Does Review Disclaimer have any unpatched vulnerabilities?

Yes — Review Disclaimer currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Review Disclaimer compatible with WordPress 6.2.9?

According to WordPress.org data, Review Disclaimer 2.0.3 has been tested up to WordPress 6.2.9. Check the plugin's changelog for the latest compatibility information.

How often is Review Disclaimer updated?

Review Disclaimer was last updated on May 3, 2023. Frequent updates are generally a positive security signal.

What is Review Disclaimer's security score?

Review Disclaimer has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Review Disclaimer Security & Risk Analysis

wordpress.org/plugins/review-disclaimer

Use a shortcode to quickly insert product or service review disclaimers inside your posts.

100 active installs v2.0.3 PHP + WP 3.1+ Updated May 3, 2023

disclaimergutenbergreviewshortcode

C · Use Caution

CVEs total1

Unpatched1

Last CVEDec 21, 2025

Plugin page Download

Safety Verdict

Is Review Disclaimer Safe to Use in 2026?

Use With Caution

Score 63/100

Review Disclaimer has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Dec 21, 2025Updated 2yr ago

Risk Assessment

The 'review-disclaimer' plugin version 2.0.3 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by not making external HTTP requests, performing file operations, or utilizing dangerous functions. Its use of prepared statements for all SQL queries is commendable. However, significant concerns arise from the complete lack of nonce and capability checks across all identified entry points, including the single shortcode. This leaves the plugin highly vulnerable to various attacks that can be executed without user authentication or specific permissions.

The vulnerability history reveals a past medium severity Cross-site Scripting (XSS) vulnerability, and critically, this vulnerability remains unpatched. The presence of an unpatched medium-severity XSS vulnerability, combined with the absence of authentication and capability checks, creates a substantial risk. This indicates a potential for attackers to inject malicious scripts, which could lead to session hijacking, data theft, or defacement, especially given the lack of proper output escaping on some generated content.

In conclusion, while the plugin avoids some common pitfalls like raw SQL and dangerous functions, the absence of fundamental security checks and the existence of an unpatched XSS vulnerability represent critical weaknesses. Users should be highly cautious, and the developers need to address these issues promptly to secure the plugin.

Key Concerns

Unpatched medium severity CVE
Missing capability checks on entry points
Missing nonce checks on entry points
Improper output escaping on some content

Vulnerabilities

Review Disclaimer Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-67628medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Review Disclaimer <= 2.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

Dec 21, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Review Disclaimer Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

60% escaped5 total outputs

Attack Surface

Review Disclaimer Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[ReviewDisclaimer] review-disclaimer.php:82

WordPress Hooks 5

actionenqueue_block_editor_assetsblocks\review-disclaimer.php:21

actionplugins_loadedreview-disclaimer.php:38

actionadmin_menureview-disclaimer.php:42

actionadmin_initreview-disclaimer.php:50

actioninitreview-disclaimer.php:90

Maintenance & Trust

Review Disclaimer Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9

Last updatedMay 3, 2023

PHP min version

Downloads10K

Community Trust

Rating90/100

Number of ratings2

Active installs100

Alternatives

Review Disclaimer Alternatives

Shortcode Preview Block

shortcode-with-preview-block

Shows preview of any shortcode on editor side. It renders shortcode in the editor side so editor does not need to visit front side.

1K No CVEs

MW WP Form

mw-wp-form

MW WP Form is shortcode base contact form plugin. This plugin have many features. For example you can use many validation rules, inquiry data saving, …

200K 5 CVEs

Latest Post Shortcode

latest-post-shortcode

The "Latest Post Shortcode" allows you to create a dynamic content selection from your posts by combining, limiting, and filtering what you need.

4K 2 CVEs

Star Rating Block

star-rating-block

The Star Rating block allows you to display author-assigned star ratings within your content.

1K No CVEs

Stars Rating

stars-rating

A plugin to turn comments into reviews by adding rating feature.

1K 1 CVE

Developer Profile

Review Disclaimer Developer Profile

AMP-MODE

15 plugins · 13K total installs

trust score

Avg Security Score

87/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Review Disclaimer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/review-disclaimer/index.js

Script Paths