WP-Safety

CP Image Store with Slideshow Security & Risk Analysis

wordpress.org/plugins/cp-image-store

CP Image Store with Slideshow is an online store for the sale of image files: images, predefined pictures, clipart, drawings, vector images.

20 active installs v1.2.1 PHP + WP 3.5.0+ Updated Jan 16, 2026
clipart-storeimage-storephoto-storepicture-storeshow
87
A · Safe
CVEs total4
Unpatched0
Last CVEJan 12, 2026
Plugin page Download
Safety Verdict

Is CP Image Store with Slideshow Safe to Use in 2026?

Generally Safe

Score 87/100

CP Image Store with Slideshow has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Jan 12, 2026Updated 2mo ago
Risk Assessment

The "cp-image-store" v1.2.1 plugin exhibits a mixed security posture. While it demonstrates good practices in terms of output escaping (91%) and SQL prepared statements (94%), and importantly, has no currently unpatched CVEs, several areas raise concern. The static analysis reveals the presence of `unserialize` which is a known dangerous function and requires careful handling. Furthermore, the taint analysis indicates 2 high-severity flows with unsanitized paths, suggesting potential for vulnerabilities like path traversal if not adequately mitigated by other controls. The vulnerability history, though free of current unpatched issues, shows a pattern of critical and high severity vulnerabilities including incorrect authorization, SQL injection, and path traversal. The recent critical vulnerability in 2026, while patched, indicates a historical propensity for significant security flaws.

Overall, the plugin has strengths in general code hygiene but shows a persistent risk profile due to past critical vulnerabilities and the presence of dangerous functions coupled with high-severity taint flows. The lack of critical unpatched CVEs is a positive sign, but the historical patterns and specific code signals warrant vigilance. The limited attack surface without authentication is commendable, but the identified risks within the code itself are the primary drivers of concern.

Key Concerns

  • Unsanitized paths in Taint Analysis (High Severity)
  • Presence of dangerous function: unserialize
  • Historical Critical Severity CVEs
  • Historical High Severity CVEs
Vulnerabilities
4

CP Image Store with Slideshow Security Vulnerabilities

CVEs by Year

2 CVEs in 2015
2015
1 CVE in 2022
2022
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Critical
1
High
2
Medium
1

4 total CVEs

CVE-2026-0684medium · 4.3Incorrect Authorization

CP Image Store with Slideshow <= 1.1.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Product Import

Jan 12, 2026 Patched in 1.2.0 (2d)
CVE-2022-1692critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CP Image Store with Slideshow <= 1.0.67 - Unauthenticated SQL Injection

May 9, 2022 Patched in 1.0.68 (624d)
WF-24c78d62-c2d0-4699-bd80-e8deef301eb3-cp-image-storehigh · 7.5Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CP Image Store with Slideshow < 1.0.6 - Arbitrary File Download

Jul 10, 2015 Patched in 1.0.6 (3119d)
WF-d49bd587-26fc-48fb-86aa-a043a5938d43-cp-image-storehigh · 7.5Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CP Image Store with Slideshow < 1.0.7 - Arbitrary File Download

Jul 10, 2015 Patched in 1.0.7 (3119d)
Code Analysis
Analyzed Mar 16, 2026

CP Image Store with Slideshow Code Analysis

Dangerous Functions
4
Raw SQL Queries
4
61 prepared
Unescaped Output
44
457 escaped
Nonce Checks
8
Capability Checks
7
File Operations
13
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

unserialize$preview = unserialize( $preview );includes\image.php:90
unserialize$preview_data = unserialize( $data->preview );includes\image.php:262
unserialize$old_preview = unserialize( $old_preview );includes\image.php:385
unserialize$preview = unserialize( $image->preview );includes\image.php:635

SQL Query Safety

94% prepared65 total queries

Output Escaping

91% escaped501 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

8 flows5 with unsanitized paths
cpis_preview (cp-image-store.php:886)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

