WP-Safety

Accordion Slider Security & Risk Analysis

wordpress.org/plugins/accordion-slider

Accordion Slider is a responsive accordion plugin that offers Premium features for FREE, like animated layers, post content, full width layout.

2K active installs v1.9.14 PHP + WP 4.0+ Updated Dec 23, 2025
accordion-sliderimage-accordionpost-accordionresponsive-accordionresponsive-slider
96
A · Safe
CVEs total3
Unpatched0
Last CVENov 23, 2025
Plugin page Download
Safety Verdict

Is Accordion Slider Safe to Use in 2026?

Generally Safe

Score 96/100

Accordion Slider has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Nov 23, 2025Updated 3mo ago
Risk Assessment

The accordion-slider plugin v1.9.14 exhibits a mixed security posture. While a significant portion of its SQL queries utilize prepared statements and output escaping is generally well-implemented, several concerning factors emerge. The presence of 14 unprotected entry points, including AJAX handlers and a REST API route, presents a substantial attack surface for unauthenticated or improperly authorized users. The use of `unserialize` is a known dangerous function that can lead to object injection vulnerabilities if not handled with extreme caution. Taint analysis reveals 4 high-severity flows with unsanitized paths, indicating potential for serious security issues if these flows are exposed to user input. The vulnerability history shows 3 past medium-severity CVEs, primarily related to Cross-site Scripting and Missing Authorization, which aligns with the identified unprotected entry points and the lack of robust authorization checks. The most recent vulnerability was in November 2025, suggesting a pattern of past issues that require attention. Overall, the plugin has strengths in data handling but weaknesses in access control and potential for code execution via dangerous functions and unsanitized data flows.

Key Concerns

  • Unprotected AJAX handlers
  • Unprotected REST API route
  • Use of dangerous function: unserialize
  • High severity taint flows with unsanitized paths
  • Past CVEs for XSS and Missing Authorization
  • Limited capability checks
Vulnerabilities
3

Accordion Slider Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
1 CVE in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2025-66092medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Accordion Slider <= 1.9.13 - Authenticated (Contributor+) Stored Cross-Site Scripting

Nov 23, 2025 Patched in 1.9.14 (9d)
CVE-2024-9582medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Accordion Slider <= 1.9.11 - Authenticted (Contributor+) Stored Cross-Site Scripting via HTML Attribute

Oct 15, 2024 Patched in 1.9.12 (1d)
CVE-2023-40331medium · 4.3Missing Authorization

Accordion Slider <= 1.9.6 - Missing Authorization to Notice Dismissal

Aug 16, 2023 Patched in 1.9.7 (160d)
Code Analysis
Analyzed Mar 16, 2026

Accordion Slider Code Analysis

Dangerous Functions
1
Raw SQL Queries
10
21 prepared
Unescaped Output
63
452 escaped
Nonce Checks
16
Capability Checks
11
File Operations
0
External Requests
4
Bundled Libraries
0

Dangerous Functions Found

unserialize$parsed_response = unserialize( $response );includes\class-flickr.php:38

SQL Query Safety

68% prepared31 total queries

Output Escaping

88% escaped515 total outputs
Data Flows
7 unsanitized

Data Flow Analysis

11 flows7 with unsanitized paths
ajax_preview_accordion (admin\class-accordion-slider-admin.php:603)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
14 unprotected

