Does WP Social Ninja – Embed Social Feeds, User Reviews & Chat Widgets have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Social Ninja – Embed Social Feeds, User Reviews & Chat Widgets have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Social Ninja – Embed Social Feeds, User Reviews & Chat Widgets compatible with WordPress 6.9.4?

According to WordPress.org data, WP Social Ninja – Embed Social Feeds, User Reviews & Chat Widgets 4.1.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is WP Social Ninja – Embed Social Feeds, User Reviews & Chat Widgets compatible with PHP 7.4+?

WP Social Ninja – Embed Social Feeds, User Reviews & Chat Widgets requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

WP Social Ninja – Embed Social Feeds, User Reviews & Chat Widgets Security & Risk Analysis

wordpress.org/plugins/wp-social-reviews

Add Facebook feeds, Instagram feeds, TikTok feeds, Facebook reviews, WhatsApp Chat, Messenger chat, Testimonial, and others using a single dashboard.

30K active installs v4.1.0 PHP 7.4+ WP 6.2+ Updated Jan 29, 2026

customer-reviewsgoogle-reviewsinstagram-feedssocial-feedssocial-reviews

A · Safe

CVEs total3

Unpatched0

Last CVEDec 16, 2025

Plugin page Download

Safety Verdict

Is WP Social Ninja – Embed Social Feeds, User Reviews & Chat Widgets Safe to Use in 2026?

Generally Safe

Score 96/100

WP Social Ninja – Embed Social Feeds, User Reviews & Chat Widgets has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Dec 16, 2025Updated 2mo ago

Risk Assessment

The wp-social-reviews plugin v4.1.0 exhibits a generally good security posture with a strong emphasis on prepared SQL statements and proper output escaping. The static analysis reveals a relatively small attack surface, with all identified entry points (AJAX handlers, shortcodes, cron events) appearing to have appropriate authentication and authorization checks. Taint analysis also shows no critical or high severity vulnerabilities, suggesting that user-supplied input is being handled securely within the analyzed code flows.

However, the presence of the `unserialize` function without further context on its usage is a potential concern. While not explicitly flagged as a vulnerability in the static or taint analysis, deserialization vulnerabilities can be severe if not handled with extreme care. The plugin's vulnerability history, which includes three medium severity CVEs for Cross-Site Scripting and Missing Authorization, is also noteworthy. Although there are no currently unpatched vulnerabilities, this pattern indicates past weaknesses that users should be aware of, even if they have been addressed in subsequent versions. The last reported vulnerability was in December 2025, which suggests recent attention to security fixes.

In conclusion, wp-social-reviews v4.1.0 appears to be a reasonably secure plugin, demonstrating good development practices in several key areas. The absence of critical issues in static and taint analysis, coupled with the lack of unpatched vulnerabilities, is positive. The primary areas for continued vigilance are the safe handling of the `unserialize` function and awareness of the types of past vulnerabilities to ensure they remain mitigated.

Key Concerns

Presence of unserialize function
3 known medium severity CVEs in history

Vulnerabilities

WP Social Ninja – Embed Social Feeds, User Reviews & Chat Widgets Security Vulnerabilities

CVEs by Year

3 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2025-13880medium · 6.5Missing Authorization

WP Social Ninja - Embed Social Feeds, Customer Reviews, Chat Widgets (Google Reviews, YouTube Feed, Photo Feeds, and More) <= 4.0.1 - Missing Authorization to Unauthenticated Plugin's Settings Disclosure And Modification

Dec 16, 2025 Patched in 4.0.2 (1d)

CVE-2025-13007medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets (Google Reviews, YouTube Feed, Photo Feeds, and More) <= 3.20.3 - Unauthenticated Stored Cross-Site Scripting via External Content Import

Dec 1, 2025 Patched in 4.0.0 (1d)

CVE-2025-64375medium · 5.3Missing Authorization

Social Ninja <= 3.20.1 - Missing Authorization

Nov 14, 2025 Patched in 3.20.2 (37d)

Code Analysis

Analyzed Mar 16, 2026

WP Social Ninja – Embed Social Feeds, User Reviews & Chat Widgets Code Analysis

Dangerous Functions

Raw SQL Queries

48 prepared

Unescaped Output

1344 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserializereturn @unserialize(trim($data), ['allowed_classes' => false]);app\Services\Helper.php:543

SQL Query Safety

96% prepared50 total queries

Output Escaping

95% escaped1410 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

savePhotos (app\Services\Platforms\ImageOptimizationHandler.php:40)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP Social Ninja – Embed Social Feeds, User Reviews & Chat Widgets Attack Surface

