-iddata-grfwp-settingsdata-grfwp-review-templatedata-grfwp-post-typedata-grfwp-taxonomy
JS Globals
grfwp_ajax_url
REST Endpoints
/wp-json/grfwp/v1/reviews
Shortcode Output
[good_reviews][grfwp_reviews][good_reviews_archive][grfwp_reviews_archive]
FAQ

Frequently Asked Questions about Five Star Restaurant Reviews