WP-Safety

Wiremo – Product Reviews for WooCommerce Security & Risk Analysis

wordpress.org/plugins/woo-reviews-by-wiremo

Show customers, that you care with Wiremo’s review request email feature. Automatically display great reviews on your website to boost sales.

800 active installs v1.4.99 PHP + WP 4.4+ Updated May 2, 2024
product-reviewsreviewstestimonialswoocommerce-product-reviewswoocommerce-reviews
68
C · Use Caution
CVEs total2
Unpatched1
Last CVEDec 31, 2025
Plugin page Download
Safety Verdict

Is Wiremo – Product Reviews for WooCommerce Safe to Use in 2026?

Use With Caution

Score 68/100

Wiremo – Product Reviews for WooCommerce has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

2 known CVEs 1 unpatched Last CVE: Dec 31, 2025Updated 1yr ago
Risk Assessment

The "woo-reviews-by-wiremo" plugin version 1.4.99 presents a moderate security risk. While it demonstrates some good security practices, such as a significant number of capability checks and nonces, several concerning areas are present. The static analysis revealed a notable number of unprotected entry points, specifically two REST API routes lacking permission callbacks. This is a significant concern as it could allow unauthorized access to sensitive functionalities.

Furthermore, the plugin exhibits poor database security by not utilizing prepared statements for any of its SQL queries, a critical omission that leaves it vulnerable to SQL injection attacks. The low percentage of properly escaped output (30%) also indicates a risk of cross-site scripting (XSS) vulnerabilities. The vulnerability history shows a pattern of "Missing Authorization" issues, with a currently unpatched medium severity CVE. This, combined with the static analysis findings, suggests a recurring problem with access control and overall code hardening.

In conclusion, while the plugin has a substantial attack surface, the presence of unprotected REST API routes and the complete absence of prepared statements for SQL queries are the most pressing issues. The historical trend of missing authorization vulnerabilities reinforces these concerns. Despite the presence of many capability checks, the identified weaknesses require immediate attention to mitigate the risk of exploitation.

Key Concerns

  • Unprotected REST API routes
  • SQL queries without prepared statements
  • Low percentage of properly escaped output
  • Unpatched medium severity CVE
  • Flows with unsanitized paths
Vulnerabilities
2

Wiremo – Product Reviews for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-62092medium · 5.3Missing Authorization

Wiremo <= 1.4.99 - Missing Authorization

Dec 31, 2025Unpatched
WF-84003388-c47c-41db-8d2d-4643aa375a89-woo-reviews-by-wiremomedium · 4.3Missing Authorization

Appsero <= 1.2.1 - Missing Authorization

Dec 16, 2022 Patched in 1.4.97 (699d)
Code Analysis
Analyzed Mar 16, 2026

Wiremo – Product Reviews for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
0 prepared
Unescaped Output
222
93 escaped
Nonce Checks
14
Capability Checks
31
File Operations
1
External Requests
18
Bundled Libraries
0

SQL Query Safety

0% prepared3 total queries

Output Escaping

30% escaped315 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

5 flows1 with unsanitized paths
form_action_url (appsero\src\License.php:778)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Wiremo – Product Reviews for WooCommerce Attack Surface

