WP-Safety

Verified Reviews (Avis Vérifiés) Security & Risk Analysis

wordpress.org/plugins/netreviews

We provide you with a solution that enables you to collect customer reviews about your website and products which will show on your website and on a a …

800 active installs v2.4.6 PHP + WP 1.3.1+ Updated Sep 23, 2025
avisetoilesreviewsstarsverifies
100
A · Safe
CVEs total1
Unpatched0
Last CVEApr 20, 2023
Plugin page Download
Safety Verdict

Is Verified Reviews (Avis Vérifiés) Safe to Use in 2026?

Generally Safe

Score 100/100

Verified Reviews (Avis Vérifiés) has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 20, 2023Updated 6mo ago
Risk Assessment

The netreviews plugin v2.4.6 exhibits a mixed security posture. While it has a small attack surface with no immediately obvious unprotected entry points and a moderate number of nonces and capability checks, significant concerns arise from the code analysis and vulnerability history. The presence of the 'unserialize' function, coupled with four taint flows with unsanitized paths, indicates a potential risk for code injection or deserialization vulnerabilities. These taint flows, even without a critical severity rating, suggest that user-supplied data might not be sufficiently validated before being processed, which is a common precursor to security issues. The plugin also demonstrates a concerning trend in output escaping, with only 26% of outputs being properly escaped, increasing the likelihood of cross-site scripting (XSS) vulnerabilities. Although there are no currently unpatched CVEs, the history includes a medium-severity XSS vulnerability reported in April 2023. This pattern suggests a recurring weakness in input sanitization and output escaping, which could be exploited if similar vulnerabilities are reintroduced or if the previous one was not fully remediated across all contexts. Overall, while the basic security controls are present, the identified code-level risks and historical vulnerability types warrant caution.

Key Concerns

  • Dangerous function 'unserialize' found
  • 4 taint flows with unsanitized paths
  • Only 26% of outputs properly escaped
  • 1 medium severity CVE in history
  • 3 file operations found
Vulnerabilities
1

Verified Reviews (Avis Vérifiés) Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2023-23720medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Verified Reviews (Avis Vérifiés) <= 2.3.14 - Authenticated (Administrator+) Stored Cross-Site Scripting

Apr 20, 2023 Patched in 2.3.15 (278d)
Code Analysis
Analyzed Mar 16, 2026

Verified Reviews (Avis Vérifiés) Code Analysis

Dangerous Functions
1
Raw SQL Queries
53
82 prepared
Unescaped Output
65
23 escaped
Nonce Checks
2
Capability Checks
1
File Operations
3
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

unserialize$unserialized_discussion = unserialize(ntav_AV_decode_base64($discussion));functions.php:1246

SQL Query Safety

61% prepared135 total queries

Output Escaping

26% escaped88 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths
<av_backoffice> (includes\av_backoffice.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Verified Reviews (Avis Vérifiés) Attack Surface

Entry Points3
Unprotected0

Shortcodes 3

[netreviews_loop_product_rating] netreviews.php:288
[netreviews_product_rating] netreviews.php:353
[netreviews_product_reviews] netreviews.php:619
WordPress Hooks 20
actionparse_requestnetreviews.php:58
actionplugins_loadednetreviews.php:229
actionwp_footernetreviews.php:236
actionadmin_menunetreviews.php:239
actionwp_footernetreviews.php:265
actionwp_footernetreviews.php:275
actionwoocommerce_after_shop_loop_item_titlenetreviews.php:286
actionnetreviews_category_ratingnetreviews.php:287
actionnetreviews_product_ratingnetreviews.php:351
actionwoocommerce_single_product_summarynetreviews.php:352
filterwoocommerce_product_tabsnetreviews.php:570
filterwoocommerce_product_tabsnetreviews.php:587
actionnetreviews_product_reviewsnetreviews.php:618
actionwp_footernetreviews.php:670
actionwoocommerce_thankyounetreviews.php:693
actionwoocommerce_order_status_changednetreviews.php:694
actionwoocommerce_new_ordernetreviews.php:695
actionwoocommerce_checkout_order_processednetreviews.php:713
actionwp_footernetreviews.php:732
actionwp_footernetreviews.php:767
Maintenance & Trust

