WP Google Places Reviews Security & Risk Analysis

wordpress.org/plugins/wp-google-places-reviews

Easily add your Google Places profile reviews to your website.

10 active installs v1.0.5 PHP + WP 3.5+ Updated Dec 9, 2019
blocksfilter-reviewsgoogle-reviewsreview-formreviews
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is WP Google Places Reviews Safe to Use in 2026?

Generally Safe

Score 85/100

WP Google Places Reviews has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago
Risk Assessment

The plugin "wp-google-places-reviews" v1.0.5 exhibits a generally strong security posture based on the provided static analysis. The absence of dangerous functions, properly escaped output, and the use of prepared statements for all SQL queries are significant positive indicators. Furthermore, the lack of any recorded vulnerabilities, including CVEs, suggests a history of responsible development and maintenance. The plugin's attack surface is also relatively small, with only two shortcodes as entry points, and importantly, none of these are identified as unprotected in the static analysis.

However, there are areas for concern that prevent a perfect score. The most significant is the complete absence of nonce checks and capability checks. This means that while the static analysis might not have identified direct vulnerabilities in the entry points, these shortcodes, and any other potential interaction points not explicitly listed, could be susceptible to attacks if they internally rely on user interaction or sensitive data without proper authorization validation. The presence of an external HTTP request without further analysis on its sanitization and authentication also presents a potential, albeit less defined, risk. The taint analysis showing zero flows is excellent but could be an indicator of the analysis depth rather than a definitive absence of taint issues, especially given the other identified gaps.

In conclusion, while the plugin has a commendable foundation with secure coding practices for SQL and output handling, the lack of authentication and authorization checks is a notable weakness. The zero vulnerability history is a strong positive, but it should not overshadow the potential risks introduced by missing security controls. Addressing the nonce and capability check omissions would significantly improve the plugin's overall security.

Key Concerns

  • Missing Nonce Checks
  • Missing Capability Checks
  • External HTTP request without auth/sanitation detail
Vulnerabilities
None known

WP Google Places Reviews Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

WP Google Places Reviews Release Timeline

v1.0.4
v1.0.2
Code Analysis
Analyzed Apr 16, 2026

WP Google Places Reviews Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
26 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

100% escaped26 total outputs
Attack Surface

WP Google Places Reviews Attack Surface

Entry Points2
Unprotected0

Shortcodes 2

[hmgpr_form] modules/form.php:12
[hmgpr_reviews] modules/reviews.php:12
WordPress Hooks 7
actionadmin_menubase/admin.php:13
actionadmin_initbase/admin.php:14
actionadmin_enqueue_scriptsbase/admin.php:15
actionenqueue_block_editor_assetsmodules/form.php:13
actioninitmodules/form.php:14
actionenqueue_block_editor_assetsmodules/reviews.php:13
actioninitmodules/reviews.php:14
Maintenance & Trust

WP Google Places Reviews Maintenance & Trust

Maintenance Signals

WordPress version tested5.3.0
Last updatedDec 9, 2019
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

WP Google Places Reviews Developer Profile

Hawp Media

2 plugins · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WP Google Places Reviews

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-google-places-reviews/css/admin-style.css/wp-content/plugins/wp-google-places-reviews/js/admin-script.js/wp-content/plugins/wp-google-places-reviews/images/hmp_logo.svg
Script Paths
/wp-content/plugins/wp-google-places-reviews/js/admin-script.js

HTML / DOM Fingerprints

CSS Classes
hmp_wraphmp_bodyhmp_headerhmp_header-logohmp_namehmp_header-navhmp_menuItemhmp_menuItem-title+6 more
Data Attributes
data-tab
Shortcode Output
[hmgpr_reviews[hmgpr_form
FAQ

Frequently Asked Questions about WP Google Places Reviews