Entry Points5

Unprotected0

AJAX Handlers 4

authwp_ajax_wpsr_resize_imagesapp\Services\Platforms\ImageOptimizationHandler.php:34

noprivwp_ajax_wpsr_resize_imagesapp\Services\Platforms\ImageOptimizationHandler.php:35

authwp_ajax_wpsr_review_resize_imagesapp\Services\Platforms\ReviewImageOptimizationHandler.php:25

noprivwp_ajax_wpsr_review_resize_imagesapp\Services\Platforms\ReviewImageOptimizationHandler.php:26

Shortcodes 1

[wp_social_ninja] app\Hooks\Handlers\ShortcodeHandler.php:33

WordPress Hooks 59

actionsave_postapp\Hooks\actions.php:34

actioninitapp\Hooks\actions.php:89

actionwidgets_initapp\Hooks\actions.php:109

actionenqueue_block_editor_assetsapp\Hooks\actions.php:116

actionlitespeed_initapp\Hooks\actions.php:318

filtercron_schedulesapp\Hooks\filters.php:19

filteradmin_footer_textapp\Hooks\filters.php:74

filterrocket_excluded_inline_js_contentapp\Hooks\filters.php:92

filterrocket_exclude_defer_jsapp\Hooks\filters.php:100

filterwpsocialreviews/display_frontend_error_messageapp\Hooks\filters.php:106

filterplugin_row_metaapp\Hooks\filters.php:152

actionwp_print_scriptsapp\Hooks\Handlers\AdminMenuHandler.php:219

filteruser_can_richeditapp\Hooks\Handlers\AdminMenuHandler.php:254

filterupdate_footerapp\Hooks\Handlers\AdminMenuHandler.php:327

actiontemplate_redirectapp\Hooks\Handlers\ChatHandler.php:26

actionwp_footerapp\Hooks\Handlers\ChatHandler.php:84

actionwp_enqueue_scriptsapp\Hooks\Handlers\ChatHandler.php:87

actiontemplate_redirectapp\Hooks\Handlers\NotificationHandler.php:25

actionwp_footerapp\Hooks\Handlers\NotificationHandler.php:81

actionwp_enqueue_scriptsapp\Hooks\Handlers\ShortcodeHandler.php:35

actionwp_social_ninja_add_layout_scriptapp\Hooks\Handlers\ShortcodeHandler.php:36

actionwp_footerapp\Hooks\Handlers\ShortcodeHandler.php:994

actionwp_footerapp\Hooks\Handlers\ShortcodeHandler.php:1197

actionwp_footerapp\Hooks\Handlers\ShortcodeHandler.php:1227

actionwpsocialreviews/get_chat_settingsapp\Services\Platforms\Chats\BaseChat.php:13

actionwpsocialreviews/delete_chat_settingsapp\Services\Platforms\Chats\BaseChat.php:14

actionwpsocialreviews/update_chat_settingsapp\Services\Platforms\Chats\BaseChat.php:15

filterwpsocialreviews/admin_app_varsapp\Services\Platforms\Chats\BaseChat.php:16

actionwpsr_email_report_scheduled_tasksapp\Services\Platforms\EmailNotification.php:12

filterwpsocialreviews/available_valid_feed_platformsapp\Services\Platforms\Feeds\BaseFeed.php:21

actionshutdownapp\Services\Platforms\Feeds\CacheHandler.php:222

actionwpsr_instagram_access_token_refresh_weeklyapp\Services\Platforms\Feeds\Instagram\InstagramFeed.php:46

actionwpsr_instagram_send_email_reportapp\Services\Platforms\Feeds\Instagram\InstagramFeed.php:47

filteroembed_providersapp\Services\Platforms\Feeds\Instagram\OEmbed.php:18

filteroembed_fetch_urlapp\Services\Platforms\Feeds\Instagram\OEmbed.php:20

filteroembed_resultapp\Services\Platforms\Feeds\Instagram\OEmbed.php:21

actionwpsocialreviews/check_instagram_access_token_validity_weeklyapp\Services\Platforms\ImageOptimizationHandler.php:36

actionwpsocialreviews/reset_dataapp\Services\Platforms\ImageOptimizationHandler.php:37

actionwpsr_scheduled_weeklyapp\Services\Platforms\PlatformData.php:39

actionwpsocialreviews/before_delete_old_dataapp\Services\Platforms\PlatformData.php:41

actionwpsocialreviews/review_reset_dataapp\Services\Platforms\ReviewImageOptimizationHandler.php:27

filterwpsocialreviews/available_valid_reviews_platformsapp\Services\Platforms\Reviews\BaseReview.php:33

actioninitapp\Services\Widgets\Beaver\BeaverWidget.php:10

actionelementor/frontend/after_register_stylesapp\Services\Widgets\ElementorWidget.php:10

actionelementor/frontend/after_enqueue_stylesapp\Services\Widgets\ElementorWidget.php:11

