Prime Slider – Addons for Elementor Security & Risk Analysis
wordpress.org/plugins/bdthemes-prime-slider-liteCreate responsive sliders using Elementor for hero sections, posts, logos, images, products, testimonials, and more.
Is Prime Slider – Addons for Elementor Safe to Use in 2026?
Generally Safe
Score 95/100Prime Slider – Addons for Elementor has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.
The plugin 'bdthemes-prime-slider-lite' v4.1.10 presents a mixed security posture. While it demonstrates good practices in output escaping (91%) and a reasonable number of nonce and capability checks relative to its entry points, significant concerns arise from its attack surface and vulnerability history. The presence of 3 unprotected AJAX handlers out of 21 total entry points is a notable weakness, as these can be directly exploited by unauthenticated users. Furthermore, the plugin has a history of 15 known CVEs, predominantly medium severity, with common types including SSRF, missing authorization, and XSS. While there are currently no unpatched CVEs, this extensive history suggests a recurring pattern of security flaws that may not have been fully addressed, despite the recent vulnerability recorded in late 2025. The taint analysis, while showing no critical or high severity flows, did identify 2 flows with unsanitized paths, which could potentially lead to vulnerabilities if exploited in conjunction with other weaknesses.
Overall, the plugin exhibits strengths in code-level sanitization and escaping. However, the unprotected entry points and the extensive history of medium-severity vulnerabilities, particularly those related to authorization and input sanitization, indicate a need for increased vigilance and a thorough review of its authorization mechanisms. The lack of critical or high severity issues in taint analysis is a positive sign, but the underlying susceptibility to medium-severity attacks as evidenced by its history remains a concern.
Key Concerns
- Unprotected AJAX handlers
- Significant vulnerability history (15 CVEs)
- Flows with unsanitized paths found
Prime Slider – Addons for Elementor Security Vulnerabilities
CVEs by Year
Severity Breakdown
16 total CVEs
Prime Slider <= 4.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'follow_us_text' Parameter
Prime Slider – Addons for Elementor <= 4.0.9 - Authenticated (Subscriber+) Server-Side Request Forgery
Prime Slider – Addons For Elementor <= 4.0.10 - Authenticated (Subscriber+) Server-Side Request Forgery
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.16.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Prime Slider - Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider <= 3.15.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Blog Widget
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pacific Widget
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pagepiling Widget
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider) <= 3.14.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Prime Slider – Addons For Elementor <= 3.13.2 - Missing Authorization to Notice Dismissal
Prime Slider – Addons For Elementor <= 3.13.2 - Missing Authorization
Prime Slider – Addons For Elementor <= 3.13.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via title
Prime Slider – Addons For Elementor <= 3.13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Rubix Widget
Prime Slider – Addons For Elementor <= 3.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Mercury Widget
Prime Slider – Addons For Elementor <= 3.13.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fiestar Widget
Prime Slider – Addons For Elementor <= 3.11.10 - Incorrect Authorization via bdt_duplicate_as_draft
Prime Slider – Addons for Elementor Release Timeline
Prime Slider – Addons for Elementor Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
Prime Slider – Addons for Elementor Attack Surface
AJAX Handlers 21
WordPress Hooks 64
Maintenance & Trust
Prime Slider – Addons for Elementor Maintenance & Trust
Maintenance Signals
Community Trust
Prime Slider – Addons for Elementor Alternatives
Daily Slider – Addons for Elementor
daily-slider
Professional Elementor slider addon with hero sliders, testimonial carousels, image galleries, and animated marquee widgets.
Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider
ml-slider
Slider, gallery, carousel plugin for WordPress. Build your image slider, video slider, post slider, YouTube slider, or WooCommerce product slider.
Master Slider – Responsive Touch Slider
master-slider
Build SEO friendly sliders fast and easy with touch swipe navigation that works smoothly across all devices.
Ovation Elements
ovation-elements
Transform your site with captivating sliders. Perfect for beginners and advanced users. Create and customize with our ultimate slider plugin.
Super block slider – Image & content slider
super-block-slider
Lightweight image & content slider for block and classic editor.
Prime Slider – Addons for Elementor Developer Profile
24 plugins · 250K total installs
How We Detect Prime Slider – Addons for Elementor
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/bdthemes-prime-slider-lite/assets/css/prime-slider.css/wp-content/plugins/bdthemes-prime-slider-lite/assets/js/prime-slider.js/wp-content/plugins/bdthemes-prime-slider-lite/assets/vendor/slick/slick.css/wp-content/plugins/bdthemes-prime-slider-lite/assets/vendor/swiper/swiper-bundle.min.css/wp-content/plugins/bdthemes-prime-slider-lite/assets/vendor/animate/animate.min.css/wp-content/plugins/bdthemes-prime-slider-lite/assets/vendor/fontawesome/css/all.min.css/wp-content/plugins/bdthemes-prime-slider-lite/assets/vendor/slick/slick.min.js/wp-content/plugins/bdthemes-prime-slider-lite/assets/vendor/swiper/swiper-bundle.min.js+2 morePrime Slider 4.1.10/wp-content/plugins/bdthemes-prime-slider-lite/assets/js/prime-slider.js/wp-content/plugins/bdthemes-prime-slider-lite/assets/js/prime-slider-core.js/wp-content/plugins/bdthemes-prime-slider-lite/assets/js/frontend.jsbdthemes-prime-slider-lite/assets/css/prime-slider.css?ver=bdthemes-prime-slider-lite/assets/js/prime-slider.js?ver=bdthemes-prime-slider-lite/assets/vendor/slick/slick.css?ver=bdthemes-prime-slider-lite/assets/vendor/swiper/swiper-bundle.min.css?ver=bdthemes-prime-slider-lite/assets/vendor/animate/animate.min.css?ver=bdthemes-prime-slider-lite/assets/vendor/fontawesome/css/all.min.css?ver=bdthemes-prime-slider-lite/assets/vendor/slick/slick.min.js?ver=bdthemes-prime-slider-lite/assets/vendor/swiper/swiper-bundle.min.js?ver=bdthemes-prime-slider-lite/assets/js/prime-slider-core.js?ver=bdthemes-prime-slider-lite/assets/js/frontend.js?ver=HTML / DOM Fingerprints
prime-slider-bdt-prime-sliderbdt-ps-main-sliderbdt-ps-navigation<!-- Elementor Live Preview --><!-- Elementor Edit Mode --><!-- Prime Slider: Inject custom CSS/JS -->data-elementor-iddata-elementor-typePrimeSliderSettingsPrimeSliderFrontend/wp-json/bdthemes-prime-slider-lite/v1/get-posts/wp-json/bdthemes-prime-slider-lite/v1/get-terms[prime_slider][bdps][prime_slider id='{id}']