WP-Safety

Product Carousel Slider for Elementor Security & Risk Analysis

wordpress.org/plugins/ecommerce-product-carousel-slider-for-elementor

Product Carousel Slider for Elementor Lets you display your WooCommerce Products as Carousel Slider. You can now display your WooCommerce Products usi …

1K active installs v2.1.3 PHP 7.4+ WP 5.0+ Updated Nov 5, 2024
elementor-product-carousel-sliderelementor-woocommerce-product-carousel-sliderwoocommerce-product-carousel-slider
70
B · Generally Safe
CVEs total1
Unpatched1
Last CVESep 5, 2025
Plugin page Download
Safety Verdict

Is Product Carousel Slider for Elementor Safe to Use in 2026?

Mostly Safe

Score 70/100

Product Carousel Slider for Elementor is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Sep 5, 2025Updated 1yr ago
Risk Assessment

This plugin exhibits a concerning security posture due to multiple unprotected entry points and a history of critical vulnerability types. The static analysis reveals a significant attack surface with 3 AJAX handlers, all of which lack authentication checks. This means that any unauthenticated user could potentially trigger these handlers, leading to unintended actions or information disclosure. While the plugin does not appear to use dangerous functions directly and all SQL queries are prepared, the lack of proper authorization on its AJAX endpoints is a major weakness. The taint analysis, although limited in scope (2 flows), identified unsanitized paths, which, combined with the unprotected AJAX handlers, raises concerns about potential injection vulnerabilities if user-supplied data is not properly handled. The vulnerability history further exacerbates these concerns, with one unpatched medium-severity vulnerability, specifically noted as 'Missing Authorization'. This pattern of authorization issues suggests a recurring problem that needs to be addressed. In conclusion, while the plugin demonstrates good practices in SQL query handling and output escaping (though not perfect), the fundamental lack of authorization on its entry points and its past vulnerability history present a significant risk.

Key Concerns

  • AJAX handlers without auth checks
  • Unsanitized paths in taint analysis
  • Unpatched medium severity CVE
  • Missing nonce checks
  • Missing capability checks
  • Output escaping not fully implemented
Vulnerabilities
1

Product Carousel Slider for Elementor Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-58816medium · 4.3Missing Authorization

Product Carousel Slider for Elementor <= 2.1.3 - Missing Authorization

Sep 5, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

Product Carousel Slider for Elementor Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
20
73 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

78% escaped93 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
goodbye_form_callback (class-plugin-deactivate-feedback.php:365)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Product Carousel Slider for Elementor Attack Surface

Entry Points3
Unprotected3

AJAX Handlers 3

authwp_ajax_wpce_goodbye_formclass-plugin-deactivate-feedback.php:63
authwp_ajax_wb_wpce_review_transientclass-plugin-review.php:21
authwp_ajax_process_wpce_promo_formsupport-page\class-support-page.php:24
WordPress Hooks 26
actionadmin_menuadmin\admin-pages.php:2
actionadmin_enqueue_scriptsadmin\admin-pages.php:99
actionadmin_initadmin\admin-pages.php:112
actionadmin_noticesadmin\notices\support.php:10
actionadmin_noticesadmin\woo-product-slider-utils.php:16
actionadmin_noticesadmin\woo-product-slider-utils.php:21
actionadmin_noticesadmin\woo-product-slider-utils.php:27
actionadmin_noticesadmin\woo-product-slider-utils.php:33
actionadmin_enqueue_scriptsadmin\woo-product-slider-utils.php:38
actionelementor/frontend/after_enqueue_stylesadmin\woo-product-slider-utils.php:39
actionelementor/frontend/after_register_scriptsadmin\woo-product-slider-utils.php:42
actionelementor/widgets/registeradmin\woo-product-slider-utils.php:45
actionadmin_footer-plugins.phpclass-plugin-deactivate-feedback.php:62
actionadmin_enqueue_scriptsclass-plugin-deactivate-feedback.php:65
filterwp_mail_content_typeclass-plugin-deactivate-feedback.php:119
actionadmin_noticesclass-plugin-review.php:19
actionadmin_footerclass-plugin-review.php:20
actionwp_headsupport-page\class-support-page.php:6
actionadmin_enqueue_scriptssupport-page\class-support-page.php:142
actionadmin_menusupport-page\class-support-page.php:171
actionelementor/initwoo-product-slider-for-elementor.php:43
actionplugins_loadedwoo-product-slider-for-elementor.php:101
actionwp_footerwoo-product-slider-for-elementor.php:103
filtercustom_menu_orderwoo-product-slider-for-elementor.php:143
actionupgrader_process_completewoo-product-slider-for-elementor.php:153
actioninitwoo-product-slider-for-elementor.php:154
Maintenance & Trust

Product Carousel Slider for Elementor Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedNov 5, 2024
PHP min version7.4
Downloads36K

Community Trust

Rating88/100
Number of ratings40
Active installs1K
Alternatives

Product Carousel Slider for Elementor Alternatives

No alternatives data available yet.

Developer Profile

Product Carousel Slider for Elementor Developer Profile

Plugin Devs

14 plugins · 18K total installs

78
trust score
Avg Security Score
85/100
Avg Patch Time
60 days
View full developer profile
Detection Fingerprints

How We Detect Product Carousel Slider for Elementor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ecommerce-product-carousel-slider-for-elementor/assets/css/wpce-slider.css/wp-content/plugins/ecommerce-product-carousel-slider-for-elementor/assets/css/wpce-responsive.css/wp-content/plugins/ecommerce-product-carousel-slider-for-elementor/assets/js/wpce-slider.js/wp-content/plugins/ecommerce-product-carousel-slider-for-elementor/assets/js/owl.carousel.min.js/wp-content/plugins/ecommerce-product-carousel-slider-for-elementor/assets/js/wpce-custom-script.js/wp-content/plugins/ecommerce-product-carousel-slider-for-elementor/assets/js/elementor-addon.js
Script Paths
/wp-content/plugins/ecommerce-product-carousel-slider-for-elementor/assets/js/wpce-slider.js/wp-content/plugins/ecommerce-product-carousel-slider-for-elementor/assets/js/owl.carousel.min.js/wp-content/plugins/ecommerce-product-carousel-slider-for-elementor/assets/js/wpce-custom-script.js/wp-content/plugins/ecommerce-product-carousel-slider-for-elementor/assets/js/elementor-addon.js
Version Parameters
ecommerce-product-carousel-slider-for-elementor/assets/css/wpce-slider.css?ver=ecommerce-product-carousel-slider-for-elementor/assets/css/wpce-responsive.css?ver=ecommerce-product-carousel-slider-for-elementor/assets/js/wpce-slider.js?ver=ecommerce-product-carousel-slider-for-elementor/assets/js/owl.carousel.min.js?ver=ecommerce-product-carousel-slider-for-elementor/assets/js/wpce-custom-script.js?ver=ecommerce-product-carousel-slider-for-elementor/assets/js/elementor-addon.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpce-slider-wrapperwpce-single-itemwpce-item-contentwpce-slider-carouselwpce-product-carousel-wrapperwpce-product-slider-carouselwpce-product-details
HTML Comments
<!-- Elementor End Addons --><!-- Elementor End Addons -->
Data Attributes
data-wpce-responsive-settings
JS Globals
wpce_custom_js_data
FAQ

Frequently Asked Questions about Product Carousel Slider for Elementor