actionelementor/widgets/registerapp\Services\Widgets\ElementorWidget.php:13

actionelementor/initapp\Services\Widgets\ElementorWidget.php:14

actionwp_footerapp\Services\Widgets\Oxygen\FacebookWidget.php:574

actionwp_footerapp\Services\Widgets\Oxygen\InstagramWidget.php:468

actioninitapp\Services\Widgets\Oxygen\OxygenWidget.php:12

actionoxygen_add_plus_sectionsapp\Services\Widgets\Oxygen\OxygenWidget.php:13

actionoxygen_add_plus_wpsocialninja_section_contentapp\Services\Widgets\Oxygen\OxygenWidget.php:14

actionwp_footerapp\Services\Widgets\Oxygen\ReviewsWidget.php:298

actionwp_footerapp\Services\Widgets\Oxygen\TwitterWidget.php:560

actionwp_footerapp\Services\Widgets\Oxygen\YouTubeWidget.php:403

actionwp_footerapp\Services\Widgets\Oxygen\YouTubeWidget.php:404

actionplugins_loadedboot\app.php:27

actionadmin_noticesboot\app.php:30

actionwp_insert_sitewp-social-reviews.php:78

Scheduled Events 1

wpsr_cron_job

Maintenance & Trust

WP Social Ninja – Embed Social Feeds, User Reviews & Chat Widgets Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 29, 2026

PHP min version7.4

Downloads554K

Community Trust

Rating96/100

Number of ratings67

Active installs30K

Alternatives

WP Social Ninja – Embed Social Feeds, User Reviews & Chat Widgets Alternatives

ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema

reviewx

Drive woocommerce business growth with social proof: gather product reviews with multicriteria ratings, auto-reminder emails, discounts, and more.

9K 13 CVEs

Customer Reviews Collector for WooCommerce

customer-reviews-collector-for-woocommerce

Collect reviews on Google, Facebook, Yelp, Trustindex and other platforms automatically, with the help of our system.

5K 1 CVE

Merchant Center Reviews for Woocommerce

merchant-center-reviews-for-woocommerce

Merchant Center Reviews for WooCommerce automates the process of requesting reviews via Google Merchant Center, helping you collect valuable feedback.

300 No CVEs

Collect Reviews

collect-reviews

100

The ultimate WordPress plugin for automatically collecting reviews on any platform like Google or Facebook.

60 No CVEs

Reviews Sorted

reviews-sorted

Collect and display verified customer reviews with star ratings, schema markup, and Google reviews on your site.

20 1 unpatched

Developer Profile

WP Social Ninja – Embed Social Feeds, User Reviews & Chat Widgets Developer Profile

Mahmudul Hasan Arif

7 plugins · 40K total installs

trust score

Avg Security Score

87/100

Avg Patch Time

19 days

View full developer profile

Detection Fingerprints

How We Detect WP Social Ninja – Embed Social Feeds, User Reviews & Chat Widgets

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-social-reviews/assets/css/wpsocialreviews-frontend.css/wp-content/plugins/wp-social-reviews/assets/css/wpsocialreviews-editor.css/wp-content/plugins/wp-social-reviews/assets/js/wpsr-shortcode-block.js/wp-content/plugins/wp-social-reviews/assets/js/wpsocialreviews-frontend.js/wp-content/plugins/wp-social-reviews/assets/js/wpsocialreviews-editor.js/wp-content/plugins/wp-social-reviews/assets/js/wpsocialreviews-admin.js/wp-content/plugins/wp-social-reviews/assets/css/wpsocialreviews-admin.css

Script Paths

assets/js/wpsocialreviews-frontend.jsassets/js/wpsocialreviews-editor.js

Version Parameters

wp-social-reviews/assets/css/wpsocialreviews-frontend.css?ver=wp-social-reviews/assets/css/wpsocialreviews-editor.css?ver=wp-social-reviews/assets/js/wpsr-shortcode-block.js?ver=wp-social-reviews/assets/js/wpsocialreviews-frontend.js?ver=wp-social-reviews/assets/js/wpsocialreviews-editor.js?ver=wp-social-reviews/assets/js/wpsocialreviews-admin.js?ver=wp-social-reviews/assets/css/wpsocialreviews-admin.css?ver=

HTML / DOM Fingerprints

CSS Classes

wpsocialreviews-frontendwpsocialreviews-editor-wrapper

HTML Comments

+2 more

Data Attributes

data-wpsocialninja-optionsdata-wpsr-shortcode-id

JS Globals

wpSocialReviewsFrontendWPSocialReviewsEditor

Shortcode Output

[wpsocialreviews_reviews[wpsocialreviews_feed[wpsocialreviews_chat][wpsocialreviews_notification]

FAQ