Does Review Schema – Review & Structure Data Schema Plugin have any unpatched vulnerabilities?

No. All known vulnerabilities in Review Schema – Review & Structure Data Schema Plugin have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Review Schema – Review & Structure Data Schema Plugin compatible with WordPress 6.8.5?

According to WordPress.org data, Review Schema – Review & Structure Data Schema Plugin 2.2.7 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

What is Review Schema – Review & Structure Data Schema Plugin's security score?

Review Schema – Review & Structure Data Schema Plugin has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Review Schema – Review & Structure Data Schema Plugin Security & Risk Analysis

wordpress.org/plugins/review-schema

WordPress Review Plugin with Schema adds Google Rich Snippets markup according to Schema.org guidelines to structure your website for SEO.

10K active installs v2.2.7 PHP + WP 4.5+ Updated Feb 2, 2026

ratingreviewschemaschema-orgstructured-data

A · Safe

CVEs total2

Unpatched0

Last CVEMar 11, 2025

Plugin page Download

Safety Verdict

Is Review Schema – Review & Structure Data Schema Plugin Safe to Use in 2026?

Generally Safe

Score 98/100

Review Schema – Review & Structure Data Schema Plugin has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Mar 11, 2025Updated 2mo ago

Risk Assessment

The 'review-schema' plugin v2.2.7 exhibits a mixed security posture. On the positive side, it demonstrates good practices such as 100% of SQL queries using prepared statements and a high rate of output escaping (93%). The presence of 27 nonce checks and 15 capability checks also suggests an effort to secure its functionalities. However, significant concerns arise from its attack surface. With 26 total entry points, 4 of which lack authentication checks, there is a direct pathway for unauthenticated users to interact with potentially sensitive plugin functions. This is further exacerbated by the presence of 18 dangerous function calls, notably 'unserialize', which can be a vector for various exploits if not handled with extreme care and input validation.

Taint analysis indicates no critical or high severity unsanitized paths, which is a positive sign. However, the single flow with an unsanitized path, while not flagged as critical or high, still represents a potential risk that should be addressed. The plugin's vulnerability history is a significant concern. Having 2 known CVEs, including one high and one medium severity vulnerability, indicates a pattern of past security weaknesses. The common vulnerability types found (PHP Remote File Inclusion and Missing Authorization) align with the static analysis findings of unprotected AJAX handlers and the use of 'unserialize'. The fact that the last vulnerability was in early 2025 is also noteworthy, suggesting a recent history of security issues. While there are currently no unpatched vulnerabilities, the historical pattern necessitates vigilance.

In conclusion, while the plugin employs some strong security measures like prepared statements and output escaping, the substantial number of unprotected AJAX handlers and the presence of 'unserialize' combined with a history of significant vulnerabilities represent considerable risks. The plugin needs further hardening to address the unauthenticated entry points and ensure robust sanitization around deserialization operations to improve its overall security. The past vulnerability history suggests a recurring need for thorough security reviews and patching.

Key Concerns

Unprotected AJAX handlers
Dangerous function 'unserialize' detected
Flow with unsanitized path detected
High severity CVE in history
Medium severity CVE in history
Common vulnerability type: Missing Authorization
Common vulnerability type: PHP Remote File Inclusion

Vulnerabilities

Review Schema – Review & Structure Data Schema Plugin Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

2 total CVEs

CVE-2025-1707high · 8.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Review Schema <= 2.2.4 - Authenticated (Contributor+) Local File Inclusion via Post Meta

Mar 11, 2025 Patched in 2.2.5 (1d)

CVE-2024-0836medium · 4.3Missing Authorization

WordPress Review & Structure Data Schema Plugin – Review Schema <= 2.1.14 - Missing Authorization to Arbitrary Review Update

Jan 30, 2024 Patched in 2.2.0 (182d)

