WP-Safety

WP TripAdvisor Review Slider Security & Risk Analysis

wordpress.org/plugins/wp-tripadvisor-review-slider

Create a TripAdvisor review slider! Now with User Images! Easily display your TripAdvisor reviews in your Posts, Pages, and Widget areas!

8K active installs v14.2 PHP + WP 3.0.1+ Updated Feb 9, 2026
reviewstestimonialstripadvisortripadvisor-reviewstripadvisor-slider
89
A · Safe
CVEs total4
Unpatched0
Last CVEMar 23, 2026
Plugin page Download
Safety Verdict

Is WP TripAdvisor Review Slider Safe to Use in 2026?

Generally Safe

Score 89/100

WP TripAdvisor Review Slider has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

4 known CVEsLast CVE: Mar 23, 2026Updated 3mo ago
Risk Assessment

The wp-tripadvisor-review-slider plugin exhibits a mixed security posture. While it demonstrates some good security practices like a significant number of nonce and capability checks, and a substantial portion of SQL queries using prepared statements, there are notable areas of concern. The presence of 3 unprotected AJAX handlers represents a significant attack surface, as these are direct entry points into the plugin that could be exploited without proper authentication.

The static analysis also highlights that almost half of the output escaping is not properly handled, increasing the risk of Cross-Site Scripting (XSS) vulnerabilities. Although the taint analysis shows no critical or high severity flows, the presence of a flow with unsanitized paths is concerning and could potentially lead to unexpected behavior or further vulnerabilities.

The plugin's vulnerability history is a major red flag. With 3 known CVEs, including one critical and one high severity, it indicates a pattern of past security weaknesses. The fact that the last vulnerability was very recent (2024-05-27) suggests ongoing security challenges. While there are currently no unpatched vulnerabilities, the recurring nature of XSS and SQL injection issues in its history, coupled with the static analysis findings, paints a picture of a plugin that requires vigilant monitoring and prompt patching.

Key Concerns

  • Unprotected AJAX handlers
  • Insufficient output escaping
  • Flow with unsanitized paths
  • Past Critical CVEs
  • Past High CVEs
  • Past Medium CVEs
  • Bundled Freemius v1.0
Vulnerabilities
4 published

WP TripAdvisor Review Slider Security Vulnerabilities

CVEs by Year

2 CVEs in 2023
2023
1 CVE in 2024
2024
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Critical
1
High
1
Medium
2

4 total CVEs

CVE-2026-32490medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP TripAdvisor Review Slider <= 14.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Mar 23, 2026 Patched in 14.2 (4d)
CVE-2024-35630critical · 9.1Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

WP TripAdvisor Review Slider <= 12.6 - Authenticated (Administrator+) SQL Injection

May 27, 2024 Patched in 12.7 (10d)
CVE-2023-6037medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP TripAdvisor Review Slider <= 11.8 - Authenticated (Admin+) Stored Cross-Site Scripting

Dec 11, 2023 Patched in 11.9 (58d)
CVE-2023-0261high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

WP TripAdvisor Review Slider <= 10.7 - Authenticated (Subscriber+) SQL Injection

Jan 23, 2023 Patched in 10.8 (365d)
Version History

WP TripAdvisor Review Slider Release Timeline

v14.2Current
v14.11 CVE
CVE-2026-32490
v14.01 CVE
CVE-2026-32490
v13.91 CVE
CVE-2026-32490
v13.81 CVE
CVE-2026-32490
v13.71 CVE
CVE-2026-32490
v13.61 CVE
CVE-2026-32490
v13.51 CVE
CVE-2026-32490
v13.41 CVE
CVE-2026-32490
v13.31 CVE
CVE-2026-32490
v13.21 CVE
CVE-2026-32490
v13.11 CVE
CVE-2026-32490
v13.01 CVE
CVE-2026-32490
v12.91 CVE
CVE-2026-32490
v12.81 CVE
CVE-2026-32490
v12.71 CVE
CVE-2026-32490
v12.62 CVEs
CVE-2026-32490 CVE-2024-35630
v12.52 CVEs
CVE-2026-32490 CVE-2024-35630
v12.42 CVEs
CVE-2026-32490 CVE-2024-35630
v12.32 CVEs
CVE-2026-32490 CVE-2024-35630
Code Analysis
Analyzed Mar 16, 2026

WP TripAdvisor Review Slider Code Analysis

Dangerous Functions
0
Raw SQL Queries
21
19 prepared
Unescaped Output
84
79 escaped
Nonce Checks
8
Capability Checks
12
File Operations
4
External Requests
7
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

48% prepared40 total queries

Output Escaping

48% escaped163 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

6 flows1 with unsanitized paths
wprpfree_getapps_getrevs_page_tripadvisor (admin\class-wp-tripadvisor-review-slider-admin.php:1382)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

