Does Testimonial Slider have any unpatched vulnerabilities?

No. All known vulnerabilities in Testimonial Slider have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Testimonial Slider compatible with WordPress 6.9.4?

According to WordPress.org data, Testimonial Slider 1.3.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Testimonial Slider updated?

Testimonial Slider was last updated on Nov 12, 2025. Frequent updates are generally a positive security signal.

What is Testimonial Slider's security score?

Testimonial Slider has a WP-Safety security score of 95/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Testimonial Slider Security & Risk Analysis

wordpress.org/plugins/testimonial-slider

Display your happy customers' Testimonials in a neat Responsive Slider

3K active installs v1.3.3 PHP + WP 4.2+ Updated Nov 12, 2025

content-sliderfeedbacksliderslideshowtestimonial

A · Safe

CVEs total4

Unpatched0

Last CVEMay 3, 2024

Plugin page Download

Safety Verdict

Is Testimonial Slider Safe to Use in 2026?

Generally Safe

Score 95/100

Testimonial Slider has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: May 3, 2024Updated 4mo ago

Risk Assessment

The testimonial-slider plugin v1.3.3 presents a mixed security posture. On one hand, the static analysis indicates good practices with a majority of SQL queries utilizing prepared statements and a high percentage of output escaping. The absence of critical or high severity taint flows, along with the presence of nonce and capability checks on most entry points, are positive indicators. However, the plugin's history of four known CVEs, including two high and two medium severity vulnerabilities, is a significant concern. These past vulnerabilities, focusing on CSRF, SQL Injection, and XSS, suggest a recurring pattern of input validation and authorization weaknesses. While the current version has no unpatched CVEs, the historical trends warrant vigilance. The limited attack surface with no explicitly unprotected entry points is a strength, but the recurring nature of past vulnerabilities means that even minor oversight in future updates could reintroduce exploitable flaws.

Key Concerns

History of 4 known CVEs (2 high, 2 medium)
81% of SQL queries use prepared statements
87% of outputs properly escaped
File operations present

Vulnerabilities

Testimonial Slider Security Vulnerabilities

CVEs by Year

1 CVE in 2015

2015

1 CVE in 2018

2018

1 CVE in 2022

2022

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

High

Medium

4 total CVEs

CVE-2024-4193medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Testimonial Slider <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

May 3, 2024 Patched in 1.3.3 (7d)

CVE-2022-44741high · 8.8Cross-Site Request Forgery (CSRF)

Testimonial Slider <= 1.3.1 - Cross-Site Request Forgery

Nov 7, 2022 Patched in 1.3.2 (442d)

CVE-2018-5372high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Testimonial Slider < 1.2.5 - SQL Injection

Jan 10, 2018 Patched in 1.2.5 (2204d)

CVE-2015-9417medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Testimonial Slider <= 1.2.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Sep 1, 2015 Patched in 1.3.0 (3066d)

Code Analysis

Analyzed Mar 16, 2026

Testimonial Slider Code Analysis

Dangerous Functions

Raw SQL Queries

22 prepared

Unescaped Output

455 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

81% prepared27 total queries

Output Escaping

87% escaped524 total outputs

Data Flows

All sanitized

Data Flow Analysis

7 flows

testimonial_process_set_requests (settings\settings.php:15)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Testimonial Slider Attack Surface

Entry Points7

Unprotected0

AJAX Handlers 1

authwp_ajax_testimonial_update_review_meincludes\testimonial-slider-functions.php:153