Code Analysis

Analyzed Mar 16, 2026

Review Schema – Review & Structure Data Schema Plugin Code Analysis

Dangerous Functions

Raw SQL Queries

5 prepared

Unescaped Output

1272 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$multi_criteria = isset( $p_meta['multi_criteria'] ) ? unserialize( $p_meta['multi_criteria'][0] ) :app\Controllers\Admin\ReviewSettings.php:303

unserialize$multi_criteria = isset( $p_meta['multi_criteria'] ) ? unserialize( $p_meta['multi_criteria'][0] ) :app\Controllers\Ajax\Review.php:650

unserialize$multi_criteria = isset( $p_meta['multi_criteria'] ) ? unserialize( $p_meta['multi_criteria'][0] ) :app\Controllers\Ajax\Review.php:962

unserialize$multi_criteria = isset( $p_meta['multi_criteria'] ) ? unserialize( $p_meta['multi_criteria'][0] ) :app\Hooks\Frontend.php:259

unserialize$multi_criteria = isset( $p_meta['multi_criteria'] ) ? unserialize( $p_meta['multi_criteria'][0] ) :app\Hooks\Frontend.php:365

unserialize$multi_criteria = isset( $p_meta['multi_criteria'] ) ? unserialize( $p_meta['multi_criteria'][0] ) :app\Hooks\Frontend.php:479

unserialize$sc_meta['product_title'] = isset( $metaData['product_title'][0] ) ? $filter->sanitize_field('style'views\affiliate-sc-css.php:18

unserialize$sc_meta['product_desc'] = isset( $metaData['product_desc'][0] ) ? $filter->sanitize_field( 'style',views\affiliate-sc-css.php:19

unserialize$sc_meta['style_regular_price'] = isset( $metaData['style_regular_price'][0] ) ? $filter->sanitize_fviews\affiliate-sc-css.php:20

unserialize$sc_meta['style_offer_price'] = isset( $metaData['style_offer_price'][0] ) ? $filter->sanitize_fieldviews\affiliate-sc-css.php:21

unserialize$sc_meta['btn'] = isset( $metaData['btn'][0] ) ? $filter->sanitize_field( 'style', unserialize($metaviews\affiliate-sc-css.php:31

unserialize$sc_meta['btn_hover'] = isset( $metaData['btn_hover'][0] ) ? $filter->sanitize_field( 'style', unserviews\affiliate-sc-css.php:34

unserialize$sc_meta['author_name'] = isset( $metaData['author_name'][0] ) && !empty( $metaData['author_name'][0views\review-sc-css.php:20

unserialize$sc_meta['author_name_hover'] = isset( $metaData['author_name_hover'][0] ) && !empty( $metaData['autviews\review-sc-css.php:21

unserialize$sc_meta['review_title'] = isset( $metaData['review_title'][0] ) && !empty( $metaData['review_title'views\review-sc-css.php:22

unserialize$sc_meta['review_text'] = isset( $metaData['review_text'][0] ) && !empty( $metaData['review_text'][0views\review-sc-css.php:23

unserialize$sc_meta['date_text'] = isset( $metaData['date_text'][0] ) && !empty( $metaData['date_text'][0] ) ? views\review-sc-css.php:24

unserialize$sc_meta['helper_btn'] = isset( $metaData['helper_btn'][0] ) && !empty( $metaData['helper_btn'][0] )views\review-sc-css.php:28

Bundled Libraries

Select2

SQL Query Safety

100% prepared5 total queries

Output Escaping

93% escaped1370 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

7 flows1 with unsanitized paths

is_valid_captcha (app\Hooks\Frontend.php:187)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

