Does Review Manager have any unpatched vulnerabilities?

Yes — Review Manager currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Review Manager compatible with WordPress 6.8.5?

According to WordPress.org data, Review Manager 2.5.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Review Manager compatible with PHP 5.6.0+?

Review Manager requires PHP 5.6.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Review Manager updated?

Review Manager was last updated on Nov 18, 2025. Frequent updates are generally a positive security signal.

What is Review Manager's security score?

Review Manager has a WP-Safety security score of 79/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Review Manager Security & Risk Analysis

wordpress.org/plugins/review-manager

The Review Manager® WordPress plugin extends the functionality of the SaaS Review Manager® to WordPress so that the review feed can be displayed on th …

100 active installs v2.5.0 PHP 5.6.0+ WP 3.5.1+ Updated Nov 18, 2025

reviewreview-managerreview-slidersocial-reviewswidget

B · Generally Safe

CVEs total1

Unpatched1

Last CVEApr 1, 2025

Plugin page Download

Safety Verdict

Is Review Manager Safe to Use in 2026?

Mostly Safe

Score 79/100

Review Manager is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Apr 1, 2025Updated 4mo ago

Risk Assessment

The review-manager plugin exhibits a concerning security posture primarily due to a significant number of unprotected entry points. With 3 out of 4 identified entry points lacking authorization checks, there's a high risk of unauthorized access and potential manipulation of plugin functionality. While the use of prepared statements for SQL queries is positive, the extremely low percentage of properly escaped output (9%) indicates a substantial risk of Cross-Site Scripting (XSS) vulnerabilities. The plugin's vulnerability history, including a currently unpatched medium severity vulnerability and a pattern of missing authorization, reinforces these concerns. Despite the absence of critical taint flows and dangerous functions, the combination of a wide attack surface without proper checks and widespread output escaping deficiencies presents a significant security risk.

Key Concerns

Unprotected AJAX handlers
Low output escaping percentage
Currently unpatched CVE
Missing nonce checks on AJAX (implied by unprotected AJAX)
Missing capability checks on AJAX (implied by unprotected AJAX)

Vulnerabilities

Review Manager Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-31836medium · 5.3Missing Authorization

Review Manager <= 2.2.0 - Missing Authorization

Apr 1, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Review Manager Code Analysis

Dangerous Functions

Raw SQL Queries

19 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

79% prepared24 total queries

Output Escaping

9% escaped43 total outputs

Data Flows

All sanitized

Data Flow Analysis

1 flows

<setting> (admin\setting.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

Review Manager Attack Surface

Entry Points4

Unprotected3

AJAX Handlers 3

noprivwp_ajax_api-callreview-manager.php:97

noprivwp_ajax_api-custom-reviewreview-manager.php:234

noprivwp_ajax_mryrm-api-checkreview-manager.php:290

Shortcodes 1

[mryrm_review_slider] review-manager.php:54

WordPress Hooks 4

actionupgrader_process_completereview-manager.php:60

actionwp_enqueue_scriptsreview-manager.php:77

actionadmin_menureview-manager.php:84

actionwp_footerreview-manager.php:314

Maintenance & Trust

Review Manager Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedNov 18, 2025

PHP min version5.6.0

Downloads4K

Community Trust

Rating100/100

Number of ratings4

Active installs100

Alternatives

Review Manager Alternatives

Widgets for Google Reviews

wp-reviews-plugin-for-google

Embed Google reviews fast and easily into your WordPress site. Increase SEO, trust and sales using Google reviews.

900K 4 CVEs

Rich Showcase for Google Reviews

widget-google-reviews

Display up to 10 Google reviews in less than a minute. Continue collecting new reviews. No limits on connected places, widgets, shortcodes and blocks.

100K 5 CVEs

Trustpilot Reviews

trustpilot-reviews

Generate reviews, add TrustBox for your Woocommerce site with Trustpilot reviews plugin

30K 1 CVE

WP Social Ninja – Embed Social Feeds, User Reviews & Chat Widgets

wp-social-reviews

Add Facebook feeds, Instagram feeds, TikTok feeds, Facebook reviews, WhatsApp Chat, Messenger chat, Testimonial, and others using a single dashboard.

30K 3 CVEs

WP Testimonials

testimonial-widgets

Display your Testimonials on your website fast and easily. 21 widget types, 25 widget styles available. (Free Plugin)

10K 2 CVEs

Developer Profile

Review Manager Developer Profile

matthewrubin

2 plugins · 200 total installs

trust score

Avg Security Score

67/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Review Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/review-manager/assets/css/owl.carousel.min.css/wp-content/plugins/review-manager/assets/js/owl.carousel.min.js

HTML / DOM Fingerprints

JS Globals

mryrm_ajaxurlmryrm_admin_urlreview_manager_object

REST Endpoints

/wp-json/wp/v2/posts

Shortcode Output

[mryrm_review_slider

FAQ