WP-Safety

Solid Testimonials – Testimonial Slider, Video Testimonials & Customer Reviews Security & Risk Analysis

wordpress.org/plugins/gs-testimonial

Showcase and automate customer reviews with ease - sliders, grids, filters, and more to boost trust and sales.

1K active installs v3.3.9 PHP 7.0+ WP 5.9+ Updated Feb 22, 2026
customer-reviewssocial-prooftestimonial-showcasetestimonial-slidertestimonials
96
A · Safe
CVEs total6
Unpatched0
Last CVEMay 7, 2025
Plugin page Download
Safety Verdict

Is Solid Testimonials – Testimonial Slider, Video Testimonials & Customer Reviews Safe to Use in 2026?

Generally Safe

Score 96/100

Solid Testimonials – Testimonial Slider, Video Testimonials & Customer Reviews has a strong security track record. Known vulnerabilities have been patched promptly.

6 known CVEsLast CVE: May 7, 2025Updated 1mo ago
Risk Assessment

The 'gs-testimonial' plugin v3.3.9 exhibits a mixed security posture. While it demonstrates good practices like a high percentage of prepared SQL statements and proper output escaping, significant concerns arise from its attack surface. The presence of three unprotected AJAX handlers represents a direct avenue for potential unauthorized actions or information disclosure, as these entry points lack crucial authentication checks.

Taint analysis further highlights these concerns, with five out of seven analyzed flows having unsanitized paths. The four high-severity taint flows are particularly worrying, suggesting that user-supplied input is not being adequately validated or sanitized before being used in sensitive operations, potentially leading to various injection vulnerabilities. The plugin's vulnerability history, with six medium-severity CVEs related to missing authorization, code injection, and cross-site scripting, reinforces the importance of robust security controls for this plugin. The recent vulnerability in 2025 indicates that past issues, while currently patched, have been present and require ongoing vigilance.

In conclusion, while the plugin employs some beneficial security measures, the unprotected AJAX handlers and high-severity taint flows, coupled with a history of common vulnerabilities, point to a moderate to high-risk profile. Addressing the unprotected entry points and ensuring comprehensive input sanitization are critical steps to improve its security. The bundled Freemius library at v1.0 also warrants attention for potential known vulnerabilities within that specific version.

Key Concerns

  • Unprotected AJAX handlers
  • High severity taint flows
  • Unsanitized paths in taint flows
  • History of medium CVEs (x6)
  • Bundled outdated library (Freemius v1.0)
Vulnerabilities
6

Solid Testimonials – Testimonial Slider, Video Testimonials & Customer Reviews Security Vulnerabilities

CVEs by Year

3 CVEs in 2022
2022
1 CVE in 2024
2024
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
6

6 total CVEs

CVE-2025-47467medium · 4.3Missing Authorization

GS Testimonial Slider <= 3.3.0 - Missing Authorization

May 7, 2025 Patched in 3.3.1 (6d)
CVE-2025-47481medium · 6.5Improper Control of Generation of Code ('Code Injection')

GS Testimonial Slider <= 3.2.9 - Unauthenticated Arbitrary Shortcode Execution

May 7, 2025 Patched in 3.3.0 (6d)
CVE-2024-30443medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

GS Testimonial Slider <= 3.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 28, 2024 Patched in 3.1.5 (7d)
WF-84003388-c47c-41db-8d2d-4643aa375a89-gs-testimonialmedium · 4.3Missing Authorization

Appsero <= 1.2.1 - Missing Authorization

Dec 16, 2022 Patched in 1.9.8 (699d)
CVE-2022-40213medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

GS Testimonial Slider <= 1.9.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 15, 2022 Patched in 1.9.7 (495d)
CVE-2022-35882medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

GS Testimonial Slider <= 1.9.6 - Authenticated (Author+) Stored Cross-Site Scripting

Jul 27, 2022 Patched in 1.9.7 (545d)
Code Analysis
Analyzed Mar 16, 2026

Solid Testimonials – Testimonial Slider, Video Testimonials & Customer Reviews Code Analysis

