WP Clinic
Log in Sign up

PLUGIN SECURITY

Is Wp Reviews Plugin For Google safe?

Known vulnerabilities, PHP compatibility and safer alternatives for the Wp Reviews Plugin For Google WordPress plugin — checked against WP Clinic's local security database.

Plugin details

  • Slug: wp-reviews-plugin-for-google
  • Requires PHP: 7.4+
  • Max supported PHP (analyzed): 8.4

Known vulnerabilities

  • Widgets for Google Reviews [wp-reviews-plugin-for-google] < 9.8 [CVE-2022-4470, WordPress Widgets for Google Reviews Plugin < 9.8 is vulnerable to Cross Site Scripting (XSS), Widgets for Google Reviews < 9.8 - Authenticated (Contributor+) Stored XSS, Widgets for Google Reviews &lt; 9.8 - Contributor+ Stored XSS]
  • Widgets for Google Reviews [wp-reviews-plugin-for-google] < 10.9.1 [CVE-2023-3254, Widgets for Google Reviews <= 10.9 - Cross-Site Request Forgery to Plugin Settings Reset, WordPress Widgets for Google Reviews Plugin <= 10.9 is vulnerable to Cross Site Request Forgery (CSRF), Widgets for Google Reviews &lt; 10.9.1 - Arbitrary Settings Update via CSRF]
  • Widgets for Google Reviews [wp-reviews-plugin-for-google] < 11.1 [CVE-2023-48275, WordPress Widgets for Google Reviews Plugin <= 11.0.2 is vulnerable to Arbitrary File Upload, Multiple Plugins by Trustindex.io <= (Various Versions)- Authenticated (Editor+) Arbitrary File Upload, Multiple Plugins by Trustindex.io &lt;= (Various Versions)- Authenticated (Editor+) Arbitrary File Upload]
  • Widgets for Google Reviews [wp-reviews-plugin-for-google] < 13.2.5 [CVE-2025-12510, Widgets for Google Reviews <= 13.2.4 - Unauthenticated Stored Cross-Site Scripting via Google Reviews]
  • Widgets for Google Reviews [wp-reviews-plugin-for-google] < 13.2.2 [Widgets for Google Reviews <= 13.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via trustindex Shortcode, Widgets for Google Reviews <= 13.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via trustindex Shortcode]
+ 1 more known vulnerability
  • Widgets for Google Reviews [wp-reviews-plugin-for-google] < 13.3.1 [CVE-2026-11591, Widgets for Google Reviews <= 13.3 - Authenticated (Editor+) Stored Cross-Site Scripting via 'fomo-title' and 'fomo-text' Parameters]

Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.

Safer / more established alternatives

Check your own WordPress site

Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.