WP-Safety

YayReviews – Advanced Customer Reviews for WooCommerce Security & Risk Analysis

wordpress.org/plugins/yay-customer-reviews-woocommerce

Automatically send follow-up emails to remind customers to rate your products. Boost your Woo Commerce store's credibility and increase sales.

30 active installs v1.0.7 PHP 5.4+ WP 4.7+ Updated Mar 2, 2026
customer-reviewsemail-automationproduct-reviewsreview-reminderrewards
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is YayReviews – Advanced Customer Reviews for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

YayReviews – Advanced Customer Reviews for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "yay-customer-reviews-woocommerce" plugin v1.0.7 exhibits a generally good security posture with a notable emphasis on secure coding practices. The plugin effectively utilizes prepared statements for a high percentage of its SQL queries and demonstrates strong output escaping, indicating a proactive approach to preventing common web vulnerabilities. The absence of any known CVEs and a solid number of capability checks further bolster its security profile.

However, the taint analysis reveals two flows with high severity unsanitized paths. While the static analysis doesn't explicitly detail the nature of these flows, the presence of unsanitized paths is a significant concern, potentially leading to vulnerabilities if these paths are exposed to user input. The plugin also performs file operations and external HTTP requests, which, while not inherently insecure, can become vectors for attack if not handled with extreme care and validation, especially in conjunction with unsanitized data.

Despite the positive aspects, the high severity taint flows introduce a considerable risk that outweighs the plugin's otherwise robust security measures. The lack of historical vulnerabilities is positive, suggesting good development over time, but it does not negate the risks identified in the current static analysis. Overall, the plugin has a strong foundation but requires immediate attention to address the identified high-severity taint flows to ensure its security.

Key Concerns

  • High severity taint flows detected
  • Flows with unsanitized paths
Vulnerabilities
None known

YayReviews – Advanced Customer Reviews for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

YayReviews – Advanced Customer Reviews for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
36
132 prepared
Unescaped Output
78
1072 escaped
Nonce Checks
8
Capability Checks
27
File Operations
15
External Requests
9
Bundled Libraries
0

SQL Query Safety

79% prepared168 total queries

Output Escaping

93% escaped1150 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

7 flows5 with unsanitized paths
handle_unsubscribe (src\Hooks\EmailSchedulerHooks.php:220)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

YayReviews – Advanced Customer Reviews for WooCommerce Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 3

