WP-Safety

Widgets for Hotels.com Reviews Security & Risk Analysis

wordpress.org/plugins/review-widgets-for-hotels-com

Embed Hotels.com reviews fast and easily into your WordPress site. Increase SEO, trust and sales using Hotels.com reviews.

50 active installs v13.2.7 PHP 7.0+ WP 6.2+ Updated Jan 20, 2026
accommodationhotelshotels-comratingsreviews
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Widgets for Hotels.com Reviews Safe to Use in 2026?

Generally Safe

Score 100/100

Widgets for Hotels.com Reviews has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The "review-widgets-for-hotels-com" plugin v13.2.7 exhibits a mixed security posture. On the positive side, the plugin demonstrates strong adherence to secure coding practices by utilizing prepared statements for almost all SQL queries and ensuring all output is properly escaped. The extensive use of nonce checks and capability checks suggests an awareness of common WordPress security vulnerabilities. The absence of any recorded vulnerabilities, including CVEs, further bolsters its current security standing.

However, there are significant concerns regarding the attack surface. The static analysis reveals three distinct entry points, all of which lack proper authentication or permission checks. Specifically, one AJAX handler and two REST API routes are exposed without any security validation. While taint analysis did not reveal critical or high-severity issues, the presence of a flow with an unsanitized path is a potential risk, especially when combined with unprotected entry points. The use of the `unserialize` function also warrants careful consideration, as it can be a vector for vulnerabilities if not handled with extreme caution and sanitization.

Key Concerns

  • AJAX handler without auth check
  • REST API routes without permission callbacks
  • Flow with unsanitized path
  • Use of unserialize function
Vulnerabilities
None known

Widgets for Hotels.com Reviews Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Widgets for Hotels.com Reviews Code Analysis

Dangerous Functions
1
Raw SQL Queries
1
54 prepared
Unescaped Output
3
1363 escaped
Nonce Checks
41
Capability Checks
4
File Operations
3
External Requests
10
Bundled Libraries
0

Dangerous Functions Found

unserialize$wpRepoResponse = unserialize(wp_remote_retrieve_body($wpResponse));trustindex-plugin.class.php:7043

SQL Query Safety

98% prepared55 total queries

Output Escaping

100% escaped1366 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

7 flows1 with unsanitized paths
<admin> (include\admin.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Widgets for Hotels.com Reviews Attack Surface

Entry Points3
Unprotected3

AJAX Handlers 1

authwp_ajax_list_trustindex_widgetsreview-widgets-for-hotels-com.php:110

REST API Routes 2

GET/wp-json/trustindex/v1/get-widgetstrustindex-plugin.class.php:7185
GET/wp-json/trustindex/v1/setup-completetrustindex-plugin.class.php:7190
WordPress Hooks 36
filterrocket_minify_excluded_external_jsinclude\cache-plugin-filters.php:13
filterrocket_exclude_jsinclude\cache-plugin-filters.php:14
filterrocket_delay_js_exclusionsinclude\cache-plugin-filters.php:15
filterlitespeed_optimize_js_excludesinclude\cache-plugin-filters.php:16
filtersgo_javascript_combine_excluded_external_pathsinclude\cache-plugin-filters.php:17
filtersgo_css_combine_excludeinclude\cache-plugin-filters.php:18
filterrocket_rucss_safelistinclude\cache-plugin-filters.php:58
filterscript_loader_taginclude\cache-plugin-filters.php:63
filterstyle_loader_taginclude\cache-plugin-filters.php:78
actionadmin_initreview-widgets-for-hotels-com.php:28
actionplugins_loadedreview-widgets-for-hotels-com.php:31
actionwp_headreview-widgets-for-hotels-com.php:32
actionwp_insert_sitereview-widgets-for-hotels-com.php:61
actionadmin_menureview-widgets-for-hotels-com.php:73
filterplugin_action_linksreview-widgets-for-hotels-com.php:74
filterplugin_row_metareview-widgets-for-hotels-com.php:75
actionwidgets_initreview-widgets-for-hotels-com.php:77
actionwidgets_initreview-widgets-for-hotels-com.php:78
actioninitreview-widgets-for-hotels-com.php:80
actioninitreview-widgets-for-hotels-com.php:86
filterscript_loader_tagreview-widgets-for-hotels-com.php:87
actionelementor/controls/controls_registeredreview-widgets-for-hotels-com.php:93
actionelementor/widgets/registerreview-widgets-for-hotels-com.php:97
actionelementor/widgets/widgets_registeredreview-widgets-for-hotels-com.php:103
actioninitreview-widgets-for-hotels-com.php:109
actionadmin_enqueue_scriptsreview-widgets-for-hotels-com.php:111
actionrest_api_initreview-widgets-for-hotels-com.php:112
actionadmin_noticesreview-widgets-for-hotels-com.php:145
actionadmin_noticesreview-widgets-for-hotels-com.php:206
actionenqueue_block_editor_assetsstatic\block-editor\block-editor.php:10
actioninitstatic\block-editor\block-editor.php:11
filterfilesystem_methodtrustindex-plugin.class.php:1046
actionadmin_noticestrustindex-plugin.class.php:1064
actionhttp_api_curltrustindex-plugin.class.php:6121
filtermce_external_pluginstrustindex-plugin.class.php:6922
filtermce_buttonstrustindex-plugin.class.php:6923
Maintenance & Trust

