Does Product Testimonial have any unpatched vulnerabilities?

No. All known vulnerabilities in Product Testimonial have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Product Testimonial compatible with WordPress 6.3.8?

According to WordPress.org data, Product Testimonial 0.1.2 has been tested up to WordPress 6.3.8. Check the plugin's changelog for the latest compatibility information.

Is Product Testimonial compatible with PHP 7.0+?

Product Testimonial requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Product Testimonial updated?

Product Testimonial was last updated on Jan 10, 2024. Frequent updates are generally a positive security signal.

What is Product Testimonial's security score?

Product Testimonial has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Product Testimonial Security & Risk Analysis

wordpress.org/plugins/product-testimonial

Custom Wordpress Testimonial is a plugins that where you can added all testimonials of your clients to your WordPress site.

0 active installs v0.1.2 PHP 7.0+ WP 5.2+ Updated Jan 10, 2024

attachmentsdatadevelopmentproduct-testimonialtestimonials

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Product Testimonial Safe to Use in 2026?

Generally Safe

Score 85/100

Product Testimonial has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The "product-testimonial" plugin version 0.1.2 presents a mixed security posture. On the positive side, the plugin demonstrates good practices by avoiding dangerous functions, file operations, external HTTP requests, and SQL queries that are not prepared. A high percentage of output is properly escaped, indicating an awareness of preventing cross-site scripting vulnerabilities. The absence of any recorded vulnerabilities or CVEs in its history is also a positive sign.

However, significant security concerns arise from the static analysis. The plugin has a small but present attack surface with two entry points, one of which, an AJAX handler, lacks any authentication or permission checks. The taint analysis reveals two flows with unsanitized paths, and while not classified as critical or high severity, this is a direct indicator of potential security weaknesses where user-supplied data might not be handled safely. The complete absence of nonce checks on the unprotected AJAX handler is a notable omission, leaving it vulnerable to cross-site request forgery (CSRF) attacks.

In conclusion, while the plugin's history is clean and it employs some good security practices, the identified unprotected AJAX handler and unsanitized taint flows represent immediate risks that need to be addressed. The lack of nonce checks further exacerbates the potential for exploitation. Addressing these specific code-level issues is crucial for improving the plugin's overall security.

Key Concerns

Unprotected AJAX handler
Taint flows with unsanitized paths
Missing nonce checks

Vulnerabilities

None known

Product Testimonial Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Product Testimonial Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

42 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

84% escaped50 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

cwpt_ajax_val (inc\functions.php:75)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Product Testimonial Attack Surface

Entry Points2

Unprotected1

AJAX Handlers 1

authwp_ajax_action-valueinc\functions.php:88

Shortcodes 1

[WPTCODE] product-testimonial.php:192

WordPress Hooks 9

actionwp_headinc\dynamic-css.php:29

actionadmin_menuinc\functions.php:17

actionadmin_menuinc\metabox.php:13

actionsave_postinc\metabox.php:41

actionwp_enqueue_scriptsproduct-testimonial.php:34

actionadmin_enqueue_scriptsproduct-testimonial.php:54

actioninitproduct-testimonial.php:115

actionadmin_initproduct-testimonial.php:197

filterget_the_excerptproduct-testimonial.php:217

Maintenance & Trust

Product Testimonial Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8

Last updatedJan 10, 2024

PHP min version7.0

Downloads698

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Product Testimonial Alternatives

Modify Attachments Meta

modify-attachments-meta

Allows modification of meta data of attachments, such as date fields, menu order... (soon to add more, I guess).

300 No CVEs

Testimonials by BestWebSoft

bws-testimonials

100

Add testimonials and feedbacks from your customers to WordPress website posts, pages, and widgets.

200 1 CVE

Suicide

suicide

Remove all content from your blog's database (by table). Multisite compatible.

30 No CVEs

SnapShots

snapshots

Quickly Create SnapShots of your development sites and restore them with a click.

20 No CVEs

Content Forge – Generate realistic dummy content, posts, comments, users, taxonomies, and pages

content-forge

100

Generate realistic dummy posts, pages, users, and comments. Choose AI-powered or traditional generation methods for development and testing.

10 No CVEs

Developer Profile

Product Testimonial Developer Profile

Sadekur Rahman

2 plugins · 0 total installs

trust score

Avg Security Score

93/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Product Testimonial

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/product-testimonial/css/cwpt.carousel.min.css/wp-content/plugins/product-testimonial/css/cwpt.theme.min.css/wp-content/plugins/product-testimonial/css/all.css/wp-content/plugins/product-testimonial/css/cwpt-product-testimonial.css/wp-content/plugins/product-testimonial/js/cwpt.carousel.min.js/wp-content/plugins/product-testimonial/js/cwpt-product-testimonial.js/wp-content/plugins/product-testimonial/css/cwpt-product-testimonial-admin.css/wp-content/plugins/product-testimonial/js/cwpt-wpnhtp.js+3 more

Script Paths

https://use.fontawesome.com/releases/v5.7.2/css/all.cssjs/jquery-ui-draggablejs/jquery-ui-sliderjs/jquery-touch-punch

Version Parameters

product-testimonial/css/cwpt.carousel.min.css?ver=product-testimonial/css/cwpt.theme.min.css?ver=product-testimonial/css/all.css?ver=product-testimonial/css/cwpt-product-testimonial.css?ver=product-testimonial/js/cwpt.carousel.min.js?ver=product-testimonial/js/cwpt-product-testimonial.js?ver=product-testimonial/css/cwpt-product-testimonial-admin.css?ver=product-testimonial/js/cwpt-wpnhtp.js?ver=product-testimonial/js/iris.min.js?ver=product-testimonial/js/cwpt-cp-active.js?ver=product-testimonial/js/cwpt-admin-product-testimonial.js?ver=

HTML / DOM Fingerprints

CSS Classes

owl-carouseltestimonialtestimonial-sliderpictitledescriptiontestimonial-contenttestimonial-profile+3 more

HTML Comments

Data Attributes

data-post-typedata-orderdata-posts-per-page

JS Globals

WPPT

REST Endpoints

/wp-json/wp/v2/cwpt

Shortcode Output

<div id="testimonial-slider" class="owl-carousel"><div class="testimonial"><div class="pic"><img src="

FAQ