Does Rich Showcase for Google Reviews have any unpatched vulnerabilities?

No. All known vulnerabilities in Rich Showcase for Google Reviews have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Rich Showcase for Google Reviews compatible with WordPress 6.9.4?

According to WordPress.org data, Rich Showcase for Google Reviews 6.9.4.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Rich Showcase for Google Reviews compatible with PHP 7.2+?

Rich Showcase for Google Reviews requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Rich Showcase for Google Reviews updated?

Rich Showcase for Google Reviews was last updated on Feb 12, 2026. Frequent updates are generally a positive security signal.

What is Rich Showcase for Google Reviews's security score?

Rich Showcase for Google Reviews has a WP-Safety security score of 90/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Rich Showcase for Google Reviews Security Review

Safety Verdict

Is Rich Showcase for Google Reviews Safe to Use in 2026?

Generally Safe

Score 90/100

Rich Showcase for Google Reviews has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Dec 5, 2025Updated 1mo ago

Risk Assessment

The "widget-google-reviews" plugin version 6.9.4.4 exhibits a mixed security posture with some concerning findings despite several good practices. While the absence of dangerous functions and the presence of nonce and capability checks are positive, the plugin has several areas of risk. A significant concern is the number of AJAX handlers (3 out of 8) that lack authentication checks, presenting a potential attack vector. The taint analysis also reveals 4 high-severity flows with unsanitized paths, indicating potential vulnerabilities that could be exploited. The plugin's vulnerability history is also a notable point of concern, with 5 known CVEs in the past, including 3 high-severity ones, suggesting a recurring pattern of exploitable weaknesses, particularly related to Cross-site Scripting, SQL Injection, CSRF, and missing authorization.

Despite these risks, the plugin does demonstrate some positive security measures. The majority of SQL queries (55%) use prepared statements, and a good portion of output (61%) is properly escaped. The low number of file operations and external HTTP requests also limits the potential for certain types of attacks. However, the combination of unprotected entry points, high-severity taint flows, and a history of significant vulnerabilities means that caution is warranted. The presence of unpatched CVEs in the past, even if none are currently listed, suggests a need for vigilance and timely updates.

Key Concerns

AJAX handlers without authentication checks
High severity taint flows
Vulnerability history (high severity)
Vulnerability history (medium severity)
SQL queries not using prepared statements
Output escaping not properly handled

Vulnerabilities

5

Rich Showcase for Google Reviews Security Vulnerabilities

CVEs by Year

2 CVEs in 2022

2022

1 CVE in 2023

2023

1 CVE in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

3

Medium

2

5 total CVEs

CVE-2025-12499high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Rich Shortcodes for Google Reviews <= 6.8 - Unauthenticated Stored Cross-Site Scripting via Google Review

Dec 5, 2025 Patched in 6.8.1 (1d)

CVE-2023-6884medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Plugin for Google Reviews <= 3.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode

Jan 12, 2024 Patched in 3.2 (200d)

CVE-2022-44580high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Plugin for Google Reviews <= 2.2.3 - Authenticated (Subscriber+) SQL Injection

Feb 8, 2023 Patched in 2.2.4 (349d)

WF-e5ca3c84-9d3d-4bbe-90f7-44c9d77a6690-widget-google-reviewshigh · 8.8Cross-Site Request Forgery (CSRF)

Plugin for Google Reviews <= 2.2.2 - Cross-Site Request Forgery

Nov 16, 2022 Patched in 2.2.3 (433d)

CVE-2022-45369medium · 5.4Missing Authorization

Plugin for Google Reviews <= 2.2.2 - Missing Authorization

Nov 16, 2022 Patched in 2.2.3 (433d)

