Does Accordion and Accordion Slider have any unpatched vulnerabilities?

No. All known vulnerabilities in Accordion and Accordion Slider have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Accordion and Accordion Slider compatible with WordPress 6.9.4?

According to WordPress.org data, Accordion and Accordion Slider 1.4.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Accordion and Accordion Slider updated?

Accordion and Accordion Slider was last updated on Feb 19, 2026. Frequent updates are generally a positive security signal.

What is Accordion and Accordion Slider's security score?

Accordion and Accordion Slider has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Accordion and Accordion Slider Security & Risk Analysis

wordpress.org/plugins/accordion-and-accordion-slider

Accordion and Accordion Slider - Responsive and Touch enabled accordion for WordPress Website. Also work with Gutenberg shortcode block.

2K active installs v1.4.6 PHP + WP 4.0+ Updated Feb 19, 2026

accordion-image-sliderdeep-linkinghorizontal-and-vertical-accordionresponsive-accordion-carouselresponsive-slider

A · Safe

CVEs total2

Unpatched0

Last CVEFeb 13, 2026

Plugin page Download

Safety Verdict

Is Accordion and Accordion Slider Safe to Use in 2026?

Generally Safe

Score 98/100

Accordion and Accordion Slider has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Feb 13, 2026Updated 1mo ago

Risk Assessment

The plugin "accordion-and-accordion-slider" v1.4.6 presents a mixed security posture. On the positive side, the plugin demonstrates good practices by utilizing prepared statements for all SQL queries and performing proper output escaping for the vast majority of outputs. It also implements nonce and capability checks for its entry points, which helps mitigate common attack vectors. The absence of any critical or high-severity taint flows is also encouraging.

However, concerns arise from the presence of a dangerous function (`unserialize`) which, if mishandled, can lead to code execution vulnerabilities. While taint analysis didn't reveal immediate issues, the potential for exploitation with `unserialize` remains a significant risk. Furthermore, the plugin has a history of two medium-severity CVEs, both related to missing authorization. This pattern suggests a recurring weakness in how the plugin handles user permissions for certain functionalities, which could be exploited if similar vulnerabilities are reintroduced or not fully addressed.

In conclusion, while the plugin has made strides in secure coding practices concerning SQL and output escaping, the `unserialize` function and the past authorization vulnerabilities warrant careful attention. The absence of unpatched CVEs and the generally low number of unprotected entry points are strengths, but the identified potential risks necessitate a cautious approach to its deployment.

Key Concerns

Presence of 'unserialize' function
Two medium CVEs historically
Vulnerability history of missing authorization

Vulnerabilities

Accordion and Accordion Slider Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2026-0727medium · 5.4Missing Authorization

Accordion and Accordion Slider <= 1.4.5 - Missing Authorization to Authenticated (Contributor+) Attachment Metadata Modification

Feb 13, 2026 Patched in 1.4.6 (1d)

CVE-2023-39996medium · 6.5Missing Authorization

Accordion and Accordion Slider <= 1.2.4 - Missing Authorization via 'wp_aas_get_attachment_edit_form' and 'wp_aas_save_attachment_data'

Aug 11, 2023 Patched in 1.2.5 (165d)

Code Analysis

Analyzed Mar 16, 2026

Accordion and Accordion Slider Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

173 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$info = @unserialize($data);wpos-analytics\includes\class-anylc-admin.php:696

Output Escaping

93% escaped187 total outputs

Attack Surface

Accordion and Accordion Slider Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 2

authwp_ajax_wp_aas_get_attachment_edit_formincludes\admin\class-wp-aas-admin.php:41