Review Schema – Review & Structure Data Schema Plugin Attack Surface

Entry Points26

Unprotected4

AJAX Handlers 26

authwp_ajax_rtrs_data_importapp\Controllers\Ajax\Migration.php:9

authwp_ajax_rtrs_activate_pluginapp\Controllers\Ajax\OurPluginsController.php:21

authwp_ajax_rtrs_install_pluginapp\Controllers\Ajax\OurPluginsController.php:22

authwp_ajax_rtrs_review_edit_formapp\Controllers\Ajax\Review.php:10

noprivwp_ajax_rtrs_review_edit_formapp\Controllers\Ajax\Review.php:11

authwp_ajax_rtrs_self_video_popupapp\Controllers\Ajax\Review.php:13

noprivwp_ajax_rtrs_self_video_popupapp\Controllers\Ajax\Review.php:14

authwp_ajax_rtrs_review_editapp\Controllers\Ajax\Review.php:16

authwp_ajax_rtrs_review_filterapp\Controllers\Ajax\Review.php:18

noprivwp_ajax_rtrs_review_filterapp\Controllers\Ajax\Review.php:19

authwp_ajax_rtrs_paginationapp\Controllers\Ajax\Review.php:21

noprivwp_ajax_rtrs_paginationapp\Controllers\Ajax\Review.php:22

authwp_ajax_rtrs_image_uploadapp\Controllers\Ajax\Review.php:24

noprivwp_ajax_rtrs_image_uploadapp\Controllers\Ajax\Review.php:25

authwp_ajax_rtrs_video_uploadapp\Controllers\Ajax\Review.php:27

noprivwp_ajax_rtrs_video_uploadapp\Controllers\Ajax\Review.php:28

authwp_ajax_rtrs_remove_fileapp\Controllers\Ajax\Review.php:30

noprivwp_ajax_rtrs_remove_fileapp\Controllers\Ajax\Review.php:31

authwp_ajax_rtrs_review_hightlightapp\Controllers\Ajax\Review.php:33

authwp_ajax_rtrs_review_helpfulapp\Controllers\Ajax\Review.php:34

authwp_ajax_rtrs_auto_fill_schemaapp\Controllers\Ajax\Review.php:36

authwp_ajax_rtrs_shortcode_layout_previewapp\Controllers\Ajax\Shortcode.php:9

authwp_ajax_rtrs_check_post_typeapp\Controllers\Ajax\Shortcode.php:10

authwp_ajax_ajax_review_schemaapp\Controllers\Marketing\BlackFridayV2.php:142

authwp_ajax_rtrs_dismiss_admin_offer_noticeapp\Controllers\Marketing\Offer.php:101

authwp_ajax_rtrs_dismiss_admin_black_friday_noticeapp\Controllers\Marketing\Offer.php:180

WordPress Hooks 73

actionadmin_initapp\Controllers\Admin\Activation.php:10

actioninitapp\Controllers\Admin\AdminSettings.php:18

actionadmin_initapp\Controllers\Admin\AdminSettings.php:19

actionadmin_initapp\Controllers\Admin\AdminSettings.php:20

actionadmin_menuapp\Controllers\Admin\AdminSettings.php:21

actionadmin_menuapp\Controllers\Admin\AdminSettings.php:22

actionrtrs_admin_settings_groupsapp\Controllers\Admin\AdminSettings.php:23

actionadmin_noticesapp\Controllers\Admin\Meta\AddMetaBox.php:10

actionadmin_headapp\Controllers\Admin\Meta\AddMetaBox.php:11

actionsave_postapp\Controllers\Admin\Meta\AddMetaBox.php:12

actionpre_post_updateapp\Controllers\Admin\Meta\AddMetaBox.php:13

actionbefore_delete_postapp\Controllers\Admin\Meta\AddMetaBox.php:14

actionadmin_footerapp\Controllers\Admin\Meta\AddMetaBox.php:17

filtermanage_edit-rtrs_columnsapp\Controllers\Admin\Meta\AddMetaBox.php:21

actionmanage_rtrs_posts_custom_columnapp\Controllers\Admin\Meta\AddMetaBox.php:22