Verified Reviews (Avis Vérifiés) Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedSep 23, 2025
PHP min version
Downloads30K

Community Trust

Rating0/100
Number of ratings0
Active installs800
Alternatives

Verified Reviews (Avis Vérifiés) Alternatives

Certishopping Social Reviews for Woocommerce

Certishopping Social Reviews for Woocommerce

certishopping-social-reviews-for-woocommerce

A
92

Certishopping is a commerce marketing platform that helps brands of all sizes collect and showcase reviews, photos.

100 No CVEs
REVIEWS.io for WooCommerce

REVIEWS.io for WooCommerce

reviewscouk-for-woocommerce

A
99

REVIEWS.io, helps eCommerce merchants to collect & display verified product and company reviews. A Google Licensed partner.

1K 1 CVE
Stars Rating

Stars Rating

stars-rating

A
99

A plugin to turn comments into reviews by adding rating feature.

1K 1 CVE
Guaranteed Reviews Company (Société des Avis Garantis)

Guaranteed Reviews Company (Société des Avis Garantis)

woo-guaranteed-reviews-company

A
100

Collect and display product and website reviews through Guaranteed Reviews Company / Société des Avis Garantis.

1K No CVEs
GoodReviews

GoodReviews

goodreviews

A
85

Display Goodreads.com reviews for ISBNs or IDs you specify on any page or post.

300 No CVEs
Developer Profile

Verified Reviews (Avis Vérifiés) Developer Profile

avisverifies

1 plugin · 800 total installs

79
trust score
Avg Security Score
100/100
Avg Patch Time
278 days
View full developer profile
Detection Fingerprints

How We Detect Verified Reviews (Avis Vérifiés)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/netreviews/css/frontend.css/wp-content/plugins/netreviews/css/frontend-media.css/wp-content/plugins/netreviews/js/frontend.js/wp-content/plugins/netreviews/js/slick.min.js/wp-content/plugins/netreviews/css/admin.css/wp-content/plugins/netreviews/js/admin.js/wp-content/plugins/netreviews/js/front_detail.js/wp-content/plugins/netreviews/js/front_listing.js+4 more
Script Paths
/wp-content/plugins/netreviews/js/frontend.js/wp-content/plugins/netreviews/js/slick.min.js/wp-content/plugins/netreviews/js/admin.js/wp-content/plugins/netreviews/js/front_detail.js/wp-content/plugins/netreviews/js/front_listing.js/wp-content/plugins/netreviews/js/front_listing_products.js+3 more
Version Parameters
netreviews/css/frontend.css?ver=netreviews/css/frontend-media.css?ver=netreviews/js/frontend.js?ver=netreviews/js/slick.min.js?ver=netreviews/css/admin.css?ver=netreviews/js/admin.js?ver=netreviews/js/front_detail.js?ver=netreviews/js/front_listing.js?ver=netreviews/js/front_listing_products.js?ver=netreviews/js/front_listing_reviews.js?ver=netreviews/js/front_single_product.js?ver=netreviews/js/front_single_review.js?ver=

HTML / DOM Fingerprints

CSS Classes
netreviews-reviews-carouselnetreviews-starsnr_carousel_wrapnetreviews-containernr-rate-starsnr-widget-starsnr-reviews-containernr-widget-reviews+1 more
HTML Comments
<!-- Footer Netreviews --><!-- Netreviews --><!-- Netreviews. -->
Data Attributes
data-nr-plugin-versiondata-nr-widget-iddata-nr-product-iddata-nr-shop-iddata-nr-shop-secretdata-nr-shop-url+1 more
JS Globals
Netreviewsnr_paramsNetreviewsProductNetreviewsReviewsNetreviewsListingNetreviewsListingProducts+4 more
Shortcode Output
[netreviews][netreviews_product][netreviews_listing][netreviews_listing_products]
FAQ

Frequently Asked Questions about Verified Reviews (Avis Vérifiés)