Does Simple Testimonials have any unpatched vulnerabilities?

No. All known vulnerabilities in Simple Testimonials have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Simple Testimonials compatible with WordPress 6.1.10?

According to WordPress.org data, Simple Testimonials 1.0.7 has been tested up to WordPress 6.1.10. Check the plugin's changelog for the latest compatibility information.

How often is Simple Testimonials updated?

Simple Testimonials was last updated on Mar 22, 2023. Frequent updates are generally a positive security signal.

What is Simple Testimonials's security score?

Simple Testimonials has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Simple Testimonials Security & Risk Analysis

wordpress.org/plugins/simple-testimonials

Easily manage testimonials and display them anywhere on your blog in seconds, via blocks, widgets or shortcodes.

300 active installs v1.0.7 PHP + WP 3.0.1+ Updated Mar 22, 2023

random-quoterandom-testimonialrandom-testimonialstestimonials

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Simple Testimonials Safe to Use in 2026?

Generally Safe

Score 85/100

Simple Testimonials has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The simple-testimonials plugin v1.0.7 exhibits a generally positive security posture, with no recorded vulnerabilities or critical taint flows. The static analysis reveals good practices such as 100% of SQL queries using prepared statements and the presence of nonce and capability checks. However, a significant concern lies in the output escaping, where only 44% of outputs are properly escaped. This could potentially lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is not adequately sanitized before being displayed in the frontend.

While the plugin boasts a clean vulnerability history, the lack of comprehensive taint analysis (0 flows analyzed) and the observed output escaping issues warrant attention. The single shortcode presents a potential entry point that, combined with insufficient output escaping, could be leveraged by attackers. Given the absence of known CVEs and the generally strong adherence to secure coding principles in other areas, the primary risk is currently related to potential XSS vulnerabilities due to incomplete output sanitization. A deeper dive into the shortcode's functionality and the handling of its output would be beneficial for a complete risk assessment.

Key Concerns

Low output escaping percentage

Vulnerabilities

None known

Simple Testimonials Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Simple Testimonials Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

20 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

44% escaped45 total outputs

Attack Surface

Simple Testimonials Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[testimonial] pixelovely_testimonial.php:474

WordPress Hooks 8

actionwp_enqueue_scriptspixelovely_testimonial.php:27

actioninitpixelovely_testimonial.php:79

actionedit_form_after_titlepixelovely_testimonial.php:84

actionsave_postpixelovely_testimonial.php:229

actionwidgets_initpixelovely_testimonial.php:473

actionplugins_loadedpixelovely_testimonial.php:481

actionenqueue_block_editor_assetspixelovely_testimonial.php:494

actioninitpixelovely_testimonial.php:502

Maintenance & Trust

Simple Testimonials Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10

Last updatedMar 22, 2023

PHP min version

Downloads24K

Community Trust

Rating100/100

Number of ratings14

Active installs300

Alternatives

Simple Testimonials Alternatives

BNE Testimonials

bne-testimonials

Display testimonials and reviews on any page or widget area as list or slider. Upgrade to PRO for additional layouts, themes, submission form, API, ra …

1K 1 CVE

Random Comment Widget

random-comment-widget

Random Comment Widget displays random comment from selected page or post on your website. Great solution for testimonial.

10 No CVEs

Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More

reviews-feed

No API key required. Display Yelp and Google reviews for any business in a clean, customizable feed on your site.

100K 2 CVEs

Rich Showcase for Google Reviews

widget-google-reviews

Display up to 10 Google reviews in less than a minute. Continue collecting new reviews. No limits on connected places, widgets, shortcodes and blocks.

100K 5 CVEs

Strong Testimonials

strong-testimonials

An easy-to-use testimonial plugin to collect and show customer feedback in WordPress

90K 14 CVEs

Developer Profile

Simple Testimonials Developer Profile

Kim

3 plugins · 320 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Simple Testimonials

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/simple-testimonials/css/style.css

Version Parameters

simple-testimonials/css/style.css?ver=

HTML / DOM Fingerprints

Data Attributes

name="pix_simple_testimonial_pagemeta_noncename"id="pix_simple_testimonial_pagemeta_noncename"name="_quote"name="post_title"

JS Globals

PIXELovely_simpletestimonials_inputs

FAQ