WP-Safety

Image Slider by Ays- Responsive Slider and Carousel Security & Risk Analysis

wordpress.org/plugins/ays-slider

Ays image slider is a progressive slider plugin, which is a great way to grab your audience's attention with amazing and entertaining slideshows.

100 active installs v2.7.3 PHP + WP 4.0+ Updated Apr 15, 2026
image-sliderresponsive-slidersliderwidget-sliderwordpress-slider-plugin
90
A · Safe
CVEs total5
Unpatched0
Last CVEMar 20, 2026
Plugin page Download
Safety Verdict

Is Image Slider by Ays- Responsive Slider and Carousel Safe to Use in 2026?

Generally Safe

Score 90/100

Image Slider by Ays- Responsive Slider and Carousel has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

5 known CVEsLast CVE: Mar 20, 2026Updated 1mo ago
Risk Assessment

The ays-slider v2.7.2 plugin exhibits a mixed security posture, with some positive attributes but significant areas of concern. While the plugin demonstrates good practices by utilizing prepared statements for the majority of its SQL queries and incorporating numerous nonce and capability checks, the presence of multiple unprotected AJAX handlers significantly expands its attack surface. The taint analysis, while not revealing critical or high severity vulnerabilities, did identify two flows with unsanitized paths, which warrants further investigation for potential privilege escalation or information disclosure if these paths can be manipulated by an attacker. The plugin's vulnerability history is concerning, with three known CVEs including a high-severity SQL injection vulnerability and medium-severity CSRF and XSS issues. Although no CVEs are currently unpatched, the recurring nature of these vulnerability types suggests a pattern of insecure input handling or insufficient protection against common web attacks. The last vulnerability being so recent further emphasizes the need for ongoing vigilance.

Key Concerns

  • Unprotected AJAX handlers
  • Flows with unsanitized paths
  • High severity vulnerability in history
  • Medium severity vulnerabilities in history
  • Low percentage of properly escaped output
Vulnerabilities
5 published

Image Slider by Ays- Responsive Slider and Carousel Security Vulnerabilities

CVEs by Year

2 CVEs in 2021
2021
1 CVE in 2025
2025
2 CVEs in 2026
2026
Patched Has unpatched

Severity Breakdown

High
2
Medium
3

5 total CVEs

CVE-2026-32494high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Image Slider by Ays- Responsive Slider and Carousel <= 2.7.1 - Unauthenticated Stored Cross-Site Scripting

Mar 20, 2026 Patched in 2.7.2 (7d)
CVE-2026-32402medium · 5.3Missing Authorization

Image Slider by Ays <= 2.7.1 - Missing Authorization

Feb 21, 2026 Patched in 2.7.2 (54d)
CVE-2025-14454medium · 4.3Cross-Site Request Forgery (CSRF)

Image Slider by Ays- Responsive Slider and Carousel <= 2.7.0 - Cross-Site Request Forgery to Arbitrary Slider Deletion

Dec 12, 2025 Patched in 2.7.1 (1d)
CVE-2021-24463high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Image Slider by Ays- Responsive Slider and Carousel < 2.5.0 - SQL Injection

Jun 29, 2021 Patched in 2.5.0 (938d)
WF-afb032da-11cc-4272-be68-60b6ca6e6ca3-ays-slidermedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Image Slider by Ays- Responsive Slider and Carousel <= 2.4.9 - Reflected Cross-Site Scripting

Jun 29, 2021 Patched in 2.5.0 (938d)
Version History

Image Slider by Ays- Responsive Slider and Carousel Release Timeline

v2.7.3Current
v2.7.2
v2.7.12 CVEs
CVE-2026-32494 CVE-2026-32402
v2.7.03 CVEs
CVE-2026-32494 CVE-2026-32402 CVE-2025-14454
v2.6.93 CVEs
CVE-2026-32494 CVE-2026-32402 CVE-2025-14454
v2.6.83 CVEs
CVE-2026-32494 CVE-2026-32402 CVE-2025-14454
v2.6.73 CVEs
CVE-2026-32494 CVE-2026-32402 CVE-2025-14454
v2.6.63 CVEs
CVE-2026-32494 CVE-2026-32402 CVE-2025-14454
v2.6.53 CVEs
CVE-2026-32494 CVE-2026-32402 CVE-2025-14454
v2.6.43 CVEs
CVE-2026-32494 CVE-2026-32402 CVE-2025-14454
v2.6.33 CVEs
CVE-2026-32494 CVE-2026-32402 CVE-2025-14454
v2.6.23 CVEs
CVE-2026-32494 CVE-2026-32402 CVE-2025-14454
v2.6.13 CVEs
CVE-2026-32494 CVE-2026-32402 CVE-2025-14454
v2.6.03 CVEs
CVE-2026-32494 CVE-2026-32402 CVE-2025-14454
v2.5.93 CVEs
CVE-2026-32494 CVE-2026-32402 CVE-2025-14454
v2.5.83 CVEs
CVE-2026-32494 CVE-2026-32402 CVE-2025-14454
v2.5.73 CVEs
CVE-2026-32494 CVE-2026-32402 CVE-2025-14454
v2.5.63 CVEs
CVE-2026-32494 CVE-2026-32402 CVE-2025-14454
v2.5.53 CVEs
CVE-2026-32494 CVE-2026-32402 CVE-2025-14454
v2.5.43 CVEs
CVE-2026-32494 CVE-2026-32402 CVE-2025-14454
Code Analysis
Analyzed Mar 16, 2026

