WP-Safety

SFR Book Review Showcase Security & Risk Analysis

wordpress.org/plugins/sfr-book-review-showcase

Display Amazon book reviews with customizable layouts, affiliate tracking, OCR import, and analytics. Perfect for book bloggers and authors.

10 active installs v1.4.1 PHP 7.4+ WP 6.0+ Updated Feb 12, 2026
affiliateamazonauthorbook-reviewstestimonials
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is SFR Book Review Showcase Safe to Use in 2026?

Generally Safe

Score 100/100

SFR Book Review Showcase has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "sfr-book-review-showcase" v1.4.1 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices with a high percentage of SQL queries using prepared statements and a majority of output being properly escaped. The plugin also has no known historical vulnerabilities, suggesting a generally stable development history. However, the presence of unprotected AJAX handlers and REST API routes represents a significant concern, creating potential entry points for malicious actors. While the taint analysis did not reveal critical or high severity flows, the two flows with unsanitized paths warrant attention, as they could be exploited depending on the context and user input. The limited number of file operations and external HTTP requests are positive indicators. The plugin's overall risk is moderate, primarily due to the exposed AJAX and REST API endpoints despite the absence of known CVEs and good internal code practices.

Key Concerns

  • Unprotected AJAX handlers
  • Unprotected REST API routes
  • Flows with unsanitized paths
Vulnerabilities
None known

SFR Book Review Showcase Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

SFR Book Review Showcase Code Analysis

Dangerous Functions
0
Raw SQL Queries
5
67 prepared
Unescaped Output
26
536 escaped
Nonce Checks
20
Capability Checks
16
File Operations
1
External Requests
2
Bundled Libraries
0

SQL Query Safety

93% prepared72 total queries

Output Escaping

95% escaped562 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths
handle_ocr_ajax (admin\class-sfrbrs-admin.php:2284)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
5 unprotected

SFR Book Review Showcase Attack Surface

Entry Points8
Unprotected5

AJAX Handlers 5

authwp_ajax_sfrbrs_get_book_formatsadmin\class-sfrbrs-admin.php:99
authwp_ajax_sfrbrs_submit_deactivation_feedbackadmin\class-sfrbrs-admin.php:100
authwp_ajax_sfrbrs_run_ocrincludes\class-sfrbrs-plugin.php:84
authwp_ajax_sfrbrs_delete_screenshotincludes\class-sfrbrs-plugin.php:85
authwp_ajax_sfrbrs_quick_edit_reviewincludes\class-sfrbrs-plugin.php:86

REST API Routes 2

GET/wp-json/sfrbrs/v1/reviewspublic\class-sfrbrs-public.php:196
GET/wp-json/sfrbrs/v1/reviews/clickpublic\class-sfrbrs-public.php:224

Shortcodes 1

[sfr_book_reviews] public\class-sfrbrs-public.php:108
WordPress Hooks 21
actionadmin_noticesadmin\class-sfrbrs-admin.php:93
actionadmin_noticesadmin\class-sfrbrs-admin.php:94
actionadmin_initadmin\class-sfrbrs-admin.php:95
actionadmin_initadmin\class-sfrbrs-admin.php:96
actionadmin_initadmin\class-sfrbrs-admin.php:97
actionadmin_initadmin\class-sfrbrs-admin.php:98
actionplugins_loadedincludes\class-sfrbrs-plugin.php:70
actionadmin_enqueue_scriptsincludes\class-sfrbrs-plugin.php:79
actionadmin_enqueue_scriptsincludes\class-sfrbrs-plugin.php:80
actionadmin_initincludes\class-sfrbrs-plugin.php:81
actionadmin_menuincludes\class-sfrbrs-plugin.php:82
filterset-screen-optionincludes\class-sfrbrs-plugin.php:83
actionwp_enqueue_scriptsincludes\class-sfrbrs-plugin.php:105
actionwp_enqueue_scriptsincludes\class-sfrbrs-plugin.php:106
actioninitincludes\class-sfrbrs-plugin.php:107
actioninitincludes\class-sfrbrs-plugin.php:108
actionrest_api_initincludes\class-sfrbrs-plugin.php:109
actioninitincludes\class-sfrbrs-review-stats.php:48
actionsfrbrs_stats_daily_cleanupincludes\class-sfrbrs-review-stats.php:49
filterpre_do_shortcode_tagpublic\class-sfrbrs-public.php:109
actioninitsfr-book-review-showcase.php:67

