WP-Safety

Client Partner Showcase Security & Risk Analysis

wordpress.org/plugins/client-partner-showcase

Client logo showcase Countdown Plug in is useful for create our client section on your website.

100 active installs v2.2 PHP + WP 3.5.1+ Updated Nov 22, 2023
clientlogo-carousalpartnersponsors
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Client Partner Showcase Safe to Use in 2026?

Generally Safe

Score 85/100

Client Partner Showcase has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The Client Partner Showcase plugin v2.2 exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries and conducting no external HTTP requests or file operations. The absence of known CVEs and a clear vulnerability history are also favorable indicators. However, significant concerns arise from the static analysis. The presence of nine instances of the `unserialize` function is a critical red flag, as it can lead to Remote Code Execution (RCE) vulnerabilities if not handled with extreme care and proper input validation. Furthermore, a notably low output escaping rate (18%) suggests a high likelihood of Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the site. The lack of any capability checks or nonce checks, especially concerning the single shortcode entry point, leaves the plugin vulnerable to unauthorized actions and CSRF attacks. While the attack surface is currently small and has no unprotected entry points identified in this analysis, the inherent risks associated with `unserialize` and poor output escaping, coupled with missing security controls, present substantial vulnerabilities.

Key Concerns

  • Dangerous function: unserialize usage
  • Low output escaping rate
  • No nonce checks
  • No capability checks
Vulnerabilities
None known

Client Partner Showcase Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Client Partner Showcase Release Timeline

v2.2Current
v2.1
v2.0
v1.9
v1.8
v1.7
v1.6
v1.5
v1.4
v1.3
v1.2
v1.1
v1.0
Code Analysis
Analyzed Mar 16, 2026

Client Partner Showcase Code Analysis

Dangerous Functions
9
Raw SQL Queries
0
0 prepared
Unescaped Output
50
11 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$De_Settings = unserialize(get_option('client_partner_default_Settings_new'));ink\admin\add-cli.php:9
unserialize$Settings = unserialize(get_post_meta($post->ID, 'client_partner_Settings', true));ink\admin\add-cli.php:10
unserialize$grid_data = unserialize(get_post_meta( $post->ID, 'nkcps_client_partner_data', true));ink\admin\add-cli.php:24
unserialize$Settings = unserialize(get_post_meta( $PostId, 'client_partner_Settings', true));ink\admin\get-shortcode-plus-css.php:7
unserialize$De_Settings = unserialize(get_option('client_partner_default_Settings_new'));ink\admin\settings.php:2
unserialize$Settings = unserialize(get_post_meta( $PostId, 'client_partner_Settings', true));ink\admin\settings.php:4
unserialize$De_Settings = unserialize(get_option('client_partner_default_Settings_new'));template\content.php:7
unserialize$Settings = unserialize(get_post_meta( $post_id, 'client_partner_Settings', true));template\content.php:8
unserialize$client_data = unserialize(get_post_meta( $post_id, 'nkcps_client_partner_data', true));template\content.php:22

Output Escaping

18% escaped61 total outputs
Attack Surface

Client Partner Showcase Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[CLI_PARTNER] template\shortcode.php:2
WordPress Hooks 13
actionadmin_enqueue_scriptsink\admin\menu.php:13
actioninitink\admin\menu.php:15
actionadd_meta_boxesink\admin\menu.php:16
actionadmin_initink\admin\menu.php:17
actionsave_postink\admin\menu.php:18
actionsave_postink\admin\menu.php:20
filtermanage_edit-client_partner_columnsink\admin\menu.php:32
actionmanage_client_partner_posts_custom_columnink\admin\menu.php:33
actionwp_enqueue_scriptsink\install\installation.php:17
filterwidget_textink\install\installation.php:19
actionmedia_buttons_contextink\install\installation.php:20
actionadmin_footerink\install\installation.php:21
actionwidgets_initink\widget\widget.php:111
Maintenance & Trust

Client Partner Showcase Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8
Last updatedNov 22, 2023
PHP min version
Downloads9K

Community Trust

Rating20/100
Number of ratings2
Active installs100
Alternatives

Client Partner Showcase Alternatives

Logo Showcase – Logo Slider, Carousel & Sponsors Gallery

Logo Showcase – Logo Slider, Carousel & Sponsors Gallery

logo-showcase

B
77

Create beautiful logo showcases for clients, sponsors, partners, or brands using slider, grid, list, or ticker layouts — no coding required.

1K 1 unpatched
Logo Slider Carousel – Responsive Client Showcase

Logo Slider Carousel – Responsive Client Showcase

best-logo-slider

A
100

The Logo Slider Carousel WordPress plugin can display partners, clients, or sponsors' logos on your WordPress site quickly and easily.

100 No CVEs
Infinite Logo Carousel Block

Infinite Logo Carousel Block

infinite-logo-carousel-block

A
100

Infinity logo carousel for client, partner or sponsor logos with custom speed.

100 No CVEs
WP Brand Logo Slider

WP Brand Logo Slider

wp-brand-logo-slider

A
85

WP Brand Logo Slider is a wordpress plugin to display your brand logo or client logo on your WordPress website!

50 No CVEs
Partner Manager

Partner Manager

partner-manager

A
85

Allows site administrators to manage the site's partners and display them in the form of a image slider or a list (using a shortcode).

20 No CVEs
Developer Profile

Client Partner Showcase Developer Profile

Mapro Collins

3 plugins · 330 total installs

79
trust score
Avg Security Score
78/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Client Partner Showcase

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/client-partner-showcase/assets/css/bootstrap.css/wp-content/plugins/client-partner-showcase/assets/css/panel-style.css/wp-content/plugins/client-partner-showcase/assets/css/sidebar.css/wp-content/plugins/client-partner-showcase/assets/css/cli_jquery-ui.css/wp-content/plugins/client-partner-showcase/assets/css/font-awesome/css/font-awesome.min.css/wp-content/plugins/client-partner-showcase/assets/css/settings.css/wp-content/plugins/client-partner-showcase/assets/css/jquery-linedtextarea.css/wp-content/plugins/client-partner-showcase/assets/js/color-picker.js+12 more
Script Paths
/wp-content/plugins/client-partner-showcase/assets/js/color-picker.js/wp-content/plugins/client-partner-showcase/assets/js/media-upload-script.js/wp-content/plugins/client-partner-showcase/assets/js/popper.min.js/wp-content/plugins/client-partner-showcase/assets/js/bootstrap.min.js/wp-content/plugins/client-partner-showcase/assets/js/jquery-linedtextarea.js/wp-content/plugins/client-partner-showcase/assets/js/popper.min.js+3 more

HTML / DOM Fingerprints

CSS Classes
wp_client_partner_showcase_ShortCode_button
Data Attributes
id="CLI_PARTNER"
JS Globals
window.send_to_editor
Shortcode Output
[CLI_PARTNER id=
FAQ

Frequently Asked Questions about Client Partner Showcase