WP-Safety

My Review Security & Risk Analysis

wordpress.org/plugins/my-review

My Review plugin helps you format your post as a review.

10 active installs v1.2 PHP + WP 2.5+ Updated Jun 7, 2008
content-formattingi18ninternationalizationpostreview
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is My Review Safe to Use in 2026?

Generally Safe

Score 85/100

My Review has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 17yr ago
Risk Assessment

The "my-review" plugin v1.2 exhibits a concerning security posture primarily due to a complete lack of output escaping. While the static analysis reveals no dangerous functions, SQL injection vulnerabilities via prepared statements, file operations, external requests, or taint flows, and the vulnerability history is clean, the absence of output escaping is a critical weakness. This means any user-provided input that is displayed back to users could potentially be exploited to inject malicious code, such as JavaScript, leading to cross-site scripting (XSS) attacks. The plugin also has no detectable attack surface points, which is a strength, but this could be misleading if the plugin relies on internal functions or indirectly exposed data that isn't flagged as an entry point by the static analysis. Given the lack of direct vulnerabilities found in code and history, the immediate risks are lower, but the unescaped output represents a significant latent vulnerability that needs immediate attention.

Key Concerns

  • Output escaping is not implemented
Vulnerabilities
None known

My Review Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

My Review Release Timeline

v1.2Current
v1.0.2
v1.0.1
v1.0
Code Analysis
Analyzed Apr 16, 2026

My Review Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
9
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped9 total outputs
Attack Surface

My Review Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 5
filtercontent_edit_premain.php:174
filtercontent_save_premain.php:175
filterthe_contentmain.php:176
actionwp_headmain.php:177
actioninitmain.php:178
Maintenance & Trust

My Review Maintenance & Trust

Maintenance Signals

WordPress version tested2.5.1
Last updatedJun 7, 2008
PHP min version
Downloads9K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

My Review Alternatives

Public Post Preview

Public Post Preview

public-post-preview

A
100

Allow anonymous users to preview a draft of a post before it is published.

100K No CVEs
Performant Translations

Performant Translations

performant-translations

A
100

Making internationalization/localization in WordPress faster than ever before.

40K No CVEs
Public Post Preview Configurator

Public Post Preview Configurator

public-post-preview-configurator

A
85

Enables you to configure the 'public post preview' plugin with a user interface.

10K No CVEs
Preferred Languages

Preferred Languages

preferred-languages

A
99

Choose languages for displaying WordPress in, in order of preference.

2K 1 CVE
Post Draft Preview

Post Draft Preview

post-draft-preview

A
85

Allow non logged-in users to check a draft of unpublished post by using secret link

700 No CVEs
Developer Profile

My Review Developer Profile

mike_sapiens

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect My Review

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/my-review/rw.css

HTML / DOM Fingerprints

HTML Comments
<!-- rw_good --><!-- /rw_good --><!-- rw_bad --><!-- /rw_bad -->+4 more
FAQ

Frequently Asked Questions about My Review