WP-Safety

WP Zillow Review Slider Security & Risk Analysis

wordpress.org/plugins/wp-zillow-review-slider

Allows you to easily display your Zillow reviews in your Posts, Pages, and Widget areas!

400 active installs v3.3 PHP + WP 3.0.1+ Updated Dec 3, 2025
realtorreviewsslidertestimonialszillow
100
A · Safe
CVEs total1
Unpatched0
Last CVEMay 30, 2022
Plugin page Download
Safety Verdict

Is WP Zillow Review Slider Safe to Use in 2026?

Generally Safe

Score 100/100

WP Zillow Review Slider has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: May 30, 2022Updated 4mo ago
Risk Assessment

The wp-zillow-review-slider plugin v3.3 exhibits a mixed security posture. While it demonstrates some good practices such as a moderate use of prepared statements for SQL queries and a decent number of nonce and capability checks, several concerning aspects are present. The presence of three unprotected AJAX handlers represents a significant attack surface, leaving the plugin vulnerable to unauthorized actions. The taint analysis shows no critical or high severity flows, which is a positive indicator, but the low percentage of properly escaped output (47%) suggests potential for Cross-Site Scripting (XSS) vulnerabilities that might not have been caught by the static analysis.

The plugin's vulnerability history includes one medium severity CVE related to XSS, last patched in May 2022. While there are no currently unpatched vulnerabilities, this history indicates a past susceptibility to XSS, reinforcing concerns about the output escaping. The overall risk is moderate; the lack of critical taint issues is reassuring, but the unprotected AJAX endpoints and the history of XSS vulnerabilities warrant careful attention and potential remediation.

Key Concerns

  • Unprotected AJAX handlers (3)
  • Low percentage of properly escaped output (47%)
  • Medium severity CVE in history (XSS)
Vulnerabilities
1

WP Zillow Review Slider Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2022-1915medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Zillow Review Slider <= 2.3 - Authenticated (Admin+) Stored Cross-Site Scripting

May 30, 2022 Patched in 2.4 (603d)
Code Analysis
Analyzed Mar 16, 2026

WP Zillow Review Slider Code Analysis

Dangerous Functions
0
Raw SQL Queries
18
14 prepared
Unescaped Output
63
56 escaped
Nonce Checks
4
Capability Checks
6
File Operations
3
External Requests
5
Bundled Libraries
0

SQL Query Safety

44% prepared32 total queries

Output Escaping

47% escaped119 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
<review_list> (admin\partials\review_list.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

WP Zillow Review Slider Attack Surface

Entry Points4
Unprotected3

AJAX Handlers 3

authwp_ajax_zillow_get_resultsincludes\class-wp-zillow-review-slider.php:278
authwp_ajax_zillow_hide_reviewincludes\class-wp-zillow-review-slider.php:281
authwp_ajax_zillow_find_reviewsincludes\class-wp-zillow-review-slider.php:284

Shortcodes 1

[wpzillow_usetemplate] public\class-wp-zillow-review-slider-public.php:133
WordPress Hooks 18
filtergettextadmin\class-wp-zillow-review-slider-admin.php:351
actionadmin_enqueue_scriptsincludes\class-wp-zillow-review-slider.php:264
actionadmin_enqueue_scriptsincludes\class-wp-zillow-review-slider.php:266
actionadmin_initincludes\class-wp-zillow-review-slider.php:272
actionadmin_menuincludes\class-wp-zillow-review-slider.php:275
actionplugins_loadedincludes\class-wp-zillow-review-slider.php:288
actionadmin_initincludes\class-wp-zillow-review-slider.php:295
actionplugins_loadedincludes\class-wp-zillow-review-slider.php:298
actionadmin_noticesincludes\class-wp-zillow-review-slider.php:304
actionwp_dashboard_setupincludes\class-wp-zillow-review-slider.php:307
actionadmin_menuincludes\class-wp-zillow-review-slider.php:310
actionadmin_headincludes\class-wp-zillow-review-slider.php:311
actionwp_enqueue_scriptsincludes\class-wp-zillow-review-slider.php:327
actionwp_enqueue_scriptsincludes\class-wp-zillow-review-slider.php:328
actioninitpublic\class-wp-zillow-review-slider-template_action.php:3
actionwprev_zillow_plugin_actionpublic\class-wp-zillow-review-slider-template_action.php:24
actionwidgets_initpublic\class-wp-zillow-review-slider-widget.php:91
actionwpzillow_daily_eventwp-zillow-review-slider.php:83

