Does WP Review Slider have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Review Slider have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Review Slider compatible with WordPress 6.9.4?

According to WordPress.org data, WP Review Slider 14.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is WP Review Slider updated?

WP Review Slider was last updated on Feb 9, 2026. Frequent updates are generally a positive security signal.

What is WP Review Slider's security score?

WP Review Slider has a WP-Safety security score of 90/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Review Slider Security & Risk Analysis

wordpress.org/plugins/wp-facebook-reviews

Use the official Facebook API to show off your review and recommendations in a slider or grid! A simple and easy way to display your Twitter and Faceb …

7K active installs v14.0 PHP + WP 3.0.1+ Updated Feb 9, 2026

facebookfacebook-reviewsreviewsslidertestimonials

A · Safe

CVEs total5

Unpatched0

Last CVEMar 23, 2026

Plugin page Download

Safety Verdict

Is WP Review Slider Safe to Use in 2026?

Generally Safe

Score 90/100

WP Review Slider has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Mar 23, 2026Updated 1mo ago

Risk Assessment

The "wp-facebook-reviews" plugin v14.0 presents a moderate security risk primarily due to a significant number of unprotected AJAX endpoints. While the static analysis shows no critical or high severity taint flows and a decent percentage of SQL queries using prepared statements, the high count of unprotected entry points (6 out of 7) is a major concern. This indicates that attackers could potentially trigger functionality within the plugin without proper authentication, opening the door to various exploits.

The plugin's vulnerability history, with 4 known CVEs including high and medium severity issues like Cross-Site Scripting and SQL Injection, further reinforces the need for caution. Although there are currently no unpatched vulnerabilities, the recurring nature of these vulnerability types suggests potential weaknesses in input sanitization and output escaping within the plugin's codebase that have been exploited in the past.

Overall, the plugin demonstrates some good practices such as the use of nonces and capability checks, and a lack of dangerous functions. However, the substantial attack surface without adequate authorization controls, combined with its past vulnerability record, necessitates vigilance. Users should ensure they are on the latest patch levels and be aware of the potential for new vulnerabilities to emerge if these fundamental security gaps are not addressed.

Key Concerns

High number of unprotected AJAX handlers
Previous high severity vulnerabilities (XSS, SQLi)
Bundled outdated library (Freemius v1.0)
SQL queries not using prepared statements
Output escaping not always properly applied

Vulnerabilities

WP Review Slider Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

3 CVEs in 2023

2023

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

High

Medium

5 total CVEs

CVE-2026-32491medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Review Slider <= 13.9 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Mar 23, 2026 Patched in 14.0 (4d)

CVE-2023-51685medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Review Slider <= 12.7 - Authenticated (Administrator+) Stored Cross-Site Scripting

Dec 27, 2023 Patched in 12.8 (27d)

CVE-2023-6456medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Review Slider <= 12.8 - Authenticated (Administrator+) Stored Cross-Site Scripting

Dec 26, 2023 Patched in 13.0 (42d)

CVE-2023-0260high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

WP Review Slider <= 12.1 - Authenticated (Subscriber+) SQL Injection

Jan 23, 2023 Patched in 12.2 (365d)

CVE-2022-0383high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

WP Review Slider < 11.0 - SQL Injection

Jan 31, 2022 Patched in 11.0 (722d)

Code Analysis

Analyzed Mar 16, 2026

WP Review Slider Code Analysis

Dangerous Functions

Raw SQL Queries

24 prepared

Unescaped Output

159 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

SQL Query Safety

46% prepared52 total queries

Output Escaping

65% escaped243 total outputs

Data Flows

All sanitized

Data Flow Analysis

3 flows

<get_twitter> (admin\partials\get_twitter.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

