Testimonials WP Security & Risk Analysis
wordpress.org/plugins/testimonials-wpCustomizable plugin that creates and displays your Testimonials with shortcodes. Create the Testimonials as an Admin or as a User.
Is Testimonials WP Safe to Use in 2026?
Generally Safe
Score 85/100Testimonials WP has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "testimonials-wp" v1.0.0 plugin exhibits a mixed security posture. While it has a clean vulnerability history with no known CVEs and a controlled attack surface with all identified entry points seemingly protected by nonce checks, there are significant concerns within its codebase. A major red flag is the complete lack of prepared statements for all SQL queries, presenting a high risk of SQL injection vulnerabilities. Additionally, the fact that 40% of output is not properly escaped indicates a potential for cross-site scripting (XSS) flaws. The taint analysis revealing unsanitized paths in flows, though not reaching critical or high severity, warrants attention as it could lead to unintended consequences or be a precursor to more serious issues. The presence of file operations also requires careful scrutiny, especially in conjunction with potential injection vulnerabilities. Overall, the plugin has strengths in its limited and checked attack surface and lack of historical vulnerabilities, but the prevalent use of raw SQL and unescaped output creates significant security risks that need immediate remediation.
Key Concerns
- All SQL queries lack prepared statements
- 40% of outputs are not properly escaped
- Taint flows with unsanitized paths
- File operations present
Testimonials WP Security Vulnerabilities
Testimonials WP Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
Testimonials WP Attack Surface
AJAX Handlers 2
Shortcodes 2
WordPress Hooks 5
Maintenance & Trust
Testimonials WP Maintenance & Trust
Maintenance Signals
Community Trust
Testimonials WP Alternatives
BuzzHub
buzzhub
A powerful WordPress plugin to collect and display customer reviews with user submissions, multiple layouts, and full control.
Solid Testimonials – Testimonial Slider, Video Testimonials & Customer Reviews
gs-testimonial
Showcase and automate customer reviews with ease - sliders, grids, filters, and more to boost trust and sales.
Testimonial Customer Feedback
testimonial-maker
Display client testimonials with customizable layouts, slider effects, and responsive design. Simple setup with shortcode support.
Buzzolt Reviews & Testimonials
buzzolt-reviews-testimonials
Easily collect, manage, and display testimonials and reviews on your WordPress site.
Customer Video Reviews for WooCommerce
product-reviews
Collect customer video reviews to boost trust, engagement, and sales.
Testimonials WP Developer Profile
3 plugins · 10 total installs
How We Detect Testimonials WP
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/testimonials-wp/css/admin_page_css.css/wp-content/plugins/testimonials-wp/js/twp_admin.js/wp-content/plugins/testimonials-wp/js/twp-s2n.js/wp-content/plugins/testimonials-wp/css/twp.css/wp-content/plugins/testimonials-wp/js/twp_admin.js/wp-content/plugins/testimonials-wp/js/twp-s2n.jstestimonials-wp/css/admin_page_css.css?ver=testimonials-wp/js/twp_admin.js?ver=testimonials-wp/js/twp-s2n.js?ver=testimonials-wp/css/twp.css?ver=HTML / DOM Fingerprints
twp_formtwp_displays2n-mddark-themeimg-circleimg-sqauresuccess-messageerror-messagedata-plugin-name="testimonials-wp"data-plugin-version="1.0.0"twp_save[twp_form][twp_display]