Reviewbucket Lite – Emoji reaction review and google place review WordPress Plugin Security & Risk Analysis

Reviewbucketlite is the plugin which allow you to display google reviews on your site from google using api. Also this plugin provide emoji reaction r …

0 active installs v1.3.1 PHP + WP 6.2+ Updated Sep 6, 2025

business-ratingsemoji-reactiongooglegoogle-reviewsreviews

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Reviewbucket Lite – Emoji reaction review and google place review WordPress Plugin Safe to Use in 2026?

Generally Safe

Score 100/100

Reviewbucket Lite – Emoji reaction review and google place review WordPress Plugin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago

Risk Assessment

The reviewbucket-lite plugin v1.3.1 demonstrates a mixed security posture. On the positive side, the plugin shows good practices in handling SQL queries, exclusively using prepared statements, and a high percentage of output escaping. Furthermore, there is no recorded history of past vulnerabilities, which is a strong indicator of a well-maintained codebase. The absence of dangerous functions and file operations is also commendable.

However, significant security concerns arise from the attack surface analysis. With a total of 9 entry points, a concerning 6 of them (all AJAX handlers) lack proper authentication checks. This creates a substantial risk of unauthorized access and execution of plugin functionalities by unauthenticated users. The taint analysis, while showing no critical or high severity flows, did reveal 4 flows with unsanitized paths, which warrants attention as it indicates potential for input manipulation, even if not currently leading to severe outcomes.

In conclusion, while the plugin exhibits strengths in data handling and a clean vulnerability history, the numerous unprotected AJAX endpoints represent a critical weakness. This significantly increases the potential attack surface and makes the plugin vulnerable to attacks that could exploit these unauthenticated entry points. The unescaped output and unsanitized paths, though not flagged as critical, further contribute to the overall risk profile and should be addressed.

Key Concerns

Unprotected AJAX handlers
Flows with unsanitized paths
Missing capability checks
Missing nonce checks on AJAX
Output escaping below 100%

Vulnerabilities

None known

Reviewbucket Lite – Emoji reaction review and google place review WordPress Plugin Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Reviewbucket Lite – Emoji reaction review and google place review WordPress Plugin Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

281 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

89% escaped316 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths

reviewbucketlite_fb_auth_ajax (admin\admin-functions.php:3)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

Reviewbucket Lite – Emoji reaction review and google place review WordPress Plugin Attack Surface

Entry Points9

Unprotected6

AJAX Handlers 6

authwp_ajax_reviewbucketlite_fb_auth_ajaxadmin\admin-functions.php:2

authwp_ajax_reactions_reviews_actioninc\class-reactions-reviews.php:21

noprivwp_ajax_reactions_reviews_actioninc\class-reactions-reviews.php:22

authwp_ajax_update_google_reviewinc\google-review\google-api-config.php:26

authwp_ajax_reviewbucket_greviews_deleteinc\google-review\google-api-config.php:29

noprivwp_ajax_reviewbucket_greviews_deleteinc\google-review\google-api-config.php:30

Shortcodes 3

[revbuck_reactions_review] inc\class-reactions-reviews.php:24

[reviewbucketlite_google_place] view\google-shortcode.php:11

[vc_google_reviews] view\wpbakery\vc-add-shortcode-list.php:3

WordPress Hooks 29

actionadmin_menuadmin\admin.php:21

actionadmin_initadmin\admin.php:22

actionwp_enqueue_scriptsinc\class-enqueue.php:21

actionadmin_enqueue_scriptsinc\class-enqueue.php:23

actionadd_meta_boxesinc\class-reactions-reviews.php:26

actionwoocommerce_product_meta_endinc\class-reactions-reviews.php:28

actionsave_postinc\class-reactions-reviews.php:30

actioninitinc\functions.php:15

actionafter_setup_themeinc\functions.php:68

actionadmin_noticesinc\functions.php:345

actionwp_nopriv_ajax_update_google_reviewinc\google-review\google-api-config.php:27

actionadd_meta_boxesinc\meta-fields\main-meta.php:24

actionsave_postinc\meta-fields\main-meta.php:25

actioninitinc\meta-fields\tatcmf-config.php:25

actionadmin_enqueue_scriptsinc\meta-fields\tatcmf.php:17

actionplugins_loadedreviewbucket-lite.php:54

actioninitview\elementor-widgets\elementor-widget.php:147

actionadmin_noticesview\elementor-widgets\elementor-widget.php:171

actionadmin_noticesview\elementor-widgets\elementor-widget.php:178

actionelementor/elements/categories_registeredview\elementor-widgets\elementor-widget.php:183

actionelementor/frontend/after_enqueue_stylesview\elementor-widgets\elementor-widget.php:184

actionelementor/frontend/after_register_stylesview\elementor-widgets\elementor-widget.php:185

actionelementor/editor/before_enqueue_scriptsview\elementor-widgets\elementor-widget.php:186

actionelementor/widgets/widgets_registeredview\elementor-widgets\elementor-widget.php:189

actionwp_enqueue_scriptsview\elementor-widgets\elementor-widget.php:192

actionwp_enqueue_scriptsview\elementor-widgets\elementor-widget.php:364

actionvc_build_admin_pageview\wpbakery\reviewbucket-vc-init.php:5

actionvc_build_admin_pageview\wpbakery\reviewbucketlite-vc-init.php:5

actionvc_before_initview\wpbakery\vc-google-review.php:2

Maintenance & Trust

Reviewbucket Lite – Emoji reaction review and google place review WordPress Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedSep 6, 2025

