Does Easy Testimonial Slider and Form have any unpatched vulnerabilities?

No. All known vulnerabilities in Easy Testimonial Slider and Form have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Easy Testimonial Slider and Form compatible with WordPress 6.9.4?

According to WordPress.org data, Easy Testimonial Slider and Form 1.0.20 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Easy Testimonial Slider and Form updated?

Easy Testimonial Slider and Form was last updated on Dec 19, 2025. Frequent updates are generally a positive security signal.

What is Easy Testimonial Slider and Form's security score?

Easy Testimonial Slider and Form has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Easy Testimonial Slider and Form Security & Risk Analysis

wordpress.org/plugins/easy-testimonial-rotator

This is beautiful responsive testimonial slider and testimonial submitter form for WordPress blogs and sites.

800 active installs v1.0.20 PHP + WP 3.5+ Updated Dec 19, 2025

customer-reviewsresponsive-testimonial-slidertestimonial-formtestimonial-submitter

A · Safe

CVEs total3

Unpatched0

Last CVEOct 28, 2025

Plugin page Download

Safety Verdict

Is Easy Testimonial Slider and Form Safe to Use in 2026?

Generally Safe

Score 96/100

Easy Testimonial Slider and Form has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Oct 28, 2025Updated 3mo ago

Risk Assessment

The "easy-testimonial-rotator" plugin exhibits a generally strong security posture based on the static analysis. The complete absence of unprotected entry points and the consistent use of prepared statements for SQL queries, alongside proper output escaping and the presence of nonce and capability checks, are commendable security practices. The plugin also avoids the use of dangerous functions and external HTTP requests, further reducing potential attack vectors.

However, the taint analysis reveals two flows with unsanitized paths. While these are not classified as critical or high severity, they represent potential vulnerabilities that could be exploited if malicious input were to reach these points. The plugin's history of three medium-severity CVEs, specifically SQL injection and cross-site scripting, is a significant concern. Although there are currently no unpatched CVEs, this historical pattern suggests a recurring susceptibility to input validation and sanitization issues. The last vulnerability being in late 2025 is also notable, implying recent security oversight, but a history of such issues should not be overlooked.

In conclusion, while the current implementation demonstrates good security hygiene in many areas, the identified taint flows and the past vulnerability record necessitate careful attention. The plugin's strengths lie in its robust handling of SQL and output, but the risk associated with unsanitized paths and historical vulnerabilities should be actively managed through ongoing vigilance and potential code review.

Key Concerns

Flows with unsanitized paths identified
History of 3 medium severity CVEs

Vulnerabilities

Easy Testimonial Slider and Form Security Vulnerabilities

CVEs by Year

2 CVEs in 2023

2023

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2015-10147medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Easy Testimonial Slider and Form <= 1.0.2 - Authenticated (Admin+) SQL injection

Oct 28, 2025 Patched in 1.0.3 (1d)

CVE-2023-45754medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Easy Testimonial Slider and Form <= 1.0.18 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings

Oct 12, 2023 Patched in 1.0.19 (190d)

CVE-2022-46799medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Easy Testimonial Slider and Form <= 1.0.15 - Unauthenticated Reflected Cross-Site Scripting via search_term

Mar 2, 2023 Patched in 1.0.16 (327d)

Code Analysis

Analyzed Mar 16, 2026

Easy Testimonial Slider and Form Code Analysis

Dangerous Functions

Raw SQL Queries

28 prepared

Unescaped Output

1182 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared28 total queries

Output Escaping

100% escaped1187 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths

etr_save_testimonial_callback (easy-testimonial-rotator.php:222)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Easy Testimonial Slider and Form Attack Surface