Code Analysis

Analyzed Mar 16, 2026

Rich Showcase for Google Reviews Code Analysis

Dangerous Functions

0

Raw SQL Queries

27

33 prepared

Unescaped Output

84

134 escaped

Nonce Checks

8

Capability Checks

9

File Operations

1

External Requests

10

Bundled Libraries

0

SQL Query Safety

55% prepared60 total queries

Output Escaping

61% escaped218 total outputs

Data Flows

9 unsanitized

Data Flow Analysis

19 flows9 with unsanitized paths

init (includes\class-builder-page.php:24)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

Rich Showcase for Google Reviews Attack Surface

Entry Points9

Unprotected3

AJAX Handlers 8

authwp_ajax_grw_rateus_ajaxincludes\admin\class-admin-rateus-ajax.php:8

authwp_ajax_grw_rateus_ajax_feedbackincludes\admin\class-admin-rateus-ajax.php:9

authwp_ajax_grw_feed_save_ajaxincludes\class-feed-ajax.php:20

authwp_ajax_grw_overview_ajaxincludes\class-plugin-overview-ajax.php:14

authwp_ajax_grw_hide_reviewincludes\core\class-google-connect.php:14

authwp_ajax_grw_connect_googleincludes\core\class-google-connect.php:15

authwp_ajax_grw_place_autocompleteincludes\core\class-google-connect.php:16

authwp_ajax_grw_get_placeincludes\core\class-google-connect.php:17

Shortcodes 1

[grw] includes\class-feed-shortcode.php:24

WordPress Hooks 45

filterplugin_action_linksgrw.php:45

filterplugin_row_metagrw.php:61

filterget_edit_post_linkincludes\admin\class-admin-feed-columns.php:23

filterpost_row_actionsincludes\admin\class-admin-feed-columns.php:26

filterget_the_excerptincludes\admin\class-admin-feed-columns.php:27

actionadmin_menuincludes\admin\class-admin-menu.php:14

actionadmin_menuincludes\admin\class-admin-menu.php:15

filtersubmenu_fileincludes\admin\class-admin-menu.php:16

filteradmin_body_classincludes\admin\class-admin-menu.php:17

filterremovable_query_argsincludes\admin\class-admin-notice.php:26

actionadmin_noticesincludes\admin\class-admin-notice.php:27

actionadmin_noticesincludes\admin\class-admin-notice.php:28

actiongrw_admin_noticesincludes\admin\class-admin-notice.php:49

actionadmin_noticesincludes\admin\class-admin-rev.php:8

actionwp_after_admin_bar_renderincludes\admin\class-admin-tophead.php:8

actioninitincludes\class-activator.php:47

actionadmin_enqueue_scriptsincludes\class-assets.php:49

actionadmin_enqueue_scriptsincludes\class-assets.php:50

actionadmin_enqueue_scriptsincludes\class-assets.php:51

actionadmin_enqueue_scriptsincludes\class-assets.php:52

actionwp_enqueue_scriptsincludes\class-assets.php:54

actionwp_enqueue_scriptsincludes\class-assets.php:55

actionwp_enqueue_scriptsincludes\class-assets.php:58

actionwp_enqueue_scriptsincludes\class-assets.php:59

filterscript_loader_tagincludes\class-assets.php:61

filterstyle_loader_tagincludes\class-assets.php:65

filterget_rocket_option_remove_unused_css_safelistincludes\class-assets.php:71

actiongrw_admin_page_grw-builderincludes\class-builder-page.php:21

actionenqueue_block_editor_assetsincludes\class-feed-block.php:24

actioninitincludes\class-feed-block.php:25

actionblock_categories_allincludes\class-feed-block.php:26

actiongrw_admin_page_grwincludes\class-plugin-overview.php:16

actiongrw_admin_page_grwincludes\class-plugin-overview.php:26

actiongrw_admin_page_grw-settingsincludes\class-plugin-settings.php:24

actiongrw_admin_page_grw-settingsincludes\class-plugin-settings.php:25

actiongrw_admin_page_grw-supportincludes\class-plugin-support.php:14

actiongrw_admin_page_grw-supportincludes\class-plugin-support.php:15

actioninitincludes\class-plugin.php:38