authwp_ajax_wp_aas_save_attachment_dataincludes\admin\class-wp-aas-admin.php:44

Shortcodes 1

[aas_slider] includes\shortcode\wpos-aas-shortcode.php:106

WordPress Hooks 29

actionplugins_loadedaccordion-and-accordion-slider.php:88

actionupdate_option_active_pluginsaccordion-and-accordion-slider.php:129

actionadmin_noticesaccordion-and-accordion-slider.php:190

actionadd_meta_boxesincludes\admin\class-wp-aas-admin.php:20

actionsave_postincludes\admin\class-wp-aas-admin.php:23

actionadmin_initincludes\admin\class-wp-aas-admin.php:26

filterpost_row_actionsincludes\admin\class-wp-aas-admin.php:35

actionadmin_footerincludes\admin\class-wp-aas-admin.php:38

actionadmin_menuincludes\admin\class-wp-aas-admin.php:47

actionwp_enqueue_scriptsincludes\class-wp-aas-script.php:20

actionwp_enqueue_scriptsincludes\class-wp-aas-script.php:23

actionadmin_enqueue_scriptsincludes\class-wp-aas-script.php:26

actionadmin_enqueue_scriptsincludes\class-wp-aas-script.php:29

actioninitincludes\wp-aas-post-types.php:52

filterpost_updated_messagesincludes\wp-aas-post-types.php:83

actionadmin_menuwpos-analytics\includes\class-anylc-admin.php:45

actionadmin_menuwpos-analytics\includes\class-anylc-admin.php:48

actionadmin_initwpos-analytics\includes\class-anylc-admin.php:51

actionadmin_noticeswpos-analytics\includes\class-anylc-admin.php:54

actionadmin_footerwpos-analytics\includes\class-anylc-admin.php:57

actionwp_loadedwpos-analytics\includes\class-anylc-admin.php:60

actioninitwpos-analytics\includes\class-anylc-admin.php:63

filtercron_scheduleswpos-analytics\includes\class-anylc-admin.php:66

actionwpos_monthly_cron_hookwpos-analytics\includes\class-anylc-admin.php:69

actionrest_api_initwpos-analytics\includes\class-anylc-admin.php:72

filterrest_pre_serve_requestwpos-analytics\includes\class-anylc-admin.php:585

actionadmin_enqueue_scriptswpos-analytics\includes\class-anylc-script.php:20

actionactivated_pluginwpos-analytics\wpos-analytics.php:244

actionplugins_loadedwpos-analytics\wpos-analytics.php:258

Scheduled Events 1

wpos_monthly_cron_hook

Maintenance & Trust

Accordion and Accordion Slider Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 19, 2026

PHP min version

Downloads59K

Community Trust

Rating96/100

Number of ratings14

Active installs2K

Alternatives

Accordion and Accordion Slider Alternatives

Ditty – Responsive News Tickers, Sliders, and Lists

ditty-news-ticker

Ditty offers a range of content display options, including its signature news ticker and customizable layouts.

30K 14 CVEs

Ultimate Responsive Image Slider

ultimate-responsive-image-slider

100

Create stunning responsive sliders in minutes. Drag-and-drop builder, unlimited sliders, mobile-friendly & SEO optimized!

30K 1 CVE

Serious Slider

cryout-serious-slider

Serious Slider is a free highly efficient SEO friendly fully translatable accessibility ready image slider for WordPress. Seriously!

20K 1 unpatched

Slider by 10Web – Responsive Image Slider

slider-wd

Slider by 10Web plugin is the perfect slider solution for Wordpress.

20K 10 CVEs

Social LikeBox & Feed

facebook-by-weblizar

Display your FaceBook Feed and Like box on your website with this outstanding plugin. It is completely customizable, responsive and the code is search …

10K 1 CVE

Developer Profile

Accordion and Accordion Slider Developer Profile

Essential Plugin

33 plugins · 205K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

219 days

View full developer profile

Detection Fingerprints

How We Detect Accordion and Accordion Slider

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/accordion-and-accordion-slider/assets/css/frontend.css/wp-content/plugins/accordion-and-accordion-slider/assets/css/animate.min.css/wp-content/plugins/accordion-and-accordion-slider/assets/css/slick.css/wp-content/plugins/accordion-and-accordion-slider/assets/css/slick-theme.css/wp-content/plugins/accordion-and-accordion-slider/assets/js/frontend.js/wp-content/plugins/accordion-and-accordion-slider/assets/js/slick.min.js/wp-content/plugins/accordion-and-accordion-slider/assets/js/wow.min.js

Script Paths

/wp-content/plugins/accordion-and-accordion-slider/assets/js/frontend.js/wp-content/plugins/accordion-and-accordion-slider/assets/js/slick.min.js/wp-content/plugins/accordion-and-accordion-slider/assets/js/wow.min.js

Version Parameters

accordion-and-accordion-slider/assets/css/frontend.css?ver=accordion-and-accordion-slider/assets/css/animate.min.css?ver=accordion-and-accordion-slider/assets/css/slick.css?ver=accordion-and-accordion-slider/assets/css/slick-theme.css?ver=accordion-and-accordion-slider/assets/js/frontend.js?ver=accordion-and-accordion-slider/assets/js/slick.min.js?ver=accordion-and-accordion-slider/assets/js/wow.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

wp-aas-slider-wrpwp-aas-slider-main-wrpwpos-aas-slider-wrapwp_aas_slider_itemwp_aas_slider_headerwp_aas_slider_content

Data Attributes

data-wow-durationdata-wow-delay

JS Globals

WPAASFrontend

Shortcode Output

[wpos_accordion_slider

FAQ