authwp_ajax_yay_recommended_get_plugin_datasrc\YayCommerceMenu\OtherPluginsMenu.php:27
authwp_ajax_yay_recommended_activate_pluginsrc\YayCommerceMenu\OtherPluginsMenu.php:28
authwp_ajax_yay_recommended_upgrade_pluginsrc\YayCommerceMenu\OtherPluginsMenu.php:29
WordPress Hooks 153
actionadmin_menusrc\Admin\AdminMenu.php:17
actionadmin_enqueue_scriptssrc\Admin\AdminMenu.php:18
actionadmin_enqueue_scriptssrc\Admin\AdminMenu.php:21
filteradmin_body_classsrc\Admin\AdminMenu.php:31
actionproduct_cat_add_form_fieldssrc\Hooks\CategoryMetaHooks.php:23
actionproduct_cat_edit_form_fieldssrc\Hooks\CategoryMetaHooks.php:24
actioncreated_product_catsrc\Hooks\CategoryMetaHooks.php:27
actionedited_product_catsrc\Hooks\CategoryMetaHooks.php:28
actionupdated_term_metasrc\Hooks\CategoryMetaHooks.php:31
actionadded_term_metasrc\Hooks\CategoryMetaHooks.php:32
actiondeleted_term_metasrc\Hooks\CategoryMetaHooks.php:33
actionwoocommerce_order_status_completedsrc\Hooks\EmailSchedulerHooks.php:26
actionwoocommerce_order_status_cancelledsrc\Hooks\EmailSchedulerHooks.php:27
actionwoocommerce_order_status_refundedsrc\Hooks\EmailSchedulerHooks.php:28
actioninitsrc\Hooks\EmailSchedulerHooks.php:36
actioninitsrc\Hooks\EmailSchedulerHooks.php:39
actioncomment_postsrc\Hooks\EmailSchedulerHooks.php:42
actionyayrev_cleanup_import_filessrc\Hooks\ImportHooks.php:26
actioninitsrc\Hooks\ImportHooks.php:29
filtercomment_form_field_commentsrc\Hooks\MediaUploadHooks.php:29
actioncomment_postsrc\Hooks\MediaUploadHooks.php:32
filtercomment_form_defaultssrc\Hooks\MediaUploadHooks.php:35
actionwp_enqueue_scriptssrc\Hooks\MediaUploadHooks.php:38
actiondelete_commentsrc\Hooks\MediaUploadHooks.php:41
actioncomment_form_topsrc\Hooks\MediaUploadHooks.php:150
actioninitsrc\Hooks\MyAccountHooks.php:23
filterquery_varssrc\Hooks\MyAccountHooks.php:26
filterwoocommerce_account_menu_itemssrc\Hooks\MyAccountHooks.php:29
actionwoocommerce_account_reviews_endpointsrc\Hooks\MyAccountHooks.php:32
actionwp_enqueue_scriptssrc\Hooks\MyAccountHooks.php:35
actioninitsrc\Hooks\MyAccountHooks.php:38
actionwoocommerce_product_options_reviewssrc\Hooks\ProductMetaHooks.php:23
actionwoocommerce_process_product_metasrc\Hooks\ProductMetaHooks.php:26
actionupdated_post_metasrc\Hooks\ProductMetaHooks.php:29
actionadded_post_metasrc\Hooks\ProductMetaHooks.php:30
actiondeleted_post_metasrc\Hooks\ProductMetaHooks.php:31
filterwoocommerce_product_get_rating_htmlsrc\Hooks\RatingDisplayHooks.php:26
filterwoocommerce_get_star_rating_htmlsrc\Hooks\RatingDisplayHooks.php:29
actioncomment_form_before_fieldssrc\Hooks\RatingDisplayHooks.php:32
actioncomment_form_logged_in_aftersrc\Hooks\RatingDisplayHooks.php:33
actionwp_enqueue_scriptssrc\Hooks\RatingDisplayHooks.php:36
actionyayrev_enqueue_rating_stylessrc\Hooks\RatingDisplayHooks.php:39
actionwp_footersrc\Hooks\RatingDisplayHooks.php:97
actionyayrev_before_reviews_listsrc\Hooks\RatingSummaryHooks.php:38
actionwp_enqueue_scriptssrc\Hooks\RatingSummaryHooks.php:41
filtercomments_clausessrc\Hooks\RatingSummaryHooks.php:44
actioncomment_postsrc\Hooks\RatingSummaryHooks.php:47
actiondelete_commentsrc\Hooks\RatingSummaryHooks.php:48
actionwp_set_comment_statussrc\Hooks\RatingSummaryHooks.php:49
actionwoocommerce_review_after_comment_textsrc\Hooks\ReviewActionHooks.php:33
actionwoocommerce_review_after_comment_textsrc\Hooks\ReviewActionHooks.php:36
actionyayrev_review_rating_rowsrc\Hooks\ReviewActionHooks.php:39
actionwp_enqueue_scriptssrc\Hooks\ReviewActionHooks.php:42
actionwoocommerce_review_after_comment_textsrc\Hooks\ReviewActionHooks.php:45
filtercomments_templatesrc\Hooks\ReviewDisplayHooks.php:37
filterwc_get_templatesrc\Hooks\ReviewDisplayHooks.php:39
filteryayrev_reviews_wrapper_classsrc\Hooks\ReviewDisplayHooks.php:42
filtercomments_arraysrc\Hooks\ReviewDisplayHooks.php:45
filterget_comment_authorsrc\Hooks\ReviewDisplayHooks.php:48
filterget_avatarsrc\Hooks\ReviewDisplayHooks.php:51
filterget_comment_authorsrc\Hooks\ReviewDisplayHooks.php:54
filterget_comment_datesrc\Hooks\ReviewDisplayHooks.php:57
filtercomment_classsrc\Hooks\ReviewDisplayHooks.php:60
actioncomment_postsrc\Hooks\ReviewDisplayHooks.php:63
filterwoocommerce_review_before_comment_textsrc\Hooks\ReviewDisplayHooks.php:66
filterwoocommerce_review_after_comment_textsrc\Hooks\ReviewDisplayHooks.php:69
actionyayrev_review_rating_rowsrc\Hooks\ReviewDisplayHooks.php:72
actionyayrev_review_rating_rowsrc\Hooks\ReviewDisplayHooks.php:73
actionyayrev_review_after_rating_rowsrc\Hooks\ReviewDisplayHooks.php:75
actionyayrev_before_reviews_listsrc\Hooks\ReviewDisplayHooks.php:78
actionwp_enqueue_scriptssrc\Hooks\ReviewDisplayHooks.php:81
filterscript_loader_tagsrc\Hooks\ReviewDisplayHooks.php:84
filterpre_option_comments_per_pagesrc\Hooks\ReviewDisplayHooks.php:87
filterpre_option_page_commentssrc\Hooks\ReviewDisplayHooks.php:90
