Does WP Thumbtack Review Slider have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Thumbtack Review Slider have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Thumbtack Review Slider compatible with WordPress 6.9.4?

According to WordPress.org data, WP Thumbtack Review Slider 2.7 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is WP Thumbtack Review Slider updated?

WP Thumbtack Review Slider was last updated on Dec 3, 2025. Frequent updates are generally a positive security signal.

What is WP Thumbtack Review Slider's security score?

WP Thumbtack Review Slider has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Thumbtack Review Slider Security & Risk Analysis

wordpress.org/plugins/wp-thumbtack-review-slider

Easily create a slider of your Thumbtack business reviews to show in your Posts, Pages, and Widget areas!

100 active installs v2.7 PHP + WP 3.0.1+ Updated Dec 3, 2025

gridreviewsslidertestimonialsthumbtack

A · Safe

CVEs total1

Unpatched0

Last CVEAug 27, 2025

Plugin page Download

Safety Verdict

Is WP Thumbtack Review Slider Safe to Use in 2026?

Generally Safe

Score 99/100

WP Thumbtack Review Slider has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Aug 27, 2025Updated 4mo ago

Risk Assessment

The "wp-thumbtack-review-slider" plugin v2.7 presents a mixed security posture. While the absence of critical or high severity taint flows and the relatively low percentage of raw SQL queries are positive signs, there are significant areas of concern. The presence of three unprotected AJAX handlers significantly expands the attack surface and creates immediate vulnerabilities for various attacks. Furthermore, the low percentage of properly escaped output means that user-supplied data, if it can be injected into these unprotected AJAX endpoints, is highly susceptible to Cross-Site Scripting (XSS) attacks.

The plugin's vulnerability history, though it currently has no unpatched CVEs, shows a past medium severity vulnerability related to Cross-Site Scripting. This pattern suggests a recurring weakness in how user input is handled, reinforcing the risks identified in the static analysis. While the plugin does employ nonce and capability checks on some entry points, the majority of its AJAX endpoints are left exposed, creating a clear risk. In conclusion, despite some good practices like a reasonable number of nonce checks and some use of prepared statements, the significant number of unprotected AJAX handlers and the prevalence of unescaped output make this plugin a considerable security risk.

Key Concerns

Unprotected AJAX handlers
Low output escaping percentage
Medium severity XSS vulnerability history
SQL queries not always prepared

Vulnerabilities

WP Thumbtack Review Slider Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-58216medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Thumbtack Review Slider <= 2.6 - Authenticated (Administrator+) Stored Cross-Site Scripting

Aug 27, 2025 Patched in 2.7 (8d)

Code Analysis

Analyzed Mar 16, 2026

WP Thumbtack Review Slider Code Analysis

Dangerous Functions

Raw SQL Queries

17 prepared

Unescaped Output

56 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

45% prepared38 total queries

Output Escaping

46% escaped122 total outputs

Data Flows

All sanitized

Data Flow Analysis

5 flows

wpthumbtack_hidereview_ajax (admin\class-wp-thumbtack-review-slider-admin.php:431)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

WP Thumbtack Review Slider Attack Surface

Entry Points4

Unprotected3

AJAX Handlers 3

authwp_ajax_thumbtack_get_resultsincludes\class-wp-thumbtack-review-slider.php:204

authwp_ajax_thumbtack_hide_reviewincludes\class-wp-thumbtack-review-slider.php:207

authwp_ajax_thumbtack_find_reviewsincludes\class-wp-thumbtack-review-slider.php:210

