Does Serious Slider have any unpatched vulnerabilities?

Yes — Serious Slider currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Serious Slider compatible with WordPress 6.9.4?

According to WordPress.org data, Serious Slider 1.3.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Serious Slider compatible with PHP 7.0+?

Serious Slider requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Serious Slider updated?

Serious Slider was last updated on Mar 12, 2026. Frequent updates are generally a positive security signal.

What is Serious Slider's security score?

Serious Slider has a WP-Safety security score of 72/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Serious Slider Security & Risk Analysis

wordpress.org/plugins/cryout-serious-slider

Serious Slider is a free highly efficient SEO friendly fully translatable accessibility ready image slider for WordPress. Seriously!

20K active installs v1.3.0 PHP 7.0+ WP 4.5+ Updated Mar 12, 2026

image-sliderresponsive-slidersliderslideshowwordpress-slider

B · Generally Safe

CVEs total4

Unpatched1

Last CVEJan 30, 2026

Plugin page Download

Safety Verdict

Is Serious Slider Safe to Use in 2026?

Mostly Safe

Score 72/100

Serious Slider is generally safe to use. 4 past CVEs were resolved. Keep it updated.

4 known CVEs 1 unpatched Last CVE: Jan 30, 2026Updated 21d ago

Risk Assessment

The cryout-serious-slider plugin version 1.3.0 exhibits a mixed security posture. On the positive side, the static analysis reveals a robust implementation in several key areas. There are no dangerous functions, SQL queries are all prepared, and output escaping is almost universally applied. Furthermore, the plugin demonstrates good security hygiene with a significant number of nonce and capability checks, and a minimal attack surface primarily composed of AJAX handlers, all of which appear to have authorization checks. Taint analysis also shows no concerning unsanitized paths.

However, the plugin's vulnerability history is a significant concern. With four known CVEs, and importantly, one currently unpatched, the plugin has a documented history of security flaws. The types of past vulnerabilities, including Missing Authorization, Cross-site Scripting, and Cross-Site Request Forgery, suggest potential for exploitation if similar weaknesses exist or are reintroduced. The fact that the last vulnerability was very recent (even though the date is in the future, it implies recent discovery/patching issues) further emphasizes the ongoing need for vigilance.

In conclusion, while the current version's code shows commendable security practices in its static analysis, the historical vulnerability record, particularly the unpatched CVE, presents a notable risk. This indicates that despite current good coding practices, past issues have been present and not all have been resolved, demanding cautious use and prompt updating when new versions become available.

Key Concerns

Unpatched CVE present
History of 4 medium severity CVEs
History of Cross-Site Scripting vulnerabilities
History of Missing Authorization vulnerabilities
History of Cross-Site Request Forgery vulnerabilities

Vulnerabilities

Serious Slider Security Vulnerabilities

CVEs by Year

3 CVEs in 2024

2024

1 CVE in 2026 · unpatched

2026

Patched Has unpatched

Severity Breakdown

Medium

4 total CVEs

CVE-2026-25399medium · 4.3Missing Authorization

Serious Slider <= 1.2.7 - Missing Authorization

Jan 30, 2026Unpatched

CVE-2024-11108medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Serious Slider <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Nov 29, 2024 Patched in 1.2.7 (50d)

CVE-2024-35762medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Serious Slider <= 1.2.4 - Authenticated (Editor+) Stored Cross-Site Scripting

Jun 17, 2024 Patched in 1.2.5 (16d)

CVE-2024-33650medium · 4.3Cross-Site Request Forgery (CSRF)

Serious Slider <= 1.2.4 - Cross-Site Request Forgery

Apr 25, 2024 Patched in 1.2.5 (50d)

