WP-Safety

Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More Security & Risk Analysis

wordpress.org/plugins/reviews-feed

No API key required. Display Yelp and Google reviews for any business in a clean, customizable feed on your site.

100K active installs v2.4.6 PHP 7.4+ WP 4.1+ Updated Mar 10, 2026
google-businessgoogle-reviewsreviewstestimonialsyelp
99
A · Safe
CVEs total2
Unpatched0
Last CVEAug 26, 2024
Plugin page Download
Safety Verdict

Is Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More Safe to Use in 2026?

Generally Safe

Score 99/100

Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Aug 26, 2024Updated 24d ago
Risk Assessment

The 'reviews-feed' v2.4.6 plugin exhibits a mixed security posture. While it demonstrates good practices such as a high percentage of SQL prepared statements and proper output escaping, significant concerns arise from its attack surface and taint analysis. The presence of 3 AJAX handlers without authentication checks represents a direct pathway for potential unauthorized actions, especially when considered alongside the taint analysis which revealed 6 high-severity flows with unsanitized paths. These unsanitized paths could lead to various vulnerabilities if exploited by an attacker. The plugin's vulnerability history, though currently showing no unpatched CVEs, has previously included medium-severity Cross-Site Request Forgery (CSRF) and Missing Authorization issues. This pattern suggests a recurring need for robust authorization and input validation. Overall, the plugin has strengths in data handling but requires immediate attention to its unprotected entry points and identified high-severity taint flows to mitigate substantial risks.

Key Concerns

  • 3 AJAX handlers without auth checks
  • 6 high severity taint flows (unsanitized paths)
  • Previous medium CVEs (CSRF, Missing Authorization)
Vulnerabilities
2

Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More Security Vulnerabilities

CVEs by Year

2 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2024-8200medium · 4.3Cross-Site Request Forgery (CSRF)

Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More <= 1.1.2 - Cross-Site Request Forgery

Aug 26, 2024 Patched in 1.2.0 (337d)
CVE-2024-8199medium · 4.3Missing Authorization

Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update

Aug 26, 2024 Patched in 1.2.0 (337d)
Code Analysis
Analyzed Mar 16, 2026

Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More Code Analysis

Dangerous Functions
0
Raw SQL Queries
38
122 prepared
Unescaped Output
39
311 escaped
Nonce Checks
59
Capability Checks
12
File Operations
6
External Requests
5
Bundled Libraries
0

SQL Query Safety

76% prepared160 total queries

Output Escaping

89% escaped350 total outputs
Data Flows
8 unsanitized

Data Flow Analysis

16 flows8 with unsanitized paths
review_notice_consent (class\Common\Admin\SBR_New_User.php:246)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More Attack Surface

