Does B Testimonial – Customer Testimonials in Custom Layouts have any unpatched vulnerabilities?

No. All known vulnerabilities in B Testimonial – Customer Testimonials in Custom Layouts have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is B Testimonial – Customer Testimonials in Custom Layouts compatible with WordPress 6.9.4?

According to WordPress.org data, B Testimonial – Customer Testimonials in Custom Layouts 1.2.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is B Testimonial – Customer Testimonials in Custom Layouts compatible with PHP 7.1+?

B Testimonial – Customer Testimonials in Custom Layouts requires PHP 7.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

B Testimonial – Customer Testimonials in Custom Layouts Security & Risk Analysis

wordpress.org/plugins/b-testimonial

Testimonial slider are an important part of any website. You can add as many as testimonial carousel you want easily.

100 active installs v1.2.4 PHP 7.1+ WP 5.6+ Updated Unknown

carouselslidertestimonialtestimonial-plugintestimonial-slider

A · Safe

CVEs total1

Unpatched0

Last CVEDec 3, 2024

Plugin page Download

Safety Verdict

Is B Testimonial – Customer Testimonials in Custom Layouts Safe to Use in 2026?

Generally Safe

Score 99/100

B Testimonial – Customer Testimonials in Custom Layouts has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 3, 2024

Risk Assessment

The b-testimonial plugin, version 1.2.4, presents a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries and having a high percentage of properly escaped output. The absence of dangerous functions, file operations, and bundled libraries also contributes to a generally safer codebase. The fact that there are no currently unpatched CVEs is also a strong indicator of responsible maintenance.

However, significant concerns arise from the attack surface. With 10 total entry points, 4 of which lack authentication checks, there is a considerable risk of unauthorized access or actions being performed. Specifically, the presence of unprotected AJAX handlers is a prime area for potential exploitation. While the taint analysis didn't reveal critical or high severity issues, the 3 flows with unsanitized paths warrant careful consideration and suggest potential weaknesses in input validation that could lead to vulnerabilities if exploited in conjunction with other factors.

The vulnerability history shows a single medium severity CVE related to Cross-Site Scripting, which was recently patched. While this is positive, it highlights that XSS vulnerabilities have been a past issue for this plugin, and the remaining unprotected entry points could potentially reintroduce such risks if input isn't rigorously sanitized.

Key Concerns

Unprotected AJAX handlers
Unsanitized taint flows
Medium severity XSS vulnerability history

Vulnerabilities

B Testimonial – Customer Testimonials in Custom Layouts Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-11880medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

B Testimonial – testimonial plugin for WP <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 3, 2024 Patched in 1.2.3 (1d)

Code Analysis

Analyzed Mar 16, 2026

B Testimonial – Customer Testimonials in Custom Layouts Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

262

805 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

75% escaped1067 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

6 flows3 with unsanitized paths

show_all_content_callback (inc\shortcode-free.php:24)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

B Testimonial – Customer Testimonials in Custom Layouts Attack Surface

Entry Points10

Unprotected4

AJAX Handlers 9

authwp_ajax_csf-get-iconsadmin\codestar-framework\functions\actions.php:50

authwp_ajax_csf-exportadmin\codestar-framework\functions\actions.php:87

authwp_ajax_csf-importadmin\codestar-framework\functions\actions.php:123

authwp_ajax_csf-resetadmin\codestar-framework\functions\actions.php:150

authwp_ajax_csf-chosenadmin\codestar-framework\functions\actions.php:189

authwp_ajax_show_all_review_contentinc\shortcode-free.php:10

noprivwp_ajax_show_all_review_contentinc\shortcode-free.php:11

authwp_ajax_show_less_review_contentinc\shortcode-free.php:13

noprivwp_ajax_show_less_review_contentinc\shortcode-free.php:14

Shortcodes 1

[b_testimonial] inc\shortcode-free.php:8

WordPress Hooks 71

actionwp_enqueue_scriptsadmin\codestar-framework\classes\abstract.class.php:20

actionadmin_menuadmin\codestar-framework\classes\admin-options.class.php:106

actionadmin_bar_menuadmin\codestar-framework\classes\admin-options.class.php:107

actionnetwork_admin_menuadmin\codestar-framework\classes\admin-options.class.php:111