Entry Points29
Unprotected2

AJAX Handlers 25

authwp_ajax_wiremoAutoRegisterincludes\admin-ajax.php:860
noprivwp_ajax_wiremoAutoRegisterincludes\admin-ajax.php:861
authwp_ajax_wiremoAuthincludes\admin-ajax.php:862
noprivwp_ajax_wiremoAuthincludes\admin-ajax.php:863
authwp_ajax_wiremoAuthincludes\admin-ajax.php:864
noprivwp_ajax_wiremoValidateSiteincludes\admin-ajax.php:865
authwp_ajax_wiremoValidateSiteincludes\admin-ajax.php:866
noprivwp_ajax_wiremoNoValidateincludes\admin-ajax.php:867
authwp_ajax_wiremoNoValidateincludes\admin-ajax.php:868
authwp_ajax_wiremoGetSiteIdincludes\admin-ajax.php:869
noprivwp_ajax_wiremoGetSiteIdincludes\admin-ajax.php:870
authwp_ajax_wiremoAddApiKeyincludes\admin-ajax.php:871
noprivwp_ajax_wiremoAddApiKeyincludes\admin-ajax.php:872
authwp_ajax_wiremoAddRegisterHookincludes\admin-ajax.php:873
noprivwp_ajax_wiremoAddRegisterHookincludes\admin-ajax.php:874
authwp_ajax_importReviewsToWiremoincludes\admin-ajax.php:875
noprivwp_ajax_importReviewsToWiremoincludes\admin-ajax.php:876
authwp_ajax_importWiremoStatisticsincludes\admin-ajax.php:877
noprivwp_ajax_importWiremoStatisticsincludes\admin-ajax.php:878
authwp_ajax_wiremo_send_completed_ordersincludes\admin-ajax.php:879
noprivwp_ajax_wiremo_send_completed_ordersincludes\admin-ajax.php:880
authwp_ajax_wiremo_save_campaign_informationincludes\admin-ajax.php:881
noprivwp_ajax_wiremo_save_campaign_informationincludes\admin-ajax.php:882
authwp_ajax_wrpw_reset_old_identifiersincludes\admin-ajax.php:883
noprivwp_ajax_wrpw_reset_old_identifiersincludes\admin-ajax.php:884

REST API Routes 2

GET/wp-json/wiremo/v1/hookroutes.php:182
GET/wp-json/wiremo/v1/importroutes.php:191

Shortcodes 2

[do_hook] config.php:436
[wiremo-rating-stars] config.php:1402
WordPress Hooks 55
actionswitch_themeappsero\src\Insights.php:134
actionswitch_themeappsero\src\Insights.php:135
actionadmin_footerappsero\src\Insights.php:147
actionadmin_noticesappsero\src\Insights.php:165
actionadmin_initappsero\src\Insights.php:168
filtercron_schedulesappsero\src\Insights.php:174
actionadmin_menuappsero\src\License.php:222
actionafter_switch_themeappsero\src\License.php:769
actionswitch_themeappsero\src\License.php:770
filterpre_set_site_transient_update_pluginsappsero\src\Updater.php:42
filterplugins_apiappsero\src\Updater.php:43
filterpre_set_site_transient_update_themesappsero\src\Updater.php:52
actionwidgets_initconfig.php:60
actionwidgets_initconfig.php:124
actionwidgets_initconfig.php:191
actionwoocommerce_duplicate_productconfig.php:230
actionwp_enqueue_scriptsconfig.php:448
actionwoocommerce_order_status_completedconfig.php:784
actionadmin_initconfig.php:1127
actionwp_headconfig.php:1141
actioninitconfig.php:1155
actionwp_footerconfig.php:1156
filtercomments_openconfig.php:1251
filterwoocommerce_product_tabsconfig.php:1259
actionwoocommerce_product_options_reviewsconfig.php:1270
actionadd_meta_boxesconfig.php:1277
actionwp_dashboard_setupconfig.php:1284
actionwidgets_initconfig.php:1293
filterbody_classconfig.php:1298
actionwoocommerce_single_product_summaryconfig.php:1311
actionwoocommerce_after_shop_loop_item_titleconfig.php:1317
filterwoocommerce_blocks_product_grid_item_htmlconfig.php:1348
filterbody_classconfig.php:1362
filterwoocommerce_single_product_summaryconfig.php:1414
actionelementor/widget/render_contentconfig.php:1420
filterelementor/widget/render_contentconfig.php:1431
filterwoocommerce_product_tabsconfig.php:1515
actionwoocommerce_after_single_product_summaryconfig.php:1657
actionwoocommerce_after_shop_loop_item_titleconfig.php:1718
actionwoocommerce_after_shop_loop_item_titleconfig.php:1720
actionwoocommerce_after_single_product_summaryconfig.php:1800
filterwoocommerce_get_catalog_ordering_argsconfig.php:1834
actionwoocommerce_product_queryconfig.php:1852
actionwoocommerce_order_status_completedconfig.php:1953
filteradmin_footer_textconfig.php:1986
actionbefore_delete_postconfig.php:1991
actionplugins_loadedfunction.php:72
actionadmin_enqueue_scriptsfunction.php:76
actionadmin_enqueue_scriptsfunction.php:96
actionadmin_menufunction.php:147
actionwp_headincludes\admin-ajax.php:859
actionwoocommerce_shop_loopincludes\class-structured-data.php:10
actionwp_footerincludes\class-structured-data.php:11
actionrest_api_initroutes.php:12
actioninitroutes.php:203
Maintenance & Trust

