Trustmetrics Security & Risk Analysis

wordpress.org/plugins/trustmetrics

Trustmetrics: WordPress plugin for review aggregation & analytics. Boost trust score with Google, Facebook reviews & gain insights.

0 active installs v1.0 PHP 7.0+ WP 5.5+ Updated Jul 10, 2024
facebook-review-widget-badgegoogle-review-widget-badgereputation-management-pluginreview-management-plugintrustmetrics-review-widget-badge
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Trustmetrics Safe to Use in 2026?

Generally Safe

Score 85/100

Trustmetrics has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The "trustmetrics" v1.0 plugin exhibits a generally good security posture, with several positive indicators. The static analysis reveals no dangerous function calls, all SQL queries utilize prepared statements, and all output is properly escaped, which are strong security practices. The absence of known vulnerabilities in its history further contributes to its favorable assessment.

However, the analysis does highlight some areas for improvement. The presence of two flows with unsanitized paths in the taint analysis warrants attention, as these could potentially lead to security issues if not properly handled. While the number of external HTTP requests (12) is not inherently a vulnerability, it represents an attack vector that should be monitored for any potential malicious activity or data leakage. The single nonce check suggests that some critical operations might be exposed without adequate protection against CSRF attacks.

Overall, "trustmetrics" v1.0 demonstrates a foundation of good security coding practices. The lack of critical issues and vulnerabilities is encouraging. However, the identified unsanitized paths and the single nonce check represent potential weaknesses that should be addressed to strengthen its security and minimize potential risks.

Key Concerns

  • Flows with unsanitized paths found
  • External HTTP requests made
  • Only one nonce check found
Vulnerabilities
None known

Trustmetrics Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Trustmetrics Release Timeline

v1.0Current
Code Analysis
Analyzed Apr 16, 2026

Trustmetrics Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
282 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
12
Bundled Libraries
1

Bundled Libraries

DataTables

Output Escaping

100% escaped282 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
trustmetrics_reload_page (inc/function.php:94)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Trustmetrics Attack Surface

Entry Points2
Unprotected0

Shortcodes 2

[trustmetrics_widget] trustmetrics.php:211
[trustmetrics_badge] trustmetrics.php:248
WordPress Hooks 15
actionwp_enqueue_stylesinc/function.php:23
actionwp_enqueue_stylesinc/function.php:31
actionwp_enqueue_scriptsinc/function.php:55
actionwp_enqueue_stylesinc/function.php:62
actionwp_enqueue_scriptsinc/function.php:69
actionwp_enqueue_stylesinc/function.php:76
actionwp_enqueue_scriptsinc/function.php:83
actionwp_enqueue_stylesinc/function.php:90
actionwp_enqueue_scriptsinc/function.php:116
actionadmin_post_logoutinc/function.php:120
actionadmin_menutrustmetrics.php:44
filterscript_loader_tagtrustmetrics.php:190
filterscript_loader_tagtrustmetrics.php:232
actionadmin_menutrustmetrics.php:260
actionwp_enqueue_scriptstrustmetrics.php:283
Maintenance & Trust

Trustmetrics Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8
Last updatedJul 10, 2024
PHP min version7.0
Downloads687

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Trustmetrics Alternatives

No alternatives data available yet.

Developer Profile

Trustmetrics Developer Profile

trustmetrics

1 plugin · 0 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Trustmetrics

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/trustmetrics/assets/images/trustmetrics-logo.svg
Script Paths
https://api.trustmetrics.me/embed/trustmetrics.js

HTML / DOM Fingerprints

CSS Classes
trustmetrics-widgettmscript
Data Attributes
token
JS Globals
trustmetrics_custom_auth_token
REST Endpoints
/wp-json/trustmetrics/
Shortcode Output
<div class="trustmetrics-widget"<div class="trustmetrics-widget popup"
FAQ

Frequently Asked Questions about Trustmetrics