Does WP Client Testimonials have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Client Testimonials compatible with WordPress 4.9.29?

According to WordPress.org data, WP Client Testimonials 1.0.0 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is WP Client Testimonials updated?

WP Client Testimonials was last updated on Jul 6, 2018. Frequent updates are generally a positive security signal.

What is WP Client Testimonials's security score?

WP Client Testimonials has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Client Testimonials Security & Risk Analysis

wordpress.org/plugins/alpharage-testimonials

This plugin allows you to create and display testimonials on multiple Styles.

0 active installs v1.0.0 PHP + WP 4.9.6+ Updated Jul 6, 2018

client-testimonialsclients-feedbackclients-testimonialtestimonialtestimonials

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Client Testimonials Safe to Use in 2026?

Generally Safe

Score 85/100

WP Client Testimonials has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The "alpharage-testimonials" plugin v1.0.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices by not using dangerous functions, all SQL queries are prepared, and it has no file operations or external HTTP requests. The vulnerability history is also clean, indicating no previously discovered or unpatched vulnerabilities, which is a strong indicator of responsible development or a lack of focused security auditing by attackers.

However, there are significant concerns regarding its attack surface. Two out of three total entry points, specifically the AJAX handlers, lack authentication checks. This exposes these handlers to unauthorized access and potential exploitation. While taint analysis shows no flows, the presence of unprotected AJAX endpoints creates a direct pathway for attackers to potentially interact with the plugin in unintended ways. The moderate percentage of properly escaped output also suggests a slight risk of cross-site scripting vulnerabilities if sensitive data is not handled with care.

In conclusion, the plugin has a clean historical record and good internal coding practices regarding database queries and external interactions. Nevertheless, the unprotected AJAX endpoints represent a critical weakness that significantly increases its risk profile. The moderate output escaping also warrants attention. A balanced assessment highlights its potential but emphasizes the immediate need to address the exposed AJAX handlers.

Key Concerns

AJAX handlers without authentication checks
AJAX handlers without authentication checks
Output escaping is not fully implemented

Vulnerabilities

None known

WP Client Testimonials Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

WP Client Testimonials Release Timeline

No version history available.

Code Analysis

Analyzed Mar 17, 2026

WP Client Testimonials Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

20 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

57% escaped35 total outputs

Attack Surface

2 unprotected

WP Client Testimonials Attack Surface

Entry Points3

Unprotected2

AJAX Handlers 2

authwp_ajax_get_testimonialadmin\partials\alpharage-testimonials-shortcode-builder.php:16

noprivwp_ajax_get_testimonialadmin\partials\alpharage-testimonials-shortcode-builder.php:17

Shortcodes 1

[alpharage-testimonial] public\partials\alpharage-testimonials-public-display.php:156

WordPress Hooks 11

actionadmin_menuadmin\partials\alpharage-testimonials-menu-page.php:14

actioninitadmin\partials\alpharage-testimonials-post-type.php:182

actioninitadmin\partials\alpharage-testimonials-post-type.php:183

actionadd_meta_boxesadmin\partials\alpharage-testimonials-post-type.php:184

actionsave_postadmin\partials\alpharage-testimonials-post-type.php:185

filtermce_external_pluginsadmin\partials\alpharage-testimonials-shortcode-builder.php:18

filtermce_buttonsadmin\partials\alpharage-testimonials-shortcode-builder.php:19

actionplugins_loadedincludes\class-alpharage-testimonials.php:144

actioninitincludes\class-alpharage-testimonials.php:159

actionintiincludes\class-alpharage-testimonials.php:160

actioninitincludes\class-alpharage-testimonials.php:161

Maintenance & Trust

WP Client Testimonials Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedJul 6, 2018

PHP min version

Downloads1K

Community Trust

Rating100/100

Number of ratings1

Active installs0

Alternatives

WP Client Testimonials Alternatives

Simple Testimonials Showcase

simple-testimonials-showcase

This plugin allows you to create and display testimonials in multiple ways.

600 2 unpatched

Responsive Testimonials

responsive-testimonials

100

A responsive, clean and easy way to display testimonials. Create testimonials, add authors and their jobs and copy-paste the shortcode into any page.

400 No CVEs

Testimonials

wp-testimonials-oiiio

responsive testimonials plugin. Make your testimonial slider modern and clean.

20 No CVEs

Kento Clients Feedback

kento-clients-feedback

Display Cleants Feedback or Testimonials

10 No CVEs

Smart Testimonials plugin

smart-testimonials

Smart testimonials plugin will allow webmaster to turn the boring looking testimonials into a fancy attractive page with several formatting options.

10 No CVEs

Developer Profile

WP Client Testimonials Developer Profile

alpharages

1 plugin · 0 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Client Testimonials

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/alpharage-testimonials/admin/css/alpharage-testimonials-admin.css/wp-content/plugins/alpharage-testimonials/admin/css/bootstrap.css/wp-content/plugins/alpharage-testimonials/admin/css/bootstrap-extended.css/wp-content/plugins/alpharage-testimonials/admin/css/testimonial-tab.css/wp-content/plugins/alpharage-testimonials/admin/js/bootstrap.js/wp-content/plugins/alpharage-testimonials/admin/js/alpharage-testimonials-admin.js/wp-content/plugins/alpharage-testimonials/public/css/font-awesome.css/wp-content/plugins/alpharage-testimonials/public/css/alpharage-testimonials-public.css

Script Paths

/wp-content/plugins/alpharage-testimonials/admin/js/alpharage-testimonials-admin.js/wp-content/plugins/alpharage-testimonials/admin/js/bootstrap.js

Version Parameters

alpharage-testimonials-admin.css?ver=bootstrap.css?ver=bootstrap-extended.css?ver=testimonial-tab.css?ver=bootstrap.js?ver=alpharage-testimonials-admin.js?ver=font-awesome.css?ver=alpharage-testimonials-public.css?ver=

HTML / DOM Fingerprints

CSS Classes

alprt-testimonial-content

Data Attributes

data-alprt-id

JS Globals

ALPRT_testimonial_data

Shortcode Output

[alprt_testimonials]

FAQ