WP-Safety

Reviews Block for Google Security & Risk Analysis

wordpress.org/plugins/google-places-reviews

Easily display Google business reviews on your WordPress website with a simple and intuitive block.

2K active installs v2.0.1 PHP 7.2+ WP 5.0+ Updated Jul 1, 2022
googlegoogle-businessgoogle-placesgoogle-reviewsreviews
85
A · Safe
CVEs total1
Unpatched0
Last CVEMay 17, 2022
Plugin page Download
Safety Verdict

Is Reviews Block for Google Safe to Use in 2026?

Generally Safe

Score 85/100

Reviews Block for Google has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: May 17, 2022Updated 3yr ago
Risk Assessment

The 'google-places-reviews' v2.0.1 plugin exhibits a mixed security posture. While it demonstrates good practices by using prepared statements for all SQL queries and avoiding dangerous functions and file operations, several significant concerns are present. The attack surface is notable, with 3 entry points, 2 of which lack proper authentication or permission checks. This creates potential pathways for unauthorized access or actions. The output escaping is also a weakness, with less than half of the outputs being properly escaped, indicating a risk of Cross-Site Scripting (XSS) vulnerabilities. The plugin's vulnerability history, including a past medium-severity XSS vulnerability, further underscores the importance of careful input handling and output sanitization. While the absence of critical taint flows and unpatched CVEs is positive, the identified weaknesses in authentication and output escaping warrant attention.

Key Concerns

  • Unprotected AJAX handlers
  • Unprotected REST API routes
  • Low output escaping coverage
  • No nonce checks on AJAX
  • Past medium severity vulnerability
Vulnerabilities
1

Reviews Block for Google Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2022-1772medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Google Places Reviews < 2.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting

May 17, 2022 Patched in 2.0.0 (752d)
Code Analysis
Analyzed Mar 16, 2026

Reviews Block for Google Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
69
62 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
3
Bundled Libraries
0

Output Escaping

47% escaped131 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
gpr_upgrades_screen (includes\legacy\upgrades\upgrades.php:23)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Reviews Block for Google Attack Surface

Entry Points3
Unprotected2

AJAX Handlers 2

authwp_ajax_gpr_free_clear_widget_cacheincludes\gpr-class.php:52
authwp_ajax_gpr_trigger_upgradesincludes\legacy\upgrades\upgrade-functions.php:115

REST API Routes 1

GET/wp-json/google-block/v1profile/includes\gpr-class.php:128
WordPress Hooks 17
actionadmin_menuincludes\admin-settings.php:21
actionadmin_enqueue_scriptsincludes\admin-settings.php:45
actioninitincludes\gpr-class.php:42
actioninitincludes\gpr-class.php:43
actionrest_api_initincludes\gpr-class.php:44
actionwidgets_initincludes\gpr-class.php:51
actioninitincludes\gpr-class.php:57
actionblock_categories_allincludes\gpr-class.php:58
actionenqueue_block_editor_assetsincludes\gpr-class.php:59
actionadmin_noticesincludes\legacy\upgrades\upgrade-functions.php:62
actionadmin_menuincludes\legacy\upgrades\upgrade-functions.php:78
actionwp_enqueue_scriptsincludes\legacy\widget.php:67
actionadmin_enqueue_scriptsincludes\legacy\widget.php:68
actionadmin_noticesincludes\plugin-listing-page.php:177
actionadmin_initincludes\plugin-listing-page.php:193
filterplugin_action_linksincludes\plugin-listing-page.php:220
filterplugin_row_metaincludes\plugin-listing-page.php:240
Maintenance & Trust

Reviews Block for Google Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10
Last updatedJul 1, 2022
PHP min version7.2
Downloads111K

Community Trust

Rating68/100
Number of ratings43
Active installs2K
Alternatives

Reviews Block for Google Alternatives

Widget for Google Reviews

Widget for Google Reviews

business-reviews-wp

A
95

Shortcode and widget for Google Reviews. Display Google Business Reviews on your WordPress website to increase user confidence and SEO.

1K 2 CVEs
Free Google Reviews widget by OpenWidget

Free Google Reviews widget by OpenWidget

free-google-reviews-widget-by-openwidget

A
92

⭐️ Embed Google reviews into your WordPress site. Improve trust, sales & SEO of your Wordpress site with Google reviews.

100 No CVEs
Get Google Reviews

Get Google Reviews

get-google-reviews

A
100

Get your Google Reviews and display them on your website. Easily and without needing an API key.

70 No CVEs
Widgets for Google Reviews

Widgets for Google Reviews

wp-reviews-plugin-for-google

A
93

Embed Google reviews fast and easily into your WordPress site. Increase SEO, trust and sales using Google reviews.

900K 4 CVEs
Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More

Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More

reviews-feed

A
99

No API key required. Display Yelp and Google reviews for any business in a clean, customizable feed on your site.

100K 2 CVEs
Developer Profile

Reviews Block for Google Developer Profile

Devin Walker

2 plugins · 302K total installs

73
trust score
Avg Security Score
92/100
Avg Patch Time
2338 days
View full developer profile
Detection Fingerprints

How We Detect Reviews Block for Google

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Reviews Block for Google