Does Panda Reviews have any unpatched vulnerabilities?

No. All known vulnerabilities in Panda Reviews have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Panda Reviews compatible with WordPress 4.6.30?

According to WordPress.org data, Panda Reviews 1.0.0 has been tested up to WordPress 4.6.30. Check the plugin's changelog for the latest compatibility information.

How often is Panda Reviews updated?

Panda Reviews was last updated on Unknown. Frequent updates are generally a positive security signal.

What is Panda Reviews's security score?

Panda Reviews has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Panda Reviews Security & Risk Analysis

wordpress.org/plugins/panda-reviews

A review and rating plugin for WordPress. Let your users to post reviews and vote any posts or custom post from your WordPress site.

10 active installs v1.0.0 PHP + WP 4.0+ Updated Unknown

reviewreviewsstar-votingvoting-systemwp-voting

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Panda Reviews Safe to Use in 2026?

Generally Safe

Score 100/100

Panda Reviews has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The "panda-reviews" v1.0.0 plugin exhibits a mixed security posture. While it shows strengths in avoiding dangerous functions, external requests, and file operations, its attack surface is significantly exposed due to unprotected AJAX handlers. The taint analysis revealing two flows with unsanitized paths, categorized as high severity, is a major concern. These flows, coupled with the complete absence of nonce and capability checks on the entry points, suggest a high risk of Cross-Site Scripting (XSS) or other injection vulnerabilities. The plugin's history of zero CVEs is positive but does not mitigate the immediate risks identified in the static analysis. Overall, the lack of fundamental security checks on its primary interaction points poses a considerable threat.

Key Concerns

AJAX handlers without auth checks
Taint flows with unsanitized paths (High severity)
No nonce checks
No capability checks

Vulnerabilities

None known

Panda Reviews Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Panda Reviews Code Analysis

Dangerous Functions

Raw SQL Queries

22 prepared

Unescaped Output

108 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

96% prepared23 total queries

Output Escaping

89% escaped122 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths

<plugin-backend> (_views\plugin-backend.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Panda Reviews Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

noprivwp_ajax_px-reviews-ajaxsettings.php:34

authwp_ajax_px-reviews-ajaxsettings.php:35

WordPress Hooks 10

actionadmin_menusettings.php:9

actioninitsettings.php:31

actionadmin_enqueue_scriptssettings.php:37

actionadmin_enqueue_scriptssettings.php:57

actionwp_enqueue_scriptssettings.php:69

actionwp_enqueue_scriptssettings.php:71

actionwp_headsettings.php:86

actionwp_head_controllers\main-controller.php:273

filterthe_title_controllers\main-controller.php:278

filterthe_content_controllers\main-controller.php:281

Maintenance & Trust

Panda Reviews Maintenance & Trust

Maintenance Signals

WordPress version tested4.6.30

Last updatedUnknown

PHP min version

Downloads1K

Community Trust

Rating40/100

Number of ratings1

Active installs10

Alternatives

Panda Reviews Alternatives

Widgets for Google Reviews

wp-reviews-plugin-for-google

Embed Google reviews fast and easily into your WordPress site. Increase SEO, trust and sales using Google reviews.

900K 4 CVEs

Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More

reviews-feed

No API key required. Display Yelp and Google reviews for any business in a clean, customizable feed on your site.

100K 2 CVEs

Rich Showcase for Google Reviews

widget-google-reviews

Display up to 10 Google reviews in less than a minute. Continue collecting new reviews. No limits on connected places, widgets, shortcodes and blocks.

100K 5 CVEs

Customer Reviews for WooCommerce

customer-reviews-woocommerce

Customer Reviews for WooCommerce plugin helps you get more sales with social proof. Set up automated review reminders and increase conversion rate.

80K 19 CVEs

Site Reviews

site-reviews

Site Reviews is a complete review management solution that integrates with WooCommerce and SureCart and works similarly to reviews on Amazon, Tripadvi …

70K 13 CVEs

Developer Profile

Panda Reviews Developer Profile

pixolette

4 plugins · 690 total installs

trust score

Avg Security Score

90/100

Avg Patch Time

7 days

View full developer profile

Detection Fingerprints

How We Detect Panda Reviews

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/panda-reviews/assets/css/wpbackend.css/wp-content/plugins/panda-reviews/assets/js/custom-select-box.js/wp-content/plugins/panda-reviews/assets/wpbackend.min.js/wp-content/plugins/panda-reviews/assets/main.min.js

Script Paths

/wp-content/plugins/panda-reviews/assets/js/custom-select-box.js/wp-content/plugins/panda-reviews/assets/wpbackend.min.js/wp-content/plugins/panda-reviews/assets/main.min.js

Version Parameters

panda-reviews/assets/js/custom-select-box.js?ver=panda-reviews/assets/wpbackend.min.js?ver=panda-reviews/assets/main.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

update-pluginsplugin-countpx-reviews-wpadmin-style

HTML Comments

Data Attributes

data-px-target

JS Globals

pxreviews

REST Endpoints

/wp-json/pxreviews/v1/submit-review

FAQ