WP-Safety

Reviews Plus Security & Risk Analysis

wordpress.org/plugins/reviews-plus

Reviews Plus activates rich reviews for selected content. Turns comments into reviews and provides 100% SERP compatible reviews system.

1K active installs v1.4.1 PHP + WP 3.5+ Updated Dec 3, 2025
commentsgoogle-ratingproduct-reviewratingreview
99
A · Safe
CVEs total2
Unpatched0
Last CVEApr 22, 2024
Download
Safety Verdict

Is Reviews Plus Safe to Use in 2026?

Generally Safe

Score 99/100

Reviews Plus has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: Apr 22, 2024Updated 5mo ago
Risk Assessment

The "reviews-plus" v1.4.1 plugin exhibits a mixed security posture. On the positive side, the static analysis indicates a relatively small attack surface with no identified unprotected AJAX handlers or REST API routes. The code also shows a reasonable effort towards security with a good percentage of SQL queries using prepared statements and a decent number of capability checks. However, the presence of unsanitized paths in the taint analysis is a significant concern, suggesting potential vulnerabilities where user input might be used in file operations or other sensitive functions without proper validation. The vulnerability history is also a red flag, with two medium-severity CVEs historically, including one related to Missing Authorization and another to Uncontrolled Resource Consumption. While currently unpatched vulnerabilities are zero, the past patterns indicate that the plugin has had issues in these critical areas.

Key Concerns

  • Taint flows with unsanitized paths
  • Past medium severity CVEs (2 total)
  • Output escaping: 64% properly escaped (concern)
  • SQL queries: 71% using prepared statements (concern)
Vulnerabilities
2 published

Reviews Plus Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2024-32822medium · 4.3Missing Authorization

Reviews Plus <= 1.3.4 - Missing Authorization to Notice Dismissal

Apr 22, 2024 Patched in 1.3.5 (8d)
CVE-2021-24894medium · 6.5Uncontrolled Resource Consumption

Reviews Plus < 1.2.14 - Denial of Service

Oct 25, 2021 Patched in 1.2.15 (820d)
Version History

Reviews Plus Release Timeline

v1.4.1Current
v1.4.0
v1.3.5
v1.3.41 CVE
CVE-2024-32822
v1.3.31 CVE
CVE-2024-32822
v1.3.11 CVE
CVE-2024-32822
v1.3.01 CVE
CVE-2024-32822
v1.2.142 CVEs
CVE-2021-24894 CVE-2024-32822
v1.2.132 CVEs
CVE-2021-24894 CVE-2024-32822
v1.2.122 CVEs
CVE-2021-24894 CVE-2024-32822
v1.2.112 CVEs
CVE-2021-24894 CVE-2024-32822
v1.2.102 CVEs
CVE-2021-24894 CVE-2024-32822
v1.2.92 CVEs
CVE-2021-24894 CVE-2024-32822
v1.2.82 CVEs
CVE-2021-24894 CVE-2024-32822
v1.2.72 CVEs
CVE-2021-24894 CVE-2024-32822
v1.2.62 CVEs
CVE-2021-24894 CVE-2024-32822
v1.2.52 CVEs
CVE-2021-24894 CVE-2024-32822
v1.1.12 CVEs
CVE-2021-24894 CVE-2024-32822
v1.0.72 CVEs
CVE-2021-24894 CVE-2024-32822
Code Analysis
Analyzed Mar 16, 2026

Reviews Plus Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
5 prepared
Unescaped Output
54
97 escaped
Nonce Checks
3
Capability Checks
11
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

71% prepared7 total queries

Output Escaping

64% escaped151 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths
ic_redirect_ic_revs_admin (includes\admin-review-list.php:38)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Reviews Plus Attack Surface

Entry Points6
Unprotected0

AJAX Handlers 2

authwp_ajax_get_reviewsincludes\admin-class.php:544
authwp_ajax_hide_ic_revs_translate_noticesep\settings.php:218

