WP-Safety

Revora Security & Risk Analysis

wordpress.org/plugins/revora

Lightweight, category-based review system with AJAX submission, spam detection, admin moderation, and beautiful Elementor widgets.

0 active installs v1.0.0 PHP 7.4+ WP 5.8+ Updated Mar 12, 2026
ajaxelementorratingreviewstestimonials
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Revora Safe to Use in 2026?

Generally Safe

Score 100/100

Revora has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 23d ago
Risk Assessment

The "revora" plugin version 1.0.0 exhibits a generally good security posture with strong practices in SQL query preparation and output escaping. The plugin demonstrates a commitment to security by implementing a significant number of nonce and capability checks. However, a notable concern arises from the presence of one AJAX handler that lacks authentication checks, potentially opening a vector for unauthorized actions. The taint analysis reveals three high-severity flows with unsanitized paths, indicating potential risks where user-supplied data is not properly validated before being used in sensitive operations. The absence of any known historical CVEs is a positive indicator, suggesting a history of responsible development or a lack of significant past security issues. Despite these strengths, the identified unprotected AJAX endpoint and high-severity taint flows represent specific areas requiring immediate attention to mitigate potential vulnerabilities.

Key Concerns

  • AJAX handler without authentication
  • High severity taint flows with unsanitized paths
Vulnerabilities
None known

Revora Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Revora Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
28 prepared
Unescaped Output
9
241 escaped
Nonce Checks
14
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

88% prepared32 total queries

Output Escaping

96% escaped250 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

5 flows5 with unsanitized paths
render_reviews_page (includes\class-admin.php:336)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Revora Attack Surface

Entry Points8
Unprotected1

AJAX Handlers 6

authwp_ajax_revora_quick_editincludes\class-admin.php:26
authwp_ajax_revora_submit_deactivation_feedbackincludes\class-admin.php:1221
authwp_ajax_revora_submitincludes\class-ajax.php:16
noprivwp_ajax_revora_submitincludes\class-ajax.php:17
authwp_ajax_revora_load_moreincludes\class-ajax.php:18
noprivwp_ajax_revora_load_moreincludes\class-ajax.php:19

Shortcodes 2

[revora_reviews] includes\class-shortcodes.php:13
[revora_form] includes\class-shortcodes.php:14
WordPress Hooks 12
actionadmin_menuincludes\class-admin.php:20
actionadmin_initincludes\class-admin.php:21
actionadmin_enqueue_scriptsincludes\class-admin.php:22
actionadmin_initincludes\class-admin.php:23
actionwp_dashboard_setupincludes\class-admin.php:29
actionadmin_footerincludes\class-admin.php:1242
actionelementor/widgets/registerincludes\class-elementor.php:31
actionelementor/elements/categories_registeredincludes\class-elementor.php:32
actionwp_headincludes\class-shortcodes.php:15
actionwp_enqueue_scriptsrevora.php:96
actionadmin_enqueue_scriptsrevora.php:97
actionadmin_initrevora.php:100
Maintenance & Trust

Revora Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 12, 2026
PHP min version7.4
Downloads113

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Revora Alternatives

Site Reviews

Site Reviews

site-reviews

A
96

Site Reviews is a complete review management solution that integrates with WooCommerce and SureCart and works similarly to reviews on Amazon, Tripadvi …

70K 13 CVEs
WP Testimonials

WP Testimonials

testimonial-widgets

A
99

Display your Testimonials on your website fast and easily. 21 widget types, 25 widget styles available. (Free Plugin)

10K 2 CVEs
Better Business Reviews – Trustpilot WordPress Plugin

Better Business Reviews – Trustpilot WordPress Plugin

better-business-reviews

A
99

Better Business Reviews allows you to display your business reviews from a Trustpilot profile.

3K 1 CVE
Gutena Star Ratings

Gutena Star Ratings

gutena-star-ratings

A
100

Gutena Star Ratings is a great block that lets you add star rating to client testimonials and reviews. Not only the star rating will tell customers ho …

1K No CVEs
Review & testimonial widgets

Review & testimonial widgets

trustmary

A
91

Add reviews to your website with Trustmary’s review and testimonial widgets: Google Review Widget, Facebook Review Widget, Tripadvisor Review Widget, …

1K 1 CVE
Developer Profile

Revora Developer Profile

Moksedul Islam

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Revora

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/revora/assets/css/revora-frontend.css/wp-content/plugins/revora/assets/css/revora-card-variants.css/wp-content/plugins/revora/assets/js/revora-frontend.js/wp-content/plugins/revora/assets/css/revora-admin.css/wp-content/plugins/revora/assets/js/revora-admin.js/wp-content/plugins/revora/assets/css/revora-deactivation.css/wp-content/plugins/revora/assets/js/revora-deactivation.js
Script Paths
/wp-content/plugins/revora/assets/js/revora-frontend.js/wp-content/plugins/revora/assets/js/revora-admin.js/wp-content/plugins/revora/assets/js/revora-deactivation.js
Version Parameters
revora-frontendrevora-card-variantsrevora-adminrevora-deactivation

HTML / DOM Fingerprints

CSS Classes
revora-review-formrevora-review-listrevora-admin-wrap
HTML Comments
<!-- Revora review form --><!-- Revora review list --><!-- Revora admin settings page -->
Data Attributes
data-revora-post-iddata-revora-nonce
JS Globals
revora_varsrevoraAdminrevoraDeactivation
REST Endpoints
/wp-json/revora/v1/submit-review/wp-json/revora/v1/get-reviews
Shortcode Output
[revora_form][revora_reviews]
FAQ

Frequently Asked Questions about Revora