Awesome Testimonials Security & Risk Analysis
wordpress.org/plugins/awesome-testimonialsIntegrate a testimonial into your WordPress web site.
Is Awesome Testimonials Safe to Use in 2026?
Use With Caution
Score 63/100Awesome Testimonials has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.
The "awesome-testimonials" v2.2.1 plugin exhibits a mixed security posture. While it has no critical or high severity vulnerabilities in its history, and the static analysis shows no dangerous functions, file operations, or external HTTP requests, there are significant areas of concern. A notable weakness is the complete absence of nonce checks and capability checks, which are fundamental security mechanisms in WordPress. The analysis of SQL queries reveals that only 11% use prepared statements, leaving a substantial portion potentially vulnerable to SQL injection. Furthermore, 35% of output escaping is not properly handled, creating risks of Cross-Site Scripting (XSS). The vulnerability history indicates a medium severity Cross-Site Request Forgery (CSRF) vulnerability that remains unpatched, suggesting a pattern of security oversight that needs immediate attention. Overall, while the plugin avoids some common pitfalls, the lack of essential security controls and the presence of unpatched vulnerabilities present a considerable risk.
Key Concerns
- Unpatched CVE (Medium Severity)
- Raw SQL queries (89% not prepared)
- Unescaped output (35% not escaped)
- Missing nonce checks
- Missing capability checks
Awesome Testimonials Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
Awesome Testimonials <= 2.2.1 - Cross-Site Request Forgery
Awesome Testimonials Code Analysis
SQL Query Safety
Output Escaping
Awesome Testimonials Attack Surface
Shortcodes 2
WordPress Hooks 7
Maintenance & Trust
Awesome Testimonials Maintenance & Trust
Maintenance Signals
Community Trust
Awesome Testimonials Alternatives
Testimonial Block
testimonial-wp-block
Display testimonials & gain instant credibility for your website or service.
Clean Testimonials
clean-testimonials
Add Testimonials to your WordPress website. Simple, easy, quick and clean.
Weeby Testimonial – WPBakery Addons
weeby-testimonial
A WPBakery Page Builder (formerly Visual Composer) testimonial addons.
Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More
reviews-feed
No API key required. Display Yelp and Google reviews for any business in a clean, customizable feed on your site.
Rich Showcase for Google Reviews
widget-google-reviews
Display up to 10 Google reviews in less than a minute. Continue collecting new reviews. No limits on connected places, widgets, shortcodes and blocks.
Awesome Testimonials Developer Profile
4 plugins · 80 total installs
How We Detect Awesome Testimonials
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/awesome-testimonials/css/pra_testimonial.css/wp-content/plugins/awesome-testimonials/js/jquery.carouFredSel-6.2.1.js/wp-content/plugins/awesome-testimonials/js/pra_testimonials.js/wp-content/plugins/awesome-testimonials/css/admin-style.css/wp-content/plugins/awesome-testimonials/js/jquery.carouFredSel-6.2.1.js/wp-content/plugins/awesome-testimonials/js/pra_testimonials.jsawesome-testimonials/css/pra_testimonial.css?ver=awesome-testimonials/js/jquery.carouFredSel-6.2.1.js?ver=awesome-testimonials/js/pra_testimonials.js?ver=awesome-testimonials/css/admin-style.css?ver=HTML / DOM Fingerprints
pra_rating_sectionpra_starsratingname="pra_ratings"name="pra_designation"