WP-Safety

WP Review Schema Security & Risk Analysis

wordpress.org/plugins/wp-review-schema

The Ultimate Review Schema for WordPress. Improve your CTR & SEO Rankings. Add Review Schema And Look Good in Google.

10 active installs v1.0.0 PHP + WP 3.0+ Updated Unknown
articlereviewrich-snippetschemaschema-org
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WP Review Schema Safe to Use in 2026?

Generally Safe

Score 100/100

WP Review Schema has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The "wp-review-schema" v1.0.0 plugin presents a mixed security posture. While it shows strengths in avoiding dangerous functions, raw SQL queries, file operations, and external HTTP requests, significant concerns arise from its attack surface. Specifically, two AJAX handlers are present, and alarmingly, both lack authentication checks. This creates a direct pathway for unauthenticated attackers to interact with the plugin's backend functionality, potentially leading to unintended actions or information disclosure. The taint analysis indicates one flow with an unsanitized path, which, though not rated as critical or high, warrants attention as it suggests potential for localized issues if user input is involved. The plugin's vulnerability history is clean, with no recorded CVEs, which is a positive indicator of its current state and potentially good development practices. However, the lack of historical data makes it difficult to assess long-term maintenance and patching trends. Overall, the absence of critical vulnerabilities is promising, but the unprotected AJAX endpoints are a critical weakness that significantly elevates the risk profile.

Key Concerns

  • AJAX handlers without authentication checks
  • Flow with unsanitized path
  • Low percentage of properly escaped output
Vulnerabilities
None known

WP Review Schema Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WP Review Schema Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
70
6 escaped
Nonce Checks
1
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

8% escaped76 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
<index> (admin\index.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

WP Review Schema Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_bsf_submit_requestwp-review-schema.php:36
authwp_ajax_bsf_submit_colorwp-review-schema.php:37
WordPress Hooks 19
actionadmin_footeradmin\index.php:5
actionadmin_print_scriptsadmin\index.php:34
actioninitfunctions.php:3
actionwp_headfunctions.php:8
actionwp_headfunctions.php:11
actionwp_enqueue_scriptsfunctions.php:12
filterthe_contentfunctions.php:129
actionadmin_menuinit.php:22
actionsave_postinit.php:23
actionadmin_enqueue_scriptsinit.php:229
actionadmin_headwp-review-schema.php:26
actionadmin_menuwp-review-schema.php:27
actionadmin_initwp-review-schema.php:28
actionadmin_initwp-review-schema.php:29
actionadmin_bar_menuwp-review-schema.php:30
filterplugins_loadedwp-review-schema.php:31
actionadmin_enqueue_scriptswp-review-schema.php:32
actionadmin_enqueue_scriptswp-review-schema.php:33
filterbsf_meta_boxeswp-review-schema.php:250
Maintenance & Trust

WP Review Schema Maintenance & Trust

Maintenance Signals

WordPress version tested4.2.39
Last updatedUnknown
PHP min version
Downloads3K

Community Trust

Rating20/100
Number of ratings1
Active installs10
Alternatives

WP Review Schema Alternatives

Author Product Review

Author Product Review

author-product-review

A
100

This plugin allow author to add Schema.org markup options for product reviews.

60 No CVEs
Schema

Schema

schema

A
100

Get the next generation of Schema Structured Data to enhance your WordPress site presentation in Google search results.

40K No CVEs
WP Customer Reviews

WP Customer Reviews

wp-customer-reviews

A
89

Allows your visitors to leave business / product reviews. Testimonials are in Microdata / Microformat and may display star ratings in search results.

20K 8 CVEs
Review Schema – Review & Structure Data Schema Plugin

Review Schema – Review & Structure Data Schema Plugin

review-schema

A
98

WordPress Review Plugin with Schema adds Google Rich Snippets markup according to Schema.org guidelines to structure your website for SEO.

10K 2 CVEs
FAQ Schema For Pages And Posts

FAQ Schema For Pages And Posts

faq-schema-for-pages-and-posts

A
85

FAQ Schema For Pages And Posts by Krystian Szastok Founder of RobotZebra - a London based SEO agency, allows you to turn questions and answers on your &hellip;

8K No CVEs
Developer Profile

WP Review Schema Developer Profile

WPDeveloper

46 plugins · 4.0M total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
163 days
View full developer profile
Detection Fingerprints

How We Detect WP Review Schema

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-review-schema/css/jquery.rating.css/wp-content/plugins/wp-review-schema/admin/css/style.css/wp-content/plugins/wp-review-schema/admin/css/admin.css/wp-content/plugins/wp-review-schema/js/jquery.rating.min.js/wp-content/plugins/wp-review-schema/js/media.js/wp-content/plugins/wp-review-schema/css/jquery-ui.css
Script Paths
/wp-content/plugins/wp-review-schema/js/cmb.js/wp-content/plugins/wp-review-schema/js/media.js
Version Parameters
wp-review-schema/js/cmb.js?ver=wp-review-schema/js/media.js?ver=

HTML / DOM Fingerprints

CSS Classes
wp-menu-imageicon32
Data Attributes
data-score
JS Globals
REVIEW_META_BOX_URL
FAQ

Frequently Asked Questions about WP Review Schema