Does Reviewbird have any unpatched vulnerabilities?

No. All known vulnerabilities in Reviewbird have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Reviewbird compatible with WordPress 6.9.4?

According to WordPress.org data, Reviewbird 1.0.16 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Reviewbird compatible with PHP 7.4+?

Reviewbird requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Reviewbird updated?

Reviewbird was last updated on Feb 16, 2026. Frequent updates are generally a positive security signal.

What is Reviewbird's security score?

Reviewbird has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Reviewbird Security & Risk Analysis

wordpress.org/plugins/reviewbird

Powerfully simple product review collection, moderation, and management for WooCommerce.

0 active installs v1.0.16 PHP 7.4+ WP 5.0+ Updated Feb 16, 2026

customer-reviewsproduct-reviewsratingsreviewswoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Reviewbird Safe to Use in 2026?

Generally Safe

Score 100/100

Reviewbird has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The reviewbird plugin v1.0.16 demonstrates a generally good security posture, with several positive indicators. Notably, all SQL queries are prepared, all output is properly escaped, and there are no identified dangerous functions or file operations. The absence of known CVEs and a history of vulnerabilities further suggests a commitment to security.

However, there are specific areas of concern that warrant attention. The presence of two unprotected AJAX handlers represents a significant attack surface. While only two taint flows were analyzed, one with an unsanitized path is a red flag, indicating a potential for vulnerabilities if not handled with extreme care, especially given the lack of critical or high severity findings in this analysis, suggesting this may be a low-severity but present risk. The plugin also implements a single nonce check across its entry points, which is insufficient for robust security, particularly with multiple unprotected AJAX handlers.

In conclusion, while the plugin has strong foundations in secure coding practices like prepared statements and output escaping, the unprotected AJAX endpoints and the single unsanitized taint flow present clear risks. The lack of vulnerability history is positive but does not negate the current findings. Addressing the unprotected AJAX handlers and investigating the unsanitized taint flow should be prioritized.

Key Concerns

Unprotected AJAX handlers
Unsanitized taint flow
Insufficient nonce checks

Vulnerabilities

None known

Reviewbird Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Reviewbird Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

45 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped45 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

handle_setting_update (src\Admin\Settings.php:234)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Reviewbird Attack Surface

Entry Points10

Unprotected2

AJAX Handlers 2

authwp_ajax_reviewbird_update_settingsrc\Admin\Settings.php:36

authwp_ajax_reviewbird_clear_health_cachesrc\Admin\Settings.php:37

REST API Routes 5

POST/wp-json/reviewbird/v1/store-connectedsrc\Api\ConnectionController.php:26

POST/wp-json/reviewbird/v1/coupons/createsrc\Api\CouponController.php:50

GET/wp-json/reviewbird/v1/productssrc\Api\ProductsController.php:62

POST/wp-json/reviewbird/v1/ratings/updatesrc\Core\Plugin.php:360

POST/wp-json/reviewbird/v1/verified-purchase/checksrc\Core\Plugin.php:370

Shortcodes 3

[reviewbird_widget] src\Core\Plugin.php:98

[reviewbird_showcase] src\Core\Plugin.php:99

[reviewbird_stars] src\Core\Plugin.php:100

WordPress Hooks 23

actionbefore_woocommerce_initreviewbird-plugin.php:69

actionadmin_noticessrc\Admin\Settings.php:38

actionrest_api_initsrc\Core\Plugin.php:82

filterwoocommerce_rest_is_request_to_rest_apisrc\Core\Plugin.php:85

actionadmin_menusrc\Core\Plugin.php:90

actionadmin_enqueue_scriptssrc\Core\Plugin.php:91

actionwp_enqueue_scriptssrc\Core\Plugin.php:96

actionwp_enqueue_scriptssrc\Core\Plugin.php:97

filterwoocommerce_structured_data_productsrc\Core\Plugin.php:120

filterwoocommerce_product_tabssrc\Core\Plugin.php:123

actionwoocommerce_after_single_product_summarysrc\Core\Plugin.php:124

filtercomments_opensrc\Core\Plugin.php:127

filterwoocommerce_product_get_reviews_allowedsrc\Core\Plugin.php:128

actioninitsrc\Integration\HealthScheduler.php:37

actionreviewbird_rating_updatedsrc\Integration\SchemaScheduler.php:42

filterwoocommerce_product_get_rating_htmlsrc\Integration\StarRatingDisplay.php:54

actioninitsrc\Integration\StarRatingDisplay.php:60

actionwoocommerce_single_product_summarysrc\Integration\StarRatingDisplay.php:72

filterreviewbird_rating_is_staticsrc\Integration\StarRatingDisplay.php:132

filterwoocommerce_rest_prepare_product_reviewsrc\Integration\WooCommerce.php:35

actionwoocommerce_new_ordersrc\Integration\WooCommerce.php:46

actionwoocommerce_checkout_order_createdsrc\Integration\WooCommerce.php:47

filterwoocommerce_rest_prepare_shop_order_objectsrc\Integration\WooCommerce.php:50

Maintenance & Trust

Reviewbird Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 16, 2026

PHP min version7.4

Downloads250

Community Trust

Rating100/100

Number of ratings3

Active installs0

Alternatives

Reviewbird Alternatives

Photo Reviews for WooCommerce

woo-photo-reviews

100

Let customers attach photos to reviews, enhanced with filterable grids and overall ratings. Auto-send review reminders and coupon emails

10K No CVEs

ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema

reviewx

Drive woocommerce business growth with social proof: gather product reviews with multicriteria ratings, auto-reminder emails, discounts, and more.

9K 13 CVEs

WiserReview Product Reviews for WooCommerce

wiser-review

100

Collect, manage, and display powerful product reviews and testimonials for WooCommerce stores. Boost trust and conversion with automated review collec …

700 No CVEs

WPSSO Ratings and Reviews

wpsso-ratings-and-reviews

100

Adds Ratings and Reviews Features to the WordPress Comments System.

200 No CVEs

Builder for WooCommerce product reviews shortcodes – ReviewShort

woo-product-reviews-shortcode

Show WooCommerce customer feedback anywhere with WooCommerce reviews shortcodes, beautifully and ...

100 2 CVEs

Developer Profile

Reviewbird Developer Profile

reviewbird

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Reviewbird

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/reviewbird/build/index.css/wp-content/plugins/reviewbird/build/reviewbird-admin.js

Script Paths

/wp-content/plugins/reviewbird/build/reviewbird-admin.js

Version Parameters

reviewbird/build/index.css?ver=reviewbird/build/reviewbird-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

reviewbird-connection-status

Data Attributes

data-reviewbird-connection-status

JS Globals

reviewbird_settings

REST Endpoints

/wp-json/reviewbird/v1/settings

FAQ