Shortcodes 1

[wpthumbtack_usetemplate] public\class-wp-thumbtack-review-slider-public.php:136

WordPress Hooks 19

filtergettextadmin\class-wp-thumbtack-review-slider-admin.php:656

actionplugins_loadedincludes\class-wp-thumbtack-review-slider.php:175

actionadmin_enqueue_scriptsincludes\class-wp-thumbtack-review-slider.php:190

actionadmin_enqueue_scriptsincludes\class-wp-thumbtack-review-slider.php:192

actionadmin_initincludes\class-wp-thumbtack-review-slider.php:198

actionadmin_menuincludes\class-wp-thumbtack-review-slider.php:201

actionplugins_loadedincludes\class-wp-thumbtack-review-slider.php:214

actionmedia_buttonsincludes\class-wp-thumbtack-review-slider.php:217

actionadmin_headincludes\class-wp-thumbtack-review-slider.php:218

actionadmin_initincludes\class-wp-thumbtack-review-slider.php:221

actionplugins_loadedincludes\class-wp-thumbtack-review-slider.php:224

actionadmin_menuincludes\class-wp-thumbtack-review-slider.php:230

actionadmin_headincludes\class-wp-thumbtack-review-slider.php:231

actionwp_enqueue_scriptsincludes\class-wp-thumbtack-review-slider.php:247

actionwp_enqueue_scriptsincludes\class-wp-thumbtack-review-slider.php:248

actioninitpublic\class-wp-thumbtack-review-slider-template_action.php:3

actionwprev_thumbtack_plugin_actionpublic\class-wp-thumbtack-review-slider-template_action.php:24

actionwidgets_initpublic\class-wp-thumbtack-review-slider-widget.php:91

actionwpthumbtack_daily_eventwp-thumbtack-review-slider.php:80

Scheduled Events 1

wpthumbtack_daily_event

Maintenance & Trust

WP Thumbtack Review Slider Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 3, 2025

PHP min version

Downloads6K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

WP Thumbtack Review Slider Alternatives

WP Google Review Slider

wp-google-places-review-slider

Display Google reviews on your site and even show user images! No address, no problem! Also works with Service Area Businesses and Products! Lightwei …

30K 6 CVEs

WP TripAdvisor Review Slider

wp-tripadvisor-review-slider

Create a TripAdvisor review slider! Now with User Images! Easily display your TripAdvisor reviews in your Posts, Pages, and Widget areas!

8K 4 CVEs

WP Review Slider

wp-facebook-reviews

Use the official Facebook API to show off your review and recommendations in a slider or grid! A simple and easy way to display your Twitter and Faceb …

7K 5 CVEs

Solid Testimonials – Testimonial Slider, Video Testimonials & Customer Reviews

gs-testimonial

Showcase and automate customer reviews with ease - sliders, grids, filters, and more to boost trust and sales.

1K 6 CVEs

Testimonial Customer Feedback

testimonial-maker

100

Display client testimonials with customizable layouts, slider effects, and responsive design. Simple setup with shortcode support.

1K No CVEs

Developer Profile

WP Thumbtack Review Slider Developer Profile

jgwhite33

11 plugins · 48K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

184 days

View full developer profile

Detection Fingerprints

How We Detect WP Thumbtack Review Slider

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-thumbtack-review-slider/public/css/wprev-public_template1.css/wp-content/plugins/wp-thumbtack-review-slider/admin/css/wpthumbtack_admin.css/wp-content/plugins/wp-thumbtack-review-slider/admin/css/wpthumbtack_w3.css/wp-content/plugins/wp-thumbtack-review-slider/admin/js/wpthumbtack_simple-popup.min.js/wp-content/plugins/wp-thumbtack-review-slider/admin/js/wpthumbtack_review_list_page.js

Script Paths

/wp-content/plugins/wp-thumbtack-review-slider/admin/js/wpthumbtack_simple-popup.min.js/wp-content/plugins/wp-thumbtack-review-slider/admin/js/wpthumbtack_review_list_page.js

Version Parameters

wp-thumbtack-review-slider/public/css/wprev-public_template1.css?ver=wp-thumbtack-review-slider/admin/css/wpthumbtack_admin.css?ver=wp-thumbtack-review-slider/admin/css/wpthumbtack_w3.css?ver=wp-thumbtack-review-slider/admin/js/wpthumbtack_simple-popup.min.js?ver=wp-thumbtack-review-slider/admin/js/wpthumbtack_review_list_page.js?ver=

HTML / DOM Fingerprints

CSS Classes

wpthumbtack_review_itemwpthumbtack_review_listwpthumbtack_review_item_titlewpthumbtack_review_item_authorwpthumbtack_review_item_datewpthumbtack_review_item_ratingwpthumbtack_review_item_textwpthumbtack_review_item_photo+5 more

HTML Comments

Data Attributes

data-nonce

JS Globals

adminjs_script_vars

FAQ