actionedit_form_after_titleapp\Controllers\Admin\Meta\AddMetaBox.php:25

filtermanage_edit-rtrs_affiliate_columnsapp\Controllers\Admin\Meta\AddMetaBox.php:26

actionmanage_rtrs_affiliate_posts_custom_columnapp\Controllers\Admin\Meta\AddMetaBox.php:27

filterpreprocess_commentapp\Controllers\Admin\Meta\AddMetaBox.php:29

filterplugin_row_metaapp\Controllers\Admin\Notifications.php:8

actioninitapp\Controllers\Admin\RegisterPostType.php:8

filterset-screen-optionapp\Controllers\Admin\ReviewSettings.php:17

actionadmin_menuapp\Controllers\Admin\ReviewSettings.php:18

actionwp_enqueue_scriptsapp\Controllers\Admin\ScriptLoader.php:21

actionadmin_initapp\Controllers\Admin\ScriptLoader.php:22

actionadmin_enqueue_scriptsapp\Controllers\Admin\ScriptLoader.php:23

actionwp_headapp\Controllers\Admin\ScriptLoader.php:25

filtercomment_post_redirectapp\Controllers\Admin\ScriptLoader.php:27

actionadmin_enqueue_scriptsapp\Controllers\Ajax\OurPluginsController.php:20

actionadmin_initapp\Controllers\Marketing\BlackFridayV2.php:34

actionadmin_noticesapp\Controllers\Marketing\BlackFridayV2.php:36

actionadmin_enqueue_scriptsapp\Controllers\Marketing\BlackFridayV2.php:89

actionadmin_noticesapp\Controllers\Marketing\BlackFridayV2.php:97

actionadmin_footerapp\Controllers\Marketing\BlackFridayV2.php:117

actionadmin_initapp\Controllers\Marketing\Offer.php:7

actionadmin_enqueue_scriptsapp\Controllers\Marketing\Offer.php:43

actionadmin_noticesapp\Controllers\Marketing\Offer.php:50

actionadmin_footerapp\Controllers\Marketing\Offer.php:76

actionadmin_enqueue_scriptsapp\Controllers\Marketing\Offer.php:121

actionadmin_noticesapp\Controllers\Marketing\Offer.php:128

actionadmin_footerapp\Controllers\Marketing\Offer.php:155

actionadmin_initapp\Controllers\Marketing\Review.php:12

actionadmin_initapp\Controllers\Marketing\Review.php:13

actionadmin_noticesapp\Controllers\Marketing\Review.php:43

actionadmin_noticesapp\Controllers\Marketing\Review.php:45

filterajax_query_attachments_argsapp\Hooks\Backend.php:7

filtercomment_form_defaultsapp\Hooks\Frontend.php:14

actioncomment_postapp\Hooks\Frontend.php:16

actioncomment_save_preapp\Hooks\Frontend.php:17

filtercomments_templateapp\Hooks\Frontend.php:20

actionpre_comment_on_postapp\Hooks\Frontend.php:23

actionpre_comment_on_postapp\Hooks\Frontend.php:26

filterget_avatar_comment_typesapp\Hooks\Frontend.php:28

filterrtrs_review_form_string_listapp\Hooks\Frontend.php:29

actionset_comment_cookiesapp\Hooks\Frontend.php:31

actioninitapp\Hooks\Frontend.php:32

filterrtsb/elements/elementor/reviews_settings_selecotorapp\Hooks\Frontend.php:35

filterrtsb/elements/elementor/widgets/controls/rtsb-product-tabsapp\Hooks\Frontend.php:36

