WP-Safety

Widgets for Capterra Reviews Security & Risk Analysis

wordpress.org/plugins/review-widgets-for-capterra

Embed Capterra reviews fast and easily into your WordPress site. Increase SEO, trust and sales using Capterra reviews.

100 active installs v13.2.7 PHP 7.0+ WP 6.2+ Updated Jan 20, 2026
capterraratingsrecommendationsreviewstestimonials
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Widgets for Capterra Reviews Safe to Use in 2026?

Generally Safe

Score 100/100

Widgets for Capterra Reviews has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The review-widgets-for-capterra plugin exhibits several concerning security practices despite a clean vulnerability history and good output escaping. A significant portion of its attack surface, specifically all 3 entry points (1 AJAX handler and 2 REST API routes), lack proper authentication and permission checks. This creates a broad opportunity for unauthorized access and potential manipulation of plugin functionality.

The static analysis also flags the use of the `unserialize` function, which is a known security risk if not handled with extreme care, as it can lead to arbitrary object injection vulnerabilities if the serialized data originates from an untrusted source. While no critical or high severity taint flows were identified, and the vast majority of SQL queries are prepared, the presence of unsanitized paths in taint analysis, even at a lower severity, combined with the unprotected entry points, indicates potential pathways for malicious input to be processed insecurely.

The plugin's lack of recorded vulnerabilities is a positive indicator, suggesting that either it has not been a target or its development has generally followed secure practices. However, the current static analysis findings, particularly the unprotected entry points and the use of `unserialize`, present a notable risk that should be addressed. A balanced view suggests the plugin has good output escaping and prepared SQL statements, but the unprotected attack surface and potential for unserialize-related vulnerabilities are significant weaknesses.

Key Concerns

  • Unprotected AJAX handlers
  • Unprotected REST API routes
  • Use of dangerous function (unserialize)
  • Flows with unsanitized paths (taint analysis)
Vulnerabilities
None known

Widgets for Capterra Reviews Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Widgets for Capterra Reviews Code Analysis

Dangerous Functions
1
Raw SQL Queries
1
54 prepared
Unescaped Output
3
1363 escaped
Nonce Checks
41
Capability Checks
4
File Operations
3
External Requests
10
Bundled Libraries
0

Dangerous Functions Found

unserialize$wpRepoResponse = unserialize(wp_remote_retrieve_body($wpResponse));trustindex-plugin.class.php:7043

SQL Query Safety

98% prepared55 total queries

Output Escaping

100% escaped1366 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

7 flows1 with unsanitized paths
<admin> (include\admin.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Widgets for Capterra Reviews Attack Surface