filteradmin_footer_textadmin\codestar-framework\classes\admin-options.class.php:487

actionadd_meta_boxes_commentadmin\codestar-framework\classes\comment-options.class.php:38

actionedit_commentadmin\codestar-framework\classes\comment-options.class.php:39

actioncustomize_registeradmin\codestar-framework\classes\customize-options.class.php:43

actioncustomize_save_afteradmin\codestar-framework\classes\customize-options.class.php:44

actionwp_enqueue_scriptsadmin\codestar-framework\classes\customize-options.class.php:48

actionadd_meta_boxesadmin\codestar-framework\classes\metabox-options.class.php:50

actionsave_postadmin\codestar-framework\classes\metabox-options.class.php:51

actionedit_attachmentadmin\codestar-framework\classes\metabox-options.class.php:52

actionwp_nav_menu_item_custom_fieldsadmin\codestar-framework\classes\nav-menu-options.class.php:30

actionwp_update_nav_menu_itemadmin\codestar-framework\classes\nav-menu-options.class.php:31

filterwp_edit_nav_menu_walkeradmin\codestar-framework\classes\nav-menu-options.class.php:33

actionadmin_initadmin\codestar-framework\classes\profile-options.class.php:30

actionshow_user_profileadmin\codestar-framework\classes\profile-options.class.php:42

actionedit_user_profileadmin\codestar-framework\classes\profile-options.class.php:43

actionpersonal_options_updateadmin\codestar-framework\classes\profile-options.class.php:45

actionedit_user_profile_updateadmin\codestar-framework\classes\profile-options.class.php:46

actionafter_setup_themeadmin\codestar-framework\classes\setup.class.php:53

actioninitadmin\codestar-framework\classes\setup.class.php:54

actionswitch_themeadmin\codestar-framework\classes\setup.class.php:55

actionadmin_enqueue_scriptsadmin\codestar-framework\classes\setup.class.php:56

actionwp_enqueue_scriptsadmin\codestar-framework\classes\setup.class.php:57

actionwp_headadmin\codestar-framework\classes\setup.class.php:58

filteradmin_body_classadmin\codestar-framework\classes\setup.class.php:59

actionadmin_footeradmin\codestar-framework\classes\shortcode-options.class.php:47

actioncustomize_controls_print_footer_scriptsadmin\codestar-framework\classes\shortcode-options.class.php:48

actionelementor/editor/before_enqueue_scriptsadmin\codestar-framework\classes\shortcode-options.class.php:57

actionelementor/editor/footeradmin\codestar-framework\classes\shortcode-options.class.php:58

actionelementor/editor/footeradmin\codestar-framework\classes\shortcode-options.class.php:59

actionenqueue_block_editor_assetsadmin\codestar-framework\classes\shortcode-options.class.php:299

actionmedia_buttonsadmin\codestar-framework\classes\shortcode-options.class.php:303

actionadmin_initadmin\codestar-framework\classes\taxonomy-options.class.php:41

actionadmin_footeradmin\codestar-framework\fields\icon\icon.php:41

actioncustomize_controls_print_footer_scriptsadmin\codestar-framework\fields\icon\icon.php:42

actionadmin_print_footer_scriptsadmin\codestar-framework\fields\link\link.php:65

actionprint_default_editor_scriptsadmin\codestar-framework\fields\wp_editor\wp_editor.php:62

