Content Slideshow Security & Risk Analysis

wordpress.org/plugins/content-slideshow

This plugin creates a fullscreen slideshow that displays randomly-selected pictures from your media library. Designed to display pictures related to y …

20 active installs v2.4.1 PHP + WP 3.8+ Updated Jul 12, 2024
automaticmediamedia-librarypicturesslideshow
63
C · Use Caution
CVEs total1
Unpatched1
Last CVEMay 26, 2026
Safety Verdict

Is Content Slideshow Safe to Use in 2026?

Use With Caution

Score 63/100

Content Slideshow has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: May 26, 2026Updated 2yr ago
Risk Assessment

The "content-slideshow" v2.4.1 plugin exhibits a generally positive security posture based on the provided static analysis. The absence of known CVEs and the emphasis on prepared statements for SQL queries are strong indicators of good development practices. Furthermore, the limited attack surface, with no unprotected AJAX handlers or REST API routes, suggests that the plugin is designed with security in mind.

However, several concerns emerge from the code analysis. A significant portion of output is not properly escaped, representing a potential risk for Cross-Site Scripting (XSS) vulnerabilities. The lack of nonce checks and capability checks, especially given the presence of a shortcode as an entry point, could allow for unauthorized actions if the shortcode's functionality is not sufficiently restricted. The fact that no taint flows were identified, while seemingly positive, could also be a reflection of the limited scope of the analysis or the specific coding patterns used, rather than a definitive guarantee of taint-free code.

Overall, the plugin has a solid foundation with no historical vulnerabilities and a small attack surface. The primary areas for improvement are the insufficient output escaping and the absence of essential security checks like nonces and capability checks on its entry point. Addressing these weaknesses would significantly enhance its security posture.

Key Concerns

  • Output escaping is insufficient (8% escaped)
  • No nonce checks implemented
  • No capability checks implemented
Vulnerabilities
1 published

Content Slideshow Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-8873medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Content Slideshow <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

May 26, 2026Unpatched
Version History

Content Slideshow Release Timeline

v2.4.1Current1 CVE
v2.41 CVE
v2.31 CVE
v2.21 CVE
v2.11 CVE
v2.01 CVE
v1.11 CVE
Code Analysis
Analyzed Mar 16, 2026

Content Slideshow Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
22
2 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

8% escaped24 total outputs
Attack Surface

Content Slideshow Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[content_slideshow] slideshow-widget-shortcode.php:13
WordPress Hooks 3
actionplugins_loadedcontent-slideshow.php:35
actiontemplate_redirectcontent-slideshow.php:43
actionwidgets_initslideshow-widget-shortcode.php:10
Maintenance & Trust

Content Slideshow Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedJul 12, 2024
PHP min version
Downloads6K

Community Trust

Rating0/100
Number of ratings0
Active installs20
Developer Profile

Content Slideshow Developer Profile

Nick Halsey

28 plugins · 24K total installs

84
trust score
Avg Security Score
86/100
Avg Patch Time
8 days
View full developer profile
Detection Fingerprints

How We Detect Content Slideshow

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/content-slideshow/content-slideshow.js
Script Paths
/wp-content/plugins/content-slideshow/content-slideshow.js
Version Parameters
content-slideshow/content-slideshow.js?ver=

HTML / DOM Fingerprints

CSS Classes
landscapeportrait
HTML Comments
Template that displays a slideshow of random pictures from the media library.Please note that it is not possible to pause the slideshow or go back;this template works best when you need to display pictures related toyour business/organization in the background at an event or in your office.+10 more
Data Attributes
data-sizedata-yeardata-monthdata-modedata-captions
JS Globals
contentSlideshow
Shortcode Output
[content_slideshow]
FAQ

Frequently Asked Questions about Content Slideshow