WP-Safety

Widgets for WordPress Reviews Security & Risk Analysis

wordpress.org/plugins/reviews-widgets

Embed Wordpress Plugin reviews fast and easily into your WordPress site. Increase SEO, trust and sales using Wordpress reviews.

40 active installs v13.2.9 PHP 7.4+ WP 6.2+ Updated Apr 14, 2026
reviewstestimonialswidget
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Widgets for WordPress Reviews Safe to Use in 2026?

Generally Safe

Score 100/100

Widgets for WordPress Reviews has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "reviews-widgets" v13.2.7 plugin exhibits a mixed security posture. On the positive side, it demonstrates strong practices in output escaping and a high percentage of SQL queries using prepared statements, indicating a good understanding of preventing common web vulnerabilities like Cross-Site Scripting (XSS) and SQL Injection. The complete lack of known CVEs and recorded vulnerabilities is also a positive sign of its development history. However, significant concerns arise from its attack surface. With 3 identified entry points, all of which lack authentication or capability checks, the plugin is highly susceptible to unauthorized access and manipulation. The presence of the `unserialize` function, though not explicitly linked to a critical taint flow in this analysis, remains a potential risk if user-controlled data is unserialized without stringent sanitization, as it can lead to remote code execution. The single unsanitized path flow, while not classified as critical or high, warrants further investigation to understand its potential impact.

Key Concerns

  • REST API routes without permission callbacks
  • AJAX handlers without auth checks
  • Unsanitized path flow found
  • Dangerous function 'unserialize' used
Vulnerabilities
None known

Widgets for WordPress Reviews Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Widgets for WordPress Reviews Release Timeline

v13.2.9Current
v13.2.8
v13.2.7
v13.2.6
v13.2.5
v13.1
v13.0
v12.9
v12.8
v12.7.6
v12.6.1
v12.5
v12.4.7
v12.3
v12.2
v12.1.2
v12.0
v11.9
v10.9.1
Code Analysis
Analyzed Mar 16, 2026

Widgets for WordPress Reviews Code Analysis

Dangerous Functions
1
Raw SQL Queries
1
54 prepared
Unescaped Output
3
1363 escaped
Nonce Checks
41
Capability Checks
4
File Operations
3
External Requests
10
Bundled Libraries
0

Dangerous Functions Found

unserialize$wpRepoResponse = unserialize(wp_remote_retrieve_body($wpResponse));trustindex-plugin.class.php:7043

SQL Query Safety

98% prepared55 total queries

Output Escaping

100% escaped1366 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

7 flows1 with unsanitized paths
<admin> (include\admin.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Widgets for WordPress Reviews Attack Surface

Entry Points3
Unprotected3

AJAX Handlers 1

authwp_ajax_list_trustindex_widgetsreviews-widgets.php:110

REST API Routes 2

GET/wp-json/trustindex/v1/get-widgetstrustindex-plugin.class.php:7185
GET/wp-json/trustindex/v1/setup-completetrustindex-plugin.class.php:7190
WordPress Hooks 36
filterrocket_minify_excluded_external_jsinclude\cache-plugin-filters.php:13
filterrocket_exclude_jsinclude\cache-plugin-filters.php:14
filterrocket_delay_js_exclusionsinclude\cache-plugin-filters.php:15
filterlitespeed_optimize_js_excludesinclude\cache-plugin-filters.php:16
filtersgo_javascript_combine_excluded_external_pathsinclude\cache-plugin-filters.php:17
filtersgo_css_combine_excludeinclude\cache-plugin-filters.php:18
filterrocket_rucss_safelistinclude\cache-plugin-filters.php:58
filterscript_loader_taginclude\cache-plugin-filters.php:63
filterstyle_loader_taginclude\cache-plugin-filters.php:78
actionadmin_initreviews-widgets.php:28
actionplugins_loadedreviews-widgets.php:31
actionwp_headreviews-widgets.php:32
actionwp_insert_sitereviews-widgets.php:61
actionadmin_menureviews-widgets.php:73
filterplugin_action_linksreviews-widgets.php:74
filterplugin_row_metareviews-widgets.php:75
actionwidgets_initreviews-widgets.php:77
actionwidgets_initreviews-widgets.php:78
actioninitreviews-widgets.php:80
actioninitreviews-widgets.php:86
filterscript_loader_tagreviews-widgets.php:87
actionelementor/controls/controls_registeredreviews-widgets.php:93
actionelementor/widgets/registerreviews-widgets.php:97
actionelementor/widgets/widgets_registeredreviews-widgets.php:103
actioninitreviews-widgets.php:109
actionadmin_enqueue_scriptsreviews-widgets.php:111
actionrest_api_initreviews-widgets.php:112
actionadmin_noticesreviews-widgets.php:145
actionadmin_noticesreviews-widgets.php:206
actionenqueue_block_editor_assetsstatic\block-editor\block-editor.php:10
actioninitstatic\block-editor\block-editor.php:11
filterfilesystem_methodtrustindex-plugin.class.php:1046
actionadmin_noticestrustindex-plugin.class.php:1064
actionhttp_api_curltrustindex-plugin.class.php:6121
filtermce_external_pluginstrustindex-plugin.class.php:6922
filtermce_buttonstrustindex-plugin.class.php:6923
Maintenance & Trust