Code Analysis

Analyzed Mar 16, 2026

Serious Slider Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

279 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

99% escaped281 total outputs

Data Flows

All sanitized

Data Flow Analysis

3 flows

ajax_set_image (cryout-serious-slider.php:356)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Serious Slider Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 3

authwp_ajax_cryout_serious_slider_ajaxcryout-serious-slider.php:182

authwp_ajax_cryout_serious_slider_set_imagecryout-serious-slider.php:185

authwp_ajax_cryout_serious_slider_delete_imagecryout-serious-slider.php:186

WordPress Hooks 23

actioninitcryout-serious-slider.php:76

actioninitcryout-serious-slider.php:79

actionsetup_themecryout-serious-slider.php:80

actioninitcryout-serious-slider.php:83

filterpll_get_post_typescryout-serious-slider.php:86

filterpll_get_taxonomiescryout-serious-slider.php:87

actioncreated_termcryout-serious-slider.php:93

actionwp_enqueue_scriptscryout-serious-slider.php:150

actionwp_enqueue_scriptscryout-serious-slider.php:151

filterplugin_row_metacryout-serious-slider.php:158

actionadmin_menucryout-serious-slider.php:159

actionrestrict_manage_postscryout-serious-slider.php:169

actionsave_postcryout-serious-slider.php:172

actionadmin_headcryout-serious-slider.php:175

actionadmin_enqueue_scriptscryout-serious-slider.php:176

actionmedia_buttonscryout-serious-slider.php:179

actionadmin_initcryout-serious-slider.php:189

actionplugins_loadedcryout-serious-slider.php:194

filtermce_external_pluginscryout-serious-slider.php:936

filtermce_buttons_2cryout-serious-slider.php:937

actionwp_footerinc\shortcodes.php:265

actionwp_footerinc\shortcodes.php:280

actionwidgets_initinc\widgets.php:56

Maintenance & Trust

Serious Slider Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 12, 2026

PHP min version7.0

Downloads499K

Community Trust

Rating68/100

Number of ratings8

Active installs20K

Alternatives

Serious Slider Alternatives

Slider by 10Web – Responsive Image Slider

slider-wd

Slider by 10Web plugin is the perfect slider solution for Wordpress.

20K 10 CVEs

Ovation Elements

ovation-elements

Transform your site with captivating sliders. Perfect for beginners and advanced users. Create and customize with our ultimate slider plugin.

10K 1 CVE

Your Simple Slider

your-simple-slider

100

Responsive slider plugin to create sliders in visual editor easily. Build beautiful image slider.

50 No CVEs

MaxSlider

maxslider

MaxSlider is a free WordPress slider plugin that lets you create responsive sliders for your website. Shortcode and Visual Composer support included.

8K 1 CVE

Block Slider – Responsive Image Slider, Video Slider & Post Slider

block-slider

Create Responsive Sliders using WordPress Blocks. Image slider, video slider, YouTube slider, post slider, product slider, WooCommerce slider & more.

4K 1 unpatched

Developer Profile

Serious Slider Developer Profile

CryoutCreations

16 plugins · 121K total installs

trust score

Avg Security Score

87/100

Avg Patch Time

48 days

View full developer profile

Detection Fingerprints

How We Detect Serious Slider

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cryout-serious-slider/css/cryout-serious-slider.css/wp-content/plugins/cryout-serious-slider/css/themes/light.css/wp-content/plugins/cryout-serious-slider/css/themes/dark.css/wp-content/plugins/cryout-serious-slider/css/themes/square.css/wp-content/plugins/cryout-serious-slider/css/themes/tall.css/wp-content/plugins/cryout-serious-slider/css/themes/captionleft.css/wp-content/plugins/cryout-serious-slider/css/themes/captionbottom.css/wp-content/plugins/cryout-serious-slider/css/themes/theme.css+6 more

Script Paths

/wp-content/plugins/cryout-serious-slider/js/cryout-serious-slider.js/wp-content/plugins/cryout-serious-slider/js/jquery.bxslider.min.js/wp-content/plugins/cryout-serious-slider/js/animate.min.js

Version Parameters

cryout-serious-slider/css/cryout-serious-slider.css?ver=cryout-serious-slider/js/cryout-serious-slider.js?ver=cryout-serious-slider/js/jquery.bxslider.min.js?ver=cryout-serious-slider/js/animate.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

serious-slider-wrapperserious-sliderslide-itemslide-contentslider-captionbx-pager-itembx-pager-linkbx-controls-direction+39 more

HTML Comments

Data Attributes

data-slider-iddata-autoplaydata-animationdata-speeddata-pausedata-controls+9 more

JS Globals

seriousSliderConfigcryout_serious_slider_optionscryout_serious_slider_params

Shortcode Output

[serious-slider[/serious-slider]

FAQ