WP-Safety

Product Review Security & Risk Analysis

wordpress.org/plugins/product-review

An extendable and powerful WordPress plugin for product review.

10 active installs v1.2.3 PHP + WP 3.0.0+ Updated Apr 2, 2017
product-ratingproduct-reviewreviewreview-pluginwordpress-review-plugin
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Product Review Safe to Use in 2026?

Generally Safe

Score 85/100

Product Review has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago
Risk Assessment

The "product-review" plugin v1.2.3 exhibits a concerning security posture due to a significant number of unprotected entry points. Specifically, all three identified AJAX handlers lack authentication checks. This means any unauthenticated user could potentially trigger these handlers, leading to an increased risk of unauthorized actions or data manipulation. While the plugin demonstrates good practices in SQL query handling by exclusively using prepared statements and has no recorded vulnerability history, the unprotected AJAX handlers present a clear and present danger. The limited output escaping also raises concerns, as it could facilitate cross-site scripting (XSS) vulnerabilities if user-supplied data is not properly sanitized before being displayed. The absence of critical or high severity taint flows is a positive sign, but it does not negate the risks introduced by the unprotected entry points and insufficient output escaping.

Key Concerns

  • AJAX handlers without auth checks
  • Low output escaping percentage
Vulnerabilities
None known

Product Review Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Product Review Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
47
6 escaped
Nonce Checks
2
Capability Checks
0
File Operations
9
External Requests
1
Bundled Libraries
0

Output Escaping

11% escaped53 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
verify (includes\class-product-review-ajax.php:34)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Product Review Attack Surface

Entry Points3
Unprotected3

AJAX Handlers 3

authwp_ajax_license-activatorincludes\class-product-review-ajax.php:26
authwp_ajax_add-on-updaterincludes\class-product-review-ajax.php:27
authwp_ajax_surveyincludes\class-product-review-ajax.php:28
WordPress Hooks 19
actionadmin_menuincludes\class-product-review-add-ons.php:23
actionadmin_initincludes\class-product-review-options.php:13
actionadmin_menuincludes\class-product-review-options.php:14
actionplugins_loadedincludes\class-product-review.php:127
actionadmin_enqueue_scriptsincludes\class-product-review.php:142
actionadmin_enqueue_scriptsincludes\class-product-review.php:143
actionadmin_initincludes\class-product-review.php:144
actionadmin_initincludes\class-product-review.php:145
actionwidgets_initincludes\class-product-review.php:146
actionadmin_noticesincludes\class-product-review.php:147
actionwp_enqueue_scriptsincludes\class-product-review.php:162
actionwp_enqueue_scriptsincludes\class-product-review.php:163
actionwp_enqueue_scriptsincludes\class-product-review.php:164
filterthe_contentincludes\class-product-review.php:166
actionwidgets_initincludes\class-product-review.php:167
actionadd_meta_boxesincludes\meta-box\pros-cons.php:5
actionsave_postincludes\meta-box\pros-cons.php:7
actionadd_meta_boxesincludes\meta-box\ratings.php:5
actionsave_postincludes\meta-box\ratings.php:7
Maintenance & Trust

Product Review Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.32
Last updatedApr 2, 2017
PHP min version
Downloads6K

Community Trust

Rating84/100
Number of ratings6
Active installs10
Alternatives

Product Review Alternatives

WP Ultimate Review

WP Ultimate Review

wp-ultimate-review

A
95

WP Ultimate Review is the perfect plugin to collect & display customers' feedback effortlessly on products, services, & content in WordPress.

70K 8 CVEs
WiserReview Product Reviews for WooCommerce

WiserReview Product Reviews for WooCommerce

wiser-review

A
100

Collect, manage, and display powerful product reviews and testimonials for WooCommerce stores. Boost trust and conversion with automated review collec …

700 No CVEs
WPSSO Ratings and Reviews

WPSSO Ratings and Reviews

wpsso-ratings-and-reviews

A
100

Adds Ratings and Reviews Features to the WordPress Comments System.

200 No CVEs
Builder for WooCommerce product reviews shortcodes – ReviewShort

Builder for WooCommerce product reviews shortcodes – ReviewShort

woo-product-reviews-shortcode

A
91

Show WooCommerce customer feedback anywhere with WooCommerce reviews shortcodes, beautifully and ...

100 2 CVEs
Review & Product Review by Review Builder

Review & Product Review by Review Builder

review-builder

A
85

Review & Product Review by Review Builder plugin allows you to build a review and star rating section so customers can leave a review for your pro …

90 No CVEs
Developer Profile

Product Review Developer Profile

Nazmul Ahsan

6 plugins · 180 total installs

84
trust score
Avg Security Score
86/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Product Review

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/product-review/assets/css/product-review-admin.css/wp-content/plugins/product-review/assets/js/product-review-admin.js
Version Parameters
product-review/assets/css/product-review-admin.css?ver=product-review/assets/js/product-review-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
survey-notice
Data Attributes
data-participate
JS Globals
cbpr_load_scriptscbpr_post_typescbpr_metacbpr_average_ratingcbpr_survey
FAQ

Frequently Asked Questions about Product Review