Widgets for Hotels.com Reviews Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 20, 2026
PHP min version7.0
Downloads17K

Community Trust

Rating100/100
Number of ratings1
Active installs50
Alternatives

Widgets for Hotels.com Reviews Alternatives

WP Tripadvisor Review Widgets

WP Tripadvisor Review Widgets

review-widgets-for-tripadvisor

A
100

Embed Tripadvisor reviews fast and easily into your WordPress site. Increase SEO, trust and sales using Tripadvisor reviews.

20K No CVEs
Widgets for Expedia Reviews

Widgets for Expedia Reviews

widgets-for-expedia-reviews

A
100

Embed Expedia reviews fast and easily into your WordPress site. Increase SEO, trust and sales using Expedia reviews.

100 No CVEs
Review Widgets for Szallas.hu

Review Widgets for Szallas.hu

review-widgets-for-szallas-hu

A
100

Szállás.hu review widgets. Show your szallas.hu reviews on your WordPress website to build trust and increase your SEO.

40 No CVEs
Widgets for Foursquare Reviews

Widgets for Foursquare Reviews

review-widgets-for-foursquare

A
100

Embed Foursquare reviews fast and easily into your WordPress site. Increase SEO, trust and sales using Foursquare reviews.

10 No CVEs
Site Reviews

Site Reviews

site-reviews

A
96

Site Reviews is a complete review management solution that integrates with WooCommerce and SureCart and works similarly to reviews on Amazon, Tripadvi &hellip;

70K 13 CVEs
Developer Profile

Widgets for Hotels.com Reviews Developer Profile

Trustindex

32 plugins · 976K total installs

87
trust score
Avg Security Score
99/100
Avg Patch Time
87 days
View full developer profile
Detection Fingerprints

How We Detect Widgets for Hotels.com Reviews

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/review-widgets-for-hotels-com/assets/css/widgets.css/wp-content/plugins/review-widgets-for-hotels-com/assets/js/widgets.js
Script Paths
https://cdn.trustindex.io/loader.js
Version Parameters
review-widgets-for-hotels-com/assets/css/widgets.css?ver=review-widgets-for-hotels-com/assets/js/widgets.js?ver=

HTML / DOM Fingerprints

CSS Classes
trustindex-hotel-reviews
Data Attributes
data-ti-site-iddata-ti-widget-iddata-ti-widget-hash
JS Globals
tiWidgets
REST Endpoints
/wp-json/trustindex/v1/hotels
Shortcode Output
[trustindex_ui_widget]
FAQ

Frequently Asked Questions about Widgets for Hotels.com Reviews