Scheduled Events 1

sfrbrs_stats_daily_cleanup
Maintenance & Trust

SFR Book Review Showcase Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 12, 2026
PHP min version7.4
Downloads662

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

SFR Book Review Showcase Alternatives

WP Amazon Ads

WP Amazon Ads

wp-amazon-ads

A
85

WP Amazon Ads - allows you to easily insert Amazon product listings into your WP posts, and earn commission from sales.

30 No CVEs
Advanced Ads – Ad Manager & AdSense

Advanced Ads – Ad Manager & AdSense

advanced-ads

A
88

The only complete toolkit for all ad types. Grow your revenue with AdSense, Amazon—or any affiliate network. Get pinpoint targeting and best support!

100K 8 CVEs
ThirstyAffiliates – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin

ThirstyAffiliates – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin

thirstyaffiliates

A
95

🔗 Affiliate link management & cloaker tool. Easily manage, shrink and track your affiliate links in WordPress. 🔥

30K 5 CVEs
AffiliateX – Amazon Affiliate Plugin

AffiliateX – Amazon Affiliate Plugin

affiliatex

A
96

AffiliateX is the best WordPress Amazon Affiliate Plugin. Create professional affiliate websites with customizable WordPress Amazon Affiliate Blocks.

10K 3 CVEs
WP Review Slider

WP Review Slider

wp-facebook-reviews

A
90

Use the official Facebook API to show off your review and recommendations in a slider or grid! A simple and easy way to display your Twitter and Faceb …

7K 5 CVEs
Developer Profile

SFR Book Review Showcase Developer Profile

SupportFromRichard

6 plugins · 70 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect SFR Book Review Showcase

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/sfr-book-review-showcase/assets/css/admin.css/wp-content/plugins/sfr-book-review-showcase/assets/admin-deactivation-modal.css/wp-content/plugins/sfr-book-review-showcase/assets/admin-deactivation-modal.js/wp-content/plugins/sfr-book-review-showcase/assets/js/admin.js
Script Paths
/wp-content/plugins/sfr-book-review-showcase/assets/admin-deactivation-modal.js/wp-content/plugins/sfr-book-review-showcase/assets/js/admin.js
Version Parameters
sfr-book-review-showcase/assets/css/admin.css?ver=sfr-book-review-showcase/assets/admin-deactivation-modal.css?ver=sfr-book-review-showcase/assets/admin-deactivation-modal.js?ver=sfr-book-review-showcase/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
sfrbrs-review-formsfrbrs-review-list-tablesfrbrs-book-library-tablesfrbrs-settings-formsfrbrs-deactivation-modal-overlaysfrbrs-deactivation-modal-contentsfrbrs-deactivation-modal-headersfrbrs-deactivation-modal-body+1 more
HTML Comments
<!-- SFR Book Review Showcase Settings --><!-- End SFR Book Review Showcase Settings --><!-- SFR Book Review Form --><!-- End SFR Book Review Form -->+6 more
Data Attributes
data-review-iddata-modal-target
JS Globals
sfrbrsAdminsfrbrsDeactivationModal
REST Endpoints
/wp-json/sfrbrs/v1/reviews/wp-json/sfrbrs/v1/categories/wp-json/sfrbrs/v1/books/wp-json/sfrbrs/v1/formats
Shortcode Output
[sfr_book_review_showcase][sfr_book_reviews][sfr_book_recommendations]
FAQ

Frequently Asked Questions about SFR Book Review Showcase