WP-Safety

WP Yelp Review Slider Security & Risk Analysis

wordpress.org/plugins/wp-yelp-review-slider

Create a Yelp review slider! Allows you to easily display your Yelp business reviews in your Posts, Pages, and Widget areas.

1K active installs v8.3 PHP + WP 3.0.1+ Updated Dec 3, 2025
reviewsslidertestimonialsyelp
98
A · Safe
CVEs total2
Unpatched0
Last CVEFeb 23, 2025
Plugin page Download
Safety Verdict

Is WP Yelp Review Slider Safe to Use in 2026?

Generally Safe

Score 98/100

WP Yelp Review Slider has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Feb 23, 2025Updated 4mo ago
Risk Assessment

The wp-yelp-review-slider plugin exhibits a mixed security posture. While it demonstrates good practices such as a reasonable number of nonce and capability checks, and the absence of bundled libraries, several concerning areas exist. The static analysis reveals a significant attack surface with 3 out of 4 entry points lacking authentication checks, including AJAX handlers. Furthermore, only 50% of output is properly escaped, and 46% of SQL queries do not use prepared statements, indicating potential vulnerabilities for cross-site scripting (XSS) and SQL injection, respectively. The vulnerability history, with 2 known CVEs including a high and medium severity SQL injection, reinforces these concerns and suggests a recurring pattern of input validation and sanitization issues. Although there are no currently unpatched vulnerabilities, the past history and static analysis findings point to areas that require immediate attention to mitigate risks.

Key Concerns

  • Unprotected AJAX handlers
  • SQL queries not using prepared statements
  • Improperly escaped output
  • High severity past SQL Injection vulnerability
  • Medium severity past SQL Injection vulnerability
  • Flows with unsanitized paths
Vulnerabilities
2

WP Yelp Review Slider Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
1

2 total CVEs

CVE-2025-26946medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

WP Yelp Review Slider <= 8.1 - Authenticated (Administrator+) SQL Injection

Feb 23, 2025 Patched in 8.2 (9d)
CVE-2023-0263high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

WP Yelp Review Slider <= 7.0 - Authenticated (Subscriber+) SQL Injection

Jan 23, 2023 Patched in 7.1 (365d)
Code Analysis
Analyzed Mar 16, 2026

WP Yelp Review Slider Code Analysis

Dangerous Functions
0
Raw SQL Queries
20
17 prepared
Unescaped Output
72
72 escaped
Nonce Checks
9
Capability Checks
7
File Operations
4
External Requests
5
Bundled Libraries
0

SQL Query Safety

46% prepared37 total queries

Output Escaping

50% escaped144 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

6 flows1 with unsanitized paths
wpyelp_download_yelp_master (admin\class-wp-yelp-review-slider-admin.php:768)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

WP Yelp Review Slider Attack Surface

Entry Points4
Unprotected3

AJAX Handlers 3

authwp_ajax_yelp_get_resultsincludes\class-wp-yelp-review-slider.php:347
authwp_ajax_yelp_hide_reviewincludes\class-wp-yelp-review-slider.php:350
authwp_ajax_yelp_find_reviewsincludes\class-wp-yelp-review-slider.php:353

