GoodReviews Security & Risk Analysis
wordpress.org/plugins/goodreviewsDisplay Goodreads.com reviews for ISBNs or IDs you specify on any page or post.
Is GoodReviews Safe to Use in 2026?
Generally Safe
Score 85/100GoodReviews has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "goodreviews" v2.2.5 plugin exhibits a generally good security posture based on the provided static analysis and vulnerability history. The absence of known CVEs and the clean vulnerability history suggest a development team that is either very proactive in addressing security or has not historically been a target for vulnerabilities. The code analysis reveals no critical security flaws like dangerous functions, raw SQL queries, or critical taint flows. However, there are a few areas for improvement. The 60% proper output escaping rate, while not critical, indicates a potential for cross-site scripting (XSS) vulnerabilities if sensitive data is not consistently sanitized before display. Additionally, the absence of nonce checks and capability checks on the single shortcode entry point, and the presence of external HTTP requests without explicit mention of sanitization or authentication for those requests, represent potential avenues for exploitation. The overall risk is low, but attention to output escaping and securing all entry points, including those not explicitly flagged as unauthenticated but lacking checks, is recommended.
Key Concerns
- Output escaping is only 60% proper
- No nonce checks on shortcode entry point
- No capability checks on shortcode entry point
- External HTTP requests made
GoodReviews Security Vulnerabilities
GoodReviews Code Analysis
SQL Query Safety
Output Escaping
GoodReviews Attack Surface
Shortcodes 1
WordPress Hooks 14
Maintenance & Trust
GoodReviews Maintenance & Trust
Maintenance Signals
Community Trust
GoodReviews Alternatives
Share Goodreads Update
share-goodreads-update
Widget to give an overview of your currently reading books on goodreads, whitout the use of API.
REVIEWS.io for WooCommerce
reviewscouk-for-woocommerce
REVIEWS.io, helps eCommerce merchants to collect & display verified product and company reviews. A Google Licensed partner.
Stars Rating
stars-rating
A plugin to turn comments into reviews by adding rating feature.
Verified Reviews (Avis Vérifiés)
netreviews
We provide you with a solution that enables you to collect customer reviews about your website and products which will show on your website and on a a …
Certishopping Social Reviews for Woocommerce
certishopping-social-reviews-for-woocommerce
Certishopping is a commerce marketing platform that helps brands of all sizes collect and showcase reviews, photos.
GoodReviews Developer Profile
1 plugin · 300 total installs
How We Detect GoodReviews
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/goodreviews/css/goodreviews.css/wp-content/plugins/goodreviews/js/goodreviews.js/wp-content/plugins/goodreviews/js/goodreviews.jsgoodreviews/css/goodreviews.css?ver=goodreviews/js/goodreviews.js?ver=HTML / DOM Fingerprints
goodreviews-widget-areagoodreviews-buy-book-widgetjhgr-buy-book-widget-titlejhgr-buy-book-widget-isbnjhgr-buy-book-widget-imgjhgr-buy-book-widget-pricejhgr-buy-book-widget-buttonjhgr-buy-book-widget-link+14 morejhgrclasses.php is part of the GoodReviews plugin for WordPressThis file is distributed as part of the GoodReviews plugin for WordPressThis program is free software; you can redistribute it and/or modifyThis program is distributed in the hope that it will be useful+18 moregoodreviews-widget-areadata-goodreviews-isbndata-goodreviews-widget-typegoodreviews_obj[goodreviews[goodreviews isbn="