Does Ryviu – Product Reviews for WooCommerce have any unpatched vulnerabilities?

Yes — Ryviu – Product Reviews for WooCommerce currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Ryviu – Product Reviews for WooCommerce compatible with WordPress 6.8.5?

According to WordPress.org data, Ryviu – Product Reviews for WooCommerce 3.1.26 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Ryviu – Product Reviews for WooCommerce updated?

Ryviu – Product Reviews for WooCommerce was last updated on Sep 11, 2025. Frequent updates are generally a positive security signal.

What is Ryviu – Product Reviews for WooCommerce's security score?

Ryviu – Product Reviews for WooCommerce has a WP-Safety security score of 78/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Ryviu – Product Reviews for WooCommerce Security & Risk Analysis

wordpress.org/plugins/ryviu

Install Ryviu quickly and easily into your WordPress site. Boost eco-friendly eCommerce with trusted reviews and increased sales growth.

2K active installs v3.1.26 PHP + WP 4.0+ Updated Sep 11, 2025

dropshipingfake-reviewsmanage-reviewsreviewswoocommerce-reviews

B · Generally Safe

CVEs total1

Unpatched1

Last CVEJan 22, 2026

Plugin page Download

Safety Verdict

Is Ryviu – Product Reviews for WooCommerce Safe to Use in 2026?

Mostly Safe

Score 78/100

Ryviu – Product Reviews for WooCommerce is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Jan 22, 2026Updated 6mo ago

Risk Assessment

The "ryviu" v3.1.26 plugin exhibits significant security concerns, primarily stemming from a substantial lack of authorization checks and a concerning reliance on potentially unsafe coding practices. The static analysis reveals that half of its attack surface, specifically 5 out of 10 entry points, are completely unprotected by authentication or authorization mechanisms. This makes these entry points highly vulnerable to unauthorized access and potential manipulation. Furthermore, the analysis highlights that 100% of its SQL queries are not using prepared statements, increasing the risk of SQL injection vulnerabilities. The low percentage of properly escaped output (34%) also suggests a high likelihood of cross-site scripting (XSS) vulnerabilities.

The vulnerability history reinforces these concerns, indicating a recurring pattern of "Missing Authorization" vulnerabilities. The presence of one unpatched medium-severity CVE, last identified in 2026, points to persistent security weaknesses that have not been fully addressed. While the plugin doesn't show critical taint flows or dangerous functions, the combination of numerous unprotected entry points, raw SQL queries, and insufficient output escaping, coupled with a history of authorization flaws, paints a picture of a plugin with a fragile security posture. Addressing the unprotected entry points and implementing robust input validation and output escaping are critical steps for improving its security.

Key Concerns

Unprotected AJAX handlers
Raw SQL queries without prepared statements
Low percentage of properly escaped output
Unpatched medium severity CVE
No nonce checks on AJAX
No capability checks
Flows with unsanitized paths

Vulnerabilities

Ryviu – Product Reviews for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched

2026

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2026-24562medium · 5.3Missing Authorization

Ryviu – Product Reviews for WooCommerce <= 3.1.26 - Missing Authorization

Jan 22, 2026Unpatched

Code Analysis

Analyzed Mar 16, 2026

Ryviu – Product Reviews for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

15 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared2 total queries

Output Escaping

34% escaped44 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<ajax> (ajax.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