Shortcodes 6

[testimonialslider] slider_versions\shortcodes_1.php:42

[testimonialcategory] slider_versions\shortcodes_1.php:68

[testimonialrecent] slider_versions\shortcodes_1.php:93

[testimonialCustomList] slider_versions\testimonials_list.php:198

[testimonialListCategory] slider_versions\testimonials_list.php:231

[testimonialList] slider_versions\testimonials_list.php:263

WordPress Hooks 23

actionadmin_menusettings\settings.php:6

actionadmin_initsettings\settings.php:7

actionload-testimonial-slider_page_testimonial-slider-settingssettings\settings.php:85

actioninitslider_versions\testimonial_1.php:225

actionadmin_initslider_versions\testimonial_1.php:253

actionadmin_headslider_versions\testimonial_1.php:367

actionwp_headslider_versions\testimonial_1.php:543

actionadmin_headslider_versions\testimonial_1.php:544

actionwidgets_initslider_versions\widgets_1.php:81

actionwidgets_initslider_versions\widgets_1.php:154

actionwidgets_initslider_versions\widgets_1.php:214

actionplugins_loadedtestimonial-slider.php:220

actionadmin_menutestimonial-slider.php:373

actionpublish_posttestimonial-slider.php:506

actionpublish_pagetestimonial-slider.php:507

actionedit_posttestimonial-slider.php:508

actionpublish_posttestimonial-slider.php:509

actionedit_posttestimonial-slider.php:510

actiondeleted_posttestimonial-slider.php:511

filterplugin_action_linkstestimonial-slider.php:533

actioninittestimonial-slider.php:551

actioninittestimonial-slider.php:570

filterpost_updated_messagestestimonial-slider.php:606

Maintenance & Trust

Testimonial Slider Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedNov 12, 2025

PHP min version

Downloads184K

Community Trust

Rating84/100

Number of ratings69

Active installs3K

Alternatives

Testimonial Slider Alternatives

BNE Testimonials

bne-testimonials

Display testimonials and reviews on any page or widget area as list or slider. Upgrade to PRO for additional layouts, themes, submission form, API, ra …

1K 1 CVE

Testimonial Customer Feedback

testimonial-maker

100

Display client testimonials with customizable layouts, slider effects, and responsive design. Simple setup with shortcode support.

1K No CVEs

WP Featured Content and Slider

wp-featured-content-and-slider

100

A quick, easy way to add and display what features your company, product or service offers, using our shortcode OR template code or Gutenberg block.

1K No CVEs

Custom Post Slider

custom-post-slider

Custom Post Slider Plugin Display Post with Owl Slider order by date, title, random... Developer can override HTML or create new layout in their theme …

300 No CVEs

Background Slideshow

background-slideshow

background, slider, background slideshow, images, post, pages, pictures Requires at least: 3.0 Tested up to: 3.2 Stable tag: trunk Background Slidesh …

20 No CVEs

Developer Profile

Testimonial Slider Developer Profile

David Anderson / Team Updraft

16 plugins · 6.4M total installs

trust score

Avg Security Score

98/100

Avg Patch Time

1197 days

View full developer profile

Detection Fingerprints

How We Detect Testimonial Slider

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/testimonial-slider/css/skins/default.css/wp-content/plugins/testimonial-slider/css/skins/slider-style.css/wp-content/plugins/testimonial-slider/js/testimonial-slider.js/wp-content/plugins/testimonial-slider/js/jquery.slider.min.js/wp-content/plugins/testimonial-slider/js/wow.min.js

Script Paths

/wp-content/plugins/testimonial-slider/js/testimonial-slider.js/wp-content/plugins/testimonial-slider/js/jquery.slider.min.js/wp-content/plugins/testimonial-slider/js/wow.min.js

Version Parameters

testimonial-slider/css/skins/default.css?ver=testimonial-slider/css/skins/slider-style.css?ver=testimonial-slider/js/testimonial-slider.js?ver=testimonial-slider/js/jquery.slider.min.js?ver=testimonial-slider/js/wow.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

testimonial-slider-wraptestimonial-slider-contenttestimonial-slider-imagetestimonial-slider-authortestimonial-slider-author-titletestimonial-slider-quotetestimonial-slider-navtestimonial-slider-prev+3 more

HTML Comments

Data Attributes

data-testimonial-slider-iddata-testimonial-slider-speeddata-testimonial-slider-timedata-testimonial-slider-visibledata-testimonial-slider-scrolldata-testimonial-slider-transition+3 more

JS Globals

testimonialSliderInit

Shortcode Output

[testimonial_slider[testimonial_slider id=[testimonial_slider cat=[testimonial_slider type=

FAQ