StartMyReview Security & Risk Analysis
wordpress.org/plugins/start-my-reviewStartMyReview adds review widget into your WordPress installation
Is StartMyReview Safe to Use in 2026?
Generally Safe
Score 85/100StartMyReview has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "start-my-review" plugin v3.0.2 presents a mixed security posture. On the positive side, the plugin demonstrates good practices by exclusively using prepared statements for its SQL queries and a high percentage of properly escaped outputs, minimizing direct SQL injection and XSS risks from these common vectors. The absence of known CVEs in its history is also a strong indicator of past security diligence. However, significant concerns arise from the taint analysis, which reveals three high-severity flows with unsanitized paths. These flows represent potential vulnerabilities where user-supplied data could be manipulated to achieve unintended consequences, even if the direct attack surface appears limited in the static analysis.
While the static analysis reports zero AJAX handlers, REST API routes, shortcodes, or cron events, suggesting a limited attack surface, the taint analysis findings cannot be overlooked. The presence of unsanitized paths indicates that data might be processed in a way that is susceptible to injection attacks or other malicious manipulations, particularly if these paths are triggered by external input. The lack of capability checks on any entry points is a notable weakness, meaning that if an entry point were discovered or indirectly triggered, there might be no authorization layer to prevent unauthorized access or actions. The plugin's overall security is hampered by these unaddressed taint flows and the absence of capability checks, despite its positive attributes in other areas.
Key Concerns
- High severity taint flows with unsanitized paths
- Missing capability checks on entry points
- Unsanitized paths in taint analysis
StartMyReview Security Vulnerabilities
StartMyReview Release Timeline
StartMyReview Code Analysis
Bundled Libraries
SQL Query Safety
Output Escaping
Data Flow Analysis
StartMyReview Attack Surface
WordPress Hooks 2
Maintenance & Trust
StartMyReview Maintenance & Trust
Maintenance Signals
Community Trust
StartMyReview Alternatives
Reviews Widgets for Google, Yelp & TripAdvisor
fb-reviews-widget
Combine Facebook recommendations with Google, Yelp and TripAdvisor reviews in a widget, block or shortcode. Build a trusted website!
Review Map by RevuKangaroo
review-map-by-revukangaroo
Show off your customer's online reviews with Review Map by Revukangaroo.
BreezeView
breezeview
BreezeView is a plugin that allows users to display Google Reviews for their business with a 5-star rating.
Proton Reviews
proton-reviews
Proton Reviews is the Best Reviews Funnel for Google and Yelp
Total WP Reviews
total-wp-reviews
A plugin show Facebook Page Reviews and Google Places Reviews on your websites in fixed position or widget.
StartMyReview Developer Profile
1 plugin · 0 total installs
How We Detect StartMyReview
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/start-my-review/assets/css/uikit.css/wp-content/plugins/start-my-review/assets/css/toastify.css/wp-content/plugins/start-my-review/assets/css/switchery.css/wp-content/plugins/start-my-review/assets/css/panel-options.css/wp-content/plugins/start-my-review/assets/js/uikit.js/wp-content/plugins/start-my-review/assets/js/uikit-icons.js/wp-content/plugins/start-my-review/assets/js/Chart.bundle.min.js/wp-content/plugins/start-my-review/assets/js/panel-options.js+6 moreHTML / DOM Fingerprints
wrapform-tablesubmitBlock direct access to the file.Create Businesses tabletable not in database. Create new tableCreate comments table+1 morename="smrnc_integration_tag"name=""class="button-primary"src="https://app.startmyreview.com/#/login/"app.ajaxurlapp.baseurlapp.nonce