Testimonials Pro Security & Risk Analysis
wordpress.org/plugins/testimonials-proDisplay your testimonials easily in a professional manner:
Is Testimonials Pro Safe to Use in 2026?
Generally Safe
Score 85/100Testimonials Pro has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "testimonials-pro" v1.2 plugin exhibits a mixed security posture. On the positive side, it has a very small attack surface with no unprotected entry points, no known CVEs, and a high percentage of SQL queries using prepared statements. It also avoids dangerous functions and file operations. However, there are significant concerns regarding output escaping, with 0% of outputs being properly escaped. This is a critical weakness that could lead to Cross-Site Scripting (XSS) vulnerabilities.
The taint analysis reveals two high-severity flows with unsanitized paths, indicating potential for malicious data to be processed without adequate sanitization, further increasing the risk of XSS or other injection attacks. The absence of nonce checks and capability checks on its single shortcode entry point is also a notable concern, as it means the shortcode's functionality could potentially be triggered by unauthorized users or by malicious scripts.
Given the lack of historical vulnerabilities, it's difficult to definitively assess its long-term security track record. However, the current static analysis strongly points to immediate risks related to output sanitization and unsanitized data flows. While the plugin avoids some common pitfalls like unpatched CVEs and raw SQL, the identified output escaping and taint analysis issues present substantial security weaknesses that require immediate attention.
Key Concerns
- 0% of outputs properly escaped
- 2 high severity unsanitized path flows
- No nonce checks on entry points
- No capability checks on entry points
Testimonials Pro Security Vulnerabilities
Testimonials Pro Release Timeline
Testimonials Pro Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
Testimonials Pro Attack Surface
Shortcodes 1
WordPress Hooks 5
Maintenance & Trust
Testimonials Pro Maintenance & Trust
Maintenance Signals
Community Trust
Testimonials Pro Alternatives
Text Scroll Widget
text-scrolling-widget
Text Scroll Widget is a plugin to automatically scroll up the content inserted in the description area of the widget.
Information Reel
information-reel
This plugin scroll the entered title, image, and description in your word press website. This is best way to announce your messages to user.
Slider Text Scroll
slider-text-scroll
Easy to add Slider Text Scroll via shortcode [sts] for every WordPress theme. Slider Text Scroll plugin will help you to enable Slider Text Scroll is …
Testimonials by BestWebSoft
bws-testimonials
Add testimonials and feedbacks from your customers to WordPress website posts, pages, and widgets.
Elfsight Testimonials Slider
elfsight-testimonials-slider
Level up your website credibility with trustworthy testimonials
Testimonials Pro Developer Profile
1 plugin · 10 total installs
How We Detect Testimonials Pro
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/testimonials-pro/navigation-20px.png/wp-content/plugins/testimonials-pro/tp-arrow.pngHTML / DOM Fingerprints
TP-regimageTP_navigationTP_prevTP_nexttp-arrowTP_divid="TP_div_onclick="displayNT('')id="tp_count"id="tp_count_all"TP<div style="padding-top:8px;padding-bottom:8px; position:relative; "><div style="text-align:left;vertical-align:middle;text-decoration: none;overflow: hidden; position: relative; margin-left: 3px; " id="TPHolder"><div class="TP_navigation"><div class="TP_prev" onclick="displayNT('')"></div>