Does WP Tripadvisor Review Widgets have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Tripadvisor Review Widgets have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Tripadvisor Review Widgets compatible with WordPress 6.9.4?

According to WordPress.org data, WP Tripadvisor Review Widgets 13.2.7 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is WP Tripadvisor Review Widgets compatible with PHP 7.0+?

WP Tripadvisor Review Widgets requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP Tripadvisor Review Widgets updated?

WP Tripadvisor Review Widgets was last updated on Jan 20, 2026. Frequent updates are generally a positive security signal.

What is WP Tripadvisor Review Widgets's security score?

WP Tripadvisor Review Widgets has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Tripadvisor Review Widgets Security & Risk Analysis

wordpress.org/plugins/review-widgets-for-tripadvisor

Embed Tripadvisor reviews fast and easily into your WordPress site. Increase SEO, trust and sales using Tripadvisor reviews.

20K active installs v13.2.7 PHP 7.0+ WP 6.2+ Updated Jan 20, 2026

accommodationhotelsrestaurantreviewstripadvisor

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Tripadvisor Review Widgets Safe to Use in 2026?

Generally Safe

Score 100/100

WP Tripadvisor Review Widgets has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The review-widgets-for-tripadvisor plugin v13.2.7 exhibits a mixed security posture. On the positive side, it demonstrates excellent practices regarding SQL queries and output escaping, with 98% of SQL queries using prepared statements and 100% of outputs being properly escaped. The plugin also has a clean vulnerability history with zero known CVEs, indicating a generally well-maintained codebase.

However, significant concerns arise from the attack surface analysis. All three identified entry points (one AJAX handler and two REST API routes) lack authentication checks or permission callbacks. This makes them directly accessible to unauthenticated users, posing a substantial risk. Furthermore, the presence of the `unserialize` function is a notable weakness. While not flagged by taint analysis in this specific scan, it's a known dangerous function that, if misused with untrusted input, can lead to severe vulnerabilities like Remote Code Execution.

In conclusion, while the plugin benefits from strong data handling practices and a lack of historical vulnerabilities, the unprotected entry points and the presence of `unserialize` are critical security flaws that require immediate attention. The attack surface is too exposed, and while no critical taint flows were detected in this scan, the potential for exploitation exists due to the lack of authorization.

Key Concerns

AJAX handler without auth check
REST API route without permission callback
REST API route without permission callback
Dangerous function: unserialize

Vulnerabilities

None known

WP Tripadvisor Review Widgets Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Tripadvisor Review Widgets Code Analysis

Dangerous Functions

Raw SQL Queries

54 prepared

Unescaped Output

1363 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$wpRepoResponse = unserialize(wp_remote_retrieve_body($wpResponse));trustindex-plugin.class.php:7043

SQL Query Safety

98% prepared55 total queries

Output Escaping

100% escaped1366 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

7 flows1 with unsanitized paths

<admin> (include\admin.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

WP Tripadvisor Review Widgets Attack Surface

Entry Points3

Unprotected3

AJAX Handlers 1

authwp_ajax_list_trustindex_widgetsreview-widgets-for-tripadvisor.php:110

REST API Routes 2

GET/wp-json/trustindex/v1/get-widgetstrustindex-plugin.class.php:7185

GET/wp-json/trustindex/v1/setup-completetrustindex-plugin.class.php:7190

WordPress Hooks 36

filterrocket_minify_excluded_external_jsinclude\cache-plugin-filters.php:13

filterrocket_exclude_jsinclude\cache-plugin-filters.php:14

filterrocket_delay_js_exclusionsinclude\cache-plugin-filters.php:15

filterlitespeed_optimize_js_excludesinclude\cache-plugin-filters.php:16

filtersgo_javascript_combine_excluded_external_pathsinclude\cache-plugin-filters.php:17