Dangerous Functions
0
Raw SQL Queries
6
18 prepared
Unescaped Output
74
313 escaped
Nonce Checks
20
Capability Checks
17
File Operations
9
External Requests
3
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

75% prepared24 total queries

Output Escaping

81% escaped387 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

7 flows5 with unsanitized paths
save_card_visibility (includes\shortcode-builder\builder.php:39)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Solid Testimonials – Testimonial Slider, Video Testimonials & Customer Reviews Attack Surface

Entry Points23
Unprotected3

AJAX Handlers 22

authwp_ajax_gstm_dismiss_demo_data_noticeincludes\demo-data\dummy-data.php:20
authwp_ajax_gstm_import_items_dataincludes\demo-data\dummy-data.php:22
authwp_ajax_gstm_remove_items_dataincludes\demo-data\dummy-data.php:24
authwp_ajax_gstm_import_shortcode_dataincludes\demo-data\dummy-data.php:26
authwp_ajax_gstm_remove_shortcode_dataincludes\demo-data\dummy-data.php:28
authwp_ajax_gstm_import_all_dataincludes\demo-data\dummy-data.php:30
authwp_ajax_gstm_remove_all_dataincludes\demo-data\dummy-data.php:32
authwp_ajax_gs_tm_export_dataincludes\import-export.php:15
authwp_ajax_gs_tm_import_dataincludes\import-export.php:16
authwp_ajax_gstm_create_shortcodeincludes\shortcode-builder\builder.php:17
authwp_ajax_gstm_clone_shortcodeincludes\shortcode-builder\builder.php:18
authwp_ajax_gstm_get_shortcodeincludes\shortcode-builder\builder.php:19
authwp_ajax_gstm_get_shortcodesincludes\shortcode-builder\builder.php:20
authwp_ajax_gstm_update_shortcodeincludes\shortcode-builder\builder.php:21
authwp_ajax_gstm_delete_shortcodesincludes\shortcode-builder\builder.php:22
authwp_ajax_gstm_temp_save_shortcode_settingsincludes\shortcode-builder\builder.php:23
authwp_ajax_gstm_get_shortcode_prefincludes\shortcode-builder\builder.php:24
authwp_ajax_gstm_save_shortcode_prefincludes\shortcode-builder\builder.php:25
authwp_ajax_gstm_update_popup_visibility_orderincludes\shortcode-builder\builder.php:28
authwp_ajax_save_card_visibilityincludes\shortcode-builder\builder.php:29
authwp_ajax_update_taxonomy_orderincludes\term-sort.php:32
authwp_ajax_sort_gstmincludes\term-sort.php:40

