WP-Safety

Carousel Ultimate Security & Risk Analysis

wordpress.org/plugins/carousel

Carousel Ultimate WordPress Plugin allows you to easily create Responsive carousel/slider/post slider/logo showcase/ team etc.

800 active installs v1.8 PHP + WP 3.8+ Updated Jan 3, 2018
carouselcarousel-shortcodeclient-carouselimage-carousellogo-carousel
42
D · High Risk
CVEs total2
Unpatched2
Last CVESep 22, 2025
Plugin page Download
Safety Verdict

Is Carousel Ultimate Safe to Use in 2026?

High Risk

Score 42/100

Carousel Ultimate carries significant security risk with 2 known CVEs, 2 still unpatched. Consider switching to a maintained alternative.

2 known CVEs 2 unpatched Last CVE: Sep 22, 2025Updated 8yr ago
Risk Assessment

The plugin "carousel" v1.8 exhibits a mixed security posture. On the positive side, the static analysis reveals no direct attack surface in the form of AJAX handlers, REST API routes, shortcodes, or cron events that are exposed without authentication. Furthermore, the code demonstrates excellent adherence to secure coding practices by utilizing prepared statements for all SQL queries, properly escaping all outputs, and avoiding dangerous functions and file operations. There are also no external HTTP requests or bundled libraries to consider. However, a significant concern arises from the vulnerability history, which indicates two known medium-severity Cross-Site Scripting (XSS) vulnerabilities, both of which are currently unpatched. The fact that the last vulnerability was discovered relatively recently (2025-09-22) and remains unaddressed is a critical red flag. This suggests a lack of ongoing security maintenance and responsiveness from the developer, despite the code's otherwise good static analysis results.

Key Concerns

  • Unpatched Medium CVE
  • Unpatched Medium CVE
Vulnerabilities
2

Carousel Ultimate Security Vulnerabilities

CVEs by Year

2 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-58652medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Carousel Ultimate <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 22, 2025Unpatched
CVE-2025-58820medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Carousel Ultimate <= 1.8 - Authenticated (Editor+) Stored Cross-Site Scripting

Sep 5, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

Carousel Ultimate Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
8 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped8 total outputs
Attack Surface

Carousel Ultimate Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 6
filterwidget_textcarousel-shortcodes.php:21
actioninitcarousel-shortcodes.php:39
actionwp_enqueue_scriptscarousel-shortcodes.php:46
actionadmin_enqueue_scriptscarousel-shortcodes.php:59
actionadmin_enqueue_scriptscarousel-shortcodes.php:67
actionplugins_loadedcarousel-shortcodes.php:76
Maintenance & Trust

Carousel Ultimate Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedJan 3, 2018
PHP min version
Downloads55K

Community Trust

Rating34/100
Number of ratings10
Active installs800
Alternatives

Carousel Ultimate Alternatives

Divi Carousel Free (Divi5 Support)

Divi Carousel Free (Divi5 Support)

wow-carousel-for-divi-lite

A
99

Create beautiful, responsive image and logo carousels for the Divi Builder — no code required.

30K 1 CVE
WP Logo Showcase Responsive Slider and Carousel

WP Logo Showcase Responsive Slider and Carousel

wp-logo-showcase-responsive-slider-slider

A
100

WP Logo Showcase Responsive Slider and Carousel allows you to display logos of clients, sponsors, brands, or partners in a professional and responsive &hellip;

30K No CVEs
Divi Carousel Lite – 17+ Carousel Module

Divi Carousel Lite – 17+ Carousel Module

carousels-slider-for-divi

A
100

Divi Carousel Lite, the ultimate Divi Builder plugin with 17+ modules like image carousel, testimonial carousel, logo carousel, team carousel, and mor &hellip;

10K No CVEs
WEN Logo Slider

WEN Logo Slider

wen-logo-slider

A
100

Simple responsive logo slider for your WordPress site

1K No CVEs
Logo Showcase with Logo Carousel, Logo Slider & Logo Grid

Logo Showcase with Logo Carousel, Logo Slider & Logo Grid

hm-logo-showcase

A
100

Easiest logo slider plugin to create, display and manage your clients, partners, supporters, and sponsors logos on your WordPress site.

200 No CVEs
Developer Profile

Carousel Ultimate Developer Profile

Themepoints

19 plugins · 10K total installs

84
trust score
Avg Security Score
94/100
Avg Patch Time
66 days
View full developer profile
Detection Fingerprints

How We Detect Carousel Ultimate

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/carousel/assets/css/font-awesome.min.css/wp-content/plugins/carousel/assets/css/owl.carousel.min.css/wp-content/plugins/carousel/assets/css/owl.theme.default.css/wp-content/plugins/carousel/assets/css/animate.css/wp-content/plugins/carousel/assets/css/style.css/wp-content/plugins/carousel/assets/js/app_script.js/wp-content/plugins/carousel/assets/js/owl.carousel.js/wp-content/plugins/carousel/assets/js/jquery.mousewheel.min.js+4 more
Script Paths
/wp-content/plugins/carousel/assets/js/app_script.js/wp-content/plugins/carousel/assets/js/owl.carousel.js/wp-content/plugins/carousel/assets/js/jquery.mousewheel.min.js/wp-content/plugins/carousel/assets/js/jscolor.js/wp-content/plugins/carousel/admin/js/tp-carousel-pro-admin.js/wp-content/plugins/carousel/assets/js/wp-color-picker-alpha.js
Version Parameters
ver=1.0.0

HTML / DOM Fingerprints

CSS Classes
content_area-tpcarouselpro-
Data Attributes
carpro_slider_itemscarpro_slider_itemsdesktopcarpro_slider_itemsdesktopsmallcarpro_slider_itemsmobilecarpro_slider_loopcarpro_slider_margin+28 more
JS Globals
carpros_pro_ajaxcarpros_pro_ajaxurl
FAQ

Frequently Asked Questions about Carousel Ultimate