Plugin: wp-reviews-plugin-for-google

Alerts (0)

No open alerts.

Show 3 resolved alerts

High code_scan_match Resolved · code_scan_fp_class_vendor_cdn_enqueue 2026-05-05 11:20:42 (17d ago)

Slug wp-reviews-plugin-for-google

Finding count 7

Findings

Pattern	Kind	File	Line	Snippet	Confidence	Details
`remote_enqueue`	`builtin`	`trustindex-plugin.class.php`	6,095	wp_enqueue_style('trustindex-widget-preview-'.$fileName, "https://cdn.trustindex.io/assets/widget-presetted-css/v2/$fileName", [], true);	`medium`	Url https://cdn.trustindex.io/assets/widget-presetted-css/v2/$fileName Url host `cdn.trustindex.io`
`remote_enqueue`	`builtin`	`trustindex-plugin.class.php`	6,146	wp_enqueue_script('trustindex-loader-js', 'https://cdn.trustindex.io/loader.js', [], true, [	`medium`	Url https://cdn.trustindex.io/loader.js Url host `cdn.trustindex.io`
`remote_enqueue`	`builtin`	`wp-reviews-plugin-for-google.php`	81	wp_register_script('trustindex-loader-js', 'https://cdn.trustindex.io/loader.js', [], true, [	`medium`	Url https://cdn.trustindex.io/loader.js Url host `cdn.trustindex.io`
`remote_enqueue`	`builtin`	`tabs/free-widget-configurator.php`	476	wp_enqueue_style('trustindex-widget-preview-css', 'https://cdn.trustindex.io/assets/ti-preview-box.css', [], true);	`medium`	Url https://cdn.trustindex.io/assets/ti-preview-box.css Url host `cdn.trustindex.io`
`remote_enqueue`	`builtin`	`tabs/my-reviews.php`	142	wp_enqueue_style('trustindex-widget-css', 'https://cdn.trustindex.io/assets/widget-presetted-css/4-light-background.css', [], true);	`medium`	Url https://cdn.trustindex.io/assets/widget-presetted-css/4-light-background.css Url host `cdn.trustindex.io`
`remote_enqueue`	`builtin`	`tabs/my-reviews.php`	143	wp_enqueue_script('trustindex-review-js', 'https://cdn.trustindex.io/assets/js/trustindex-review.js', [], true, true);	`medium`	Url https://cdn.trustindex.io/assets/js/trustindex-review.js Url host `cdn.trustindex.io`
`remote_enqueue`	`builtin`	`tabs/rate-us.php`	3	wp_enqueue_script('trustindex-js', 'https://cdn.trustindex.io/loader.js', [], true, true);	`medium`	Url https://cdn.trustindex.io/loader.js Url host `cdn.trustindex.io`

Resolved sha 309145b6a734c63580269341f73ef50d4fc86122

View raw JSON

{
    "slug": "wp-reviews-plugin-for-google",
    "finding_count": 7,
    "findings": [
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "trustindex-plugin.class.php",
            "line": 6095,
            "snippet": "wp_enqueue_style('trustindex-widget-preview-'.$fileName, \"https://cdn.trustindex.io/assets/widget-presetted-css/v2/$fileName\", [], true);",
            "confidence": "medium",
            "details": {
                "url": "https://cdn.trustindex.io/assets/widget-presetted-css/v2/$fileName",
                "url_host": "cdn.trustindex.io"
            }
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "trustindex-plugin.class.php",
            "line": 6146,
            "snippet": "wp_enqueue_script('trustindex-loader-js', 'https://cdn.trustindex.io/loader.js', [], true, [",
            "confidence": "medium",
            "details": {
                "url": "https://cdn.trustindex.io/loader.js",
                "url_host": "cdn.trustindex.io"
            }
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "wp-reviews-plugin-for-google.php",
            "line": 81,
            "snippet": "wp_register_script('trustindex-loader-js', 'https://cdn.trustindex.io/loader.js', [], true, [",
            "confidence": "medium",
            "details": {
                "url": "https://cdn.trustindex.io/loader.js",
                "url_host": "cdn.trustindex.io"
            }
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "tabs/free-widget-configurator.php",
            "line": 476,
            "snippet": "wp_enqueue_style('trustindex-widget-preview-css', 'https://cdn.trustindex.io/assets/ti-preview-box.css', [], true);",
            "confidence": "medium",
            "details": {
                "url": "https://cdn.trustindex.io/assets/ti-preview-box.css",
                "url_host": "cdn.trustindex.io"
            }
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "tabs/my-reviews.php",
            "line": 142,
            "snippet": "wp_enqueue_style('trustindex-widget-css', 'https://cdn.trustindex.io/assets/widget-presetted-css/4-light-background.css', [], true);",
            "confidence": "medium",
            "details": {
                "url": "https://cdn.trustindex.io/assets/widget-presetted-css/4-light-background.css",
                "url_host": "cdn.trustindex.io"
            }
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "tabs/my-reviews.php",
            "line": 143,
            "snippet": "wp_enqueue_script('trustindex-review-js', 'https://cdn.trustindex.io/assets/js/trustindex-review.js', [], true, true);",
            "confidence": "medium",
            "details": {
                "url": "https://cdn.trustindex.io/assets/js/trustindex-review.js",
                "url_host": "cdn.trustindex.io"
            }
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "tabs/rate-us.php",
            "line": 3,
            "snippet": "wp_enqueue_script('trustindex-js', 'https://cdn.trustindex.io/loader.js', [], true, true);",
            "confidence": "medium",
            "details": {
                "url": "https://cdn.trustindex.io/loader.js",
                "url_host": "cdn.trustindex.io"
            }
        }
    ],
    "resolved_sha": "309145b6a734c63580269341f73ef50d4fc86122"
}

