WP-Safety

Super Testimonial – Testimonial & Customer Review Slider Plugin for WordPress Security & Risk Analysis

wordpress.org/plugins/super-testimonial

Testimonials are easy to use the plugin that allows users to add Testimonials to the sidebar, as a widget, or to embed testimonials into a Page or Pos …

2K active installs v5.0.0 PHP + WP 4.0+ Updated Dec 21, 2025
client-testimonialcustomer-reviewtestimonialtestimonial-sliderwordpress-testimonials
96
A · Safe
CVEs total5
Unpatched0
Last CVEFeb 17, 2025
Plugin page Download
Safety Verdict

Is Super Testimonial – Testimonial & Customer Review Slider Plugin for WordPress Safe to Use in 2026?

Generally Safe

Score 96/100

Super Testimonial – Testimonial & Customer Review Slider Plugin for WordPress has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Feb 17, 2025Updated 3mo ago
Risk Assessment

The 'super-testimonial' plugin version 5.0.0 demonstrates several positive security practices, including a high percentage of properly escaped output and the exclusive use of prepared statements for SQL queries. The absence of dangerous functions, file operations, and external HTTP requests is also encouraging. However, the presence of one unprotected AJAX handler represents a significant concern, creating a direct entry point for potential unauthenticated attacks.

The plugin's vulnerability history is a major red flag. With five known CVEs, including one high-severity and four medium-severity issues, and a recent vulnerability reported in early 2025, the plugin has a clear pattern of past security weaknesses. The common vulnerability types (XSS) suggest potential issues with input validation and output sanitization, even with the otherwise good static analysis results for output escaping. This history, coupled with the unprotected AJAX handler, indicates a need for caution.

In conclusion, while 'super-testimonial' v5.0.0 has some strong security fundamentals, the historical vulnerability trend and the single unprotected AJAX entry point present notable risks. Users should be aware of the past issues and the potential for further vulnerabilities, even if current static analysis appears favorable.

Key Concerns

  • Unprotected AJAX handler
  • High number of past medium/high vulnerabilities
  • Recent vulnerability history
Vulnerabilities
5

Super Testimonial – Testimonial & Customer Review Slider Plugin for WordPress Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
1 CVE in 2023
2023
2 CVEs in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
4

5 total CVEs

CVE-2024-13704high · 7.2Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Super Testimonials <= 4.0.1 - Unauthenticated Stored Cross-Site Scripting

Feb 17, 2025 Patched in 4.0.2 (1d)
CVE-2024-43959medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Testimonials <= 3.0.8 - Reflected Cross-Site Scripting

Aug 26, 2024 Patched in 3.0.9 (39d)
CVE-2024-31348medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Testimonials <= 3.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 5, 2024 Patched in 3.0.6 (7d)
CVE-2023-5613medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Super Testimonials <= 2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Oct 16, 2023 Patched in 3.0 (99d)
CVE-2021-36858medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Testimonials <= 2.6 - Authenticated (Administrator+) Stored Cross-Site Scripting

Oct 27, 2022 Patched in 2.7 (453d)
Code Analysis
Analyzed Mar 16, 2026

Super Testimonial – Testimonial & Customer Review Slider Plugin for WordPress Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
17
1420 escaped
Nonce Checks
4
Capability Checks
5
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

99% escaped1437 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
tps_testimonial_form_shortcode (includes\admin\frontend-form-shortcode.php:7)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Super Testimonial – Testimonial & Customer Review Slider Plugin for WordPress Attack Surface

Entry Points4
Unprotected1

AJAX Handlers 1

authwp_ajax_tps_super_testimonials_plugin_review_dismissadmin\tp-testimonials-admin.php:446

Shortcodes 3

[frontend_form] includes\admin\frontend-form-shortcode.php:401
[tpsscode] includes\shortcodes\tp-custom-shortcode.php:543
[tptpro] includes\shortcodes\tp-testimonial-pro-shortcode.php:293
WordPress Hooks 30
actioninitadmin\tp-testimonials-admin.php:46
filtermanage_ktsprotype_posts_columnsadmin\tp-testimonials-admin.php:143
actionmanage_ktsprotype_posts_custom_columnadmin\tp-testimonials-admin.php:148
actionadd_meta_boxesadmin\tp-testimonials-admin.php:162
actionsave_postadmin\tp-testimonials-admin.php:332
filterpost_updated_messagesadmin\tp-testimonials-admin.php:350
actionadmin_initadmin\tp-testimonials-admin.php:363
actionadmin_noticesadmin\tp-testimonials-admin.php:373
actioninitincludes\admin\frontend-form-post.php:57
filteradmin_headincludes\admin\frontend-form-post.php:69
filterpost_row_actionsincludes\admin\frontend-form-post.php:77
actionadmin_menuincludes\admin\frontend-form-post.php:86
actionadmin_initincludes\admin\frontend-form-post.php:105
filtermanage_tp_testimonial_form_posts_columnsincludes\admin\frontend-form-post.php:116
actionmanage_tp_testimonial_form_posts_custom_columnincludes\admin\frontend-form-post.php:125
actionadd_meta_boxesincludes\admin\frontend-form-post.php:138
actionsave_postincludes\admin\frontend-form-post.php:1226
actionadd_meta_boxesincludes\admin\frontend-form-post.php:1238
actioninitincludes\metabox\tp-testimonials-metabox.php:48
filtermanage_tptscode_posts_columnsincludes\metabox\tp-testimonials-metabox.php:61
actionmanage_tptscode_posts_custom_columnincludes\metabox\tp-testimonials-metabox.php:74
actionadd_meta_boxesincludes\metabox\tp-testimonials-metabox.php:89
actionsave_postincludes\metabox\tp-testimonials-metabox.php:1802
actionedit_form_after_titleincludes\metabox\tp-testimonials-metabox.php:1854
filterwidget_texttp-testimonials.php:38
actionplugins_loadedtp-testimonials.php:52
actionwp_enqueue_scriptstp-testimonials.php:67
actionadmin_enqueue_scriptstp-testimonials.php:98
actionadmin_menutp-testimonials.php:117
actionadmin_inittp-testimonials.php:142
Maintenance & Trust