WP Review Slider Attack Surface

Entry Points7

Unprotected6

AJAX Handlers 6

authwp_ajax_wpfb_get_resultsincludes\class-wp-fb-reviews.php:459

authwp_ajax_wpfb_avatar_tolocalincludes\class-wp-fb-reviews.php:462

authwp_ajax_wprp_twitter_gettweetsincludes\class-wp-fb-reviews.php:472

authwp_ajax_wprp_twitter_savetweetincludes\class-wp-fb-reviews.php:475

authwp_ajax_wprp_twitter_deltweetincludes\class-wp-fb-reviews.php:477

authwp_ajax_wprp_update_profile_picincludes\class-wp-fb-reviews.php:512

Shortcodes 1

[wprevpro_usetemplate] public\class-wp-fb-reviews-public.php:157

WordPress Hooks 15

actionplugins_loadedincludes\class-wp-fb-reviews.php:427

actionadmin_enqueue_scriptsincludes\class-wp-fb-reviews.php:442

actionadmin_enqueue_scriptsincludes\class-wp-fb-reviews.php:444

actionadmin_initincludes\class-wp-fb-reviews.php:448

actionadmin_menuincludes\class-wp-fb-reviews.php:456

actionadmin_noticesincludes\class-wp-fb-reviews.php:480

actionwp_dashboard_setupincludes\class-wp-fb-reviews.php:484

actionadmin_menuincludes\class-wp-fb-reviews.php:487

actionadmin_headincludes\class-wp-fb-reviews.php:488

actionwp_enqueue_scriptsincludes\class-wp-fb-reviews.php:503

actionwp_enqueue_scriptsincludes\class-wp-fb-reviews.php:504

actioninitpublic\class-wp-fb-reviews-template_action.php:3

actionwprev_pro_plugin_actionpublic\class-wp-fb-reviews-template_action.php:24

actionwidgets_initpublic\class-wp-fb-reviews-widget.php:98

actionafter_uninstallwp-fb-reviews.php:118

Maintenance & Trust

WP Review Slider Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 9, 2026

PHP min version

Downloads485K

Community Trust

Rating96/100

Number of ratings179

Active installs7K

Alternatives

WP Review Slider Alternatives

WP Google Review Slider

wp-google-places-review-slider

Display Google reviews on your site and even show user images! No address, no problem! Also works with Service Area Businesses and Products! Lightwei …

30K 6 CVEs

WP TripAdvisor Review Slider

wp-tripadvisor-review-slider

Create a TripAdvisor review slider! Now with User Images! Easily display your TripAdvisor reviews in your Posts, Pages, and Widget areas!

8K 4 CVEs

EmbedSocial – Social Media Feeds, Reviews and Galleries

embedalbum-pro

EmbedSocial allows you to collect and embed social media content on any website automatically.

4K 2 CVEs

Solid Testimonials – Testimonial Slider, Video Testimonials & Customer Reviews

gs-testimonial

Showcase and automate customer reviews with ease - sliders, grids, filters, and more to boost trust and sales.

1K 6 CVEs

Testimonial Customer Feedback

testimonial-maker

100

Display client testimonials with customizable layouts, slider effects, and responsive design. Simple setup with shortcode support.

1K No CVEs

Developer Profile

WP Review Slider Developer Profile

jgwhite33

11 plugins · 48K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

184 days

View full developer profile

Detection Fingerprints

How We Detect WP Review Slider

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-facebook-reviews/admin/css/wp-fb-reviews-admin.css/wp-content/plugins/wp-facebook-reviews/admin/js/wp-fb-reviews-admin.js/wp-content/plugins/wp-facebook-reviews/public/css/wp-fb-reviews-public.css/wp-content/plugins/wp-facebook-reviews/public/js/wp-fb-reviews-public.js

HTML / DOM Fingerprints

CSS Classes

wp-fb-reviews-widgetwp-fb-reviews-sliderwpfbreviews-facebook

HTML Comments

Data Attributes

data-fb-app-iddata-page-iddata-page-access-tokendata-posts-limitdata-show-avatardata-show-author+5 more

JS Globals

WP_FB_Reviews_Public

REST Endpoints

/wp-json/wp-fb-reviews/v1/get-reviews

Shortcode Output

[wp_fb_reviews]

FAQ