WP-Safety

Super Easy Testimonials Security & Risk Analysis

wordpress.org/plugins/super-easy-testimonials

Super Easy Testimonials adds flexibility to your wordpress site in creating and managing testimonials.

10 active installs v1.1.1 PHP + WP 3.4.7+ Updated Jul 15, 2016
easy-testimonial-plugineasy-testimonialssimple-testimonialsuper-easy-testimonialstestimonials
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Super Easy Testimonials Safe to Use in 2026?

Generally Safe

Score 85/100

Super Easy Testimonials has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago
Risk Assessment

The "super-easy-testimonials" plugin v1.1.1 exhibits a mixed security posture. On the positive side, there are no known CVEs, a relatively small attack surface consisting of a single shortcode, and no external HTTP requests or bundled libraries. The code also shows a good proportion of SQL queries utilizing prepared statements.

However, significant concerns arise from the static analysis. The most critical issue is a single flow identified by taint analysis as having unsanitized paths with high severity. This is particularly worrying as it bypasses all capability checks and nonce verifications. Furthermore, a low percentage of output escaping (37%) indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities, especially in conjunction with the potential for unsanitized paths. The presence of file operations also warrants careful review, as it could be exploited if combined with other weaknesses.

While the plugin has no recorded vulnerability history, this does not guarantee future safety, especially given the identified critical taint flow and poor output escaping. The lack of nonce and capability checks on its entry points is a major oversight. Overall, the plugin has several critical security weaknesses that need immediate attention, outweighing its positive aspects.

Key Concerns

  • High severity taint flow with unsanitized paths
  • Low percentage of output escaping (37%)
  • 0 Nonce checks on entry points
  • 0 Capability checks on entry points
  • Presence of file operations
Vulnerabilities
None known

Super Easy Testimonials Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Super Easy Testimonials Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
12 prepared
Unescaped Output
17
10 escaped
Nonce Checks
0
Capability Checks
0
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

75% prepared16 total queries

Output Escaping

37% escaped27 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<testimonial> (testimonial.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Super Easy Testimonials Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[list-testimonials] index.php:92
WordPress Hooks 5
actionadmin_menuindex.php:51
actionwp_enqueue_scriptsindex.php:66
actionadmin_print_scriptsindex.php:106
actionadmin_print_stylesindex.php:107
actionadmin_headindex.php:118
Maintenance & Trust

Super Easy Testimonials Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33
Last updatedJul 15, 2016
PHP min version
Downloads1K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

Super Easy Testimonials Alternatives

Testimonial Slider – Free Testimonials Slider Plugin

Testimonial Slider – Free Testimonials Slider Plugin

testimonial-add

C
59

Testimonial Slider plugin is the only plugin you will need to display testimonials on your site, Create testimonial slider or list and design as per y &hellip;

800 1 unpatched
WP Testimonial

WP Testimonial

wp-testimonial

A
85

Add Testimonials on Your Website.

30 No CVEs
Migrate away from Easy Testimonials

Migrate away from Easy Testimonials

strong-testimonials-migrate-from-easy-testimonials

A
100

Migrate away from Easy Testimonials is the official migrator from Easy Testimonials to Strong Testimonials

20 No CVEs
LR WP Testimonials with slider

LR WP Testimonials with slider

lr-wp-testimonials-with-slider

A
85

This plugin adds a "LR Testimonials" section to the admin panel. A flexible plugin with everything you need to display testimonials.

0 No CVEs
Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More

Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More

reviews-feed

A
99

No API key required. Display Yelp and Google reviews for any business in a clean, customizable feed on your site.

100K 2 CVEs
Developer Profile

Super Easy Testimonials Developer Profile

babuna.mohanty7

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Super Easy Testimonials

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/super-easy-testimonials/images/photo-bg.png/wp-content/plugins/super-easy-testimonials/images/photo.jpg

HTML / DOM Fingerprints

CSS Classes
photo-bglaquoraquocontentsign
Shortcode Output
<div id='block'><p class='content'><span class='laquo'>&nbsp;</span><span class='raquo'>&nbsp;</span></p><div class='sign'>
FAQ

Frequently Asked Questions about Super Easy Testimonials