5 unprotected

Ryviu – Product Reviews for WooCommerce Attack Surface

Entry Points10

Unprotected5

AJAX Handlers 5

authwp_ajax_ryviu_add_to_cartincludes\functions.php:686

noprivwp_ajax_ryviu_add_to_cartincludes\functions.php:687

authwp_ajax_ryviu_check_connectincludes\functions.php:768

authwp_ajax_ryviu_update_frontendincludes\functions.php:779

authwp_ajax_ryviu_update_metaincludes\functions.php:790

Shortcodes 5

[ryviu_widget_total] includes\functions.php:816

[ryviu_widget] includes\functions.php:831

[ryviu_widget_colection] includes\functions.php:847

[ryviu_question_and_answer] includes\functions.php:862

[ryviu_badge] includes\functions.php:875

WordPress Hooks 35

actionrest_api_initincludes\class-ryviu-hook.php:21

actionwp_enqueue_scriptsincludes\class-ryviu.php:50

actionadmin_enqueue_scriptsincludes\class-ryviu.php:51

filterscript_loader_tagincludes\class-ryviu.php:53

actioninitincludes\class-ryviu.php:54

filterquery_varsincludes\class-ryviu.php:55

actiontemplate_redirectincludes\class-ryviu.php:57

actioninitincludes\class-ryviu.php:58

actioninitincludes\functions.php:45

filterwoocommerce_product_tabsincludes\functions.php:52

actionwp_headincludes\functions.php:66

actionwp_headincludes\functions.php:108

actionwoocommerce_after_single_product_summaryincludes\functions.php:139

filterwoocommerce_product_tabsincludes\functions.php:142

actionryviu_question_and_answerincludes\functions.php:145

actionryviu_display_reviewincludes\functions.php:149

filterwoocommerce_product_tabsincludes\functions.php:157

actionryviu_display_total_reviewincludes\functions.php:176

actionryviu_display_review_total_in_loopincludes\functions.php:191

filterrank_math/snippet/rich_snippet_product_entityincludes\functions.php:461

filterwoocommerce_structured_data_productincludes\functions.php:463

actionwp_footerincludes\functions.php:521

filtermanage_product_posts_columnsincludes\functions.php:719

actionmanage_product_posts_custom_columnincludes\functions.php:733

actioninitincludes\json-api.php:9

actioninitincludes\json-api.php:10

filterquery_varsincludes\json-api.php:11

actiontemplate_redirectincludes\json-api.php:12

actionadmin_menuincludes\settings.php:18

actionadmin_initincludes\settings.php:19

actionadmin_enqueue_scriptsincludes\settings.php:20

actionwoocommerce_product_duplicateincludes\woo-hooks.php:14

actiontransition_post_statusincludes\woo-hooks.php:145

actionbefore_woocommerce_initryviu.php:46

actionadmin_noticesryviu.php:114

Maintenance & Trust

Ryviu – Product Reviews for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedSep 11, 2025

PHP min version

Downloads92K

Community Trust

Rating76/100

Number of ratings43

Active installs2K

Alternatives

Ryviu – Product Reviews for WooCommerce Alternatives

Photo Reviews for WooCommerce

woo-photo-reviews

100

Let customers attach photos to reviews, enhanced with filterable grids and overall ratings. Auto-send review reminders and coupon emails

10K No CVEs

ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema

reviewx

Drive woocommerce business growth with social proof: gather product reviews with multicriteria ratings, auto-reminder emails, discounts, and more.

9K 9 CVEs

Faview – Virtual Reviews for WooCommerce

woo-virtual-reviews

100

Faview - Virtual Reviews for WooCommerce generates and displays canned reviews to boost your customer engagement.

9K No CVEs

Customer Reviews Collector for WooCommerce

customer-reviews-collector-for-woocommerce

Collect reviews on Google, Facebook, Yelp, Trustindex and other platforms automatically, with the help of our system.

5K 1 CVE

Yotpo: Product & Photo Reviews for WooCommerce

yotpo-social-reviews-for-woocommerce

Collect product reviews, photo reviews, site reviews & ratings

2K 1 CVE

Developer Profile

Ryviu – Product Reviews for WooCommerce Developer Profile

Ryviu

1 plugin · 2K total installs

trust score

Avg Security Score

78/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Ryviu – Product Reviews for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ryviu/assets/css/ryviu-frontend.css/wp-content/plugins/ryviu/assets/css/ryviu-frontend.min.css/wp-content/plugins/ryviu/assets/js/ryviu-frontend.js/wp-content/plugins/ryviu/assets/js/ryviu-frontend.min.js/wp-content/plugins/ryviu/assets/js/ryviu-admin.js/wp-content/plugins/ryviu/assets/js/ryviu-admin.min.js

Script Paths

/wp-content/plugins/ryviu/assets/js/ryviu-frontend.js/wp-content/plugins/ryviu/assets/js/ryviu-frontend.min.js/wp-content/plugins/ryviu/assets/js/ryviu-admin.js/wp-content/plugins/ryviu/assets/js/ryviu-admin.min.js

Version Parameters

ryviu/assets/css/ryviu-frontend.css?ver=ryviu/assets/js/ryviu-frontend.js?ver=ryviu/assets/js/ryviu-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

ryviu-widgetryviu-main-widgetryviu-product-reviewsryviu-rating-wrapperryviu-reviews-listryviu-review-itemryviu-rating-starsryviu-review-form+8 more

HTML Comments

/** (C) Copryright https://www.ryviu.com **/

Data Attributes

data-ryviu-product-iddata-ryviu-widget-iddata-ryviu-product-handledata-ryviu-review-id

JS Globals

RyviuWooryviu_paramsryviu_options

REST Endpoints

/wp-json/ryviu/v1/

FAQ