Image Slider by Ays- Responsive Slider and Carousel Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
10 prepared
Unescaped Output
190
117 escaped
Nonce Checks
13
Capability Checks
16
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

91% prepared11 total queries

Output Escaping

38% escaped307 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

6 flows2 with unsanitized paths
deactivate_plugin_option (admin\class-ays-slider-admin.php:241)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Image Slider by Ays- Responsive Slider and Carousel Attack Surface

Entry Points5
Unprotected4

AJAX Handlers 4

authwp_ajax_deactivate_plugin_option_sliderincludes\class-ays-slider.php:176
noprivwp_ajax_deactivate_plugin_option_sliderincludes\class-ays-slider.php:177
authwp_ajax_ays_slider_dismiss_buttonincludes\class-ays-slider.php:189
noprivwp_ajax_ays_slider_dismiss_buttonincludes\class-ays-slider.php:190

Shortcodes 1

[ays_slider] public\class-ays-slider-public.php:55
WordPress Hooks 16
filterset-screen-optionadmin\class-ays-slider-admin.php:54
actionplugins_loadedays-slider.php:72
actionadmin_noticesays-slider.php:94
actionenqueue_block_assetsgutenberg\ays-slider-block.php:77
actioninitgutenberg\ays-slider-block.php:78
actionplugins_loadedincludes\class-ays-slider.php:154
actionadmin_enqueue_scriptsincludes\class-ays-slider.php:169
actionadmin_enqueue_scriptsincludes\class-ays-slider.php:170
actionwidgets_initincludes\class-ays-slider.php:171
actionadmin_menuincludes\class-ays-slider.php:173
actionadmin_enqueue_scriptsincludes\class-ays-slider.php:182
actionin_admin_footerincludes\class-ays-slider.php:184
actionadmin_noticesincludes\class-ays-slider.php:187
actionwp_enqueue_scriptsincludes\class-ays-slider.php:208
actionadmin_noticesincludes\lists\class-ays-slider-list-table.php:23
actioninitincludes\lists\class-ays-slider-list-table.php:28
Maintenance & Trust

Image Slider by Ays- Responsive Slider and Carousel Maintenance & Trust

Maintenance Signals

WordPress version tested7.0
Last updatedApr 15, 2026
PHP min version
Downloads13K

Community Trust

Rating100/100
Number of ratings1
Active installs100
Alternatives

Image Slider by Ays- Responsive Slider and Carousel Alternatives

Ultimate Responsive Image Slider

Ultimate Responsive Image Slider

ultimate-responsive-image-slider

A
100

Create stunning responsive sliders in minutes. Drag-and-drop builder, unlimited sliders, mobile-friendly & SEO optimized!

30K 1 CVE
Serious Slider

Serious Slider

cryout-serious-slider

A
95

Serious Slider is a free highly efficient SEO friendly fully translatable accessibility ready image slider for WordPress. Seriously!

20K 4 CVEs
Slider by 10Web – Responsive Image Slider

Slider by 10Web – Responsive Image Slider

slider-wd

A
86

Slider by 10Web plugin is the perfect slider solution for Wordpress.

20K 10 CVEs
Ovation Elements

Ovation Elements

ovation-elements

A
99

Transform your site with captivating sliders. Perfect for beginners and advanced users. Create and customize with our ultimate slider plugin.

10K 1 CVE
WP Slick Slider and Image Carousel

WP Slick Slider and Image Carousel

wp-slick-slider-and-image-carousel

A
100

A quick, easy way to add and display multiple WP Slick Slider and carousel using a shortcode. Also added Gutenberg block support.

10K No CVEs
Developer Profile

Image Slider by Ays- Responsive Slider and Carousel Developer Profile

Ays Pro

18 plugins · 111K total installs

73
trust score
Avg Security Score
92/100
Avg Patch Time
203 days
View full developer profile
Detection Fingerprints

How We Detect Image Slider by Ays- Responsive Slider and Carousel

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ays-slider/admin/css/jquery.atwho.css/wp-content/plugins/ays-slider/admin/css/minicolors.css/wp-content/plugins/ays-slider/admin/css/site-settings.css/wp-content/plugins/ays-slider/admin/css/style.css/wp-content/plugins/ays-slider/admin/js/admin.js/wp-content/plugins/ays-slider/admin/js/bootstrap.min.js/wp-content/plugins/ays-slider/admin/js/colorpicker.js/wp-content/plugins/ays-slider/admin/js/jquery.atwho.js+21 more
Script Paths
/wp-content/plugins/ays-slider/admin/js/admin.js/wp-content/plugins/ays-slider/admin/js/bootstrap.min.js/wp-content/plugins/ays-slider/admin/js/colorpicker.js/wp-content/plugins/ays-slider/admin/js/jquery.atwho.js/wp-content/plugins/ays-slider/admin/js/jquery.colorbox-min.js/wp-content/plugins/ays-slider/admin/js/jquery.jplayer.min.js+16 more

HTML / DOM Fingerprints

CSS Classes
ays-notice-bannerays-logo-container-upgradesld-logoays-upgrade-containerays-sld-logo-container-one-time-textays-btnays-fa-margin-righttoggle_ddmenu+1 more
Data Attributes
data-expanded
JS Globals
AYS_SLD_ADMIN_URLAYS_SLD_PUBLIC_URL
FAQ

Frequently Asked Questions about Image Slider by Ays- Responsive Slider and Carousel