CP Image Store with Slideshow Attack Surface

Entry Points5
Unprotected0

AJAX Handlers 1

authwp_ajax_cp_feedbackfeedback\cp-feedback.php:23

Shortcodes 4

[codepeople-image-store] cp-image-store.php:618
[codepeople-image-store-product] cp-image-store.php:619
[codepeople-image-store] cp-image-store.php:899
[codepeople-image-store-product] cp-image-store.php:900
WordPress Hooks 42
actioncpis_show_settingsaddons\affiliateroyale.addon.php:8
actioncpis_save_settingsaddons\affiliateroyale.addon.php:9
actioncpis_paypal_form_html_before_submitaddons\affiliateroyale.addon.php:11
actioncpis_paypal_ipn_receivedaddons\affiliateroyale.addon.php:12
actionadmin_bar_menubanner.php:107
actioninitcp-image-store.php:19
filterget_post_metadatacp-image-store.php:20
filteroption_sbp_settingscp-image-store.php:33
actionshutdowncp-image-store.php:75
actionactivated_plugincp-image-store.php:188
actionwpmu_new_blogcp-image-store.php:203
filtermanage_cpis_image_posts_columnscp-image-store.php:397
actionmanage_cpis_image_posts_custom_columncp-image-store.php:398
actioninitcp-image-store.php:564
actionwidgets_initcp-image-store.php:565
actionsave_postcp-image-store.php:583
actionwp_footercp-image-store.php:586
filterget_pagescp-image-store.php:587
filterthe_contentcp-image-store.php:620
filterthe_excerptcp-image-store.php:621
filterget_the_excerptcp-image-store.php:622
actionwp_headcp-image-store.php:623
filterdisplay_post_statescp-image-store.php:681
actionadmin_initcp-image-store.php:692
filterupload_dircp-image-store.php:823
actionadmin_headcp-image-store.php:850
filterupload_dircp-image-store.php:853
actionmedia_buttonscp-image-store.php:856
actionadmin_menucp-image-store.php:952
actionparent_filecp-image-store.php:979
actionadmin_enqueue_scriptscp-image-store.php:2083
actionwp_enqueue_scriptscp-image-store.php:2139
actionadmin_enqueue_scriptsfeedback\cp-feedback.php:22
actionadmin_footerfeedback\cp-feedback.php:32
actionpost_edit_form_tagincludes\image.php:140
actioninitpagebuilders\pagebuilders.php:20
actionafter_setup_themepagebuilders\pagebuilders.php:21
actionenqueue_block_editor_assetspagebuilders\pagebuilders.php:28
actionelementor/widgets/registerpagebuilders\pagebuilders.php:31
actionelementor/elements/categories_registeredpagebuilders\pagebuilders.php:32
filtersiteorigin_widgets_widget_folderspagebuilders\pagebuilders.php:39
filtersiteorigin_panels_widget_dialog_tabspagebuilders\pagebuilders.php:40
Maintenance & Trust

CP Image Store with Slideshow Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 16, 2026
PHP min version
Downloads37K

Community Trust

Rating60/100
Number of ratings4
Active installs20
Alternatives

CP Image Store with Slideshow Alternatives

Smart Slider 3

Smart Slider 3

smart-slider-3

A
91

Responsive slider plugin to create sliders in visual editor easily. Build beautiful image slider, layer slider, video slider, post slider, and more.

800K 7 CVEs
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery

Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery

nextgen-gallery

B
76

The most popular gallery plugin that lets you create galleries and albums in seconds.

400K 37 CVEs
Simple Lightbox

Simple Lightbox

simple-lightbox

A
99

The highly customizable lightbox for WordPress

100K 1 CVE
Depicter — Popup & Slider Builder

Depicter — Popup & Slider Builder

depicter

A
89

Build Stunning Slider and Popup. Exit intent Popup, Image slider carousel, video slider carousel, post slider carousel, product slider, promote popup

90K 14 CVEs
Carousel, Slider, Photo Gallery with Lightbox, Video Slider, by WP Carousel

Carousel, Slider, Photo Gallery with Lightbox, Video Slider, by WP Carousel

wp-carousel-free

A
96

Carousel, Slider, and Photo Gallery with Lightbox plugin. Create Image Carousel, Video Slider, Post Carousel, Post Grid, Product Carousel, and more.

70K 5 CVEs
Developer Profile

CP Image Store with Slideshow Developer Profile

codepeople

34 plugins · 89K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
964 days
View full developer profile
Detection Fingerprints

How We Detect CP Image Store with Slideshow

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cp-image-store/assets/css/cp-image-store.css/wp-content/plugins/cp-image-store/assets/js/cp-image-store.js/wp-content/plugins/cp-image-store/assets/css/cp-image-store-frontend.css/wp-content/plugins/cp-image-store/assets/js/cp-image-store-frontend.js
Script Paths
/wp-content/plugins/cp-image-store/assets/js/cp-image-store.js/wp-content/plugins/cp-image-store/assets/js/cp-image-store-frontend.js
Version Parameters
cp-image-store/assets/css/cp-image-store.css?ver=cp-image-store/assets/js/cp-image-store.js?ver=cp-image-store/assets/css/cp-image-store-frontend.css?ver=cp-image-store/assets/js/cp-image-store-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
cpis-image-storecpis-image-store-wrapcpis-main-contentcpis-content-areacpis-itemcpis-image-containercpis-image-thumbnailcpis-image-details+33 more
HTML Comments
<!-- CP Image Store with Slideshow --><!-- End CP Image Store with Slideshow --><!-- Begin CP Image Store --><!-- End CP Image Store -->+2 more
Data Attributes
data-cpis-iddata-cpis-pricedata-cpis-quantitydata-cpis-urldata-cpis-sku
JS Globals
CPIS_AJAX_URLCPIS_ADMIN_URLCPIS_PLUGIN_URLCPIS_VERSIONcpis_session_idcpis_shopping_cart+4 more
REST Endpoints
/wp-json/cpis/v1/add-to-cart/wp-json/cpis/v1/update-cart/wp-json/cpis/v1/remove-from-cart/wp-json/cpis/v1/get-cart/wp-json/cpis/v1/checkout/wp-json/cpis/v1/process-payment
Shortcode Output
[cp_image_store][cp_image_store_cart][cp_image_store_checkout][cp_image_store_purchase_history]
FAQ

Frequently Asked Questions about CP Image Store with Slideshow