WP-Safety

Init Review System – Reactions, Multi-Criteria, Guest-Friendly Security & Risk Analysis

wordpress.org/plugins/init-review-system

Fast 5-star rating plugin with schema, REST API, shortcode control, localStorage voting. Now with multi-criteria review support.

30 active installs v1.16 PHP 7.4+ WP 5.5+ Updated Mar 1, 2026
ratingreactionreviewschemavote
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Init Review System – Reactions, Multi-Criteria, Guest-Friendly Safe to Use in 2026?

Generally Safe

Score 100/100

Init Review System – Reactions, Multi-Criteria, Guest-Friendly has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "init-review-system" plugin v1.16 exhibits a strong security posture based on the provided static analysis. The plugin demonstrates good practices by implementing nonce and capability checks for its entry points, ensuring that actions are authorized and protected against common web attacks. The high percentage of properly escaped output (92%) and the consistent use of prepared statements for SQL queries (90%) are significant strengths, mitigating risks associated with cross-site scripting (XSS) and SQL injection vulnerabilities. The absence of file operations and external HTTP requests further limits the potential attack surface.

While the code analysis reveals no critical or high-severity taint flows, and there's no recorded vulnerability history, there are a few areas that could be improved. The presence of four shortcodes, while not explicitly flagged as unprotected, represents potential entry points that are not individually detailed in the analysis regarding their specific authorization mechanisms beyond the general count of capability checks. The 10% of SQL queries not using prepared statements, though small, warrants attention as it could be a vector for SQL injection if input is not perfectly sanitized. Therefore, while the plugin appears robust, continuous vigilance and addressing the minor deviations from best practices are recommended.

Key Concerns

  • SQL queries not using prepared statements
  • Minor percentage of unescaped output
Vulnerabilities
None known

Init Review System – Reactions, Multi-Criteria, Guest-Friendly Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Init Review System – Reactions, Multi-Criteria, Guest-Friendly Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
37 prepared
Unescaped Output
21
245 escaped
Nonce Checks
6
Capability Checks
7
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

90% prepared41 total queries

Output Escaping

92% escaped266 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
init_plugin_suite_review_system_render_management_page (includes\review-management.php:288)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Init Review System – Reactions, Multi-Criteria, Guest-Friendly Attack Surface

Entry Points4
Unprotected0

Shortcodes 4

[init_review_score] includes\shortcodes.php:75
[init_review_system] includes\shortcodes.php:125
[init_review_criteria] includes\shortcodes.php:208
[init_reactions] includes\shortcodes.php:314
WordPress Hooks 24
filterthe_contentincludes\hooks.php:50
actioncomment_form_beforeincludes\hooks.php:70
actioncomment_form_afterincludes\hooks.php:76
actioncomment_form_beforeincludes\hooks.php:83
actionadmin_initincludes\init.php:31
actionadmin_initincludes\init.php:36
actionadd_meta_boxesincludes\reset-metabox.php:10
actionsave_postincludes\reset-metabox.php:141
actionrest_api_initincludes\rest-api.php:5
actionadmin_menuincludes\review-management.php:7
actionadmin_initincludes\review-management.php:23
actionadmin_noticesincludes\review-management.php:53
actionadmin_noticesincludes\review-management.php:57
actionadmin_noticesincludes\review-management.php:69
actionadmin_noticesincludes\review-management.php:81
actionadmin_initincludes\review-management.php:96
actionadmin_noticesincludes\review-management.php:145
actionadmin_noticesincludes\review-management.php:167
actionadmin_noticesincludes\review-management.php:189
actionadmin_enqueue_scriptsincludes\review-management.php:586
actionadmin_menuincludes\settings-page.php:7
actionadmin_initincludes\settings-page.php:33
actionadmin_enqueue_scriptsincludes\shortcodes.php:259
actionwp_enqueue_scriptsinit-review-system.php:43
Maintenance & Trust

Init Review System – Reactions, Multi-Criteria, Guest-Friendly Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 1, 2026
PHP min version7.4
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs30
Alternatives

Init Review System – Reactions, Multi-Criteria, Guest-Friendly Alternatives

Review Schema – Review & Structure Data Schema Plugin

Review Schema – Review & Structure Data Schema Plugin

review-schema

A
98

WordPress Review Plugin with Schema adds Google Rich Snippets markup according to Schema.org guidelines to structure your website for SEO.

10K 2 CVEs
Absolute Reviews

Absolute Reviews

absolute-reviews

A
99

Add beautiful responsive and modern review boxes with valid JSON-LD schema to your posts with the “Advanced Reviews” plugin.

7K 2 CVEs
Editorial Rating – Product Review & Rating System

Editorial Rating – Product Review & Rating System

editorial-rating

A
100

Add multi-criteria product reviews and star ratings to WordPress posts. Boost engagement, SEO, and sales with editorial ratings.

300 No CVEs
Schema Review

Schema Review

schema-review

A
85

Add schema.org review markup and Structured Data in JSON-LD format for editor reviews, an extension for the Schema plugin.

300 No CVEs
Game Review Block

Game Review Block

game-review-block

A
99

Add a review rating block with a score from 1 to 10 to your post. Adds schema.org meta data for Rich Results in search engines.

100 1 CVE
Developer Profile

Init Review System – Reactions, Multi-Criteria, Guest-Friendly Developer Profile

Init HTML

12 plugins · 710 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Init Review System – Reactions, Multi-Criteria, Guest-Friendly

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/init-review-system/assets/css/style.css
Version Parameters
init-review-system/assets/css/style.css?ver=

HTML / DOM Fingerprints

CSS Classes
init_plugin_suite_review_system_settingsinit-review-managementinit_criteria_reviews
HTML Comments
<!-- wp:init-review-system/criteria-review --><!-- /wp:init-review-system/criteria-review --><!-- wp:init-review-system/schema --><!-- /wp:init-review-system/schema -->+2 more
Data Attributes
data-init-rs-iddata-init-rs-titledata-init-rs-ratingdata-init-rs-authordata-init-rs-datedata-init-rs-content+1 more
JS Globals
init_review_system_ajax_object
REST Endpoints
/wp-json/initrsys/v1/reviews
Shortcode Output
[init_review_system][init_criteria_review][init_schema][init_reviews]
FAQ

Frequently Asked Questions about Init Review System – Reactions, Multi-Criteria, Guest-Friendly