actionadmin_initincludes\class-plugin.php:39

actionplugins_loadedincludes\class-plugin.php:40

actionwidgets_initincludes\class-plugin.php:88

actioninitincludes\class-post-types.php:10

filtercron_schedulesincludes\class-reviews-cron.php:18

actiongrw_revupd_scheduleincludes\class-reviews-cron.php:19

actionadmin_post_grw_settings_saveincludes\class-settings-save.php:16

Scheduled Events 1

grw_revupd_schedule

Maintenance & Trust

Rich Showcase for Google Reviews Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 12, 2026

PHP min version7.2

Downloads7.0M

Community Trust

Rating98/100

Number of ratings1,574

Active installs100K

Alternatives

Rich Showcase for Google Reviews Alternatives

Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More

reviews-feed

A

99

No API key required. Display Yelp and Google reviews for any business in a clean, customizable feed on your site.

100K 2 CVEs

Free Customer Service Tools by OpenWidget

free-customer-service-tools-by-openwidget

A

92

Enhance engagement and trust with AI-based tools, Google Reviews, bug reporting, live chat, FAQs, and more! No coding skills required.

500 No CVEs

Free Google Reviews widget by OpenWidget

free-google-reviews-widget-by-openwidget

A

92

⭐️ Embed Google reviews into your WordPress site. Improve trust, sales & SEO of your Wordpress site with Google reviews.

100 No CVEs

Smart Showcase for Google Reviews

smart-showcase-for-google-reviews

A

100

Smart Showcase for Google Reviews is a WordPress plugin that lets businesses display Google customer reviews on their websites easily.

90 No CVEs

Revix Reviews – All-in-One Business Review Manager

revix-reviews

A

100

Revix Reviews helps you collect, import, and display reviews—including Trustpilot and Google—with more platforms coming soon.

60 No CVEs

Developer Profile

Rich Showcase for Google Reviews Developer Profile

richplugins

5 plugins · 114K total installs

70

trust score

Avg Security Score

87/100

Avg Patch Time

204 days

View full developer profile

Detection Fingerprints

How We Detect Rich Showcase for Google Reviews

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/widget-google-reviews/css/admin-main.css/wp-content/plugins/widget-google-reviews/css/public-main.css/wp-content/plugins/widget-google-reviews/css/public-badge.css/wp-content/plugins/widget-google-reviews/js/admin-main.js/wp-content/plugins/widget-google-reviews/js/admin-builder.js/wp-content/plugins/widget-google-reviews/js/admin-apexcharts.js/wp-content/plugins/widget-google-reviews/js/public-main.js

Script Paths

https://cdn.reviewsplugin.com/assets/js/time.jshttps://cdn.reviewsplugin.com/assets/js/utils.jshttps://cdn.reviewsplugin.com/assets/js/column.jshttps://cdn.reviewsplugin.com/assets/js/common.jshttps://cdn.reviewsplugin.com/assets/js/lightbox.jshttps://cdn.reviewsplugin.com/assets/js/toast.js+7 more

Version Parameters

widget-google-reviews/css/admin-main.css?ver=widget-google-reviews/css/public-main.css?ver=widget-google-reviews/css/public-badge.css?ver=widget-google-reviews/js/admin-main.js?ver=widget-google-reviews/js/admin-builder.js?ver=widget-google-reviews/js/admin-apexcharts.js?ver=widget-google-reviews/js/public-main.js?ver=

HTML / DOM Fingerprints

CSS Classes

grw-reviewsgrw-badgegrw-container

Data Attributes

data-grw-iddata-grw-reviews-iddata-grw-typedata-grw-location-id

JS Globals

grw_builder_params

Shortcode Output

[grw-reviews-gallery[grw-reviews-slider[grw-reviews-badge

FAQ

Rich Showcase for Google Reviews Security & Risk Analysis