actioncomment_form_beforeapp\Hooks\Frontend.php:174

actionplugins_loadedapp\Hooks\SeoHooks.php:7

filterdisable_wpseo_json_ld_searchapp\Hooks\SeoHooks.php:29

filterwpseo_json_ld_outputapp\Hooks\SeoHooks.php:32

filterwpseo_schema_graph_piecesapp\Hooks\SeoHooks.php:33

filterwoocommerce_structured_data_type_for_pageapp\Hooks\SeoHooks.php:39

actioninitapp\Hooks\SeoHooks.php:43

filteredd_add_schema_microdataapp\Hooks\SeoHooks.php:48

actionwp_footerapp\Models\Schema.php:9

actionplugins_loadedapp\Rtrs.php:46

actioninitapp\Rtrs.php:48

actioninitapp\Rtrs.php:49

actionwidgets_initapp\Widgets\Widget.php:8

actioninitapp\Widgets\Widget.php:9

filterelementor/widgets/wordpress/widget_argsapp\Widgets\Widget.php:13

Maintenance & Trust

Review Schema – Review & Structure Data Schema Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedFeb 2, 2026

PHP min version

Downloads295K

Community Trust

Rating96/100

Number of ratings24

Active installs10K

Alternatives

Review Schema – Review & Structure Data Schema Plugin Alternatives

Absolute Reviews

absolute-reviews

Add beautiful responsive and modern review boxes with valid JSON-LD schema to your posts with the “Advanced Reviews” plugin.

7K 2 CVEs

Schema Review

schema-review

Add schema.org review markup and Structured Data in JSON-LD format for editor reviews, an extension for the Schema plugin.

300 No CVEs

Schema

schema

100

Get the next generation of Schema Structured Data to enhance your WordPress site presentation in Google search results.

40K No CVEs

Reviews and Rating – Google Reviews

g-business-reviews-rating

Completely restriction-free Google reviews and rating as Shortcode/Widget. Extensive display options; delicious themes; includes Structured Data.

20K 2 CVEs

WP Customer Reviews

wp-customer-reviews

Allows your visitors to leave business / product reviews. Testimonials are in Microdata / Microformat and may display star ratings in search results.

20K 8 CVEs

Developer Profile

Review Schema – Review & Structure Data Schema Plugin Developer Profile

RadiusTheme

16 plugins · 213K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

104 days

View full developer profile

Detection Fingerprints

How We Detect Review Schema – Review & Structure Data Schema Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/review-schema/assets/css/review-schema-public.css/wp-content/plugins/review-schema/assets/css/review-schema-admin.css/wp-content/plugins/review-schema/assets/js/review-schema-public.js/wp-content/plugins/review-schema/assets/js/review-schema-admin.js

Version Parameters

review-schema/assets/css/review-schema-public.css?ver=review-schema/assets/css/review-schema-admin.css?ver=review-schema/assets/js/review-schema-public.js?ver=review-schema/assets/js/review-schema-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

review-schema-rating-wrapperreview-schema-titlereview-schema-descriptionreview-schema-author-inforeview-schema-date

Data Attributes

data-rtrs-rating-valuedata-rtrs-schema-type

JS Globals

rtrs_public_paramsrtrs_admin_params

Shortcode Output

[review_schema rating_value='[review_schema_form]

FAQ

Review Schema – Review & Structure Data Schema Plugin Security & Risk Analysis

Is Review Schema – Review & Structure Data Schema Plugin Safe to Use in 2026?

Generally Safe

Key Concerns

Review Schema – Review & Structure Data Schema Plugin Security Vulnerabilities

CVEs by Year

Severity Breakdown

Review Schema – Review & Structure Data Schema Plugin Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Review Schema – Review & Structure Data Schema Plugin Attack Surface

AJAX Handlers 26

Review Schema – Review & Structure Data Schema Plugin Maintenance & Trust

Maintenance Signals

Community Trust

Review Schema – Review & Structure Data Schema Plugin Alternatives

Absolute Reviews

Schema Review

Schema

Reviews and Rating – Google Reviews

WP Customer Reviews

Review Schema – Review & Structure Data Schema Plugin Developer Profile

How We Detect Review Schema – Review & Structure Data Schema Plugin

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Review Schema – Review & Structure Data Schema Plugin