Scheduled Events 1

wpzillow_daily_event
Maintenance & Trust

WP Zillow Review Slider Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 3, 2025
PHP min version
Downloads15K

Community Trust

Rating100/100
Number of ratings9
Active installs400
Alternatives

WP Zillow Review Slider Alternatives

WP Google Review Slider

WP Google Review Slider

wp-google-places-review-slider

A
92

Display Google reviews on your site and even show user images! No address, no problem! Also works with Service Area Businesses and Products! Lightwei &hellip;

30K 6 CVEs
WP TripAdvisor Review Slider

WP TripAdvisor Review Slider

wp-tripadvisor-review-slider

A
94

Create a TripAdvisor review slider! Now with User Images! Easily display your TripAdvisor reviews in your Posts, Pages, and Widget areas!

8K 3 CVEs
WP Review Slider

WP Review Slider

wp-facebook-reviews

A
97

Use the official Facebook API to show off your review and recommendations in a slider or grid! A simple and easy way to display your Twitter and Faceb &hellip;

7K 4 CVEs
Solid Testimonials – Testimonial Slider, Video Testimonials & Customer Reviews

Solid Testimonials – Testimonial Slider, Video Testimonials & Customer Reviews

gs-testimonial

A
96

Showcase and automate customer reviews with ease - sliders, grids, filters, and more to boost trust and sales.

1K 6 CVEs
Testimonial Customer Feedback

Testimonial Customer Feedback

testimonial-maker

A
100

Display client testimonials with customizable layouts, slider effects, and responsive design. Simple setup with shortcode support.

1K No CVEs
Developer Profile

WP Zillow Review Slider Developer Profile

jgwhite33

11 plugins · 48K total installs

74
trust score
Avg Security Score
93/100
Avg Patch Time
201 days
View full developer profile
Detection Fingerprints

How We Detect WP Zillow Review Slider

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-zillow-review-slider/admin/css/wpzillow_admin.css/wp-content/plugins/wp-zillow-review-slider/admin/css/wpzillow_w3.css/wp-content/plugins/wp-zillow-review-slider/public/css/wprev-public_template1.css/wp-content/plugins/wp-zillow-review-slider/admin/js/wpzillow_simple-popup.min.js/wp-content/plugins/wp-zillow-review-slider/admin/js/wpzillow_review_list_page.js
Script Paths
/wp-content/plugins/wp-zillow-review-slider/admin/js/wpzillow_simple-popup.min.js/wp-content/plugins/wp-zillow-review-slider/admin/js/wpzillow_review_list_page.js
Version Parameters
wp-zillow-review-slider/admin/css/wpzillow_admin.css?ver=wp-zillow-review-slider/admin/css/wpzillow_w3.css?ver=wp-zillow-review-slider/public/css/wprev-public_template1.css?ver=wp-zillow-review-slider/admin/js/wpzillow_simple-popup.min.js?ver=wp-zillow-review-slider/admin/js/wpzillow_review_list_page.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpzillow-reviews-wrap
Data Attributes
data-wpzillow-iddata-wpzillow-review-countdata-wpzillow-review-date-formatdata-wpzillow-review-displaydata-wpzillow-review-rating-starsdata-wpzillow-review-title+4 more
JS Globals
adminjs_script_vars
Shortcode Output
[wpzillow_reviews]
FAQ

Frequently Asked Questions about WP Zillow Review Slider