Critical code_pattern Resolved · no_longer_matches 2026-04-24 15:56:44 (28d ago)

Slug	wp-reviews-plugin-for-google
Pattern	`unserialize_after_remote_call`
Kind	`builtin`
Version	`13.2.9`
Hit count	1
First hit	File `trustindex-plugin.class.php` Line 7,088 Snippet L7078: $wpResponse = wp_remote_post( → L7088: $wpRepoResponse = unserialize(wp_remote_retrieve_body($wpResponse));
Explanation	a remote HTTP fetch (`wp_remote_*`/`curl_exec`) is followed by `unserialize`/`maybe_unserialize` within the same file — classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. Legit plugins essentially never do this.

View raw JSON

{
    "slug": "wp-reviews-plugin-for-google",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "13.2.9",
    "hit_count": 1,
    "first_hit": {
        "file": "trustindex-plugin.class.php",
        "line": 7088,
        "snippet": "L7078: $wpResponse = wp_remote_post(  \u2192  L7088: $wpRepoResponse = unserialize(wp_remote_retrieve_body($wpResponse));"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*`/`curl_exec`) is followed by `unserialize`/`maybe_unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. Legit plugins essentially never do this."
}

Critical code_scan_delta Resolved · fp_wporg_official_api 2026-04-24 15:43:16 (28d ago)

Slug wp-reviews-plugin-for-google

Previous version 13.2.9

Current version 13.2.9

New findings

Pattern	Kind	File	Line	Snippet	Confidence
`unserialize_after_remote_call`	`builtin`	`trustindex-plugin.class.php`	7,088	L7078: $wpResponse = wp_remote_post( → L7088: $wpRepoResponse = unserialize(wp_remote_retrieve_body($wpResponse));	`high`

New finding count 1

View raw JSON

{
    "slug": "wp-reviews-plugin-for-google",
    "previous_version": "13.2.9",
    "current_version": "13.2.9",
    "new_findings": [
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "trustindex-plugin.class.php",
            "line": 7088,
            "snippet": "L7078: $wpResponse = wp_remote_post(  \u2192  L7088: $wpRepoResponse = unserialize(wp_remote_retrieve_body($wpResponse));",
            "confidence": "high"
        }
    ],
    "new_finding_count": 1
}

SVN committers (2)

Accounts with actual commit access to wp-reviews-plugin-for-google on plugins.svn.wordpress.org, reconstructed from svn log. This is the list that matters for ownership changes — not the readme contributors.

Committer	Member since	Commits	First commit	Latest commit
Trustindex	2019-01-17	200	2019-11-13 · r2191352	2026-04-14 · r3505974
plugin-master	2007-03-09	1	2019-11-12 · r2190939	2019-11-12 · r2190939

Readme contributors (1)

Names the plugin's readme declares as contributors. A soft signal — anyone can be listed. The SVN access column is the ground-truth cross-reference: does this contributor actually commit code?

Contributor	Member since	SVN access	Status
Trustindex	2019-01-17	200 commits	Active

Versions (19 most recent)

Version	Released	Download
13.2.9	2026-04-14 · 1mo ago	zip
13.2.8	2026-03-19 · 2mo ago	zip
13.2.7	2026-01-20 · 4mo ago	zip
13.2.6	2026-01-15 · 4mo ago	zip
13.2.5	2025-11-20 · 6mo ago	zip
13.1	2025-09-01 · 8mo ago	zip
13.0	2025-07-24 · 10mo ago	zip
12.9	2025-07-08 · 10mo ago	zip
12.8	2025-06-05 · 11mo ago	zip
12.7.6	2025-05-28 · 11mo ago	zip
12.6.1	2025-03-06 · 1y ago	zip
12.5	2025-01-10 · 1y ago	zip
12.4.7	2024-12-10 · 1y ago	zip
12.3	2024-10-10 · 1y ago	zip
12.2	2024-09-19 · 1y ago	zip
12.1.2	2024-09-02 · 1y ago	zip
12.0	2024-07-23 · 1y ago	zip
11.9	2024-06-25 · 1y ago	zip
10.9.1	2023-10-17 · 2y ago	zip

Widgets for Google Reviews

Alerts (0)

SVN committers (2)

Readme contributors (1)

Versions (19 most recent)