WP-Safety

Custom Post Slider Security & Risk Analysis

wordpress.org/plugins/custom-post-slider

Custom Post Slider Plugin Display Post with Owl Slider order by date, title, random... Developer can override HTML or create new layout in their theme …

300 active installs v1.0.0 PHP + WP 3.0.1+ Updated Nov 27, 2015
content-sliderpost-slidersliderslideshowwordpress-content-slider
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Custom Post Slider Safe to Use in 2026?

Generally Safe

Score 85/100

Custom Post Slider has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago
Risk Assessment

The "custom-post-slider" v1.0.0 plugin presents a generally good security posture with no known vulnerabilities or critical taint flows. The static analysis reveals strong practices in areas like SQL query sanitization, with 75% using prepared statements. The presence of nonce and capability checks, along with the absence of external HTTP requests or file operations, further contributes to its security. However, there are notable areas of concern. The high number of total outputs (110) with a low percentage (35%) of proper escaping indicates a significant risk of Cross-Site Scripting (XSS) vulnerabilities, especially as the attack surface is relatively small and all entry points are protected. Additionally, the use of the `unserialize` function, while not flagged as a critical issue in the taint analysis, is inherently risky and could lead to deserialization vulnerabilities if not handled with extreme care and input validation. The plugin's history of zero vulnerabilities is positive but doesn't entirely negate the risks identified in the static analysis, particularly the output escaping issues and the use of `unserialize`.

Key Concerns

  • Low percentage of properly escaped output
  • Use of dangerous function (unserialize)
Vulnerabilities
None known

Custom Post Slider Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Custom Post Slider Code Analysis

Dangerous Functions
12
Raw SQL Queries
7
21 prepared
Unescaped Output
72
38 escaped
Nonce Checks
9
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$plist = unserialize($res1[0]->plist);custom-post-slider.php:274
unserialize$query = unserialize($res1[0]->query);custom-post-slider.php:275
unserialize$slider = unserialize($res1[0]->slider);custom-post-slider.php:276
unserialize$container = unserialize($res1[0]->container);custom-post-slider.php:277
unserialize$content = unserialize($res1[0]->content);custom-post-slider.php:278
unserialize$navigation = unserialize($res1[0]->navigation);custom-post-slider.php:279
unserialize$plist = unserialize($dset->plist);templates\template-owl.php:23
unserialize$query = unserialize($dset->query);templates\template-owl.php:24
unserialize$slider = unserialize($dset->slider);templates\template-owl.php:25
unserialize$container = unserialize($dset->container);templates\template-owl.php:26
unserialize$content = unserialize($dset->content);templates\template-owl.php:27
unserialize$navigation = unserialize($dset->navigation);templates\template-owl.php:28

SQL Query Safety

75% prepared28 total queries

Output Escaping

35% escaped110 total outputs
Data Flows
All sanitized

Data Flow Analysis

4 flows
tzcustomUpdateLabel (custom-post-slider.php:121)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Custom Post Slider Attack Surface

Entry Points6
Unprotected0

AJAX Handlers 5

authwp_ajax_tzcustomchkCategorycustom-post-slider.php:115
authwp_ajax_tzcustomUpdateLabelcustom-post-slider.php:116
authwp_ajax_tzcustomUpdateOptcustom-post-slider.php:117
authwp_ajax_tzcustomListPostcustom-post-slider.php:118
authwp_ajax_tzcustomupdateSmethodcustom-post-slider.php:119

Shortcodes 1

[tzcustom-slideshow] custom-post-slider.php:374
WordPress Hooks 7
actionadmin_menucustom-post-slider.php:20
actionwp_enqueue_scriptscustom-post-slider.php:46
actionadmin_enqueue_scriptscustom-post-slider.php:72
actionplugins_loadedcustom-post-slider.php:92
actionwp_loadedcustom-post-slider.php:105
actionwp_headcustom-post-slider.php:261
filterimage_resize_dimensionstzcustom_resizer.php:61
Maintenance & Trust

Custom Post Slider Maintenance & Trust

Maintenance Signals

WordPress version tested4.3.34
Last updatedNov 27, 2015
PHP min version
Downloads4K

Community Trust

Rating100/100
Number of ratings1
Active installs300
Alternatives

Custom Post Slider Alternatives

Depicter — Popup & Slider Builder

Depicter — Popup & Slider Builder

depicter

A
89

Build Stunning Slider and Popup. Exit intent Popup, Image slider carousel, video slider carousel, post slider carousel, product slider, promote popup

90K 14 CVEs
Ditty – Responsive News Tickers, Sliders, and Lists

Ditty – Responsive News Tickers, Sliders, and Lists

ditty-news-ticker

A
91

Ditty offers a range of content display options, including its signature news ticker and customizable layouts.

30K 14 CVEs
Slider Pro

Slider Pro

sliderpro

A
100

Slider Pro is a responsive slider plugin that offers Premium features for FREE, including animated layers, post content, full width layout and more.

4K 1 CVE
Testimonial Slider

Testimonial Slider

testimonial-slider

A
95

Display your happy customers' Testimonials in a neat Responsive Slider

3K 4 CVEs
Slider Pro

Slider Pro

slider-pro-wp

A
85

A modular, responsive and touch-enabled jQuery slider plugin that enables you to create elegant and professionally looking sliders

1K No CVEs
Developer Profile

Custom Post Slider Developer Profile

tuyennv

7 plugins · 1K total installs

81
trust score
Avg Security Score
82/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Custom Post Slider

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/custom-post-slider/tzcustom-style.css/wp-content/plugins/custom-post-slider/css/owl.carousel.css/wp-content/plugins/custom-post-slider/css/owl.theme.css/wp-content/plugins/custom-post-slider/css/owl.transitions.css/wp-content/plugins/custom-post-slider/js/tzcustom.frnt.script.js/wp-content/plugins/custom-post-slider/js/tzcustom.script.js/wp-content/plugins/custom-post-slider/css/tzcustom_slider_admin.css
Script Paths
wp-content/plugins/custom-post-slider/js/tzcustom.frnt.script.jswp-content/plugins/custom-post-slider/js/tzcustom.script.js
Version Parameters
custom-post-slider/tzcustom-style.css?ver=custom-post-slider/css/owl.carousel.css?ver=custom-post-slider/css/owl.theme.css?ver=custom-post-slider/css/owl.transitions.css?ver=custom-post-slider/js/tzcustom.frnt.script.js?ver=custom-post-slider/js/tzcustom.script.js?ver=custom-post-slider/css/tzcustom_slider_admin.css?ver=

HTML / DOM Fingerprints

CSS Classes
tzcustom-slideshow
Data Attributes
data-tzcustom-options
JS Globals
tzcustomajxtzcustom_url
FAQ

Frequently Asked Questions about Custom Post Slider