ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema Security & Risk Analysis
wordpress.org/plugins/reviewxDrive woocommerce business growth with social proof: gather product reviews with multicriteria ratings, auto-reminder emails, discounts, and more.
Is ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema Safe to Use in 2026?
Generally Safe
Score 93/100ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema has a strong security track record. Known vulnerabilities have been patched promptly.
The reviewx plugin v2.3.6 presents a mixed security posture. While the static analysis shows a clean slate regarding immediate exploitable entry points like AJAX handlers, REST API routes, and shortcodes without proper authorization checks, and no critical or high severity taint flows were detected, there are significant underlying concerns. The plugin has a history of 9 CVEs, with 3 high and 6 medium severity vulnerabilities, indicating a pattern of recurring security flaws such as improper input validation, missing authorization, and cross-site scripting. This historical context is concerning, especially given the recent vulnerability discovered on August 16, 2024.
The static analysis also reveals some weaknesses. Only 4% of output escaping is properly implemented, suggesting a high risk of Cross-Site Scripting (XSS) vulnerabilities, even if not flagged by the taint analysis in this specific version. The fact that 19% of SQL queries are not using prepared statements also points to a potential for SQL injection vulnerabilities. The bundling of Guzzle, a common library, might introduce risks if it's an outdated or vulnerable version, though the analysis doesn't specify this.
Overall, while the current version appears to have closed known vulnerabilities and lacks immediate critical entry points, the historical pattern of numerous high and medium severity issues, coupled with poor output escaping and a percentage of raw SQL queries, suggests a plugin that requires vigilance. Users should be aware of the plugin's past security record and monitor for future updates and potential discoveries.
Key Concerns
- High percentage of improperly escaped output
- Significant number of non-prepared SQL queries
- History of 3 high severity CVEs
- History of 6 medium severity CVEs
- Bundled library (Guzzle)
ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema Security Vulnerabilities
CVEs by Year
Severity Breakdown
9 total CVEs
ReviewX – Multi-criteria Rating & Reviews for WooCommerce <= 1.6.28 - Insufficient Input Validation
ReviewX – Multi-criteria Rating & Reviews for WooCommerce <= 1.6.27 - Missing Authorization
ReviewX <= 1.6.21 - Missing Authorization
ReviewX <= 1.6.22 - Authenticated (Contributor+) Stored Cross-Site Scripting
ReviewX <= 1.6.17 - Missing Authorization in rx_coupon_from_submit
ReviewX <= 1.6.13 - Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation
ReviewX – Multi-criteria Rating & Reviews for WooCommerce <= 1.6.8 - Authenticated (Subscriber+) SQL Injection
ReviewX <= 1.6.7 - Unauthenticated CSV Injection
WooCommerce Reviews Plugin with Multi-criteria Rating by ReviewX < 1.2.9 - Cross-Site Request Forgery
ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema Code Analysis
Bundled Libraries
SQL Query Safety
Output Escaping
ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema Attack Surface
Scheduled Events 2
Maintenance & Trust
ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema Maintenance & Trust
Maintenance Signals
Community Trust
ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema Alternatives
Photo Reviews for WooCommerce
woo-photo-reviews
Let customers attach photos to reviews, enhanced with filterable grids and overall ratings. Auto-send review reminders and coupon emails
Customer Reviews Collector for WooCommerce
customer-reviews-collector-for-woocommerce
Collect reviews on Google, Facebook, Yelp, Trustindex and other platforms automatically, with the help of our system.
WiserReview Product Reviews for WooCommerce
wiser-review
Collect, manage, and display powerful product reviews and testimonials for WooCommerce stores. Boost trust and conversion with automated review collec …
Builder for WooCommerce product reviews shortcodes – ReviewShort
woo-product-reviews-shortcode
Show WooCommerce customer feedback anywhere with WooCommerce reviews shortcodes, beautifully and ...
Mail Mage
mail-mage
Recover Abandoned WooCommerce cart emails, send WooCommerce Product reminder emails, Automate your WordPress marketing workflows to help convert, reta …
ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema Developer Profile
1 plugin · 9K total installs
How We Detect ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/reviewx/app/Customize/assets/js/reviewx-customize.js/wp-content/plugins/reviewx/app/Customize/assets/js/reviewx-customize.jsreviewx-customize?ver=HTML / DOM Fingerprints
rvx_form_inputrvx_reviews_overview_sectionrvx_filter_sectionrvx_review_items_sectionrvx_form_sectionReviewX Customize options - live preview jsReviewX Customize options DataAdd Section to the Panel [ReviewX -> Reviews Overview Section]ReviewX - General Settings+8 moredata-customize-setting-link="rvx_reviews_overview_rating_out_of_text_color"data-customize-setting-link="rvx_reviews_overview_rating_out_of_text_font_size"data-customize-setting-link="rvx_reviews_overview_rating_out_of_total_text_color"data-customize-setting-link="rvx_reviews_overview_rating_out_of_total_text_font_size"data-customize-setting-link="rvx_reviews_overview_rating_badge_background_color"data-customize-setting-link="rvx_reviews_overview_rating_badge_text_color"REVIEWX_VERSIONREVIEWX_CUSTOMIZER_URL