flshow Manager Security & Risk Analysis
wordpress.org/plugins/flshow-managerThis plugin adds a management interface for the flShow photo carousel as well as template tags to insert the carousel into your WordPress template.
Is flshow Manager Safe to Use in 2026?
Generally Safe
Score 100/100flshow Manager has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The flshow-manager v1.1.1 plugin exhibits a concerning security posture due to a significant number of unprotected AJAX handlers. While the plugin demonstrates good practices in avoiding dangerous functions and using prepared statements for SQL queries, the complete lack of capability checks on its six AJAX entry points is a major vulnerability. This means any user, regardless of their WordPress role, can trigger these actions, potentially leading to unauthorized operations or information disclosure.
The taint analysis reveals that a high percentage of data flows involve unsanitized paths, although no critical or high severity issues were flagged. This suggests a potential for input manipulation, but the lack of documented vulnerabilities in its history is a positive sign. However, the absence of vulnerabilities can sometimes indicate a lack of rigorous security auditing or that past issues were not publicly disclosed.
In conclusion, the plugin has strengths in its SQL handling and lack of known serious code flaws. Nevertheless, the unprotected AJAX handlers and the taint analysis findings present a notable risk. It is crucial to implement proper authentication and authorization checks for all AJAX actions to mitigate these risks. Until these are addressed, the plugin should be considered with caution.
Key Concerns
- 6 AJAX handlers without auth checks
- 75 outputs, 0% properly escaped
- Flows with unsanitized paths
- Nonce checks: 1 (out of 6 entry points)
- Capability checks: 0
flshow Manager Security Vulnerabilities
flshow Manager Code Analysis
Output Escaping
Data Flow Analysis
flshow Manager Attack Surface
AJAX Handlers 6
WordPress Hooks 5
Maintenance & Trust
flshow Manager Maintenance & Trust
Maintenance Signals
Community Trust
flshow Manager Alternatives
Embed Google Photos album
embed-google-photos-album-easily
Embed Google Photos album using Player widget.
NextGEN Gallery Date
nextgen-gallery-date
This plugin will let you sort the galleries by date and get info about gallery creation (and modification) date.
Smart Slider 3
smart-slider-3
Responsive slider plugin to create sliders in visual editor easily. Build beautiful image slider, layer slider, video slider, post slider, and more.
Carousel, Slider, Photo Gallery with Lightbox, Video Slider, by WP Carousel
wp-carousel-free
Carousel, Slider, and Photo Gallery with Lightbox plugin. Create Image Carousel, Video Slider, Post Carousel, Post Grid, Product Carousel, and more.
Slider by Soliloquy – Responsive Image Slider for WordPress
soliloquy-lite
The best WordPress slider plugin. Drag & Drop responsive slider builder that helps you create a beautiful image slideshows with just a few clicks.
flshow Manager Developer Profile
2 plugins · 20 total installs
How We Detect flshow Manager
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/flshow-manager/resources/jquery.tablednd.js/wp-content/plugins/flshow-manager/resources/flShow.js/wp-content/plugins/flshow-manager/resources/swfobject.js/wp-content/plugins/flshow-manager/resources/flshow.cssresources/jquery.tablednd.jsresources/flShow.jsresources/swfobject.jsflshow-manager/resources/flshow.css?ver=HTML / DOM Fingerprints
flshow-management-navdata-flshow-settingsflshow/wp-json/flshow-manager/v1/settings[flshow-manager id=