actionadmin_menuadmin\codestar-framework\views\welcome.php:19

filterplugin_action_linksadmin\codestar-framework\views\welcome.php:20

filterplugin_row_metaadmin\codestar-framework\views\welcome.php:21

actionadmin_enqueue_scriptsassets_cpt.php:6

actionwp_enqueue_scriptsassets_cpt.php:7

actioninitassets_cpt.php:8

actionadmin_initinc\Base\Activate.php:39

actionadmin_menuinc\Base\Activate.php:42

actionbts_opt_ininc\Base\Activate.php:43

actionadmin_enqueue_scriptsinc\Base\Activate.php:45

actionadmin_footerinc\Base\Activate.php:51

actioninitinc\PostType\btsshortcode.php:12

filterpost_row_actionsinc\PostType\btsshortcode.php:14

actionedit_form_after_titleinc\PostType\btsshortcode.php:15

filtermanage_btsshortcode_posts_columnsinc\PostType\btsshortcode.php:16

actionmanage_btsshortcode_posts_custom_columninc\PostType\btsshortcode.php:17

filterpost_updated_messagesinc\PostType\btsshortcode.php:18

actionadmin_head-post.phpinc\PostType\btsshortcode.php:20

actionadmin_head-post-new.phpinc\PostType\btsshortcode.php:21

filtergettextinc\PostType\btsshortcode.php:22

actioninitinc\PostType\ShortCodeGenerator.php:12

filterpost_row_actionsinc\PostType\ShortCodeGenerator.php:14

filterpost_updated_messagesinc\PostType\ShortCodeGenerator.php:17

actionadmin_head-post.phpinc\PostType\ShortCodeGenerator.php:19

actionadmin_head-post-new.phpinc\PostType\ShortCodeGenerator.php:20

filtergettextinc\PostType\ShortCodeGenerator.php:21

actionuse_block_editor_for_postinc\PostType\ShortCodeGenerator.php:24

actionwp_headinit.php:56

filteradmin_footer_textinit.php:57

actionadmin_headinit.php:197

actioninitsrc\init.php:69

Maintenance & Trust

B Testimonial – Customer Testimonials in Custom Layouts Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedUnknown

PHP min version7.1

Downloads4K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

B Testimonial – Customer Testimonials in Custom Layouts Alternatives

Testimonial Carousel For Elementor

testimonials-carousel-elementor

The compact Testimonial Carousel for Elementor lets you show long text reviews in Pop-Up of Carousel Slider.

10K 4 CVEs

Responsive Owl Carousel for Elementor

responsive-owl-carousel-elementor

A highly customizable, powerful & responsive carousel plugin for Elementor page builder that is based on the Owl Carousel jQuery plugin.

7K 1 CVE

Testimonial Slider, Grid & Carousel

testimonial-awesome

Create and display Testimonial slider, testimonial grid & testimonial carousel under. Easy to create. Easy to customize.

200 No CVEs

Vertical Carousel

vertical-carousel-slider

Display vertical carousel slider with the help of a shortcode.

90 1 unpatched

Multimedia Slider Carousel – Image Slider, Video Slider, Testimonial Slider

powr-multi-slider

100

Create image slideshows, powerful call-to-action banners, sliding video galleries, event sliders, and more.

60 No CVEs

Developer Profile

B Testimonial – Customer Testimonials in Custom Layouts Developer Profile

colorlibplugins

120 plugins · 738K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

140 days

View full developer profile

Detection Fingerprints

How We Detect B Testimonial – Customer Testimonials in Custom Layouts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/b-testimonial/assets/css/frontend.css/wp-content/plugins/b-testimonial/assets/css/slick.css/wp-content/plugins/b-testimonial/assets/css/style.css/wp-content/plugins/b-testimonial/assets/js/frontend.js/wp-content/plugins/b-testimonial/assets/js/slick.js/wp-content/plugins/b-testimonial/admin/codestar-framework/assets/css/style.css/wp-content/plugins/b-testimonial/admin/codestar-framework/assets/js/script.js/wp-content/plugins/b-testimonial/src/block/block.json

Script Paths

/wp-content/plugins/b-testimonial/assets/js/frontend.js/wp-content/plugins/b-testimonial/assets/js/slick.js/wp-content/plugins/b-testimonial/admin/codestar-framework/assets/js/script.js/wp-content/plugins/b-testimonial/src/init.php

Version Parameters

b-testimonial/assets/css/frontend.css?ver=b-testimonial/assets/css/slick.css?ver=b-testimonial/assets/css/style.css?ver=b-testimonial/assets/js/frontend.js?ver=b-testimonial/assets/js/slick.js?ver=b-testimonial/admin/codestar-framework/assets/css/style.css?ver=b-testimonial/admin/codestar-framework/assets/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

btsshortcodecarouselslick-slideslick-trackslick-listslick-initializedslick-dottedslick-prev+4 more

HTML Comments

+3 more

Data Attributes

data-b-testimonial-id

JS Globals

window.btsvar bts

Shortcode Output

[b_testimonialb_testimonial

FAQ