Entry Points54
Unprotected3

AJAX Handlers 52

authwp_ajax_sbr_dismiss_license_noticeclass\Common\Admin\SBR_Admin_Notice.php:28
authwp_ajax_sbr_review_notice_consent_updateclass\Common\Admin\SBR_New_User.php:39
authwp_ajax_sbr_dashboard_notification_dismissclass\Common\Admin\SBR_Notifications.php:105
authwp_ajax_sbr_install_pluginclass\Common\Admin\SBR_Plugin_Insltaller.php:30
authwp_ajax_sbr_activate_pluginclass\Common\Admin\SBR_Plugin_Insltaller.php:31
authwp_ajax_sbr_deactivate_pluginclass\Common\Admin\SBR_Plugin_Insltaller.php:32
authwp_ajax_sbr_create_temp_userclass\Common\Admin\SBR_Support_Tool.php:109
authwp_ajax_sbr_delete_temp_userclass\Common\Admin\SBR_Support_Tool.php:110
authwp_ajax_sbr_feed_saver_manager_builder_updateclass\Common\Builder\SBR_Feed_Saver_Manager.php:44
authwp_ajax_sbr_feed_saver_manager_duplicate_feedclass\Common\Builder\SBR_Feed_Saver_Manager.php:45
authwp_ajax_sbr_feed_saver_manager_delete_feedsclass\Common\Builder\SBR_Feed_Saver_Manager.php:46
authwp_ajax_sbr_feed_saver_manager_fly_previewclass\Common\Builder\SBR_Feed_Saver_Manager.php:47
authwp_ajax_sbr_feed_saver_manager_start_moderation_modeclass\Common\Builder\SBR_Feed_Saver_Manager.php:48
authwp_ajax_sbr_feed_saver_manager_add_sourceclass\Common\Builder\SBR_Feed_Saver_Manager.php:51
authwp_ajax_sbr_feed_saver_manager_add_facebook_souceclass\Common\Builder\SBR_Feed_Saver_Manager.php:52
authwp_ajax_sbr_feed_saver_manager_connect_manual_facebookclass\Common\Builder\SBR_Feed_Saver_Manager.php:53
authwp_ajax_sbr_feed_saver_manager_delete_sourceclass\Common\Builder\SBR_Feed_Saver_Manager.php:54
authwp_ajax_sbr_feed_saver_manager_get_source_impactclass\Common\Builder\SBR_Feed_Saver_Manager.php:55
authwp_ajax_sbr_feed_saver_manager_update_api_keyclass\Common\Builder\SBR_Feed_Saver_Manager.php:56
authwp_ajax_sbr_import_feed_settingsclass\Common\Builder\SBR_Feed_Saver_Manager.php:57
authwp_ajax_sbr_clear_all_cachesclass\Common\Builder\SBR_Feed_Saver_Manager.php:58
authwp_ajax_sbr_feed_saver_manager_get_feed_list_pageclass\Common\Builder\SBR_Feed_Saver_Manager.php:60
authwp_ajax_sbr_feed_saver_manager_create_new_collectionclass\Common\Builder\SBR_Feed_Saver_Manager.php:61
authwp_ajax_sbr_feed_saver_manager_addupdate_review_collectionclass\Common\Builder\SBR_Feed_Saver_Manager.php:62
authwp_ajax_sbr_feed_saver_manager_update_collection_nameclass\Common\Builder\SBR_Feed_Saver_Manager.php:63
authwp_ajax_sbr_feed_saver_manager_get_source_postsclass\Common\Builder\SBR_Feed_Saver_Manager.php:64
authwp_ajax_sbr_feed_saver_manager_delete_review_from_collectionclass\Common\Builder\SBR_Feed_Saver_Manager.php:65
authwp_ajax_sbr_feed_saver_manager_add_multiple_reviews_collectionclass\Common\Builder\SBR_Feed_Saver_Manager.php:66
authwp_ajax_sbr_feed_saver_manager_advanced_search_reviewsclass\Common\Builder\SBR_Feed_Saver_Manager.php:67
authwp_ajax_sbr_feed_saver_manager_duplicate_collectionclass\Common\Builder\SBR_Feed_Saver_Manager.php:68
authwp_ajax_sbr_feed_saver_manager_load_more_sourcesclass\Common\Builder\SBR_Feed_Saver_Manager.php:69
authwp_ajax_sbr_feed_saver_manager_export_collectionclass\Common\Builder\SBR_Feed_Saver_Manager.php:71
authwp_ajax_sbr_import_full_collectionclass\Common\Builder\SBR_Feed_Saver_Manager.php:72
authwp_ajax_sbr_import_reviews_collectionclass\Common\Builder\SBR_Feed_Saver_Manager.php:73
authwp_ajax_sbr_clear_error_logsclass\Common\Builder\SBR_Feed_Saver_Manager.php:76
authwp_ajax_sbr_add_woocommerce_sourceclass\Common\Builder\SBR_New_Providers_Manager.php:36
authwp_ajax_sbr_add_airbnb_sourceclass\Common\Builder\SBR_New_Providers_Manager.php:37
authwp_ajax_sbr_add_booking_sourceclass\Common\Builder\SBR_New_Providers_Manager.php:38
authwp_ajax_sbr_add_aliexpress_sourceclass\Common\Builder\SBR_New_Providers_Manager.php:39
authwp_ajax_sbr_add_external_sourceclass\Common\Builder\SBR_New_Providers_Manager.php:40
authwp_ajax_sbr_get_woocommerce_productsclass\Common\Builder\SBR_New_Providers_Manager.php:41
authwp_ajax_sbr_get_woocommerce_categoriesclass\Common\Builder\SBR_New_Providers_Manager.php:42
authwp_ajax_sbr_get_woocommerce_tagsclass\Common\Builder\SBR_New_Providers_Manager.php:43
authwp_ajax_sbr_add_woocommerce_source_multiclass\Common\Builder\SBR_New_Providers_Manager.php:44
authwp_ajax_sbr_update_woocommerce_source_multiclass\Common\Builder\SBR_New_Providers_Manager.php:45
authwp_ajax_sbr_clear_post_header_cacheclass\Common\Clear_Cache.php:21
authwp_ajax_sbr_reset_postsclass\Common\Clear_Cache.php:22
authwp_ajax_sbr_reset_local_imagesclass\Common\Clear_Cache.php:23
authwp_ajax_sbr_dismiss_critical_noticeclass\Common\Error_Reporter.php:73
noprivwp_ajax_sbr_run_one_click_upgradeclass\Common\Services\SBR_Upgrader.php:54
authwp_ajax_sbr_maybe_upgrade_redirectclass\Common\Services\SBR_Upgrader.php:55
authwp_ajax_sbr_update_settingsclass\Common\Services\SettingsManagerService.php:23