Shortcodes 1

[wpyelp_usetemplate] public\class-wp-yelp-review-slider-public.php:135
WordPress Hooks 19
filtergettextadmin\class-wp-yelp-review-slider-admin.php:653
actionplugins_loadedincludes\class-wp-yelp-review-slider.php:318
actionadmin_enqueue_scriptsincludes\class-wp-yelp-review-slider.php:333
actionadmin_enqueue_scriptsincludes\class-wp-yelp-review-slider.php:335
actionadmin_initincludes\class-wp-yelp-review-slider.php:341
actionadmin_menuincludes\class-wp-yelp-review-slider.php:344
actionplugins_loadedincludes\class-wp-yelp-review-slider.php:357
actionadmin_initincludes\class-wp-yelp-review-slider.php:364
actionplugins_loadedincludes\class-wp-yelp-review-slider.php:367
actionwpyelp_daily_eventincludes\class-wp-yelp-review-slider.php:370
actionadmin_noticesincludes\class-wp-yelp-review-slider.php:373
actionwp_dashboard_setupincludes\class-wp-yelp-review-slider.php:376
actionadmin_menuincludes\class-wp-yelp-review-slider.php:379
actionadmin_headincludes\class-wp-yelp-review-slider.php:380
actionwp_enqueue_scriptsincludes\class-wp-yelp-review-slider.php:394
actionwp_enqueue_scriptsincludes\class-wp-yelp-review-slider.php:395
actioninitpublic\class-wp-yelp-review-slider-template_action.php:3
actionwprev_yelp_plugin_actionpublic\class-wp-yelp-review-slider-template_action.php:24
actionwidgets_initpublic\class-wp-yelp-review-slider-widget.php:91
Maintenance & Trust

WP Yelp Review Slider Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 3, 2025
PHP min version
Downloads60K

Community Trust

Rating98/100
Number of ratings23
Active installs1K
Alternatives

WP Yelp Review Slider Alternatives

Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More

Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More

reviews-feed

A
99

No API key required. Display Yelp and Google reviews for any business in a clean, customizable feed on your site.

100K 2 CVEs
WP Google Review Slider

WP Google Review Slider

wp-google-places-review-slider

A
92

Display Google reviews on your site and even show user images! No address, no problem! Also works with Service Area Businesses and Products! Lightwei &hellip;

30K 6 CVEs
WP TripAdvisor Review Slider

WP TripAdvisor Review Slider

wp-tripadvisor-review-slider

A
94

Create a TripAdvisor review slider! Now with User Images! Easily display your TripAdvisor reviews in your Posts, Pages, and Widget areas!

8K 3 CVEs
WP Review Slider

WP Review Slider

wp-facebook-reviews

A
97

Use the official Facebook API to show off your review and recommendations in a slider or grid! A simple and easy way to display your Twitter and Faceb &hellip;

7K 4 CVEs
Solid Testimonials – Testimonial Slider, Video Testimonials & Customer Reviews

Solid Testimonials – Testimonial Slider, Video Testimonials & Customer Reviews

gs-testimonial

A
96

Showcase and automate customer reviews with ease - sliders, grids, filters, and more to boost trust and sales.

1K 6 CVEs
Developer Profile

WP Yelp Review Slider Developer Profile

jgwhite33

11 plugins · 48K total installs

74
trust score
Avg Security Score
93/100
Avg Patch Time
201 days
View full developer profile
Detection Fingerprints

How We Detect WP Yelp Review Slider

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-yelp-review-slider/admin/css/wpyelp_admin.css/wp-content/plugins/wp-yelp-review-slider/admin/css/wpyelp_w3.css/wp-content/plugins/wp-yelp-review-slider/public/css/wprev-public_template1.css/wp-content/plugins/wp-yelp-review-slider/admin/js/wpyelp_simple-popup.min.js/wp-content/plugins/wp-yelp-review-slider/admin/js/wpyelp_review_list_page.js
Script Paths
/wp-content/plugins/wp-yelp-review-slider/admin/js/wpyelp_simple-popup.min.js/wp-content/plugins/wp-yelp-review-slider/admin/js/wpyelp_review_list_page.js
Version Parameters
wp-yelp-review-slider/admin/css/wpyelp_admin.css?ver=wp-yelp-review-slider/admin/css/wpyelp_w3.css?ver=wp-yelp-review-slider/public/css/wprev-public_template1.css?ver=wp-yelp-review-slider/admin/js/wpyelp_simple-popup.min.js?ver=wp-yelp-review-slider/admin/js/wpyelp_review_list_page.js?ver=

HTML / DOM Fingerprints

JS Globals
adminjs_script_vars
FAQ

Frequently Asked Questions about WP Yelp Review Slider