Super Testimonial – Testimonial & Customer Review Slider Plugin for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 21, 2025
PHP min version
Downloads121K

Community Trust

Rating94/100
Number of ratings24
Active installs2K
Alternatives

Super Testimonial – Testimonial & Customer Review Slider Plugin for WordPress Alternatives

Testimonial – Testimonial Slider and Showcase Plugin

Testimonial – Testimonial Slider and Showcase Plugin

testimonial-slider-and-showcase

A
99

Display customer testimonials beautifully with responsive slider and grid layouts. Build trust and boost conversions with this WordPress testimonial p &hellip;

30K 2 CVEs
Testimonial Grid and Testimonial Slider plus Carousel with Rotator Widget

Testimonial Grid and Testimonial Slider plus Carousel with Rotator Widget

wp-testimonial-with-widget

A
100

A quick, easy way to add and display responsive, clean client's testimonial on your website using a shortcode, widget or Gutenberg block.

9K No CVEs
Solid Testimonials – Testimonial Slider, Video Testimonials & Customer Reviews

Solid Testimonials – Testimonial Slider, Video Testimonials & Customer Reviews

gs-testimonial

A
96

Showcase and automate customer reviews with ease - sliders, grids, filters, and more to boost trust and sales.

1K 6 CVEs
Easy Testimonial Slider and Form

Easy Testimonial Slider and Form

easy-testimonial-rotator

A
96

This is beautiful responsive testimonial slider and testimonial submitter form for WordPress blogs and sites.

800 3 CVEs
Reviewfic – The Ultimate Testimonial Slider, Carousel, Grid Plugin

Reviewfic – The Ultimate Testimonial Slider, Carousel, Grid Plugin

reviewfic

A
100

Showcase testimonials, customer reviews, or quotes on your website. Easily display reviews across posts, pages, custom templates, widgets, and more.

10 No CVEs
Developer Profile

Super Testimonial – Testimonial & Customer Review Slider Plugin for WordPress Developer Profile

Themepoints

19 plugins · 10K total installs

84
trust score
Avg Security Score
94/100
Avg Patch Time
66 days
View full developer profile
Detection Fingerprints

How We Detect Super Testimonial – Testimonial & Customer Review Slider Plugin for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/super-testimonial/frontend/css/font-awesome.css/wp-content/plugins/super-testimonial/frontend/css/owl.carousel.min.css/wp-content/plugins/super-testimonial/frontend/css/theme-style.css/wp-content/plugins/super-testimonial/frontend/js/testimonial-slider.js/wp-content/plugins/super-testimonial/frontend/js/jquery.raty-fa.js/wp-content/plugins/super-testimonial/frontend/js/owl.carousel.js/wp-content/plugins/super-testimonial/admin/css/tp-testimonial-admin.css/wp-content/plugins/super-testimonial/admin/css/tps_shortcode_admin.css+4 more
Script Paths
/wp-content/plugins/super-testimonial/frontend/js/testimonial-slider.js/wp-content/plugins/super-testimonial/frontend/js/jquery.raty-fa.js/wp-content/plugins/super-testimonial/frontend/js/owl.carousel.js/wp-content/plugins/super-testimonial/admin/js/color-picker.js/wp-content/plugins/super-testimonial/admin/js/tp-testimonial-admin.js/wp-content/plugins/super-testimonial/admin/js/tp-testimonial-form.js
Version Parameters
/wp-content/plugins/super-testimonial/frontend/css/font-awesome.css?ver=/wp-content/plugins/super-testimonial/frontend/css/owl.carousel.min.css?ver=/wp-content/plugins/super-testimonial/frontend/css/theme-style.css?ver=/wp-content/plugins/super-testimonial/frontend/js/testimonial-slider.js?ver=1.0.0/wp-content/plugins/super-testimonial/frontend/js/jquery.raty-fa.js?ver=2.4/wp-content/plugins/super-testimonial/frontend/js/owl.carousel.js?ver=2.4/wp-content/plugins/super-testimonial/admin/css/tp-testimonial-admin.css?ver=/wp-content/plugins/super-testimonial/admin/css/tps_shortcode_admin.css?ver=/wp-content/plugins/super-testimonial/admin/js/color-picker.js?ver=/wp-content/plugins/super-testimonial/admin/js/tp-testimonial-admin.js?ver=1.0/wp-content/plugins/super-testimonial/admin/css/tps-frontend-admin.css?ver=/wp-content/plugins/super-testimonial/admin/js/tp-testimonial-form.js?ver=1.0

HTML / DOM Fingerprints

CSS Classes
tps-testimonial-slidertps-testimonial-item
HTML Comments
<!-- Widget Area --><!-- Front End Form --><!-- Testimonial Form Shortcode --><!-- Super Testimonials Shortcode Page -->
Data Attributes
data-testimonial-iddata-slider-id
JS Globals
tps_testimonial_slider_options
REST Endpoints
/wp-json/super-testimonial/v1/testimonials
Shortcode Output
[super_testimonial][super_testimonial_pro]
FAQ

Frequently Asked Questions about Super Testimonial – Testimonial & Customer Review Slider Plugin for WordPress