Accordion Slider Attack Surface

Entry Points32
Unprotected14

AJAX Handlers 28

authwp_ajax_accordion_slider_load_add_on_more_detailsadmin\class-accordion-slider-add-ons.php:106
authwp_ajax_accordion_slider_load_install_add_onadmin\class-accordion-slider-add-ons.php:107
authwp_ajax_accordion_slider_load_edit_add_on_license_keyadmin\class-accordion-slider-add-ons.php:108
authwp_ajax_accordion_slider_verify_add_on_license_keyadmin\class-accordion-slider-add-ons.php:109
authwp_ajax_accordion_slider_install_add_onadmin\class-accordion-slider-add-ons.php:110
authwp_ajax_accordion_slider_activate_add_onadmin\class-accordion-slider-add-ons.php:111
authwp_ajax_accordion_slider_deactivate_add_onadmin\class-accordion-slider-add-ons.php:112
authwp_ajax_accordion_slider_get_accordion_dataadmin\class-accordion-slider-admin.php:60
authwp_ajax_accordion_slider_save_accordionadmin\class-accordion-slider-admin.php:61
authwp_ajax_accordion_slider_preview_accordionadmin\class-accordion-slider-admin.php:62
authwp_ajax_accordion_slider_delete_accordionadmin\class-accordion-slider-admin.php:63
authwp_ajax_accordion_slider_duplicate_accordionadmin\class-accordion-slider-admin.php:64
authwp_ajax_accordion_slider_export_accordionadmin\class-accordion-slider-admin.php:65
authwp_ajax_accordion_slider_import_accordionadmin\class-accordion-slider-admin.php:66
authwp_ajax_accordion_slider_add_panelsadmin\class-accordion-slider-admin.php:67
authwp_ajax_accordion_slider_load_background_image_editoradmin\class-accordion-slider-admin.php:68
authwp_ajax_accordion_slider_load_html_editoradmin\class-accordion-slider-admin.php:69
authwp_ajax_accordion_slider_load_layers_editoradmin\class-accordion-slider-admin.php:70
authwp_ajax_accordion_slider_add_layer_settingsadmin\class-accordion-slider-admin.php:71
authwp_ajax_accordion_slider_load_settings_editoradmin\class-accordion-slider-admin.php:72
authwp_ajax_accordion_slider_load_content_type_settingsadmin\class-accordion-slider-admin.php:73
authwp_ajax_accordion_slider_add_breakpointadmin\class-accordion-slider-admin.php:74
authwp_ajax_accordion_slider_add_breakpoint_settingadmin\class-accordion-slider-admin.php:75
authwp_ajax_accordion_slider_get_taxonomiesadmin\class-accordion-slider-admin.php:76
authwp_ajax_accordion_slider_clear_all_cacheadmin\class-accordion-slider-admin.php:77
authwp_ajax_accordion_slider_getting_started_closeadmin\class-accordion-slider-admin.php:78
authwp_ajax_accordion_slider_close_image_size_warningadmin\class-accordion-slider-admin.php:79
authwp_ajax_accordion_slider_close_custom_css_js_warningadmin\class-accordion-slider-admin.php:80

REST API Routes 1

GET/wp-json/accordion-slider/v1/accordionsgutenberg\class-accordion-slider-block.php:56

Shortcodes 3

[accordion_slider] public\class-accordion-slider.php:98
[accordion_slider_panel] public\class-accordion-slider.php:99
[accordion_slider_panel_element] public\class-accordion-slider.php:100
WordPress Hooks 24
actionplugins_loadedaccordion-slider.php:46
actionplugins_loadedaccordion-slider.php:47
actionplugins_loadedaccordion-slider.php:48
actionwidgets_initaccordion-slider.php:51
actionplugins_loadedaccordion-slider.php:55
actionplugins_loadedaccordion-slider.php:63
actionplugins_loadedaccordion-slider.php:64
actionadmin_initaccordion-slider.php:65
actionadmin_enqueue_scriptsadmin\class-accordion-slider-add-ons.php:100
actionadmin_enqueue_scriptsadmin\class-accordion-slider-add-ons.php:101
actionaccordion_slider_admin_menuadmin\class-accordion-slider-add-ons.php:104
actionadmin_enqueue_scriptsadmin\class-accordion-slider-admin.php:55
actionadmin_enqueue_scriptsadmin\class-accordion-slider-admin.php:56
actionadmin_menuadmin\class-accordion-slider-admin.php:58
actioninitgutenberg\class-accordion-slider-block.php:24
actionrest_api_initgutenberg\class-accordion-slider-block.php:55
actionwpmu_new_blogincludes\class-accordion-slider-activation.php:26
filterpost_galleryincludes\class-hideable-gallery.php:21
actioninitpublic\class-accordion-slider.php:85
actionwp_enqueue_scriptspublic\class-accordion-slider.php:88
actionwp_enqueue_scriptspublic\class-accordion-slider.php:89
actionwp_enqueue_scriptspublic\class-accordion-slider.php:92
actionwp_footerpublic\class-accordion-slider.php:93
actionwp_print_footer_scriptspublic\class-accordion-slider.php:95
Maintenance & Trust

Accordion Slider Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 23, 2025
PHP min version
Downloads32K

Community Trust

Rating100/100
Number of ratings6
Active installs2K
Alternatives

Accordion Slider Alternatives

Accordion and Accordion Slider

Accordion and Accordion Slider

accordion-and-accordion-slider

A
98

Accordion and Accordion Slider - Responsive and Touch enabled accordion for WordPress Website. Also work with Gutenberg shortcode block.

