PLUGIN SECURITY
Is Wp Reviews Plugin For Google safe?
Known vulnerabilities, PHP compatibility and safer alternatives for the Wp Reviews Plugin For Google WordPress plugin — checked against WP Clinic's local security database.
Plugin details
- Slug:
wp-reviews-plugin-for-google - Requires PHP: 7.4+
- Max supported PHP (analyzed): 8.4
Known vulnerabilities
- Widgets for Google Reviews [wp-reviews-plugin-for-google] < 9.8 [CVE-2022-4470, WordPress Widgets for Google Reviews Plugin < 9.8 is vulnerable to Cross Site Scripting (XSS), Widgets for Google Reviews < 9.8 - Authenticated (Contributor+) Stored XSS, Widgets for Google Reviews < 9.8 - Contributor+ Stored XSS]
- Widgets for Google Reviews [wp-reviews-plugin-for-google] < 10.9.1 [CVE-2023-3254, Widgets for Google Reviews <= 10.9 - Cross-Site Request Forgery to Plugin Settings Reset, WordPress Widgets for Google Reviews Plugin <= 10.9 is vulnerable to Cross Site Request Forgery (CSRF), Widgets for Google Reviews < 10.9.1 - Arbitrary Settings Update via CSRF]
- Widgets for Google Reviews [wp-reviews-plugin-for-google] < 11.1 [CVE-2023-48275, WordPress Widgets for Google Reviews Plugin <= 11.0.2 is vulnerable to Arbitrary File Upload, Multiple Plugins by Trustindex.io <= (Various Versions)- Authenticated (Editor+) Arbitrary File Upload, Multiple Plugins by Trustindex.io <= (Various Versions)- Authenticated (Editor+) Arbitrary File Upload]
- Widgets for Google Reviews [wp-reviews-plugin-for-google] < 13.2.5 [CVE-2025-12510, Widgets for Google Reviews <= 13.2.4 - Unauthenticated Stored Cross-Site Scripting via Google Reviews]
- Widgets for Google Reviews [wp-reviews-plugin-for-google] < 13.2.2 [Widgets for Google Reviews <= 13.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via trustindex Shortcode, Widgets for Google Reviews <= 13.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via trustindex Shortcode]
+ 1 more known vulnerability
- Widgets for Google Reviews [wp-reviews-plugin-for-google] < 13.3.1 [CVE-2026-11591, Widgets for Google Reviews <= 13.3 - Authenticated (Editor+) Stored Cross-Site Scripting via 'fomo-title' and 'fomo-text' Parameters]
Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.
Safer / more established alternatives
- Site Kit by Google – Analytics, Search Console, AdSense, Speed — 5000000+ active installs
- Google for WooCommerce — 800000+ active installs
- GA Google Analytics – Connect Google Analytics to WordPress — 400000+ active installs — max PHP 8.4
- OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. — 300000+ active installs
- Nextend Social Login and Register — 200000+ active installs — max PHP <8.0
Check your own WordPress site
Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.