Shortcodes 2

[reviews-feed-cron-simulator] class\Common\Services\FeedCacheUpdateService.php:36
[reviews-feed] class\Common\Services\ShortcodeService.php:17
WordPress Hooks 32
actioninitclass\Common\Admin\Blocks\SB_Recommended_Blocks.php:28
actioninitclass\Common\Admin\Blocks\SB_Reviews_Blocks.php:61
actionenqueue_block_editor_assetsclass\Common\Admin\Blocks\SB_Reviews_Blocks.php:69
actionadmin_menuclass\Common\Admin\MenuService.php:19
actionin_admin_headerclass\Common\Admin\MenuService.php:20
actionadmin_enqueue_scriptsclass\Common\Admin\MenuService.php:51
actionadmin_noticesclass\Common\Admin\SBR_Admin_Notice.php:27
actioninitclass\Common\Admin\SBR_Collections_Builder.php:42
actionadmin_initclass\Common\Admin\SBR_New_User.php:38
actionadmin_enqueue_scriptsclass\Common\Admin\SBR_Notifications.php:97
actionsbr_admin_noticesclass\Common\Admin\SBR_Notifications.php:99
filtersbr_admin_notices_filterclass\Common\Admin\SBR_Notifications.php:100
actionsbr_notification_updateclass\Common\Admin\SBR_Notifications.php:103
actionplugins_loadedclass\Common\Admin\SBR_Support_Tool.php:89
actionadmin_menuclass\Common\Admin\SBR_Support_Tool.php:96
actionadmin_footerclass\Common\Admin\SBR_Support_Tool.php:97
actionsbr_feed_issue_emailclass\Common\Error_Reporter.php:72
actionwp_footerclass\Common\Error_Reporter.php:74
actionrest_api_initclass\Common\Integrations\Providers\BaseProvider.php:38
filtersbr_supported_providersclass\Common\Integrations\Providers\BaseProvider.php:39
actionsbr_before_shortcode_renderclass\Common\Services\FeedCacheUpdateService.php:40
actioninitclass\Common\Services\UsageTrackingService.php:43
filtercron_schedulesclass\Common\Services\UsageTrackingService.php:44
filtersb_usage_tracking_dataclass\Common\Services\UsageTrackingService.php:45
actionsbr_usage_tracking_cronclass\Common\Services\UsageTrackingService.php:46
actionadmin_enqueue_scriptsclass\Common\Tooltip_Wizard.php:42
actionadmin_footerclass\Common\Tooltip_Wizard.php:43
actionwp_enqueue_scriptsclass\sbr-functions.php:439
actioncurrent_screenclass\sbr-functions.php:522
actionadmin_enqueue_scriptsclass\sbr-functions.php:527
actionadmin_menuclass\sbr-functions.php:562
actioninitclass\sbr-functions.php:569

Scheduled Events 1

sbr_usage_tracking_cron
Maintenance & Trust

Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 10, 2026
PHP min version7.4
Downloads954K

Community Trust

Rating86/100
Number of ratings26
Active installs100K
Alternatives

Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More Alternatives

Rich Showcase for Google Reviews

Rich Showcase for Google Reviews

widget-google-reviews

A
90

Display up to 10 Google reviews in less than a minute. Continue collecting new reviews. No limits on connected places, widgets, shortcodes and blocks.

100K 5 CVEs
Reviews Widgets for Google, Yelp & TripAdvisor

Reviews Widgets for Google, Yelp & TripAdvisor

fb-reviews-widget

A
96

Combine Facebook recommendations with Google, Yelp and TripAdvisor reviews in a widget, block or shortcode. Build a trusted website!

10K 2 CVEs
Reviews Block for Google

Reviews Block for Google

google-places-reviews

A
85

Easily display Google business reviews on your WordPress website with a simple and intuitive block.

2K 1 CVE
Widgets for Google Business Reviews and Ratings

Widgets for Google Business Reviews and Ratings

widgets-for-google-reviews-and-ratings

A
100

🛠️ Display Google Business Reviews on your WordPress website to build credibility, boost customer trust, and improve SEO with Google Rich Snippets

2K No CVEs
Widget for Google Reviews

Widget for Google Reviews

business-reviews-wp

A
95

Shortcode and widget for Google Reviews. Display Google Business Reviews on your WordPress website to increase user confidence and SEO.

1K 2 CVEs
Developer Profile

Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More Developer Profile

Syed Balkhi

94 plugins · 23.5M total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
795 days
View full developer profile
Detection Fingerprints

How We Detect Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/reviews-feed/assets/css/sbr-styles.css/wp-content/plugins/reviews-feed/assets/css/sbr-styles.min.css/wp-content/plugins/reviews-feed/assets/js/sbr-blocks.js
Script Paths
/wp-content/plugins/reviews-feed/assets/js/sbr-blocks.js
Version Parameters
sbr-block-styles?ver=sbr-feed-block?ver=

HTML / DOM Fingerprints

CSS Classes
sbr-notice-alert
HTML Comments
Copyright 2024 Smash Balloon LLC (email : hey@smashballoon.com)This program is free software; you can redistribute it and/or modifyThis program is distributed in the hope that it will be useful,See the+13 more
Data Attributes
data-block="sbr/sbr-feed-block"
JS Globals
sbr_block_editor
Shortcode Output
[reviews-feed
FAQ

Frequently Asked Questions about Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More