Does Benefits have any unpatched vulnerabilities?

No. All known vulnerabilities in Benefits have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Benefits compatible with WordPress 5.2.24?

According to WordPress.org data, Benefits 6.1.10 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

Is Benefits compatible with PHP 5.6+?

Benefits requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Benefits updated?

Benefits was last updated on Aug 12, 2019. Frequent updates are generally a positive security signal.

What is Benefits's security score?

Benefits has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Benefits Security & Risk Analysis

wordpress.org/plugins/benefits

It’s a MIT-licensed (can be used in premium themes), high quality, native and responsive WordPress plugin to create and view slider-based benefits

10 active installs v6.1.10 PHP 5.6+ WP 4.6+ Updated Aug 12, 2019

benefitbenefitsofferoffersslider

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Benefits Safe to Use in 2026?

Generally Safe

Score 85/100

Benefits has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The "benefits" plugin v6.1.10 exhibits a generally good security posture with a clean vulnerability history and a lack of critical static analysis findings. The high percentage of prepared statements for SQL queries and proper output escaping are positive indicators of secure coding practices. Furthermore, the absence of known CVEs and the plugin's consistent lack of recorded vulnerabilities suggest a mature and well-maintained codebase.

However, there are areas for improvement. The static analysis did reveal two flows with unsanitized paths, which, while not classified as critical or high severity in this analysis, represent potential vectors for unexpected behavior or data manipulation if exploited under specific conditions. The lack of any nonce checks across its entry points, coupled with only one capability check, indicates a broad attack surface that is not sufficiently protected against unauthorized actions. The presence of a bundled, potentially outdated, DataTables library also introduces a risk if it contains known vulnerabilities not addressed by the plugin itself.

In conclusion, while the "benefits" plugin appears to be a relatively secure option due to its robust SQL and output handling and clean vulnerability record, the identified unsanitized paths and weak authorization mechanisms on its entry points warrant attention. Addressing these areas would further strengthen its security and mitigate potential risks.

Key Concerns

Flows with unsanitized paths found
No nonce checks on any entry points
Bundled outdated library (DataTables)

Vulnerabilities

None known

Benefits Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Benefits Code Analysis

Dangerous Functions

Raw SQL Queries

41 prepared

Unescaped Output

163

616 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

DataTables1.10.18

SQL Query Safety

82% prepared50 total queries

Output Escaping

79% escaped779 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

getValidValueInput (Models\Validation\StaticValidator.php:1611)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Benefits Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 22

filterbody_classControllers\Front\AssetController.php:91

actionadmin_noticesControllers\MainController.php:72

actionadmin_noticesControllers\MainController.php:82

actionadmin_noticesControllers\MainController.php:92

actionadmin_noticesControllers\MainController.php:113

filterplugin_row_metaControllers\MainController.php:133

actionnetwork_admin_menuControllers\MainController.php:153

filteradmin_footer_textControllers\MainController.php:155

filternetwork_admin_menuControllers\MainController.php:157

actionadmin_menuControllers\MainController.php:167

filteradmin_footer_textControllers\MainController.php:169

filteradmin_menuControllers\MainController.php:171

actionwpmu_new_blogControllers\MainController.php:178

actiondelete_blogControllers\MainController.php:190

actioninitControllers\MainController.php:195

actionadmin_headControllers\MainController.php:717

actionadmin_noticesControllers\MainController.php:728

actionadmin_headControllers\MainController.php:778

actionadmin_noticesControllers\MainController.php:797

actionwp_headControllers\MainController.php:871

actionadmin_noticesControllers\MainController.php:1043

actionadmin_noticesControllers\MainController.php:1060

Maintenance & Trust

Benefits Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedAug 12, 2019

PHP min version5.6

Downloads2K

Community Trust

Rating100/100

Number of ratings2

Active installs10

Alternatives

Benefits Alternatives

Deals

deals

It’s a MIT-licensed (can be used in premium themes), high quality, native and responsive WordPress plugin to create and view slider-based deals

10 No CVEs

Sliding Banner – News and Offers

sliding-banner

Diferentes Banners con Slider

0 No CVEs

Name Your Price: Make Your Own Offer for WooCommerce

price-offerings-for-woocommerce

100

Let customers name their own price on WooCommerce products & donations, offer flexible pricing options with NYOP & open pricing features.

400 No CVEs

WPSSO Schema Shipping Delivery Time for WooCommerce

wpsso-wc-shipping-delivery-time

100

Shipping delivery time estimates for WooCommerce shipping zones, methods, and classes.

300 No CVEs

AnyTrack Affiliate Link Manager

anytrack-affiliate-link-manager

AnyTrack is a conversion data platform for performance marketers to track affiliate conversions with Google Analytics, Facebook Conversion API, and mo …

100 1 CVE

Developer Profile

Benefits Developer Profile

KestutisIT

4 plugins · 6K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Benefits

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/benefits/assets/css/slick-theme.css/wp-content/plugins/benefits/assets/css/slick.css/wp-content/plugins/benefits/assets/js/BenefitsMain.js/wp-content/plugins/benefits/assets/js/slick/slick.min.js/wp-content/plugins/benefits/assets/js/slick/slick.js

Script Paths

/wp-content/plugins/benefits/assets/js/BenefitsMain.js

HTML / DOM Fingerprints

CSS Classes

benefits-slider-main-wrapper

Data Attributes

data-benefits-slider-iddata-benefits-item-id

JS Globals

BenefitsMain

Shortcode Output

[benefits

FAQ