WP-Safety

Simple Slideshow Security & Risk Analysis

wordpress.org/plugins/cvmh-simple-slideshow

Add a slideshow on your site.

70 active installs v1.2.15 PHP + WP 3.6+ Updated Jan 26, 2022
jqueryslideshow
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Simple Slideshow Safe to Use in 2026?

Generally Safe

Score 85/100

Simple Slideshow has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The cvmh-simple-slideshow plugin v1.2.15 exhibits a mixed security posture. While it has a clean vulnerability history with no recorded CVEs, indicating a generally stable past, the static analysis reveals several areas for concern. The presence of an unprotected AJAX handler significantly increases the attack surface, providing a direct entry point for malicious actors without proper authentication. Furthermore, the plugin heavily relies on raw SQL queries without prepared statements, which is a critical vulnerability that could lead to SQL injection attacks. The low percentage of properly escaped output suggests that user-supplied data might be reflected directly in the output, posing a risk of Cross-Site Scripting (XSS) vulnerabilities. Although there are no critical taint flows or dangerous functions identified, the combination of these weaknesses, particularly the unprotected AJAX handler and un-prepared SQL queries, presents a moderate to high risk that requires attention.

Key Concerns

  • Unprotected AJAX handler present
  • 100% of SQL queries use raw statements
  • Low percentage of properly escaped output
Vulnerabilities
None known

Simple Slideshow Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Simple Slideshow Release Timeline

No version history available.
Code Analysis
Analyzed Mar 16, 2026

Simple Slideshow Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
0 prepared
Unescaped Output
51
4 escaped
Nonce Checks
2
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared4 total queries

Output Escaping

7% escaped55 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

1 flows
<settings> (views\settings.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Simple Slideshow Attack Surface

Entry Points2
Unprotected1

AJAX Handlers 1

authwp_ajax_update-menu-orderincludes\functions\admin.php:172

Shortcodes 1

[cvmh-simple-slideshow] includes\functions\front.php:10
WordPress Hooks 17
actioninitcvmh-simple-slideshow.php:31
actionadd_meta_boxesincludes\3rd-party\wordpress-seo.php:7
actionadmin_head-edit.phpincludes\3rd-party\wordpress-seo.php:17
actionpost_submitbox_startincludes\3rd-party\wordpress-seo.php:36
actionwidgets_initincludes\classes\widget.php:62
actionadmin_menuincludes\functions\admin.php:7
actionadmin_enqueue_scriptsincludes\functions\admin.php:16
filterplugin_action_links_cvmh-simple-slideshow/cvmh-simple-slideshow.phpincludes\functions\admin.php:44
actionmanage_posts_custom_columnincludes\functions\admin.php:87
actionsave_postincludes\functions\admin.php:146
actionadmin_initincludes\functions\admin.php:212
actionwp_enqueue_scriptsincludes\functions\front.php:4
filterget_previous_post_whereincludes\functions\order.php:4
filterget_previous_post_sortincludes\functions\order.php:15
filterget_next_post_whereincludes\functions\order.php:25
filterget_next_post_sortincludes\functions\order.php:36
actionpre_get_postsincludes\functions\order.php:46
Maintenance & Trust

Simple Slideshow Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13
Last updatedJan 26, 2022
PHP min version
Downloads9K

Community Trust

Rating80/100
Number of ratings3
Active installs70
Alternatives

Simple Slideshow Alternatives

WP-Cycle

WP-Cycle

wp-cycle

A
85

This plugin creates an image slideshow in your theme, using the jQuery Cycle plugin. You can upload/delete images via the administration panel, and di &hellip;

3K No CVEs
Slideshow

Slideshow

slideshow

A
85

A shortcode for displaying a slideshow of image attachments for a post.

1K No CVEs
All-In-One Slideshow

All-In-One Slideshow

all-in-one-slideshow

A
85

All-In-One Slideshow plugin implements jCycle, Easing and Cufon scripts into the highly customizable slideshow gallery.

100 No CVEs
WP-Cycle Plus Captions

WP-Cycle Plus Captions

wp-cycle-plus-captions

A
85

The WP-Cycle Plus Captions plugin allows you to upload images from your computer, which will then be used to generate a jQuery Cycle Plugin slideshow.

100 No CVEs
Simple Content Slider / Slideshow

Simple Content Slider / Slideshow

simple-content-slider

A
85

A simple and responsive content slider and slideshow plug-in for jQuery with features like touch and CSS3 transitions.

90 No CVEs
Developer Profile

Simple Slideshow Developer Profile

cvmh

5 plugins · 180 total installs

81
trust score
Avg Security Score
81/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Simple Slideshow

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cvmh-simple-slideshow/assets/css/admin.min.css/wp-content/plugins/cvmh-simple-slideshow/assets/js/admin.min.js
Script Paths
../../assets/js/admin.min.js../../assets/css/admin.min.css
Version Parameters
cvmh-slideshow-admin.min.js?ver=cvmh-slideshow-admin.min.css?ver=

HTML / DOM Fingerprints

CSS Classes
cvmh_slideshow_admin
Data Attributes
data-cvmh_slideshow_widthdata-cvmh_slideshow_heightdata-cvmh_slideshow_durationdata-cvmh_slideshow_show_nav
JS Globals
cvmhTranslate
FAQ

Frequently Asked Questions about Simple Slideshow