WP-Safety

Whook Testimonials Security & Risk Analysis

wordpress.org/plugins/whook-testimonial

Whook Testimonials is a plugin to use the feedback form on your WordPress website. It is a user friendly and feature rich plugin to add a responsive T …

0 active installs v1.2 PHP 5.2.4+ WP 3.0.1+ Updated Unknown
feedbackratingreviewstestimonialswhook
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Whook Testimonials Safe to Use in 2026?

Generally Safe

Score 100/100

Whook Testimonials has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The whook-testimonial plugin v1.2 presents a concerning security posture due to a significant number of unprotected AJAX handlers and a high rate of unsanitized data flows. With 13 out of 15 entry points lacking authentication checks, attackers have a broad surface to potentially exploit. The presence of the 'unserialize' function, a known vector for object injection vulnerabilities, further amplifies the risk, especially when combined with unsanitized input. The taint analysis revealing 8 high-severity flows with unsanitized paths strongly suggests that user-supplied data is not being properly validated or escaped before being used in potentially dangerous operations.

While the plugin has no recorded vulnerability history, this is not an indicator of current security. The lack of nonces, capability checks, and proper output escaping on most outputs means that even without direct evidence of past exploits, the potential for new vulnerabilities to emerge is substantial. The reliance on prepared statements for SQL queries is a positive aspect, but it doesn't mitigate the risks posed by the other identified weaknesses. Overall, this plugin requires immediate attention to address the critical gaps in its security implementation.

Key Concerns

  • Unprotected AJAX handlers
  • Unsanitized paths in taint analysis (high severity)
  • Use of 'unserialize' function
  • Low rate of properly escaped output
  • Missing nonce checks
  • Missing capability checks
Vulnerabilities
None known

Whook Testimonials Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Whook Testimonials Code Analysis

Dangerous Functions
7
Raw SQL Queries
7
6 prepared
Unescaped Output
85
19 escaped
Nonce Checks
0
Capability Checks
0
File Operations
4
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserialize$setting_input_field = unserialize($result[0]->setting_input_field);whook-class\form-class.php:75
unserialize$setting_rating_words = unserialize($result[0]->setting_rating_words);whook-class\form-class.php:79
unserialize$setquestion= unserialize($result[0]->msg_question);whook-class\form-class.php:265
unserialize$question_ans = unserialize($result[0]->msg_question_ans);whook-class\form-class.php:268
unserialize$question_option = unserialize($result[0]->msg_question_option);whook-class\form-class.php:269
unserialize$input_field = unserialize($result[0]->setting_input_field);whook-class\form-class.php:483
unserialize$rating_options = unserialize($rating_words);whook-class\form-class.php:558

Bundled Libraries

DataTables

SQL Query Safety

46% prepared13 total queries

Output Escaping

18% escaped104 total outputs
Data Flows
11 unsanitized

Data Flow Analysis

11 flows11 with unsanitized paths
get_question_table (whook-class\dtlist-class.php:116)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
13 unprotected

Whook Testimonials Attack Surface

Entry Points15
Unprotected13

AJAX Handlers 13

authwp_ajax_whook_test_setting_updatewhook-testimonial.php:271
authwp_ajax_whook_test_question_table_listwhook-testimonial.php:289
authwp_ajax_whook_test_whook_test_question_updatefrmwhook-testimonial.php:311
authwp_ajax_whook_test_question_updatewhook-testimonial.php:327
authwp_ajax_whook_test_question_addwhook-testimonial.php:345
authwp_ajax_whook_delete_imagewhook-testimonial.php:369
authwp_ajax_whook_test_delete_testimonialwhook-testimonial.php:389
authwp_ajax_whook_test_delete_questionwhook-testimonial.php:411
authwp_ajax_whook_test_update_testimonialwhook-testimonial.php:429
authwp_ajax_whook_test_update_frmwhook-testimonial.php:451
authwp_ajax_whook_test_tablewhook-testimonial.php:483
noprivwp_ajax_whook_test_submit_formwhook-testimonial.php:499
authwp_ajax_whook_test_submit_formwhook-testimonial.php:501

Shortcodes 2

[whook-test-form] whook-testimonial.php:589
[whook-test-feedback-show] whook-testimonial.php:591
WordPress Hooks 5
actionwp_headwhook-testimonial.php:75
actionadmin_menuwhook-testimonial.php:101
actionadmin_enqueue_scriptswhook-testimonial.php:147
actionwp_footerwhook-testimonial.php:177
actionwp_footerwhook-testimonial.php:579
Maintenance & Trust

Whook Testimonials Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedUnknown
PHP min version5.2.4
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Whook Testimonials Alternatives

Five Star Restaurant Reviews

Five Star Restaurant Reviews

good-reviews-wp

A
100

Restaurant reviews made easy. Add and display reviews on your restaurant site using SEO friendly schema markup.

500 1 CVE
GlowReviews – Smart Feedback & Testimonials

GlowReviews – Smart Feedback & Testimonials

glowreviews

A
100

Collect and display customer feedback with star ratings, image uploads, and WordPress user integration.

0 No CVEs
Scorpiotek Testimonials

Scorpiotek Testimonials

scorpiotek-testimonials

A
100

A modern WordPress testimonials plugin with slider and star rating.

0 No CVEs
Site Reviews

Site Reviews

site-reviews

A
96

Site Reviews is a complete review management solution that integrates with WooCommerce and SureCart and works similarly to reviews on Amazon, Tripadvi …

70K 13 CVEs
WP Testimonials

WP Testimonials

testimonial-widgets

A
99

Display your Testimonials on your website fast and easily. 21 widget types, 25 widget styles available. (Free Plugin)

10K 2 CVEs
Developer Profile

Whook Testimonials Developer Profile

darteweb

3 plugins · 20 total installs

87
trust score
Avg Security Score
90/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Whook Testimonials

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/whook-testimonial/bootstrap/css/bootstrap.min.css/wp-content/plugins/whook-testimonial/css/dataTables.bootstrap.min.css/wp-content/plugins/whook-testimonial/css/jquery.dataTables.min.css/wp-content/plugins/whook-testimonial/css/admin-css.css/wp-content/plugins/whook-testimonial/icons/css/open-iconic-bootstrap.css/wp-content/plugins/whook-testimonial/sweet-alert/css/sweetalert.css/wp-content/plugins/whook-testimonial/bootstrap/js/bootstrap.js/wp-content/plugins/whook-testimonial/js/jquery.dataTables.min.js+9 more
Script Paths
https://www.google.com/recaptcha/api.js

HTML / DOM Fingerprints

CSS Classes
logo-arealogo-img
JS Globals
whook_test_site_urlwhook_test_timestampwhook_test_unique_salt
FAQ

Frequently Asked Questions about Whook Testimonials