WP-Safety

Testimonial Slider Security & Risk Analysis

wordpress.org/plugins/testimonials-slider

Testimonial slider is very helpful to display client feeback and quote. You can create shortcode and use it. thats simple. It is mobile friednly.

10 active installs v1.1 PHP 5.2.4+ WP 4.0+ Updated Mar 7, 2020
commentsspam
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Testimonial Slider Safe to Use in 2026?

Generally Safe

Score 85/100

Testimonial Slider has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago
Risk Assessment

The "testimonials-slider" plugin version 1.1 presents a generally good security posture, with several positive indicators. The absence of known CVEs and critical taint flows, along with the use of prepared statements for all SQL queries, are strong points. The presence of a nonce check is also a good practice. However, a significant concern is the low percentage of properly escaped output (32%). This indicates a potential for Cross-Site Scripting (XSS) vulnerabilities, especially in any user-supplied data that is displayed to other users. While there are no unauthenticated entry points directly exposed in the static analysis (AJAX, REST API), the shortcode acts as a potential entry point that is not explicitly detailed regarding its internal security checks beyond a single nonce check for the entire plugin. The vulnerability history being clean is reassuring, but the low output escaping rate remains a notable weakness that could lead to vulnerabilities if not addressed.

Key Concerns

  • Low output escaping rate (32%)
  • Potential for XSS via shortcode
Vulnerabilities
None known

Testimonial Slider Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Testimonial Slider Release Timeline

v1.1Current
v1.0
Code Analysis
Analyzed Apr 16, 2026

Testimonial Slider Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
19
9 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

32% escaped28 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<testimonial-settings> (include/testimonial-settings.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Testimonial Slider Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[Testimonial_Slider] testimonials-slider.php:198
WordPress Hooks 7
actionwp_enqueue_scriptstestimonials-slider.php:34
actioninittestimonials-slider.php:78
actionadmin_menutestimonials-slider.php:85
actionadmin_enqueue_scriptstestimonials-slider.php:96
actionadd_meta_boxestestimonials-slider.php:117
actionsave_posttestimonials-slider.php:180
actionadmin_headtestimonials-slider.php:194
Maintenance & Trust

Testimonial Slider Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19
Last updatedMar 7, 2020
PHP min version5.2.4
Downloads1K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

Testimonial Slider Alternatives

Akismet Anti-spam: Spam Protection

Akismet Anti-spam: Spam Protection

akismet

A
99

The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.

6.0M 2 CVEs
Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]

Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]

disable-comments

A
99

Allows administrators to globally disable comments on their site. Comments can be disabled according to post type. Multisite friendly.

1.0M 1 CVE
Antispam Bee

Antispam Bee

antispam-bee

A
100

Sophisticated antispam plugin for effective daily comment and trackback spam-fighting. Built with data protection and privacy in mind.

700K 1 CVE
Spam protection, Honeypot, Anti-Spam by CleanTalk

Spam protection, Honeypot, Anti-Spam by CleanTalk

cleantalk-spam-protect

B
76

Blocks spam comments, fake users, contact form spam and more. No impact on SEO. Privacy focused. CAPTCHA free, premium Antispam plugin.

200K 13 CVEs
Captcha Code

Captcha Code

captcha-code-authentication

A
99

GDPR compatible captcha anti-spam protection for login form, comments form, registration form & lost password form. Eliminate spam with captcha.

100K 2 CVEs
Developer Profile

Testimonial Slider Developer Profile

Kartik Dholariya

2 plugins · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Testimonial Slider

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/testimonials-slider/css/style.css/wp-content/plugins/testimonials-slider/css/bootstrap.min.css/wp-content/plugins/testimonials-slider/js/bootstrap.min.js/wp-content/plugins/testimonials-slider/js/main.js/wp-content/plugins/testimonials-slider/include/styles.css/wp-content/plugins/testimonials-slider/include/carousels.js/wp-content/plugins/testimonials-slider/include/color-picker.js
Script Paths
/wp-content/plugins/testimonials-slider/js/bootstrap.min.js/wp-content/plugins/testimonials-slider/js/main.js/wp-content/plugins/testimonials-slider/include/carousels.js/wp-content/plugins/testimonials-slider/include/color-picker.js
Version Parameters
testimonials-slider/css/style.css?ver=testimonials-slider/css/bootstrap.min.css?ver=testimonials-slider/js/bootstrap.min.js?ver=testimonials-slider/js/main.js?ver=testimonials-slider/include/styles.css?ver=testimonials-slider/include/carousels.js?ver=testimonials-slider/include/color-picker.js?ver=

HTML / DOM Fingerprints

CSS Classes
rt-star
Data Attributes
testimonial_testimonial_meta_nametestimonial_testimonial_meta_destignationtestimonial_testimonial_meta_rating
FAQ

Frequently Asked Questions about Testimonial Slider