Helpfulcrowd Product Reviews Security & Risk Analysis

wordpress.org/plugins/helpfulcrowd-product-reviews

HelpfulCrowd is a review marketing platform that collects, manages and displays video and photo reviews for your WooCommerce online shop and much more

70 active installs v1.2.9 PHP 7.0+ WP 5.2+ Updated Dec 22, 2025
business-reviewsproduct-reviewsquestions-and-answersreviewswoocommerce
78
B · Generally Safe
CVEs total1
Unpatched1
Last CVEJun 8, 2026
Safety Verdict

Is Helpfulcrowd Product Reviews Safe to Use in 2026?

Mostly Safe

Score 78/100

Helpfulcrowd Product Reviews is generally safe to use. 1 past CVE were resolved.

1 known CVE 1 unpatched Last CVE: Jun 8, 2026Updated 6mo ago
Risk Assessment

The 'helpfulcrowd-product-reviews' plugin v1.2.9 exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and having a high percentage of properly escaped output, indicating a general awareness of secure coding principles. The absence of dangerous functions, file operations, and known vulnerabilities in its history is also a strong positive indicator. However, significant concerns arise from the lack of robust access control and potential for unauthorized access.

The plugin presents a single unprotected REST API route, which is a critical entry point without any permission callbacks. This means that any unauthenticated user could potentially interact with this route, leading to a severe security risk if it handles sensitive data or performs actions. Furthermore, the lack of nonce checks on AJAX handlers and capability checks throughout the codebase implies a broad weakness in preventing cross-site request forgery (CSRF) and unauthorized privilege escalation. While taint analysis shows no immediate critical or high severity unsanitized paths, the overall lack of authorization on key entry points overshadows this positive finding.

In conclusion, while the plugin has avoided critical vulnerabilities in its past and employs secure SQL practices, the presence of an unprotected REST API endpoint and a general absence of authorization checks on AJAX and other potential entry points represent a significant security risk. The plugin's attack surface includes a critical vulnerability that needs immediate attention.

Key Concerns

  • Unprotected REST API route without permission callback
  • No nonce checks on AJAX handlers
  • No capability checks for entry points
Vulnerabilities
1 published

Helpfulcrowd Product Reviews Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-8499medium · 5.3Access of Resource Using Incompatible Type ('Type Confusion')

Helpfulcrowd Product Reviews <= 1.2.9 - Inccorect Authorization via Type Juggling in 'token' Parameter to Arbitrary Settings Update

Jun 8, 2026Unpatched
Version History

Helpfulcrowd Product Reviews Release Timeline

v1.2.9Current1 CVE
v1.2.81 CVE
v1.2.71 CVE
v1.2.61 CVE
v1.2.51 CVE
v1.2.41 CVE
v1.2.31 CVE
v1.2.21 CVE
v1.2.11 CVE
v1.2.01 CVE
v1.1.01 CVE
v1.0.01 CVE
Code Analysis
Analyzed Apr 16, 2026

Helpfulcrowd Product Reviews Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
14
64 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
6
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

82% escaped78 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

1 flows
<HelpfulcrowdSocials> (includes/HelpfulcrowdSocials.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Helpfulcrowd Product Reviews Attack Surface

Entry Points5
Unprotected1

REST API Routes 1

GET/wp-json/helpfulcrowd/v1update-settingsincludes/core.php:122

Shortcodes 4

[helpfulcrowd_product_summary_widget] includes/HelpfulcrowdWidgets.php:19
[helpfulcrowd_product_tab_widget] includes/HelpfulcrowdWidgets.php:30
[helpfulcrowd_review_journal] includes/HelpfulcrowdWidgets.php:59
[helpfulcrowd_review_slider] includes/HelpfulcrowdWidgets.php:64
WordPress Hooks 15
actionadmin_noticeshelpfulcrowd.php:54
actionadmin_menuincludes/HelpfulcrowdSettings.php:14
actionadmin_initincludes/HelpfulcrowdSettings.php:18
filterplugin_action_links_helpfulcrowd/helpfulcrowd.phpincludes/HelpfulcrowdSettings.php:22
actionrest_api_initincludes/HelpfulcrowdSocials.php:68
actionadmin_post_delete_socialincludes/HelpfulcrowdSocials.php:221
actionadmin_post_nopriv_delete_socialincludes/HelpfulcrowdSocials.php:222
actionwp_footerincludes/HelpfulcrowdWidgets.php:47
actionwp_headincludes/HelpfulcrowdWidgets.php:53
actionwoocommerce_loadedincludes/core.php:16
actionupdate_option_admin_emailincludes/core.php:21
actionupdate_option_helpfulcrowd_optionsincludes/core.php:22
actionadmin_noticesincludes/core.php:23
actionwoocommerce_loadedincludes/core.php:27
actionrest_api_initincludes/core.php:31
Maintenance & Trust

Helpfulcrowd Product Reviews Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 22, 2025
PHP min version7.0
Downloads7K

Community Trust

Rating100/100
Number of ratings2
Active installs70
Developer Profile

Helpfulcrowd Product Reviews Developer Profile

helpfulcrowd

1 plugin · 70 total installs

79
trust score
Avg Security Score
78/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Helpfulcrowd Product Reviews

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/helpfulcrowd-product-reviews/assets/css/helpfulcrowd.css/wp-content/plugins/helpfulcrowd-product-reviews/assets/js/helpfulcrowd.js
Script Paths
/wp-content/plugins/helpfulcrowd-product-reviews/assets/js/helpfulcrowd.js
Version Parameters
helpfulcrowd-product-reviews/assets/css/helpfulcrowd.css?ver=helpfulcrowd-product-reviews/assets/js/helpfulcrowd.js?ver=

HTML / DOM Fingerprints

CSS Classes
helpfulcrowd-widget-wrapper
Data Attributes
data-helpfulcrowd-plugin
Shortcode Output
[helpfulcrowd_review_journal][helpfulcrowd_review_slider]
FAQ

Frequently Asked Questions about Helpfulcrowd Product Reviews