Entry Points3
Unprotected3

AJAX Handlers 1

authwp_ajax_list_trustindex_widgetsreview-widgets-for-capterra.php:110

REST API Routes 2

GET/wp-json/trustindex/v1/get-widgetstrustindex-plugin.class.php:7185
GET/wp-json/trustindex/v1/setup-completetrustindex-plugin.class.php:7190
WordPress Hooks 36
filterrocket_minify_excluded_external_jsinclude\cache-plugin-filters.php:13
filterrocket_exclude_jsinclude\cache-plugin-filters.php:14
filterrocket_delay_js_exclusionsinclude\cache-plugin-filters.php:15
filterlitespeed_optimize_js_excludesinclude\cache-plugin-filters.php:16
filtersgo_javascript_combine_excluded_external_pathsinclude\cache-plugin-filters.php:17
filtersgo_css_combine_excludeinclude\cache-plugin-filters.php:18
filterrocket_rucss_safelistinclude\cache-plugin-filters.php:58
filterscript_loader_taginclude\cache-plugin-filters.php:63
filterstyle_loader_taginclude\cache-plugin-filters.php:78
actionadmin_initreview-widgets-for-capterra.php:28
actionplugins_loadedreview-widgets-for-capterra.php:31
actionwp_headreview-widgets-for-capterra.php:32
actionwp_insert_sitereview-widgets-for-capterra.php:61
actionadmin_menureview-widgets-for-capterra.php:73
filterplugin_action_linksreview-widgets-for-capterra.php:74
filterplugin_row_metareview-widgets-for-capterra.php:75
actionwidgets_initreview-widgets-for-capterra.php:77
actionwidgets_initreview-widgets-for-capterra.php:78
actioninitreview-widgets-for-capterra.php:80
actioninitreview-widgets-for-capterra.php:86
filterscript_loader_tagreview-widgets-for-capterra.php:87
actionelementor/controls/controls_registeredreview-widgets-for-capterra.php:93
actionelementor/widgets/registerreview-widgets-for-capterra.php:97
actionelementor/widgets/widgets_registeredreview-widgets-for-capterra.php:103
actioninitreview-widgets-for-capterra.php:109
actionadmin_enqueue_scriptsreview-widgets-for-capterra.php:111
actionrest_api_initreview-widgets-for-capterra.php:112
actionadmin_noticesreview-widgets-for-capterra.php:145
actionadmin_noticesreview-widgets-for-capterra.php:206
actionenqueue_block_editor_assetsstatic\block-editor\block-editor.php:10
actioninitstatic\block-editor\block-editor.php:11
filterfilesystem_methodtrustindex-plugin.class.php:1046
actionadmin_noticestrustindex-plugin.class.php:1064
actionhttp_api_curltrustindex-plugin.class.php:6121
filtermce_external_pluginstrustindex-plugin.class.php:6922
filtermce_buttonstrustindex-plugin.class.php:6923
Maintenance & Trust

Widgets for Capterra Reviews Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 20, 2026
PHP min version7.0
Downloads26K

Community Trust

Rating86/100
Number of ratings4
Active installs100
Alternatives

Widgets for Capterra Reviews Alternatives

WP Testimonials

WP Testimonials

testimonial-widgets

A
99

Display your Testimonials on your website fast and easily. 21 widget types, 25 widget styles available. (Free Plugin)

10K 2 CVEs
Widgets for Thumbtack Reviews

Widgets for Thumbtack Reviews

widgets-for-thumbtack-reviews

A
100

Embed Thumbtack reviews fast and easily into your WordPress site. Increase SEO, trust and sales using Thumbtack reviews.

800 No CVEs
Widgets for Ebay Reviews

Widgets for Ebay Reviews

widgets-for-ebay-reviews

A
100

Embed Ebay reviews fast and easily into your WordPress site. Increase SEO, trust and sales using Ebay reviews.

500 No CVEs
Widgets for Alibaba Reviews

Widgets for Alibaba Reviews

widgets-for-alibaba-reviews

A
100

Embed Alibaba reviews fast and easily into your WordPress site. Increase SEO, trust and sales using Alibaba reviews.

0 No CVEs
Widgets for SourceForge Reviews

Widgets for SourceForge Reviews

widgets-for-sourceforge-reviews

A
100

Embed SourceForge reviews fast and easily into your WordPress site. Increase SEO, trust and sales using SourceForge reviews.

0 1 CVE
Developer Profile

Widgets for Capterra Reviews Developer Profile

Trustindex

32 plugins · 976K total installs

87
trust score
Avg Security Score
99/100
Avg Patch Time
87 days
View full developer profile
Detection Fingerprints

How We Detect Widgets for Capterra Reviews

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/review-widgets-for-capterra/css//wp-content/plugins/review-widgets-for-capterra/js/
Script Paths
https://cdn.trustindex.io/loader.js
Version Parameters
review-widgets-for-capterra/style.css?ver=review-widgets-for-capterra/main.js?ver=

HTML / DOM Fingerprints

CSS Classes
trustindex-notification-row
HTML Comments
<!-- Copyright 2019 Trustindex Kft (email: support@trustindex.io) -->
Data Attributes
data-ccm-injected
JS Globals
TrustindexPlugin_capterra
REST Endpoints
/wp-json/trustindex/v1/get
FAQ

Frequently Asked Questions about Widgets for Capterra Reviews