Does Trustpilot Reviews have any unpatched vulnerabilities?

No. All known vulnerabilities in Trustpilot Reviews have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Trustpilot Reviews compatible with WordPress 6.2.9?

According to WordPress.org data, Trustpilot Reviews 3.11.0 has been tested up to WordPress 6.2.9. Check the plugin's changelog for the latest compatibility information.

Is Trustpilot Reviews compatible with PHP 5.2.0+?

Trustpilot Reviews requires PHP 5.2.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Trustpilot Reviews updated?

Trustpilot Reviews was last updated on Jan 20, 2026. Frequent updates are generally a positive security signal.

What is Trustpilot Reviews's security score?

Trustpilot Reviews has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Trustpilot Reviews Security & Risk Analysis

wordpress.org/plugins/trustpilot-reviews

Generate reviews, add TrustBox for your Woocommerce site with Trustpilot reviews plugin

30K active installs v3.11.0 PHP 5.2.0+ WP 3.5.1+ Updated Jan 20, 2026

brandreviewtrustpilottrustpilot-reviewswidget

A · Safe

CVEs total1

Unpatched0

Last CVESep 22, 2025

Download

Safety Verdict

Is Trustpilot Reviews Safe to Use in 2026?

Generally Safe

Score 99/100

Trustpilot Reviews has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Sep 22, 2025Updated 2mo ago

Risk Assessment

The trustpilot-reviews plugin v3.11.0 exhibits a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and a high percentage of properly escaped output, there are significant concerns regarding its attack surface and historical vulnerability patterns. The presence of three AJAX handlers without authentication checks is a notable risk, as these could potentially be exploited by unauthenticated users to perform unintended actions or expose sensitive information.

Taint analysis revealed one flow with unsanitized paths, which, although not classified as critical or high severity in this report, warrants attention as it indicates a potential pathway for injection vulnerabilities if not properly handled. The plugin's history includes one medium-severity CVE, and while currently unpatched vulnerabilities are zero, the common vulnerability type being 'Missing Authorization' is a red flag. This suggests a recurring issue with securing entry points, which aligns with the static analysis finding of unprotected AJAX handlers.

In conclusion, the plugin has strengths in its data handling and output sanitization. However, the unprotected AJAX endpoints and past authorization issues present clear security weaknesses that require immediate remediation. Addressing the unprotected entry points and ensuring robust authorization checks are implemented across all handlers would significantly improve the plugin's overall security posture.

Key Concerns

Unprotected AJAX handlers
Flow with unsanitized paths
Medium severity CVE in history
Common vulnerability type: Missing Authorization

Vulnerabilities

Trustpilot Reviews Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-57997medium · 5.4Missing Authorization

Trustpilot Reviews <= 2.5.925 - Missing Authorization

Sep 22, 2025 Patched in 3.6.0 (47d)

Code Analysis

Analyzed Mar 16, 2026

Trustpilot Reviews Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

27 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

84% escaped32 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

4 flows1 with unsanitized paths

trustpilot_check_product_skus (review\Admin.php:134)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

Trustpilot Reviews Attack Surface

Entry Points6

Unprotected3

AJAX Handlers 6

authwp_ajax_handle_past_ordersreview\Admin.php:58

authwp_ajax_handle_save_changesreview\Admin.php:59

authwp_ajax_reload_trustpilot_settingsreview\Admin.php:60

authwp_ajax_check_product_skusreview\Admin.php:61

authwp_ajax_get_signup_datareview\Admin.php:62

authwp_ajax_get_category_product_inforeview\Admin.php:63

WordPress Hooks 12

actionadmin_enqueue_scriptsreview\Admin.php:56

actionadmin_enqueue_scriptsreview\Admin.php:57

actionadmin_menureview\Admin.php:66

filtersafe_style_cssreview\Admin.php:585

actionwoocommerce_order_status_changedreview\Orders.php:46

actionwoocommerce_thankyoureview\Orders.php:47

filterclean_urlreview\Plugin.php:145

actionwp_enqueue_scriptsreview\Plugin.php:146

actionwp_enqueue_scriptsreview\TrustBox.php:73

actiontemplate_redirectreview\TrustBox.php:74

actionplugins_loadedwc_trustpilot.php:82

actionbefore_woocommerce_initwc_trustpilot.php:87

Maintenance & Trust

Trustpilot Reviews Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9

Last updatedJan 20, 2026

PHP min version5.2.0

Downloads428K

Community Trust

Rating36/100

Number of ratings70

Active installs30K

Alternatives

Trustpilot Reviews Alternatives

Widgets for Google Reviews

wp-reviews-plugin-for-google

Embed Google reviews fast and easily into your WordPress site. Increase SEO, trust and sales using Google reviews.

900K 4 CVEs

Rich Showcase for Google Reviews

widget-google-reviews

Display up to 10 Google reviews in less than a minute. Continue collecting new reviews. No limits on connected places, widgets, shortcodes and blocks.

100K 5 CVEs

Social Icons

social-icons

Social Icons provides you with an easy way to display various popular social icons via widgets and shortcode

10K No CVEs

WP Testimonials

testimonial-widgets

Display your Testimonials on your website fast and easily. 21 widget types, 25 widget styles available. (Free Plugin)

10K 2 CVEs

Widgets for Booking.com Reviews

review-widgets-for-booking-com

100

Embed Booking.com reviews fast and easily into your WordPress site. Increase SEO, trust and sales using Booking.com reviews.

8K No CVEs

Developer Profile

Trustpilot Reviews Developer Profile

Trustpilot

1 plugin · 30K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

47 days

View full developer profile

Detection Fingerprints

How We Detect Trustpilot Reviews

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/trustpilot-reviews/assets/css/admin-styles.css/wp-content/plugins/trustpilot-reviews/assets/css/tp-styles.css/wp-content/plugins/trustpilot-reviews/assets/js/admin-scripts.js/wp-content/plugins/trustpilot-reviews/assets/js/tp-scripts.js

Script Paths

/wp-content/plugins/trustpilot-reviews/assets/js/tp-scripts.js/wp-content/plugins/trustpilot-reviews/assets/js/admin-scripts.js

Version Parameters

trustpilot-reviews/assets/css/admin-styles.css?ver=trustpilot-reviews/assets/css/tp-styles.css?ver=trustpilot-reviews/assets/js/admin-scripts.js?ver=trustpilot-reviews/assets/js/tp-scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes

trustpilot-reviews

HTML Comments

Data Attributes

data-tp-widget

JS Globals

Trustpilot

REST Endpoints

/wp-json/trustpilot-reviews/

Shortcode Output

[trustpilot_reviews]

FAQ