WP-Safety

Widgets for SourceForge Reviews Security & Risk Analysis

wordpress.org/plugins/widgets-for-sourceforge-reviews

Embed SourceForge reviews fast and easily into your WordPress site. Increase SEO, trust and sales using SourceForge reviews.

0 active installs v13.2.7 PHP 7.0+ WP 6.2+ Updated Unknown
ratingsrecommendationsreviewssourceforgetestimonials
100
A · Safe
CVEs total1
Unpatched0
Last CVENov 22, 2023
Plugin page Download
Safety Verdict

Is Widgets for SourceForge Reviews Safe to Use in 2026?

Generally Safe

Score 100/100

Widgets for SourceForge Reviews has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 22, 2023
Risk Assessment

The "widgets-for-sourceforge-reviews" plugin, version 13.2.7, exhibits a mixed security posture. While it demonstrates strong adherence to output escaping and a high percentage of prepared SQL statements, significant security concerns arise from its unprotected entry points. The presence of AJAX handlers and REST API routes without proper authentication or permission checks creates a substantial attack surface, making it vulnerable to unauthorized access and potential manipulation.

The code analysis reveals a single instance of `unserialize`, a function known to be risky if used with untrusted input. While taint analysis did not reveal critical or high severity unsanitized paths, the existence of a flow with an unsanitized path is a notable risk. The plugin's vulnerability history, although currently clear of unpatched CVEs, includes a past medium-severity vulnerability related to unrestricted file uploads, suggesting a prior pattern of security weaknesses that requires ongoing vigilance.

In conclusion, the plugin benefits from good output sanitization and SQL query practices. However, the critical weakness lies in its exposed entry points without adequate security controls. This, coupled with the past vulnerability history, necessitates careful consideration of the risks associated with deploying this plugin. Future development should prioritize securing all entry points and thoroughly auditing the use of potentially dangerous functions like `unserialize`.

Key Concerns

  • Unprotected AJAX handlers
  • Unprotected REST API routes
  • Dangerous function (unserialize)
  • Flow with unsanitized paths
  • Past medium vulnerability (unrestricted upload)
Vulnerabilities
1

Widgets for SourceForge Reviews Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2023-48275medium · 6.6Unrestricted Upload of File with Dangerous Type

Multiple Plugins by Trustindex.io <= (Various Versions)- Authenticated (Editor+) Arbitrary File Upload

Nov 22, 2023 Patched in 11.1 (62d)
Code Analysis
Analyzed Mar 17, 2026

Widgets for SourceForge Reviews Code Analysis

Dangerous Functions
1
Raw SQL Queries
1
54 prepared
Unescaped Output
3
1363 escaped
Nonce Checks
41
Capability Checks
4
File Operations
3
External Requests
10
Bundled Libraries
0

Dangerous Functions Found

unserialize$wpRepoResponse = unserialize(wp_remote_retrieve_body($wpResponse));trustindex-plugin.class.php:7043

SQL Query Safety

98% prepared55 total queries

Output Escaping

100% escaped1366 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

7 flows1 with unsanitized paths
<admin> (include\admin.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Widgets for SourceForge Reviews Attack Surface

Entry Points3
Unprotected3

AJAX Handlers 1

authwp_ajax_list_trustindex_widgetswidgets-for-sourceforge-reviews.php:110

REST API Routes 2

GET/wp-json/trustindex/v1/get-widgetstrustindex-plugin.class.php:7185
GET/wp-json/trustindex/v1/setup-completetrustindex-plugin.class.php:7190
WordPress Hooks 36
filterrocket_minify_excluded_external_jsinclude\cache-plugin-filters.php:13
filterrocket_exclude_jsinclude\cache-plugin-filters.php:14
filterrocket_delay_js_exclusionsinclude\cache-plugin-filters.php:15
filterlitespeed_optimize_js_excludesinclude\cache-plugin-filters.php:16
filtersgo_javascript_combine_excluded_external_pathsinclude\cache-plugin-filters.php:17
filtersgo_css_combine_excludeinclude\cache-plugin-filters.php:18
filterrocket_rucss_safelistinclude\cache-plugin-filters.php:58
filterscript_loader_taginclude\cache-plugin-filters.php:63
filterstyle_loader_taginclude\cache-plugin-filters.php:78
actionenqueue_block_editor_assetsstatic\block-editor\block-editor.php:10
actioninitstatic\block-editor\block-editor.php:11
filterfilesystem_methodtrustindex-plugin.class.php:1046
actionadmin_noticestrustindex-plugin.class.php:1064
actionhttp_api_curltrustindex-plugin.class.php:6121
filtermce_external_pluginstrustindex-plugin.class.php:6922
filtermce_buttonstrustindex-plugin.class.php:6923
actionadmin_initwidgets-for-sourceforge-reviews.php:28
actionplugins_loadedwidgets-for-sourceforge-reviews.php:31
actionwp_headwidgets-for-sourceforge-reviews.php:32
actionwp_insert_sitewidgets-for-sourceforge-reviews.php:61
actionadmin_menuwidgets-for-sourceforge-reviews.php:73
filterplugin_action_linkswidgets-for-sourceforge-reviews.php:74
filterplugin_row_metawidgets-for-sourceforge-reviews.php:75
actionwidgets_initwidgets-for-sourceforge-reviews.php:77
actionwidgets_initwidgets-for-sourceforge-reviews.php:78
actioninitwidgets-for-sourceforge-reviews.php:80
actioninitwidgets-for-sourceforge-reviews.php:86
filterscript_loader_tagwidgets-for-sourceforge-reviews.php:87
actionelementor/controls/controls_registeredwidgets-for-sourceforge-reviews.php:93
actionelementor/widgets/registerwidgets-for-sourceforge-reviews.php:97
actionelementor/widgets/widgets_registeredwidgets-for-sourceforge-reviews.php:103
actioninitwidgets-for-sourceforge-reviews.php:109
actionadmin_enqueue_scriptswidgets-for-sourceforge-reviews.php:111
actionrest_api_initwidgets-for-sourceforge-reviews.php:112
actionadmin_noticeswidgets-for-sourceforge-reviews.php:145
actionadmin_noticeswidgets-for-sourceforge-reviews.php:206
Maintenance & Trust