Shortcodes 1

[gs_testimonial] includes\shortcode.php:19
WordPress Hooks 84
actionadmin_menugs-testimonial.php:99
actionwp_footerincludes\asset-generator\gs-asset-generator-base.php:27
actionpost_updatedincludes\asset-generator\gs-asset-generator-base.php:28
actionsave_postincludes\asset-generator\gs-asset-generator-base.php:29
filterwidget_update_callbackincludes\asset-generator\gs-asset-generator-base.php:30
actionupdate_option_sidebars_widgetsincludes\asset-generator\gs-asset-generator-base.php:31
actiongsp_shortcode_createdincludes\asset-generator\gs-asset-generator-base.php:32
actiongsp_shortcode_updatedincludes\asset-generator\gs-asset-generator-base.php:33
actiongsp_shortcode_deletedincludes\asset-generator\gs-asset-generator-base.php:34
actiongsp_preference_updateincludes\asset-generator\gs-asset-generator-base.php:35
filtermanage_gs_testimonial_posts_columnsincludes\columns.php:19
actionmanage_gs_testimonial_posts_custom_columnincludes\columns.php:20
actioninitincludes\cpt.php:19
actionafter_setup_themeincludes\cpt.php:20
actioninitincludes\cpt.php:21
actionadmin_menuincludes\cpt.php:22
filterwidget_textincludes\cpt.php:86
actionadmin_noticesincludes\demo-data\dummy-data.php:18
actiongs_tstm_after_shortcode_submenuincludes\demo-data\dummy-data.php:34
actionadmin_initincludes\demo-data\dummy-data.php:36
actionedit_post_gs_testimonialincludes\demo-data\dummy-data.php:39
actiongstm_dummy_attachments_process_startincludes\demo-data\dummy-data.php:42
actiongstm_dummy_attachments_process_finishedincludes\demo-data\dummy-data.php:52
actiongstm_dummy_terms_process_finishedincludes\demo-data\dummy-data.php:58
actiongstm_dummy_items_process_finishedincludes\demo-data\dummy-data.php:64
actiongstm_dummy_shortcodes_process_startincludes\demo-data\dummy-data.php:75
actiongstm_dummy_shortcodes_process_finishedincludes\demo-data\dummy-data.php:85
filterhttp_request_argsincludes\demo-data\dummy-data.php:739
actionadmin_menuincludes\gs-common-pages\gs-plugins-common-pages.php:16
actionadmin_menuincludes\gs-common-pages\gs-plugins-common-pages.php:17
actionadmin_enqueue_scriptsincludes\gs-common-pages\gs-plugins-common-pages.php:18
actionin_admin_headerincludes\hooks.php:10
filteradmin_post_thumbnail_htmlincludes\hooks.php:11
actioninitincludes\hooks.php:13
actionplugins_loadedincludes\hooks.php:14
actioninitincludes\hooks.php:15
actionplugins_loadedincludes\hooks.php:16
filterjetpack_content_options_featured_image_exclude_cptincludes\hooks.php:17
actiongs_tstm_after_shortcode_submenuincludes\import-export.php:17
actioninitincludes\integrations\integration-beaver.php:25
actiondivi_extensions_initincludes\integrations\integration-divi.php:29
actionet_builder_modules_loadedincludes\integrations\integration-divi.php:38
actionwp_enqueue_scriptsincludes\integrations\integration-divi.php:39
actionwp_headincludes\integrations\integration-divi.php:40
actionelementor/widgets/registerincludes\integrations\integration-elementor.php:25
actionelementor/elements/categories_registeredincludes\integrations\integration-elementor.php:26
actionelementor/editor/after_enqueue_scriptsincludes\integrations\integration-elementor.php:28
actionelementor/editor/after_enqueue_stylesincludes\integrations\integration-elementor.php:29
actionelementor/preview/enqueue_stylesincludes\integrations\integration-elementor.php:31
actionelementor/preview/enqueue_scriptsincludes\integrations\integration-elementor.php:32
actioninitincludes\integrations\integration-gutenberg.php:25
actionenqueue_block_editor_assetsincludes\integrations\integration-gutenberg.php:27
actionplugins_loadedincludes\integrations\integration-oxygen.php:23
actioninitincludes\integrations\integration-oxygen.php:25
actionct_builder_startincludes\integrations\integration-oxygen.php:33
actionct_builder_endincludes\integrations\integration-oxygen.php:37
actionwp_enqueue_scriptsincludes\integrations\integration-oxygen.php:59
actiontd_global_afterincludes\integrations\integration-tagdiv.php:24
actionwp_enqueue_scriptsincludes\integrations\integration-tagdiv.php:25
actionadmin_enqueue_scriptsincludes\integrations\integration-tagdiv.php:26
actionvc_before_initincludes\integrations\integration-wpb-vc.php:24
actionadmin_footerincludes\integrations\integration-wpb-vc.php:26
actionadd_meta_boxesincludes\meta-fields.php:19
actionsave_postincludes\meta-fields.php:20
actionadd_meta_boxesincludes\meta-fields.php:21
actionwp_enqueue_scriptsincludes\scripts.php:34
actionadmin_enqueue_scriptsincludes\scripts.php:35
actionadmin_headincludes\scripts.php:36
actionwp_footerincludes\scripts.php:495
actionadmin_menuincludes\shortcode-builder\builder.php:14
actionadmin_enqueue_scriptsincludes\shortcode-builder\builder.php:15
actionwp_enqueue_scriptsincludes\shortcode-builder\builder.php:16
actiontemplate_includeincludes\shortcode-builder\builder.php:26
actionshow_admin_barincludes\shortcode-builder\builder.php:27
actioninitincludes\shortcode-builder\builder.php:30
actionwp_headincludes\shortcode-builder\shortcode_builder_fonts_loader.php:33
actionwp_footerincludes\shortcode-builder\shortcode_builder_fonts_loader.php:34
actioninitincludes\template-loader.php:24
filterplugins_loadedincludes\term-sort.php:26
actionadmin_menuincludes\term-sort.php:27
filterget_terms_orderbyincludes\term-sort.php:28
filterterms_clausesincludes\term-sort.php:29
filterposts_orderbyincludes\term-sort.php:36
actionadmin_enqueue_scriptsincludes\term-sort.php:37
Maintenance & Trust