Entry Points8

Unprotected0

AJAX Handlers 6

authwp_ajax_etr_get_grav_avtareasy-testimonial-rotator.php:26

noprivwp_ajax_etr_get_grav_avtareasy-testimonial-rotator.php:27

authwp_ajax_etr_get_new_captchaeasy-testimonial-rotator.php:28

noprivwp_ajax_etr_get_new_captchaeasy-testimonial-rotator.php:29

authwp_ajax_etr_save_testimonialeasy-testimonial-rotator.php:30

noprivwp_ajax_etr_save_testimonialeasy-testimonial-rotator.php:31

Shortcodes 2

[print_best_testimonial_slider] easy-testimonial-rotator.php:22

[print_best_testimonial_form] easy-testimonial-rotator.php:23

WordPress Hooks 10

actionadmin_menueasy-testimonial-rotator.php:18

actionwp_enqueue_scriptseasy-testimonial-rotator.php:21

filterwidget_texteasy-testimonial-rotator.php:24

actionadmin_noticeseasy-testimonial-rotator.php:25

filteruser_has_capeasy-testimonial-rotator.php:32

actionplugins_loadedeasy-testimonial-rotator.php:34

filtermap_meta_capeasy-testimonial-rotator.php:38

filterwidget_text_contenteasy-testimonial-rotator.php:4951

filterthe_contenteasy-testimonial-rotator.php:4952

filterrender_blockeasy-testimonial-rotator.php:4963

Maintenance & Trust

Easy Testimonial Slider and Form Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 19, 2025

PHP min version

Downloads27K

Community Trust

Rating96/100

Number of ratings5

Active installs800

Alternatives

Easy Testimonial Slider and Form Alternatives

Strong Testimonials

strong-testimonials

An easy-to-use testimonial plugin to collect and show customer feedback in WordPress

90K 14 CVEs

Customer Reviews for WooCommerce

customer-reviews-woocommerce

Customer Reviews for WooCommerce plugin helps you get more sales with social proof. Set up automated review reminders and increase conversion rate.

80K 19 CVEs

WP Social Ninja – Embed Social Feeds, User Reviews & Chat Widgets

wp-social-reviews

Add Facebook feeds, Instagram feeds, TikTok feeds, Facebook reviews, WhatsApp Chat, Messenger chat, Testimonial, and others using a single dashboard.

30K 3 CVEs

Photo Reviews for WooCommerce

woo-photo-reviews

100

Let customers attach photos to reviews, enhanced with filterable grids and overall ratings. Auto-send review reminders and coupon emails

10K No CVEs

ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema

reviewx

Drive woocommerce business growth with social proof: gather product reviews with multicriteria ratings, auto-reminder emails, discounts, and more.

9K 9 CVEs

Developer Profile

Easy Testimonial Slider and Form Developer Profile

Nks

19 plugins · 23K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

350 days

View full developer profile

Detection Fingerprints

How We Detect Easy Testimonial Slider and Form

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/easy-testimonial-rotator/css/jquery.bxslider.css/wp-content/plugins/easy-testimonial-rotator/css/testimonial_style.css/wp-content/plugins/easy-testimonial-rotator/css/testimonial_style_admin.css/wp-content/plugins/easy-testimonial-rotator/js/admin-script.js/wp-content/plugins/easy-testimonial-rotator/js/etr_captcha.js/wp-content/plugins/easy-testimonial-rotator/js/etr_jquery.bxSlider.min.js/wp-content/plugins/easy-testimonial-rotator/js/testimonial-script.js

Script Paths

/wp-content/plugins/easy-testimonial-rotator/js/admin-script.js/wp-content/plugins/easy-testimonial-rotator/js/etr_captcha.js/wp-content/plugins/easy-testimonial-rotator/js/etr_jquery.bxSlider.min.js/wp-content/plugins/easy-testimonial-rotator/js/testimonial-script.js

Version Parameters

/wp-content/plugins/easy-testimonial-rotator/css/jquery.bxslider.css?ver=/wp-content/plugins/easy-testimonial-rotator/css/testimonial_style.css?ver=/wp-content/plugins/easy-testimonial-rotator/css/testimonial_style_admin.css?ver=/wp-content/plugins/easy-testimonial-rotator/js/admin-script.js?ver=/wp-content/plugins/easy-testimonial-rotator/js/etr_captcha.js?ver=/wp-content/plugins/easy-testimonial-rotator/js/etr_jquery.bxSlider.min.js?ver=/wp-content/plugins/easy-testimonial-rotator/js/testimonial-script.js?ver=

HTML / DOM Fingerprints

CSS Classes

etr_slider

HTML Comments

+176 more

Data Attributes

data-iddata-settingsdata-current-pagedata-item-per-pagedata-controlsdata-responsive+68 more

JS Globals

etr_admin_script_objetr_obj

Shortcode Output

[print_best_testimonial_slider][print_best_testimonial_form]

FAQ