WP TripAdvisor Review Slider Attack Surface

Entry Points4
Unprotected3

AJAX Handlers 3

authwp_ajax_tripadvisor_get_resultsincludes\class-wp-tripadvisor-review-slider.php:279
authwp_ajax_tripadvisor_hide_reviewincludes\class-wp-tripadvisor-review-slider.php:282
authwp_ajax_tripadvisor_find_reviewsincludes\class-wp-tripadvisor-review-slider.php:285

Shortcodes 1

[wptripadvisor_usetemplate] public\class-wp-tripadvisor-review-slider-public.php:158
WordPress Hooks 18
filtergettextadmin\class-wp-tripadvisor-review-slider-admin.php:732
actionplugins_loadedincludes\class-wp-tripadvisor-review-slider.php:250
actionadmin_enqueue_scriptsincludes\class-wp-tripadvisor-review-slider.php:265
actionadmin_enqueue_scriptsincludes\class-wp-tripadvisor-review-slider.php:267
actionadmin_initincludes\class-wp-tripadvisor-review-slider.php:273
actionadmin_menuincludes\class-wp-tripadvisor-review-slider.php:276
actionplugins_loadedincludes\class-wp-tripadvisor-review-slider.php:289
actionadmin_initincludes\class-wp-tripadvisor-review-slider.php:293
actionplugins_loadedincludes\class-wp-tripadvisor-review-slider.php:296
actionadmin_noticesincludes\class-wp-tripadvisor-review-slider.php:302
actionwp_dashboard_setupincludes\class-wp-tripadvisor-review-slider.php:305
actionadmin_menuincludes\class-wp-tripadvisor-review-slider.php:308
actionadmin_headincludes\class-wp-tripadvisor-review-slider.php:309
actionwp_enqueue_scriptsincludes\class-wp-tripadvisor-review-slider.php:325
actionwp_enqueue_scriptsincludes\class-wp-tripadvisor-review-slider.php:326
actioninitpublic\class-wp-tripadvisor-review-slider-template_action.php:3
actionwprev_tripadvisor_plugin_actionpublic\class-wp-tripadvisor-review-slider-template_action.php:24
actionwidgets_initpublic\class-wp-tripadvisor-review-slider-widget.php:96

Scheduled Events 1

wptripadvisor_daily_event
Maintenance & Trust

WP TripAdvisor Review Slider Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 9, 2026
PHP min version
Downloads412K

Community Trust

Rating96/100
Number of ratings132
Active installs8K
Alternatives

WP TripAdvisor Review Slider Alternatives

Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More

Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More

reviews-feed

A
99

No API key required. Display Yelp and Google reviews for any business in a clean, customizable feed on your site.

100K 2 CVEs
Rich Showcase for Google Reviews

Rich Showcase for Google Reviews

widget-google-reviews

A
89

Display up to 10 Google reviews in less than a minute. Continue collecting new reviews. No limits on connected places, widgets, shortcodes and blocks.

100K 6 CVEs
Site Reviews

Site Reviews

site-reviews

A
96

Site Reviews is a complete review management solution that integrates with WooCommerce and SureCart and works similarly to reviews on Amazon, Tripadvi &hellip;

60K 13 CVEs
WP Google Review Slider

WP Google Review Slider

wp-google-places-review-slider

A
94

Display Google reviews on your site and even show user images! No address, no problem! Also works with Service Area Businesses and Products! Lightwei &hellip;

30K 6 CVEs
WP Tripadvisor Review Widgets

WP Tripadvisor Review Widgets

review-widgets-for-tripadvisor

A
100

Embed Tripadvisor reviews fast and easily into your WordPress site. Increase SEO, trust and sales using Tripadvisor reviews.

20K No CVEs
Developer Profile

WP TripAdvisor Review Slider Developer Profile

jgwhite33

11 plugins · 48K total installs

74
trust score
Avg Security Score
93/100
Avg Patch Time
184 days
View full developer profile
Detection Fingerprints

How We Detect WP TripAdvisor Review Slider

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-tripadvisor-review-slider/public/css/wprev-public_template1.css/wp-content/plugins/wp-tripadvisor-review-slider/admin/css/wprev_w3.css/wp-content/plugins/wp-tripadvisor-review-slider/admin/css/wptripadvisor_admin.css/wp-content/plugins/wp-tripadvisor-review-slider/admin/css/wptripadvisor_w3.css
Version Parameters
/wp-content/plugins/wp-tripadvisor-review-slider/admin/css/wprev_w3.css?ver=/wp-content/plugins/wp-tripadvisor-review-slider/admin/css/wptripadvisor_admin.css?ver=/wp-content/plugins/wp-tripadvisor-review-slider/admin/css/wptripadvisor_w3.css?ver=/wp-content/plugins/wp-tripadvisor-review-slider/public/css/wprev-public_template1.css?ver=

HTML / DOM Fingerprints

CSS Classes
wprev_w3wptripadvisor_adminwptripadvisor_w3
FAQ

Frequently Asked Questions about WP TripAdvisor Review Slider