WP-Safety

IG Testimonials Security & Risk Analysis

wordpress.org/plugins/ig-testimonials

IG Testimonials is a clean and easy-to-use testimonials plugin for WordPress.

30 active installs v1.8 PHP + WP 3.1+ Updated Dec 30, 2016
testimonialstestimonials-carouseltestimonials-shortcodetestimonials-widget
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is IG Testimonials Safe to Use in 2026?

Generally Safe

Score 85/100

IG Testimonials has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago
Risk Assessment

The ig-testimonials v1.8 plugin exhibits a generally good security posture with several strengths. Notably, it utilizes prepared statements for all SQL queries and has a reasonable number of capability checks and a nonce check in place, indicating an awareness of common WordPress security practices. The absence of known CVEs and a clean vulnerability history further contribute to this positive outlook. However, there are areas for improvement. The presence of the 'unserialize' function is a significant concern, as it can lead to Remote Code Execution (RCE) vulnerabilities if not handled with extreme care and proper input validation. Furthermore, the static analysis reveals that over half of the plugin's output is not properly escaped. This could lead to Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the site through the plugin's output. While the total attack surface is small and appears to be protected, these specific code signals warrant caution.

Key Concerns

  • Dangerous function 'unserialize' used
  • High percentage of unescaped output
Vulnerabilities
None known

IG Testimonials Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

IG Testimonials Release Timeline

No version history available.
Code Analysis
Analyzed Mar 16, 2026

IG Testimonials Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
2 prepared
Unescaped Output
47
63 escaped
Nonce Checks
1
Capability Checks
2
File Operations
0
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

unserialize$returned_object = unserialize(wp_remote_retrieve_body($response));welcome\sections\welcome-free-resources.php:26
unserialize$returned_object = unserialize(wp_remote_retrieve_body($response));welcome\sections\welcome-free-resources.php:88

SQL Query Safety

100% prepared2 total queries

Output Escaping

57% escaped110 total outputs
Attack Surface

IG Testimonials Attack Surface

Entry Points2
Unprotected0

Shortcodes 2

[ig-testimonials] extra\ig-testimonials-shortcodes.php:92
[ig-testimonials-carousel] extra\ig-testimonials-shortcodes.php:171
WordPress Hooks 18
actionwidgets_initextra\ig-testimonials-carousel-widget.php:170
filterthe_contentextra\ig-testimonials-shortcodes.php:184
actionwp_enqueue_scriptsig-testimonials.php:18
actionadmin_enqueue_scriptsig-testimonials.php:19
actionadmin_headig-testimonials.php:20
filtermce_external_pluginsig-testimonials.php:55
filtermce_buttonsig-testimonials.php:56
actionplugins_loadedig-testimonials.php:78
actionadd_meta_boxesincludes\ig-testimonials-function.php:24
actionsave_postincludes\ig-testimonials-function.php:54
actioninitincludes\ig-testimonials-function.php:62
filtermanage_testimonial_posts_columnsincludes\ig-testimonials-function.php:68
actionmanage_testimonial_posts_custom_columnincludes\ig-testimonials-function.php:74
actioninitincludes\ig-testimonials-post-type.php:48
actioninitincludes\ig-testimonials-post-type.php:90
actionadmin_menuincludes\ig-testimonials-settings.php:3
actionadmin_initincludes\ig-testimonials-settings.php:8
actionadmin_menuwelcome\welcome-screen.php:5
Maintenance & Trust

IG Testimonials Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.33
Last updatedDec 30, 2016
PHP min version
Downloads4K

Community Trust

Rating100/100
Number of ratings1
Active installs30
Alternatives

IG Testimonials Alternatives

Elfsight Testimonials Slider

Elfsight Testimonials Slider

elfsight-testimonials-slider

D
47

Level up your website credibility with trustworthy testimonials

200 3 unpatched
Simple WP Testimonials

Simple WP Testimonials

simple-wp-testimonials

A
85

Simple WP Testimonials is a plugin that allows you to manage and display testimonials for your blog.

20 No CVEs
Mi Testimonial Slider

Mi Testimonial Slider

mi-testimonial-slider

A
85

Testimonial Slider For Showcase your clients, customer's testimonials. With 20+ trendy designs you can customize your wordpress site

10 No CVEs
Testimonial Carousel Block

Testimonial Carousel Block

testimonial-carousel-block

A
85

Easily add a testimonials carousel to your WordPress post or page via the new Gutenberg Editor.

10 No CVEs
Wiwitness Testimonials

Wiwitness Testimonials

wiwitness-testimonials

A
85

Collect, manage and display socially verifiable testimonials. Instill confidence in visitors about your website.

10 No CVEs
Developer Profile

IG Testimonials Developer Profile

iografica

4 plugins · 160 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect IG Testimonials

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ig-testimonials/ig-testimonials.css
Script Paths
/wp-content/plugins/ig-testimonials/js/slick.js/wp-content/plugins/ig-testimonials/js/ig-testimonials-main.js/wp-content/plugins/ig-testimonials/includes/mce-button.js
Version Parameters
ig-testimonials.css?ver=slick.js?ver=ig-testimonials-main.js?ver=mce-button.js?ver=

HTML / DOM Fingerprints

CSS Classes
ig-testimonials-pageig-testimonialsig-testimonials-carousel
Data Attributes
data-slick
Shortcode Output
<div class="ig-testimonials-page"><div id="testimonial-<div class="ig-testimonials"><div class="image">
FAQ

Frequently Asked Questions about IG Testimonials