Shortcodes 4

[average_rating] functions\functions.php:332
[product_name] functions\functions.php:804
[reviews] sep\functions.php:78
[reviews_form] sep\functions.php:106
WordPress Hooks 71
actioninitext\woocommerce.php:13
filterwoocommerce_product_tabsext\woocommerce.php:23
filteric_get_ic_rev_ratingext\woocommerce.php:39
filteris_ic_catalog_admin_pagefunctions\conditionals.php:50
filteric_products_type_supportfunctions\functions.php:13
actioninitfunctions\functions.php:28
actionpre_get_commentsfunctions\functions.php:185
actionic_before_reviewsfunctions\functions.php:325
actionic_structured_datafunctions\functions.php:445
filtercomment_post_redirectfunctions\functions.php:521
actionadmin_initfunctions\functions.php:534
filtergettextfunctions\functions.php:538
filtercomment_notification_recipientsfunctions\functions.php:563
filtercomment_moderation_recipientsfunctions\functions.php:564
filtercomment_notification_textfunctions\functions.php:582
filtercomment_notification_subjectfunctions\functions.php:626
filtercomment_moderation_textfunctions\functions.php:645
filtercomment_moderation_subjectfunctions\functions.php:689
filtercomments_openfunctions\functions.php:722
actionsingle_names_tablefunctions\functions.php:734
filteric_default_single_namesfunctions\functions.php:786
actioninitfunctions\functions.php:800
filtercomment_authorincludes\admin-class.php:40
filtergettextincludes\admin-class.php:558
filtercomment_feed_whereincludes\admin-class.php:606
filterwp_count_commentsincludes\admin-class.php:627
filtercomment_classincludes\admin-review-list.php:26
actionadmin_initincludes\admin-review-list.php:36
actionadmin_menuincludes\admin-review-list.php:94
actionadmin_initincludes\admin-review-list.php:140
filtercomment_row_actionsincludes\admin-review-list.php:149
actionadmin_initincludes\admin-review-list.php:151
actionadmin_initincludes\admin-review-list.php:156
filtergettextincludes\admin-review-list.php:177
filterparent_fileincludes\admin-review-list.php:205
actioncurrent_screenincludes\admin-review-list.php:236
filtermanage_edit-comments_columnsincludes\admin-review-list.php:260
filtermanage_comments_custom_columnincludes\admin-review-list.php:284
filtergettextincludes\admin-review-list.php:433
actionafter_product_detailsincludes\includes.php:12
filtercomments_templateincludes\includes.php:24
filtercomment_form_default_fieldsincludes\includes.php:40
filterget_the_excerptincludes\includes.php:74
filterget_the_excerptincludes\includes.php:91
filtercomments_templateincludes\includes.php:108
filterpreprocess_commentincludes\includes.php:251
actioncomment_postincludes\includes.php:268
actionadd_meta_boxesincludes\review-meta.php:12
filtergettextincludes\review-meta.php:47
filterwp_comment_replyincludes\review-meta.php:104
actionedit_commentincludes\review-meta.php:239
actionpost_updatedincludes\review-meta.php:253
actionpost_updatedincludes\review-meta.php:278
actioninitincludes\reviews-limit.php:15
filterpre_comment_approvedincludes\reviews-limit.php:23
filterduplicate_comment_idincludes\reviews-limit.php:24
filteric_review_default_textincludes\reviews-limit.php:25
filteric_review_default_titleincludes\reviews-limit.php:26
filteric_review_form_idincludes\reviews-limit.php:27
actionic_reviews_form_beforeincludes\reviews-limit.php:28
actionafter_setup_themereviews-plus.php:20
actioninitreviews-plus.php:30
actioncurrent_screenreviews-plus.php:41
actionwp_enqueue_scriptsreviews-plus.php:75
actionadmin_enqueue_scriptsreviews-plus.php:92
actionadmin_enqueue_scriptsreviews-plus.php:118
filterthe_contentsep\functions.php:129
filtercomments_templatesep\functions.php:156
actionadmin_menusep\settings.php:15
actionadmin_initsep\settings.php:24
actionadmin_noticessep\settings.php:200
Maintenance & Trust

Reviews Plus Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 3, 2025
PHP min version
Downloads68K

Community Trust

Rating88/100
Number of ratings15
Active installs1K
Alternatives

Reviews Plus Alternatives

Builder for WooCommerce product reviews shortcodes – ReviewShort

Builder for WooCommerce product reviews shortcodes – ReviewShort

woo-product-reviews-shortcode

A
91

Show WooCommerce customer feedback anywhere with WooCommerce reviews shortcodes, beautifully and ...

100 2 CVEs
weeComments – Shop & Products Reviews

weeComments – Shop & Products Reviews

weecomments

A
85

Genera confianza en tu tienda online y aumenta las ventas con weecomments. http://weecomments.com Muestra un widget de opiniones de la tienda online, &hellip;

10 No CVEs
Site Reviews

Site Reviews

site-reviews

A
96

Site Reviews is a complete review management solution that integrates with WooCommerce and SureCart and works similarly to reviews on Amazon, Tripadvi &hellip;

60K 13 CVEs
Reviews and Rating – Google Reviews

Reviews and Rating – Google Reviews

g-business-reviews-rating

A
90

Completely restriction-free Google reviews and rating as Shortcode/Widget. Extensive display options; delicious themes; includes Structured Data.

20K 2 CVEs
Gutena Star Ratings

Gutena Star Ratings

gutena-star-ratings

A
100

Gutena Star Ratings is a great block that lets you add star rating to client testimonials and reviews. Not only the star rating will tell customers ho &hellip;

1K No CVEs
Developer Profile

Reviews Plus Developer Profile

impleCode

7 plugins · 11K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
312 days
View full developer profile
Detection Fingerprints

How We Detect Reviews Plus

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/reviews-plus/css/reviews-plus.min.css/wp-content/plugins/reviews-plus/js/reviews-plus.min.js/wp-content/plugins/reviews-plus/css/reviews-plus-admin.min.css/wp-content/plugins/reviews-plus/js/reviews-plus-editor.min.js/wp-content/plugins/reviews-plus/js/reviews-plus-admin.min.js
Version Parameters
reviews-plus/css/reviews-plus.min.css?ver=reviews-plus/js/reviews-plus.min.js?ver=reviews-plus/css/reviews-plus-admin.min.css?ver=reviews-plus/js/reviews-plus-editor.min.js?ver=reviews-plus/js/reviews-plus-admin.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
reviews-areacatalog-headerreview-ratingrating-labelno-comments
Data Attributes
data-current_rating
JS Globals
ic_revsreviews_object
FAQ

Frequently Asked Questions about Reviews Plus