Vulnerabilities and security researches forwp-reviews-plugin-for-google wp-reviews-plugin-for-google

May 06, 2025

PSC, Research URL: PSC-2025-64569
Home page URL: Security reports for Widgets for Google Reviews
Application: Widgets for Google Reviews
Date: May 06, 2025
Research Description: Widgets for Google Reviews is a powerful WordPress plugin designed to help businesses build trust and increase conversions by seamlessly displaying up to 10 Google reviews in stylish, responsive widgets. With over 40 widget layouts and 25 pre-designed styles, this plugin ensures your customer feedback is not only visible but also visually aligned with your brand. Whether you’re a small local business or a growing e-commerce brand, this plugin makes it effortless to integrate user-generated reviews directly into your site, boosting both credibility and SEO performance. Beyond the attractive visuals and functionality, Widgets for Google Reviews has undergone extensive code-level security analysis and proudly holds the Plugin Security Certification (PSC-2025-64569) issued by CleanTalk, validating its commitment to secure development practices.
Affected versions: Min -, max -.
Status: SAFE & CERTIFIED

Jun 07, 2024

CVE, Research URL: CVE-2022-4470
Home page URL: Security reports for Widgets for Google Reviews
Application: Widgets for Google Reviews
Date: Jan 31, 2023
Research Description: The Widgets for Google Reviews WordPress plugin before 9.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-3254
Home page URL: Security reports for Widgets for Google Reviews
Application: Widgets for Google Reviews
Date: Oct 18, 2023
Research Description: The Widgets for Google Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.9. This is due to missing or incorrect nonce validation within setup_no_reg_header.php. This makes it possible for unauthenticated attackers to reset plugin settings and remove reviews via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-48275
Home page URL: Security reports for Widgets for Google Reviews
Application: Widgets for Google Reviews
Date: Mar 27, 2024
Research Description: Unrestricted Upload of File with Dangerous Type vulnerability in Trustindex.Io Widgets for Google Reviews.This issue affects Widgets for Google Reviews: from n/a through 11.0.2.
Affected versions: Min -, max -.
Status: vulnerable