WP-Safety

Envoke Supersized Security & Risk Analysis

wordpress.org/plugins/envoke-supersized

This plugin creates an easy to use interface for managing the Supersized jQuery Plugin on your site.

60 active installs v2.2.1 PHP + WP 3.5.1+ Updated Apr 13, 2016
backgroundfullscreengalleryslideshowsupersized
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Envoke Supersized Safe to Use in 2026?

Generally Safe

Score 85/100

Envoke Supersized has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago
Risk Assessment

The envoke-supersized plugin version 2.2.1 exhibits a strong security posture based on the provided static analysis. The absence of any detected AJAX handlers, REST API routes, shortcodes, or cron events with direct attack surfaces is a significant positive indicator. Furthermore, the code signals show no dangerous functions, no raw SQL queries (all prepared statements), no file operations, and no external HTTP requests. The presence of nonce and capability checks, even if limited, suggests an awareness of WordPress security best practices. Taint analysis also yielded no concerning results, indicating no identified pathways for malicious data injection.

However, a notable concern arises from the output escaping analysis, where only 47% of outputs are properly escaped. This leaves a portion of the plugin's output potentially vulnerable to Cross-Site Scripting (XSS) attacks if user-supplied data is not handled correctly before being rendered. While the vulnerability history shows no known CVEs, which is excellent, the lack of a robust output sanitization strategy presents a weakness that could be exploited. The plugin's strengths lie in its limited attack surface and secure data handling for SQL and external requests, but the unescaped output represents a tangible risk that should be addressed.

Key Concerns

  • Significant portion of output not properly escaped
Vulnerabilities
None known

Envoke Supersized Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Envoke Supersized Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
23
20 escaped
Nonce Checks
2
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

47% escaped43 total outputs
Attack Surface

Envoke Supersized Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 17
actioninitenvoke_supersized.php:65
actioninitincludes\class-enss-back-compat.php:65
filterenss-per-post-have-imagesincludes\class-enss-back-compat.php:71
filterenss-per-post-get-imagesincludes\class-enss-back-compat.php:72
actionwp_enqueue_scriptsincludes\class-enss-front-end.php:50
filterbody_classincludes\class-enss-front-end.php:51
actionwp_footerincludes\class-enss-front-end.php:52
actionadmin_enqueue_scriptsincludes\class-enss-per-post-override.php:92
actionadd_meta_boxesincludes\class-enss-per-post-override.php:93
actionsave_postincludes\class-enss-per-post-override.php:94
filteris_protected_metaincludes\class-enss-per-post-override.php:95
actioninitincludes\class-enss-settings.php:128
actionadmin_enqueue_scriptsincludes\class-enss-settings.php:130
actionadmin_menuincludes\class-enss-settings.php:131
actioninitincludes\class-enss-slide.php:82
actioninitincludes\class-enss-slide.php:83
actionadmin_enqueue_scriptsincludes\class-enss-slide.php:86
Maintenance & Trust

Envoke Supersized Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28
Last updatedApr 13, 2016
PHP min version
Downloads11K

Community Trust

Rating100/100
Number of ratings5
Active installs60
Alternatives

Envoke Supersized Alternatives

Easy Fullscreen Slider

Easy Fullscreen Slider

easy-fullscreen-slider

A
85

An easy-to-use WordPress fullscreen slider plugin for Supersized.

100 No CVEs
Jellyfish backdrop

Jellyfish backdrop

jellyfish-backdrop

A
85

Fullscreen background images and background slideshows on any WordPress post or page. Easily upload and select images using the media library.

100 No CVEs
cbVegas

cbVegas

cb-vegas

A
85

Requires at least: 3.9 Tested up to: 4.7.2 Stable tag: 0.3.6 Version: 0.3.6 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.

20 No CVEs
RokGallery Background Slideshow

RokGallery Background Slideshow

rokgallery-background-slideshow

A
85

Display your RokGallery galleries as an slideshow in the background of your site.

10 No CVEs
Smart Slider 3

Smart Slider 3

smart-slider-3

A
89

Responsive slider plugin to create sliders in visual editor easily. Build beautiful image slider, layer slider, video slider, post slider, and more.

800K 8 CVEs
Developer Profile

Envoke Supersized Developer Profile

Chris Marslender

2 plugins · 70 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Envoke Supersized

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/envoke-supersized/assets/css/envoke_supersized.min.css/wp-content/plugins/envoke-supersized/assets/js/enss-front-end.min.js
Script Paths
/wp-content/plugins/envoke-supersized/assets/js/enss-front-end.min.js
Version Parameters
envoke-supersized/assets/css/envoke_supersized.min.css?ver=envoke-supersized/assets/js/enss-front-end.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
enss-overlayenss-containerenss-overlay-load-item
HTML Comments
thumbnail navigation currently not used at allThumbnail NavigationArrow NavigationTime Bar+5 more
Data Attributes
id="supersized_overlay"id="prevthumb"id="nextthumb"id="prevslide"id="nextslide"id="thumb-tray"+16 more
JS Globals
ENSS
FAQ

Frequently Asked Questions about Envoke Supersized