WP-Safety

Andreadb Coin Slider Security & Risk Analysis

wordpress.org/plugins/andreadb-coin-slider

Create and manage beautiful SEO slideshow coin sliders.

10 active installs v1.0.0 PHP + WP 3.8+ Updated Nov 11, 2016
coin-sliderimage-slidersliderslideshowwordpress-slider
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Andreadb Coin Slider Safe to Use in 2026?

Generally Safe

Score 85/100

Andreadb Coin Slider has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago
Risk Assessment

The andreadb-coin-slider plugin v1.0.0 presents a mixed security posture. On the positive side, it has no known CVEs and uses prepared statements for all SQL queries, indicating good practices in database interaction. Furthermore, there are no dangerous functions, file operations, or external HTTP requests, which are common vectors for exploitation. The plugin also includes nonce checks and capability checks, demonstrating an awareness of security fundamentals.

However, several concerning findings emerge from the static analysis. A significant portion of the output (62%) is not properly escaped, creating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The presence of two AJAX handlers, with both lacking authentication checks, presents a substantial attack surface for unauthenticated actions. While taint analysis did not reveal critical or high severity issues, one flow with an unsanitized path suggests a potential for injection if not handled carefully. The lack of vulnerability history, while good, might also indicate limited real-world exposure or testing, making the current static findings more critical.

In conclusion, the plugin has some strong security foundations, particularly in its handling of SQL and avoidance of common dangerous operations. However, the significant unescaped output and unprotected AJAX endpoints are serious weaknesses that require immediate attention. These issues, if exploited, could lead to XSS and unauthorized actions, undermining the plugin's overall security.

Key Concerns

  • Unescaped output (62% unescaped)
  • AJAX handlers without authentication checks (2)
  • Flow with unsanitized paths
Vulnerabilities
None known

Andreadb Coin Slider Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Andreadb Coin Slider Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
32
20 escaped
Nonce Checks
2
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

38% escaped52 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
ajax_dba_coin_slider_preview (admin\class-andreadb-coin-slider-admin.php:306)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Andreadb Coin Slider Attack Surface

Entry Points3
Unprotected2

AJAX Handlers 2

authwp_ajax_create_dba_coin_sliderincludes\class-andreadb-coin-slider.php:169
authwp_ajax_dba_coin_slider_previewincludes\class-andreadb-coin-slider.php:170

Shortcodes 1

[andreadb_coin_slider] public\class-andreadb-coin-slider-public.php:106
WordPress Hooks 14
actionplugins_loadedincludes\class-andreadb-coin-slider.php:141
actionadmin_enqueue_scriptsincludes\class-andreadb-coin-slider.php:155
actionadmin_enqueue_scriptsincludes\class-andreadb-coin-slider.php:156
actioninitincludes\class-andreadb-coin-slider.php:158
actionwidgets_initincludes\class-andreadb-coin-slider.php:159
actionadmin_menuincludes\class-andreadb-coin-slider.php:160
actionadd_meta_boxesincludes\class-andreadb-coin-slider.php:162
actionsave_postincludes\class-andreadb-coin-slider.php:163
filtermanage_edit-dba_coin_slider_columnsincludes\class-andreadb-coin-slider.php:165
actionmanage_dba_coin_slider_posts_custom_columnincludes\class-andreadb-coin-slider.php:166
filterpost_row_actionsincludes\class-andreadb-coin-slider.php:167
actionwp_enqueue_scriptsincludes\class-andreadb-coin-slider.php:184
actionwp_enqueue_scriptsincludes\class-andreadb-coin-slider.php:185
actioninitincludes\class-andreadb-coin-slider.php:187
Maintenance & Trust

Andreadb Coin Slider Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.32
Last updatedNov 11, 2016
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Andreadb Coin Slider Alternatives

Serious Slider

Serious Slider

cryout-serious-slider

A
95

Serious Slider is a free highly efficient SEO friendly fully translatable accessibility ready image slider for WordPress. Seriously!

20K 4 CVEs
Slider by 10Web – Responsive Image Slider

Slider by 10Web – Responsive Image Slider

slider-wd

A
86

Slider by 10Web plugin is the perfect slider solution for Wordpress.

20K 10 CVEs
Ovation Elements

Ovation Elements

ovation-elements

A
99

Transform your site with captivating sliders. Perfect for beginners and advanced users. Create and customize with our ultimate slider plugin.

10K 1 CVE
Creative Image Slider – Responsive Slider Plugin

Creative Image Slider – Responsive Slider Plugin

creative-image-slider

A
92

Creative Image Slider is a responsive jQuery image slider with amazing visual effects.

200 1 CVE
Your Simple Slider

Your Simple Slider

your-simple-slider

A
100

Responsive slider plugin to create sliders in visual editor easily. Build beautiful image slider.

50 No CVEs
Developer Profile

Andreadb Coin Slider Developer Profile

andreadb91

2 plugins · 20 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Andreadb Coin Slider

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/andreadb-coin-slider/css/andreadb-coin-slider-admin.css/wp-content/plugins/andreadb-coin-slider/js/andreadb-coin-slider-admin.js
Version Parameters
andreadb-coin-slider-admin.css?ver=andreadb-coin-slider-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
dba_coin_slider_preview
Data Attributes
data-slider-id
JS Globals
andreadb_coin_slider
REST Endpoints
/wp-json/andreadb-coin-slider/v1/settings
Shortcode Output
[andreadb_coin_slider
FAQ

Frequently Asked Questions about Andreadb Coin Slider