2K 2 CVEs
Accordion FAQ – Compatible With All Page Builder (Elementor, Gutenberg)

Accordion FAQ – Compatible With All Page Builder (Elementor, Gutenberg)

responsive-accordion-and-collapse

A
100

Accordion And Collapse is the most easiest drag & drop accordion builder for WordPress. You can add multiple accordion and collapse with this.

40K No CVEs
Ditty – Responsive News Tickers, Sliders, and Lists

Ditty – Responsive News Tickers, Sliders, and Lists

ditty-news-ticker

A
91

Ditty offers a range of content display options, including its signature news ticker and customizable layouts.

30K 14 CVEs
Ultimate Responsive Image Slider

Ultimate Responsive Image Slider

ultimate-responsive-image-slider

A
100

Create stunning responsive sliders in minutes. Drag-and-drop builder, unlimited sliders, mobile-friendly & SEO optimized!

30K 1 CVE
Accordions

Accordions

accordions

A
94

Create sleek accordions, tabs, FAQs, and image accordions with a React builder featuring advanced styling, animations, OpenAI support, and customizati &hellip;

20K 8 CVEs
Developer Profile

Accordion Slider Developer Profile

bqworks

3 plugins · 6K total installs

87
trust score
Avg Security Score
99/100
Avg Patch Time
78 days
View full developer profile
Detection Fingerprints

How We Detect Accordion Slider

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/accordion-slider/public/css/style.css/wp-content/plugins/accordion-slider/public/css/lightslider.css/wp-content/plugins/accordion-slider/public/css/bootstrap.min.css/wp-content/plugins/accordion-slider/public/js/accordion-slider.js/wp-content/plugins/accordion-slider/public/js/modernizr.custom.js/wp-content/plugins/accordion-slider/public/js/jquery.mousewheel.min.js/wp-content/plugins/accordion-slider/public/js/jquery.easing.1.3.js/wp-content/plugins/accordion-slider/public/js/lightslider.min.js+1 more
Script Paths
/wp-content/plugins/accordion-slider/public/js/accordion-slider.js/wp-content/plugins/accordion-slider/public/js/modernizr.custom.js/wp-content/plugins/accordion-slider/public/js/jquery.mousewheel.min.js/wp-content/plugins/accordion-slider/public/js/jquery.easing.1.3.js/wp-content/plugins/accordion-slider/public/js/lightslider.min.js/wp-content/plugins/accordion-slider/public/js/bootstrap.min.js
Version Parameters
/wp-content/plugins/accordion-slider/public/css/style.css?ver=/wp-content/plugins/accordion-slider/public/css/lightslider.css?ver=/wp-content/plugins/accordion-slider/public/css/bootstrap.min.css?ver=/wp-content/plugins/accordion-slider/public/js/accordion-slider.js?ver=/wp-content/plugins/accordion-slider/public/js/modernizr.custom.js?ver=/wp-content/plugins/accordion-slider/public/js/jquery.mousewheel.min.js?ver=/wp-content/plugins/accordion-slider/public/js/jquery.easing.1.3.js?ver=/wp-content/plugins/accordion-slider/public/js/lightslider.min.js?ver=/wp-content/plugins/accordion-slider/public/js/bootstrap.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
bqw-accordion-sliderbqw-accordion-slider-panelbqw-accordion-slider-layer-wrapperbqw-accordion-slider-image-wrapperbqw-accordion-slider-text-wrapperbqw-accordion-slider-video-wrapperaccordion-slider-wraplSSlideWrapper+4 more
HTML Comments
<!-- Accordion Slider --><!-- The main accordion slider component --><!-- Slider Items --><!-- Slide -->+1 more
Data Attributes
data-accordion-slider-iddata-panel-iddata-layer-iddata-layer-typedata-settings
JS Globals
bqwAccordionSliderBQW_Accordion_Slider_Block
REST Endpoints
/wp-json/accordion-slider/v1/settings/wp-json/accordion-slider/v1/add-ons
Shortcode Output
[accordion_slider[bqw_accordion_slider
FAQ

Frequently Asked Questions about Accordion Slider