Widgets for SourceForge Reviews Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedUnknown
PHP min version7.0
Downloads7K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Widgets for SourceForge Reviews Alternatives

WP Testimonials

WP Testimonials

testimonial-widgets

A
99

Display your Testimonials on your website fast and easily. 21 widget types, 25 widget styles available. (Free Plugin)

10K 2 CVEs
Widgets for Thumbtack Reviews

Widgets for Thumbtack Reviews

widgets-for-thumbtack-reviews

A
100

Embed Thumbtack reviews fast and easily into your WordPress site. Increase SEO, trust and sales using Thumbtack reviews.

800 No CVEs
Widgets for Ebay Reviews

Widgets for Ebay Reviews

widgets-for-ebay-reviews

A
100

Embed Ebay reviews fast and easily into your WordPress site. Increase SEO, trust and sales using Ebay reviews.

500 No CVEs
Widgets for Capterra Reviews

Widgets for Capterra Reviews

review-widgets-for-capterra

A
100

Embed Capterra reviews fast and easily into your WordPress site. Increase SEO, trust and sales using Capterra reviews.

100 No CVEs
Widgets for Alibaba Reviews

Widgets for Alibaba Reviews

widgets-for-alibaba-reviews

A
100

Embed Alibaba reviews fast and easily into your WordPress site. Increase SEO, trust and sales using Alibaba reviews.

0 No CVEs
Developer Profile

Widgets for SourceForge Reviews Developer Profile

Trustindex

32 plugins · 976K total installs

87
trust score
Avg Security Score
98/100
Avg Patch Time
78 days
View full developer profile
Detection Fingerprints

How We Detect Widgets for SourceForge Reviews

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/widgets-for-sourceforge-reviews/assets/css/trustindex-common.css/wp-content/plugins/widgets-for-sourceforge-reviews/assets/js/trustindex-common.js/wp-content/plugins/widgets-for-sourceforge-reviews/assets/js/trustindex-public.js/wp-content/plugins/widgets-for-sourceforge-reviews/assets/css/trustindex-public.css/wp-content/plugins/widgets-for-sourceforge-reviews/assets/js/trustindex-admin.js/wp-content/plugins/widgets-for-sourceforge-reviews/assets/css/trustindex-admin.css
Script Paths
https://cdn.trustindex.io/loader.js
Version Parameters
/wp-content/plugins/widgets-for-sourceforge-reviews/assets/css/trustindex-common.css?ver=/wp-content/plugins/widgets-for-sourceforge-reviews/assets/js/trustindex-common.js?ver=/wp-content/plugins/widgets-for-sourceforge-reviews/assets/js/trustindex-public.js?ver=/wp-content/plugins/widgets-for-sourceforge-reviews/assets/css/trustindex-public.css?ver=/wp-content/plugins/widgets-for-sourceforge-reviews/assets/js/trustindex-admin.js?ver=/wp-content/plugins/widgets-for-sourceforge-reviews/assets/css/trustindex-admin.css?ver=

HTML / DOM Fingerprints

CSS Classes
ti-notification-rowtrustindex-notification-rowti-site-data
Data Attributes
data-ccm-injected="1"
JS Globals
TrustindexPlugin_sourceForge
REST Endpoints
/wp-json/widgets-for-sourceforge-reviews/v1/settings/wp-json/widgets-for-sourceforge-reviews/v1/reviews
Shortcode Output
[widget_reviews][widget_review_form]
FAQ

Frequently Asked Questions about Widgets for SourceForge Reviews