Widgets for WordPress Reviews Maintenance & Trust

Maintenance Signals

WordPress version tested7.0
Last updatedApr 14, 2026
PHP min version7.4
Downloads14K

Community Trust

Rating60/100
Number of ratings2
Active installs40
Alternatives

Widgets for WordPress Reviews Alternatives

Rich Showcase for Google Reviews

Rich Showcase for Google Reviews

widget-google-reviews

A
89

Display up to 10 Google reviews in less than a minute. Continue collecting new reviews. No limits on connected places, widgets, shortcodes and blocks.

100K 6 CVEs
WP Testimonials

WP Testimonials

testimonial-widgets

A
99

Display your Testimonials on your website fast and easily. 21 widget types, 25 widget styles available. (Free Plugin)

10K 2 CVEs
Feedspace Review Widgets

Feedspace Review Widgets

feedspace

A
100

Display customer testimonials and reviews on your WordPress website with beautiful, customizable widgets.

40 No CVEs
Simple WP Testimonials

Simple WP Testimonials

simple-wp-testimonials

A
85

Simple WP Testimonials is a plugin that allows you to manage and display testimonials for your blog.

20 No CVEs
CausalFunnel Reviews Widget

CausalFunnel Reviews Widget

causalfunnel-reviews-widget

A
100

Reviews Widget For Website – Simple & Elegant Review Management Tool

0 No CVEs
Developer Profile

Widgets for WordPress Reviews Developer Profile

Trustindex

34 plugins · 975K total installs

87
trust score
Avg Security Score
98/100
Avg Patch Time
71 days
View full developer profile
Detection Fingerprints

How We Detect Widgets for WordPress Reviews

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/reviews-widgets/assets/css/reviews-widgets-backend.css/wp-content/plugins/reviews-widgets/assets/css/reviews-widgets-frontend.css/wp-content/plugins/reviews-widgets/assets/js/reviews-widgets-backend.js/wp-content/plugins/reviews-widgets/assets/js/reviews-widgets-frontend.js
Script Paths
https://cdn.trustindex.io/loader.js
Version Parameters
reviews-widgets/assets/css/reviews-widgets-backend.css?ver=reviews-widgets/assets/css/reviews-widgets-frontend.css?ver=reviews-widgets/assets/js/reviews-widgets-backend.js?ver=reviews-widgets/assets/js/reviews-widgets-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
ti-site-datatrustindex-notification-rowti-hide-notification
HTML Comments
Copyright 2019 Trustindex Kft (email: support@trustindex.io)
Data Attributes
data-ccm-injected
JS Globals
trustindex_pm_wordpressPluginTrustindexPlugin_wordpressPlugin
REST Endpoints
/wp-json/trustindex-api/v1/feed/wp-json/trustindex-api/v1/feed/template/wp-json/trustindex-api/v1/feed/content/wp-json/trustindex-api/v1/feed/css/wp-json/trustindex-api/v1/feed/scripts/wp-json/trustindex-api/v1/feed/settings
FAQ

Frequently Asked Questions about Widgets for WordPress Reviews