WP-Safety

Easy Nivo Slider Security & Risk Analysis

wordpress.org/plugins/easy-nivo-slider

Adds Nivo Slider to a post/page with no coding. Builds sliders from a post images, featured images in posts, or from NextGen galleries.

200 active installs v1.6.1 PHP + WP 3.0+ Updated Mar 22, 2011
custom-post-typegallerynivosliderslideshow
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Easy Nivo Slider Safe to Use in 2026?

Generally Safe

Score 85/100

Easy Nivo Slider has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 15yr ago
Risk Assessment

The 'easy-nivo-slider' v1.6.1 plugin exhibits a mixed security posture, with several concerning code practices despite a clean vulnerability history. The static analysis reveals a low attack surface, with only one shortcode identified and no unprotected entry points, which is a positive sign. However, the code signals raise significant red flags. The presence of dangerous functions like 'unserialize' and 'create_function' is a major concern, as these can be exploited for remote code execution if user-supplied data is not strictly sanitized before being passed to them.

Furthermore, the complete lack of prepared statements for SQL queries is alarming, making it highly susceptible to SQL injection vulnerabilities. The extremely low percentage of properly escaped output (1%) indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts could be injected and executed in users' browsers. The absence of nonce checks on the identified shortcode, though it doesn't directly fall into the AJAX/REST API categories with auth checks, still represents a potential area for unauthorized actions if the shortcode's functionality can be leveraged maliciously.

The plugin's vulnerability history is remarkably clean, with no recorded CVEs. While this is a strength, it might be more a reflection of a lack of in-depth security auditing or a low profile rather than guaranteed security. The combination of dangerous functions, unescaped output, and raw SQL queries creates a significant potential for vulnerabilities that have perhaps gone unnoticed. The bundled outdated jQuery library also presents a minor risk, as older versions may contain known exploits.

Key Concerns

  • Dangerous functions (unserialize, create_function)
  • SQL queries without prepared statements
  • Very low percentage of properly escaped output
  • Bundled outdated jQuery library
  • Capability checks exist but no nonce checks on shortcode
Vulnerabilities
None known

Easy Nivo Slider Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Easy Nivo Slider Code Analysis

Dangerous Functions
6
Raw SQL Queries
3
0 prepared
Unescaped Output
150
1 escaped
Nonce Checks
0
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserialize$nivo_tax = unserialize($_SESSION['nivo_tax']);mce\popup_window.php:6
unserialize$nivo_options = unserialize($_SESSION['nivo_options']);mce\popup_window.php:7
unserialize$nivo_nextgen = unserialize($_SESSION['nivo_nextgen']);mce\popup_window.php:10
create_functionadd_action('widgets_init', create_function("","register_widget('Widget_Nivo_Slider_For_Current_Post'misc\current-post-widget.php:91
create_functionadd_action('widgets_init', create_function("","register_widget('Widget_Easy_Nivo_Slider');"));misc\post-type-widget.php:96
create_functionadd_action('widgets_init', create_function("","register_widget('Widget_Easy_Nivo_Slider_NextGen');")nextgen\widget.php:94

Bundled Libraries

jQuery1.4.2

SQL Query Safety

0% prepared3 total queries

Output Escaping

1% escaped151 total outputs
Attack Surface

Easy Nivo Slider Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[nivo] easy-nivo-slider.php:247
WordPress Hooks 25
filterimage_downsize3rd-party\filosofo-custom-image-sizes.php:15
actionplugins_loaded3rd-party\filosofo-custom-image-sizes.php:136
actionwp_print_styleseasy-nivo-slider.php:35
actionadmin_print_styleseasy-nivo-slider.php:52
actionwp_print_scriptseasy-nivo-slider.php:69
actionadmin_print_scriptseasy-nivo-slider.php:82
actioniniteditor.php:3
filtermce_external_pluginseditor.php:11
filtermce_buttonseditor.php:12
actionsave_postmisc\current-post-widget.php:19
actiondeleted_postmisc\current-post-widget.php:20
actionswitch_thememisc\current-post-widget.php:21
actionwidgets_initmisc\current-post-widget.php:91
actionsave_postmisc\post-type-widget.php:19
actiondeleted_postmisc\post-type-widget.php:20
actionswitch_thememisc\post-type-widget.php:21
actionwidgets_initmisc\post-type-widget.php:96
actionsave_postnextgen\widget.php:19
actiondeleted_postnextgen\widget.php:20
actionswitch_themenextgen\widget.php:21
actionwidgets_initnextgen\widget.php:94
actionadmin_menusettings.php:5
actionadmin_initsettings.php:11
actionadmin_print_scripts-settings_page_easy_nivo_slider_settings_pagesettings.php:17
actionadmin_print_styles-settings_page_easy_nivo_slider_settings_pagesettings.php:32
Maintenance & Trust

Easy Nivo Slider Maintenance & Trust

Maintenance Signals

WordPress version tested3.1.4
Last updatedMar 22, 2011
PHP min version
Downloads97K

Community Trust

Rating46/100
Number of ratings3
Active installs200
Alternatives

Easy Nivo Slider Alternatives

WP Featured Content and Slider

WP Featured Content and Slider

wp-featured-content-and-slider

A
100

A quick, easy way to add and display what features your company, product or service offers, using our shortcode OR template code or Gutenberg block.

1K No CVEs
Smart Slider 3

Smart Slider 3

smart-slider-3

A
91

Responsive slider plugin to create sliders in visual editor easily. Build beautiful image slider, layer slider, video slider, post slider, and more.

800K 7 CVEs
Carousel, Slider, Photo Gallery with Lightbox, Video Slider, by WP Carousel

Carousel, Slider, Photo Gallery with Lightbox, Video Slider, by WP Carousel

wp-carousel-free

A
96

Carousel, Slider, and Photo Gallery with Lightbox plugin. Create Image Carousel, Video Slider, Post Carousel, Post Grid, Product Carousel, and more.

70K 5 CVEs
Slider by Soliloquy – Responsive Image Slider for WordPress

Slider by Soliloquy – Responsive Image Slider for WordPress

soliloquy-lite

A
99

The best WordPress slider plugin. Drag & Drop responsive slider builder that helps you create a beautiful image slideshows with just a few clicks.

30K 2 CVEs
Responsive Slider Gallery

Responsive Slider Gallery

responsive-slider-gallery

A
100

Build image slideshows with drag-and-drop. A simple responsive slider for posts, pages, and widgets with custom navigation styles.

2K No CVEs
Developer Profile

Easy Nivo Slider Developer Profile

ecurtain

3 plugins · 220 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Easy Nivo Slider

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/easy-nivo-slider/3rd-party/nivo-slider.css/wp-content/plugins/easy-nivo-slider/css/easy-nivo-slider.css/wp-content/plugins/easy-nivo-slider/css/admin.css/wp-content/plugins/easy-nivo-slider/js/admin.js
Script Paths
/wp-content/plugins/easy-nivo-slider/3rd-party/jquery.nivo.slider.js
Version Parameters
easy-nivo-slider/3rd-party/nivo-slider.css?ver=easy-nivo-slider/css/easy-nivo-slider.css?ver=easy-nivo-slider/css/admin.css?ver=easy-nivo-slider/3rd-party/jquery.nivo.slider.js?ver=

HTML / DOM Fingerprints

CSS Classes
nivoSlider
Data Attributes
data-nivo-active-pagedata-nivo-directiondata-nivo-effectdata-nivo-pausedata-nivo-speed
JS Globals
easy_nivo_slider_options
FAQ

Frequently Asked Questions about Easy Nivo Slider