filtermanage_product_page_product-reviews_columnssrc\Hooks\ReviewEnhancedAdminHooks.php:19
actionwoocommerce_product_reviews_table_column_yayrev_titlesrc\Hooks\ReviewEnhancedAdminHooks.php:22
actionwoocommerce_product_reviews_table_column_yayrev_mediasrc\Hooks\ReviewEnhancedAdminHooks.php:23
actionwoocommerce_product_reviews_table_column_yayrev_locationsrc\Hooks\ReviewEnhancedAdminHooks.php:24
filtermanage_product_page_product-reviews_sortable_columnssrc\Hooks\ReviewEnhancedAdminHooks.php:27
filtercomments_clausessrc\Hooks\ReviewEnhancedAdminHooks.php:30
actionadd_meta_boxes_commentsrc\Hooks\ReviewEnhancedAdminHooks.php:33
actionadmin_headsrc\Hooks\ReviewEnhancedAdminHooks.php:36
actionadmin_enqueue_scriptssrc\Hooks\ReviewEnhancedAdminHooks.php:39
actiontemplate_redirectsrc\Hooks\ReviewFilterHooks.php:31
actionwp_enqueue_scriptssrc\Hooks\ReviewFilterHooks.php:32
actioncomment_form_logged_in_aftersrc\Hooks\ReviewFormHooks.php:35
actioncomment_form_before_fieldssrc\Hooks\ReviewFormHooks.php:36
filterallow_empty_commentsrc\Hooks\ReviewFormHooks.php:39
filterduplicate_comment_idsrc\Hooks\ReviewFormHooks.php:42
filterpreprocess_commentsrc\Hooks\ReviewFormHooks.php:45
filterpre_comment_approvedsrc\Hooks\ReviewFormHooks.php:48
actioncomment_postsrc\Hooks\ReviewFormHooks.php:51
filtercomment_form_field_commentsrc\Hooks\ReviewFormHooks.php:54
filtercomment_form_field_commentsrc\Hooks\ReviewFormHooks.php:55
filtercomment_form_submit_buttonsrc\Hooks\ReviewFormHooks.php:58
filtercomment_form_submit_buttonsrc\Hooks\ReviewFormHooks.php:61
filterwpseo_schema_productsrc\Hooks\SchemaHooks.php:33
filterrank_math/snippet/rich_snippet_product_entitysrc\Hooks\SchemaHooks.php:39
actionwp_headsrc\Hooks\SchemaHooks.php:44
actioninitsrc\Http\Controllers\TrackingController.php:32
actionyaymail_init_startsrc\Integrations\YayMail\Bootstrap.php:32
actionadmin_enqueue_scriptssrc\Integrations\YayMail\Bootstrap.php:34
actionyaymail_register_emailssrc\Integrations\YayMail\Bootstrap.php:59
actionyaymail_register_shortcodessrc\Integrations\YayMail\Bootstrap.php:62
actionyaymail_register_elementssrc\Integrations\YayMail\Bootstrap.php:65
actionyayrev_automation_rule_deletedsrc\Integrations\YayMail\Bootstrap.php:68
actionyayrev_reward_item_deletedsrc\Integrations\YayMail\Bootstrap.php:69
filterpre_set_site_transient_update_pluginssrc\License\EDD_SL_Plugin_Updater.php:74
filterplugins_apisrc\License\EDD_SL_Plugin_Updater.php:75
actionadmin_initsrc\License\EDD_SL_Plugin_Updater.php:78
filterpre_set_site_transient_update_pluginssrc\License\EDD_SL_Plugin_Updater.php:254
actionadmin_noticessrc\License\LicenseHandler.php:37
filterplugins_listsrc\License\LicenseHandler.php:38
actionadmin_enqueue_scriptssrc\License\LicenseHandler.php:40
actionyaycommerce_licenses_pagesrc\License\LicenseHandler.php:41
filteryaycommerce_licensing_pluginssrc\License\LicenseHandler.php:42
actionadmin_noticessrc\License\LicenseHandler.php:45
actionadmin_initsrc\License\LicenseHandler.php:57
filterauto_update_pluginsrc\License\LicenseHandler.php:58
filtercron_schedulessrc\License\LicenseHandler.php:92
actioncheck_license_cronsrc\License\LicenseHandler.php:93
actionrest_api_initsrc\License\RestAPI.php:12
actionrest_api_initsrc\Plugin.php:462
actioninitsrc\Plugin.php:465
actioninitsrc\Plugin.php:468
actioncomment_postsrc\Plugin.php:473
actionedit_commentsrc\Plugin.php:479
actiondeleted_commentsrc\Plugin.php:485
actionwoocommerce_order_status_changedsrc\Plugin.php:490
actionadmin_noticessrc\Plugin.php:495
actionadmin_noticessrc\Plugin.php:496
filterplugin_row_metasrc\Plugin.php:500
actionadmin_footersrc\Register\RegisterDev.php:16
actioninitsrc\Register\RegisterDev.php:18
filterscript_loader_tagsrc\Register\RegisterFacade.php:15
actioninitsrc\Register\RegisterFacade.php:16
filterpre_load_script_translationssrc\Register\RegisterFacade.php:17
actioninitsrc\Register\RegisterProd.php:13
filtercomments_template_query_argssrc\Services\ReviewFilterService.php:49
filtercomments_clausessrc\Services\ReviewFilterService.php:52
filtercomments_clausessrc\Services\ReviewFilterService.php:131
filtercomments_clausessrc\Services\ReviewFilterService.php:148
filtercomments_clausessrc\Services\ReviewFilterService.php:241
actionwp_enqueue_scriptssrc\Support\Assets.php:22
actionadmin_enqueue_scriptssrc\YayCommerceMenu\LicensesMenu.php:27
actionadmin_enqueue_scriptssrc\YayCommerceMenu\OtherPluginsMenu.php:30
actionadmin_enqueue_scriptssrc\YayCommerceMenu\OtherPluginsMenu.php:94
actionadmin_enqueue_scriptssrc\YayCommerceMenu\RegisterMenu.php:57
actionadmin_menusrc\YayCommerceMenu\RegisterMenu.php:58
actionadmin_menusrc\YayCommerceMenu\RegisterMenu.php:59
actionadmin_noticesyay-customer-reviews-woocommerce.php:49
actionplugins_loadedyay-customer-reviews-woocommerce.php:57
actionbefore_woocommerce_inityay-customer-reviews-woocommerce.php:73

