Simple Testimonials Showcase Security & Risk Analysis
wordpress.org/plugins/simple-testimonials-showcaseThis plugin allows you to create and display testimonials in multiple ways.
Is Simple Testimonials Showcase Safe to Use in 2026?
High Risk
Score 49/100Simple Testimonials Showcase carries significant security risk with 3 known CVEs, 2 still unpatched. Consider switching to a maintained alternative.
The "simple-testimonials-showcase" plugin exhibits a mixed security posture. On the positive side, the static analysis reveals a relatively small attack surface, with no unprotected AJAX handlers or REST API routes. The code also demonstrates good practices regarding SQL queries, with 100% using prepared statements, and a high percentage of output escaping (96%). There are also capability checks present in the code. However, there are significant concerns stemming from its vulnerability history. The plugin has a history of three known CVEs, with two currently unpatched. These past vulnerabilities predominantly involve Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF), which are critical security issues if left unaddressed. The lack of any nonce checks is also a notable weakness, especially given the history of CSRF vulnerabilities, as nonces are a primary defense against such attacks. The absence of taint analysis results is neutral, as it implies no critical flows were detected, but it doesn't mitigate the risks from known vulnerabilities.
Key Concerns
- Unpatched CVEs
- Missing nonce checks
- Vulnerability history of XSS and CSRF
Simple Testimonials Showcase Security Vulnerabilities
CVEs by Year
Severity Breakdown
3 total CVEs
Simple Testimonials Showcase <= 1.1.6 - Authenticated (Editor+) Stored Cross-Site Scripting
Simple Testimonials Showcase <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Simple Testimonials Showcase <= 1.1.6 - Cross-Site Request Forgery
Simple Testimonials Showcase Code Analysis
Output Escaping
Simple Testimonials Showcase Attack Surface
Shortcodes 1
WordPress Hooks 20
Maintenance & Trust
Simple Testimonials Showcase Maintenance & Trust
Maintenance Signals
Community Trust
Simple Testimonials Showcase Alternatives
wp-Typography
wp-typography
Improve your web typography with: hyphenation, space control, intelligent character replacement, and CSS hooks.
Classic Blog Grid
classic-blog-grid
Classic Blog Grid : A plugin to display blog posts in various grid formats: list, masonry, and slider.
Quotes for WooCommerce
quotes-for-woocommerce
This plugin allows the site admin the ability to accept quote requests for products. Prices can be hidden. No payments will be taken at Checkout.
Invoice Gateway for WooCommerce – Invoice Payment Gateway
invoice-gateway-for-woocommerce
Add a WooCommerce invoice gateway to your store. An easy invoicing payment gateway solution for WooCommerce.
Post Layouts for Gutenberg
post-layouts
A beautiful post layouts block to showcase your posts in grid and list layout with multiple templates availability.
Simple Testimonials Showcase Developer Profile
12 plugins · 32K total installs
How We Detect Simple Testimonials Showcase
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/simple-testimonials-showcase/admin/css/simple-testimonials-showcase-admin.css/wp-content/plugins/simple-testimonials-showcase/admin/js/simple-testimonials-showcase-admin.js/wp-content/plugins/simple-testimonials-showcase/admin/js/wp-color-picker-alpha.js/wp-content/plugins/simple-testimonials-showcase/admin/js/simple-testimonials-showcase-admin.js/wp-content/plugins/simple-testimonials-showcase/admin/js/wp-color-picker-alpha.jssimple-testimonials-showcase/admin/css/simple-testimonials-showcase-admin.css?ver=simple-testimonials-showcase/admin/js/simple-testimonials-showcase-admin.js?ver=wp-color-picker-alpha?ver=1.0.0HTML / DOM Fingerprints
sts-containersts-blockdata-sts-idsts_color_optionswpColorPickerL10n[simple_testimonials]