Does FV Testimonials have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is FV Testimonials compatible with WordPress 4.7.33?

According to WordPress.org data, FV Testimonials 1.13 has been tested up to WordPress 4.7.33. Check the plugin's changelog for the latest compatibility information.

How often is FV Testimonials updated?

FV Testimonials was last updated on Dec 8, 2016. Frequent updates are generally a positive security signal.

What is FV Testimonials's security score?

FV Testimonials has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

FV Testimonials Security & Risk Analysis

wordpress.org/plugins/fv-testimonials

FV Testimonials brings you easy management of your testimonials.

10 active installs v1.13 PHP + WP 3.2+ Updated Dec 8, 2016

testimonials

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is FV Testimonials Safe to Use in 2026?

Generally Safe

Score 85/100

FV Testimonials has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The "fv-testimonials" v1.13 plugin exhibits a concerning security posture, primarily due to a large attack surface with a significant number of unprotected entry points. The analysis reveals 5 out of 6 total entry points lack authentication checks, making them prime targets for unauthorized access and malicious manipulation. Furthermore, the presence of dangerous functions like `preg_replace(/e)` and `unserialize` raises red flags, as these can be exploited for code injection or deserialization vulnerabilities if not handled with extreme caution. While the plugin has no recorded vulnerability history, this absence should not be interpreted as a guarantee of safety, especially given the identified code signals and unprotected entry points. The taint analysis, though limited, indicates flows with unsanitized paths, which could lead to vulnerabilities if data is not properly validated before processing.

Key Concerns

Unprotected AJAX handlers
Dangerous function: preg_replace(/e)
Dangerous function: unserialize
Missing nonce checks
Missing capability checks
Unsanitized paths in taint flows
Low SQL prepared statement usage
Low output escaping rate

Vulnerabilities

None known

FV Testimonials Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

FV Testimonials Release Timeline

v0.9.6

v0.9.5.1

Code Analysis

Analyzed Mar 17, 2026

FV Testimonials Code Analysis

Dangerous Functions

Raw SQL Queries

11 prepared

Unescaped Output

50 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

preg_replace(/e)preg_replace('/econtroller\conversions.php:151

unserialize$value_old = unserialize($value);controller\conversions.php:381

unserialize$aTemplates = unserialize($aTemplates);fv-testimonials.php:207

unserialize$aTemplates = unserialize($aTemplates);fv-testimonials.php:210

unserializeif (is_serialized( $this->aTemplates )) $this->aTemplates = unserialize($this->aTemplates);model\fv-testimonials-class.php:60

unserialize$aAllImages = unserialize($objRow->meta_value);model\image-class.php:396

SQL Query Safety

61% prepared18 total queries

Output Escaping

61% escaped82 total outputs

Data Flows · Security

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

<backend> (controller\backend.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

5 unprotected

FV Testimonials Attack Surface

Entry Points6

Unprotected5

AJAX Handlers 5

authwp_ajax_fv_testimonials_ajax_save_ordercontroller\backend.php:20

authwp_ajax_fv_testimonials_ajax_delete_imagecontroller\backend.php:21

authwp_ajax_fv_testimonials_ajax_convert_contentcontroller\conversions.php:8

authwp_ajax_fv_testimonials_ajax_convert_shortcodes_standardcontroller\conversions.php:9

authwp_ajax_fv_testimonials_ajax_convert_shortcodes_dbcontroller\conversions.php:10

Shortcodes 1

[testimonials] controller\shortcodes.php:5

WordPress Hooks 25

actionadmin_initcontroller\backend.php:7

actionwp_enqueue_scriptscontroller\backend.php:8

actionpost_edit_form_tagcontroller\backend.php:9

actionadmin_menucontroller\backend.php:10

actionadd_meta_boxescontroller\backend.php:11

filtermanage_edit-testimonial_columnscontroller\backend.php:12

actionmanage_testimonial_posts_custom_columncontroller\backend.php:13

filterpost_updated_messagescontroller\backend.php:14

actionedit_postcontroller\backend.php:15

actionadmin_initcontroller\conversions.php:3

filterautoblog_pre_post_insertcontroller\rewrite.php:9

filterautoblog_post_post_insertcontroller\rewrite.php:38

actioninitcontroller\rewrite.php:55

actioninitcontroller\rewrite.php:122

filterpost_type_linkcontroller\rewrite.php:171

filterwp_unique_post_slugcontroller\rewrite.php:204

filterwp_unique_post_slugcontroller\rewrite.php:223

filtertemplate_redirectcontroller\rewrite.php:229

actionadmin_initfv-testimonials.php:25

actionadmin_initfv-testimonials.php:52

actionplugins_loadedfv-testimonials.php:73

filterplugin_action_linksfv-testimonials.php:74

actionadmin_enqueue_scriptsfv-testimonials.php:106

actioninitfv-testimonials.php:110

actionadmin_initfv-testimonials.php:111

Maintenance & Trust

FV Testimonials Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.33

Last updatedDec 8, 2016

PHP min version

Downloads10K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

FV Testimonials Alternatives

Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More

reviews-feed

No API key required. Display Yelp and Google reviews for any business in a clean, customizable feed on your site.

100K 2 CVEs

Rich Showcase for Google Reviews

widget-google-reviews

Display up to 10 Google reviews in less than a minute. Continue collecting new reviews. No limits on connected places, widgets, shortcodes and blocks.

100K 6 CVEs

Strong Testimonials

strong-testimonials

An easy-to-use testimonial plugin to collect and show customer feedback in WordPress

90K 15 CVEs

Site Reviews

site-reviews

Site Reviews is a complete review management solution that integrates with WooCommerce and SureCart and works similarly to reviews on Amazon, Tripadvi …

60K 13 CVEs

Real Testimonials – Testimonial Slider, Collect Customer Reviews and Video Testimonials

testimonial-free

A Customizable Testimonial plugin to Automate Collecting, Filtering, and Publishing Customer Reviews. Testimonial Slider, Grid & More to Grow Sales

40K 3 CVEs

Developer Profile

FV Testimonials Developer Profile

FolioVision

19 plugins · 48K total installs

trust score

Avg Security Score

93/100

Avg Patch Time

1098 days

View full developer profile

Detection Fingerprints

How We Detect FV Testimonials

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/fv-testimonials/view/user.css/wp-content/plugins/fv-testimonials/js/fv-testimonials.js/wp-content/plugins/fv-testimonials/view/jquery-ui-tabs.css

HTML / DOM Fingerprints

FAQ