Scheduled Events 1

check_license_cron
Maintenance & Trust

YayReviews – Advanced Customer Reviews for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 2, 2026
PHP min version5.4
Downloads908

Community Trust

Rating100/100
Number of ratings3
Active installs30
Alternatives

YayReviews – Advanced Customer Reviews for WooCommerce Alternatives

Photo Reviews for WooCommerce

Photo Reviews for WooCommerce

woo-photo-reviews

A
100

Let customers attach photos to reviews, enhanced with filterable grids and overall ratings. Auto-send review reminders and coupon emails

10K No CVEs
ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema

ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema

reviewx

A
93

Drive woocommerce business growth with social proof: gather product reviews with multicriteria ratings, auto-reminder emails, discounts, and more.

9K 9 CVEs
WiserReview Product Reviews for WooCommerce

WiserReview Product Reviews for WooCommerce

wiser-review

A
100

Collect, manage, and display powerful product reviews and testimonials for WooCommerce stores. Boost trust and conversion with automated review collec …

700 No CVEs
Mail Mage

Mail Mage

mail-mage

A
92

Recover Abandoned WooCommerce cart emails, send WooCommerce Product reminder emails, Automate your WordPress marketing workflows to help convert, reta …

30 No CVEs
Customer Reviews for WooCommerce

Customer Reviews for WooCommerce

customer-reviews-woocommerce

A
88

Customer Reviews for WooCommerce plugin helps you get more sales with social proof. Set up automated review reminders and increase conversion rate.

80K 19 CVEs
Developer Profile

YayReviews – Advanced Customer Reviews for WooCommerce Developer Profile

YayCommerce

16 plugins · 78K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
133 days
View full developer profile
Detection Fingerprints

How We Detect YayReviews – Advanced Customer Reviews for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/yay-customer-reviews-woocommerce/assets/images/wp-content/plugins/yay-customer-reviews-woocommerce/assets/css/style.css/wp-content/plugins/yay-customer-reviews-woocommerce/assets/css/admin-style.css/wp-content/plugins/yay-customer-reviews-woocommerce/assets/js/frontend.js/wp-content/plugins/yay-customer-reviews-woocommerce/assets/js/admin.js
Script Paths
/wp-content/plugins/yay-customer-reviews-woocommerce/assets/js/frontend.js/wp-content/plugins/yay-customer-reviews-woocommerce/assets/js/admin.js
Version Parameters
yay-customer-reviews-woocommerce/assets/css/style.css?ver=yay-customer-reviews-woocommerce/assets/css/admin-style.css?ver=yay-customer-reviews-woocommerce/assets/js/frontend.js?ver=yay-customer-reviews-woocommerce/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
yay-ui
Data Attributes
data-yayrev-media-upload
JS Globals
yayrevData
REST Endpoints
/yayrev/v1
FAQ

Frequently Asked Questions about YayReviews – Advanced Customer Reviews for WooCommerce