Solid Testimonials – Testimonial Slider, Video Testimonials & Customer Reviews Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 22, 2026
PHP min version7.0
Downloads110K

Community Trust

Rating86/100
Number of ratings34
Active installs1K
Alternatives

Solid Testimonials – Testimonial Slider, Video Testimonials & Customer Reviews Alternatives

Reviewfic – The Ultimate Testimonial Slider, Carousel, Grid Plugin

Reviewfic – The Ultimate Testimonial Slider, Carousel, Grid Plugin

reviewfic

A
100

Showcase testimonials, customer reviews, or quotes on your website. Easily display reviews across posts, pages, custom templates, widgets, and more.

10 No CVEs
Real Testimonials – Testimonial Slider, Collect Customer Reviews and Video Testimonials

Real Testimonials – Testimonial Slider, Collect Customer Reviews and Video Testimonials

testimonial-free

A
97

A Customizable Testimonial plugin to Automate Collecting, Filtering, and Publishing Customer Reviews. Testimonial Slider, Grid & More to Grow Sales

40K 3 CVEs
Testimonial – Responsive Testimonials Showcase

Testimonial – Responsive Testimonials Showcase

testimonial-by-weblizar

A
100

Testimonial is the Responsive Testimonials Showcase Plugin for WordPress built to display testimonials, reviews or quotes in multiple ways on any page &hellip;

40 No CVEs
Video Testimonial slider

Video Testimonial slider

video-testimonial-slider

A
85

Video Testimonial Slider plugin for WordPress website. Using plugin to display client Review and Testimonial with video popup through shortcode.

40 No CVEs
Ace Testimonials Slider

Ace Testimonials Slider

ace-testimonials-slider

A
100

A sleek, responsive, and highly customizable WordPress plugin to showcase client testimonials and customer reviews in a beautiful slider format.

0 No CVEs
Developer Profile

Solid Testimonials – Testimonial Slider, Video Testimonials & Customer Reviews Developer Profile

GS Plugins

19 plugins · 41K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
173 days
View full developer profile
Detection Fingerprints

How We Detect Solid Testimonials – Testimonial Slider, Video Testimonials & Customer Reviews

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gs-testimonial/freemius/start.php/wp-content/plugins/gs-testimonial/includes/autoloader.php/wp-content/plugins/gs-testimonial/includes/plugin.php/wp-content/plugins/gs-testimonial/includes/asset-generator/gs-testimonial-asset-generator.php

HTML / DOM Fingerprints

CSS Classes
gs_tstm_areacarousel_style_1testimonial-boxbox-client-namebox-tm-titlebox-contentgs-star-ratinggstm_popup_shortcode
Data Attributes
data-gs-testimonial-id
JS Globals
gstm_fs
Shortcode Output
[gs_testimonial
FAQ

Frequently Asked Questions about Solid Testimonials – Testimonial Slider, Video Testimonials & Customer Reviews