Wiremo – Product Reviews for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8
Last updatedMay 2, 2024
PHP min version
Downloads36K

Community Trust

Rating84/100
Number of ratings5
Active installs800
Alternatives

Wiremo – Product Reviews for WooCommerce Alternatives

Yotpo: Product & Photo Reviews for WooCommerce

Yotpo: Product & Photo Reviews for WooCommerce

yotpo-social-reviews-for-woocommerce

A
91

Collect product reviews, photo reviews, site reviews & ratings

2K 1 CVE
Builder for WooCommerce product reviews shortcodes – ReviewShort

Builder for WooCommerce product reviews shortcodes – ReviewShort

woo-product-reviews-shortcode

A
91

Show WooCommerce customer feedback anywhere with WooCommerce reviews shortcodes, beautifully and ...

100 2 CVEs
Product Reviews from rateit.cool for Woocommerce

Product Reviews from rateit.cool for Woocommerce

rateitcool

A
85

Together to more sales. 65% more sales with many product reviews for each product. Show the product reviews everywhere you want.

10 No CVEs
Reviews for WooCommerce

Reviews for WooCommerce

reviews-for-woocommerce

A
100

This plugin provides different template to show WooCommerce reviews of any product.

10 No CVEs
RIVIO for WooCommerce

RIVIO for WooCommerce

rivio-reviews-for-woocommerce

A
85

Get authentic customer reviews for products you sell on your WooCommerce webshop.

10 No CVEs
Developer Profile

Wiremo – Product Reviews for WooCommerce Developer Profile

Wiremo

2 plugins · 830 total installs

65
trust score
Avg Security Score
80/100
Avg Patch Time
699 days
View full developer profile
Detection Fingerprints

How We Detect Wiremo – Product Reviews for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woo-reviews-by-wiremo/css/admin-fonts.css/wp-content/plugins/woo-reviews-by-wiremo/css/font-awesome.min.css/wp-content/plugins/woo-reviews-by-wiremo/css/bootstrap.min.css/wp-content/plugins/woo-reviews-by-wiremo/css/admin-jquery-ui.css/wp-content/plugins/woo-reviews-by-wiremo/css/admin-style.css/wp-content/plugins/woo-reviews-by-wiremo/css/star-style.css/wp-content/plugins/woo-reviews-by-wiremo/js/popper.min.js/wp-content/plugins/woo-reviews-by-wiremo/js/bootstrap.min.js+2 more
Script Paths
https://wapi.wiremo.co/v2/script
Version Parameters
/woo-reviews-by-wiremo/css/admin-fonts.css?ver=/woo-reviews-by-wiremo/css/font-awesome.min.css?ver=/woo-reviews-by-wiremo/css/bootstrap.min.css?ver=/woo-reviews-by-wiremo/css/admin-jquery-ui.css?ver=/woo-reviews-by-wiremo/css/admin-style.css?ver=/woo-reviews-by-wiremo/css/star-style.css?ver=/woo-reviews-by-wiremo/js/popper.min.js?ver=/woo-reviews-by-wiremo/js/bootstrap.min.js?ver=/woo-reviews-by-wiremo/js/noconflict.js?ver=/woo-reviews-by-wiremo/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
wiremo-full-containerwiremo-container
HTML Comments
<!-- Wiremo – Product Reviews for WooCommerce --><!-- Wiremo – Product Reviews for WooCommerce is free software: you can redistribute it and/or modify --><!-- Wiremo – Product Reviews for WooCommerce is distributed in the hope that it will be useful, --><!-- You should have received a copy of the GNU General Public License -->+2 more
Data Attributes
id="nonceWrpw_reset_old_identifiers"id="nonceImportWiremoStatistics"id="nonceImportReviewsToWiremo"id="nonceWiremoAddApiKey"id="nonceWiremoAddRegisterHook"id="nonceWiremoAuth"+6 more
JS Globals
window.WRPW_URLAPPwindow.WRPW_URLWIDGETwindow.WRPW_ORDER_LIMITwindow.WRPW_ORDER_PER_PAGEwindow.WRPW_LIMIT_REQwindow.WRPW_PLUGIN_DIR
FAQ

Frequently Asked Questions about Wiremo – Product Reviews for WooCommerce