PHP min version

Downloads2K

Community Trust

Rating100/100

Number of ratings1

Active installs0

Alternatives

Reviewbucket Lite – Emoji reaction review and google place review WordPress Plugin Alternatives

Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More

reviews-feed

No API key required. Display Yelp and Google reviews for any business in a clean, customizable feed on your site.

100K 2 CVEs

Rich Showcase for Google Reviews

widget-google-reviews

Display up to 10 Google reviews in less than a minute. Continue collecting new reviews. No limits on connected places, widgets, shortcodes and blocks.

100K 5 CVEs

WP Social Ninja – Embed Social Feeds, User Reviews & Chat Widgets

wp-social-reviews

Add Facebook feeds, Instagram feeds, TikTok feeds, Facebook reviews, WhatsApp Chat, Messenger chat, Testimonial, and others using a single dashboard.

30K 3 CVEs

Reviews and Rating – Google Reviews

g-business-reviews-rating

Completely restriction-free Google reviews and rating as Shortcode/Widget. Extensive display options; delicious themes; includes Structured Data.

20K 2 CVEs

Reviews Widgets for Google, Yelp & TripAdvisor

fb-reviews-widget

Combine Facebook recommendations with Google, Yelp and TripAdvisor reviews in a widget, block or shortcode. Build a trusted website!

10K 2 CVEs

Developer Profile

Reviewbucket Lite – Emoji reaction review and google place review WordPress Plugin Developer Profile

wpbucket

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Reviewbucket Lite – Emoji reaction review and google place review WordPress Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/reviewbucket-lite/assets/icofont/icofont.min.css/wp-content/plugins/reviewbucket-lite/assets/fontawesome/all.min.css/wp-content/plugins/reviewbucket-lite/assets/css/reviewbucketlite-grid.css/wp-content/plugins/reviewbucket-lite/assets/css/owl.carousel.min.css/wp-content/plugins/reviewbucket-lite/assets/css/owl.theme.default.min.css/wp-content/plugins/reviewbucket-lite/assets/css/style.css/wp-content/plugins/reviewbucket-lite/inc/google-review/js/google-place.js/wp-content/plugins/reviewbucket-lite/assets/js/isotope.pkgd.min.js+9 more

Script Paths

/wp-content/plugins/reviewbucket-lite/inc/google-review/js/google-place.js/wp-content/plugins/reviewbucket-lite/assets/js/isotope.pkgd.min.js/wp-content/plugins/reviewbucket-lite/assets/js/owl.carousel.min.js/wp-content/plugins/reviewbucket-lite/assets/js/main.js/wp-content/plugins/reviewbucket-lite/admin/assets/js/wpac.js/wp-content/plugins/reviewbucket-lite/admin/assets/js/fbrev-connect.js+2 more

Version Parameters

reviewbucket-lite/assets/icofont/icofont.min.css?ver=reviewbucket-lite/assets/fontawesome/all.min.css?ver=reviewbucket-lite/assets/css/reviewbucketlite-grid.css?ver=reviewbucket-lite/assets/css/owl.carousel.min.css?ver=reviewbucket-lite/assets/css/owl.theme.default.min.css?ver=reviewbucket-lite/assets/css/style.css?ver=reviewbucket-lite/inc/google-review/js/google-place.js?ver=reviewbucket-lite/assets/js/isotope.pkgd.min.js?ver=reviewbucket-lite/assets/js/owl.carousel.min.js?ver=reviewbucket-lite/assets/js/main.js?ver=reviewbucket-lite/admin/assets/css/jquery-ui.css?ver=reviewbucket-lite/admin/assets/css/reviewbucketlite-admin.css?ver=reviewbucket-lite/admin/assets/js/wpac.js?ver=reviewbucket-lite/admin/assets/js/fbrev-connect.js?ver=reviewbucket-lite/admin/assets/js/reviewbucketlite-admin.js?ver=reviewbucket-lite/inc/meta-fields/css/tatcmf-style.css?ver=reviewbucket-lite/inc/meta-fields/js/tatcmf.js?ver=

HTML / DOM Fingerprints

CSS Classes

reviewbucketlite-gridreviewbucketlite-admin

HTML Comments

Block Direct accessBlocking direct access

Data Attributes

data-trimcharacter

JS Globals

frontend_objectfbrevConnectreviewbucketliteadminobj

FAQ