filtersgo_css_combine_excludeinclude\cache-plugin-filters.php:18

filterrocket_rucss_safelistinclude\cache-plugin-filters.php:58

filterscript_loader_taginclude\cache-plugin-filters.php:63

filterstyle_loader_taginclude\cache-plugin-filters.php:78

actionadmin_initreview-widgets-for-tripadvisor.php:28

actionplugins_loadedreview-widgets-for-tripadvisor.php:31

actionwp_headreview-widgets-for-tripadvisor.php:32

actionwp_insert_sitereview-widgets-for-tripadvisor.php:61

actionadmin_menureview-widgets-for-tripadvisor.php:73

filterplugin_action_linksreview-widgets-for-tripadvisor.php:74

filterplugin_row_metareview-widgets-for-tripadvisor.php:75

actionwidgets_initreview-widgets-for-tripadvisor.php:77

actionwidgets_initreview-widgets-for-tripadvisor.php:78

actioninitreview-widgets-for-tripadvisor.php:80

actioninitreview-widgets-for-tripadvisor.php:86

filterscript_loader_tagreview-widgets-for-tripadvisor.php:87

actionelementor/controls/controls_registeredreview-widgets-for-tripadvisor.php:93

actionelementor/widgets/registerreview-widgets-for-tripadvisor.php:97

actionelementor/widgets/widgets_registeredreview-widgets-for-tripadvisor.php:103

actioninitreview-widgets-for-tripadvisor.php:109

actionadmin_enqueue_scriptsreview-widgets-for-tripadvisor.php:111

actionrest_api_initreview-widgets-for-tripadvisor.php:112

actionadmin_noticesreview-widgets-for-tripadvisor.php:145

actionadmin_noticesreview-widgets-for-tripadvisor.php:206

actionenqueue_block_editor_assetsstatic\block-editor\block-editor.php:10

actioninitstatic\block-editor\block-editor.php:11

filterfilesystem_methodtrustindex-plugin.class.php:1046

actionadmin_noticestrustindex-plugin.class.php:1064

actionhttp_api_curltrustindex-plugin.class.php:6121

filtermce_external_pluginstrustindex-plugin.class.php:6922

filtermce_buttonstrustindex-plugin.class.php:6923

Maintenance & Trust

WP Tripadvisor Review Widgets Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 20, 2026

PHP min version7.0

Downloads650K

Community Trust

Rating82/100

Number of ratings110

Active installs20K

Alternatives

WP Tripadvisor Review Widgets Alternatives

Tripadvisor Shortcode

tripadvisor-shortcode

I have been told by TripAdvisor that they are about to turn off the business owner rss feeds. This plugin no longer works.

100 1 unpatched

Widgets for Expedia Reviews

widgets-for-expedia-reviews

100

Embed Expedia reviews fast and easily into your WordPress site. Increase SEO, trust and sales using Expedia reviews.

100 No CVEs

Widgets for Hotels.com Reviews

review-widgets-for-hotels-com

100

Embed Hotels.com reviews fast and easily into your WordPress site. Increase SEO, trust and sales using Hotels.com reviews.

50 No CVEs

Reviews Widgets for Google, Yelp & TripAdvisor

fb-reviews-widget

Combine Facebook recommendations with Google, Yelp and TripAdvisor reviews in a widget, block or shortcode. Build a trusted website!

10K 2 CVEs

WP TripAdvisor Review Slider

wp-tripadvisor-review-slider

Create a TripAdvisor review slider! Now with User Images! Easily display your TripAdvisor reviews in your Posts, Pages, and Widget areas!

8K 3 CVEs

Developer Profile

WP Tripadvisor Review Widgets Developer Profile

Trustindex

32 plugins · 976K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

87 days

View full developer profile

Detection Fingerprints

How We Detect WP Tripadvisor Review Widgets

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/review-widgets-for-tripadvisor/assets/css/trustindex.css/wp-content/plugins/review-widgets-for-tripadvisor/assets/js/trustindex.js/wp-content/plugins/review-widgets-for-tripadvisor/assets/js/ti-script.js

Script Paths

https://cdn.trustindex.io/loader.js

Version Parameters

review-widgets-for-tripadvisor/assets/css/trustindex.css?ver=review-widgets-for-tripadvisor/assets/js/trustindex.js?ver=review-widgets-for-tripadvisor/assets/js/ti-script.js?ver=

HTML / DOM Fingerprints

CSS Classes

ti-site-datatrustindex-notification-row

Data Attributes

data-ccm-injected="1"

JS Globals

TrustindexPlugin_tripadvisor

REST Endpoints

/wp-json/trustindex/v1/register

FAQ