WP-Safety

Plugin Name: GMO Slider Security & Risk Analysis

wordpress.org/plugins/gmo-slider

GMO Slider plugin let you insert sliders in posts and pages. The control screen is simple, for anyone to easily use. GMO Slider supports images as wel …

10 active installs v1.2 PHP + WP 3.8+ Updated Jan 29, 2016
widget
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Plugin Name: GMO Slider Safe to Use in 2026?

Generally Safe

Score 85/100

Plugin Name: GMO Slider has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago
Risk Assessment

The gmo-slider plugin version 1.2 exhibits a concerning security posture due to its unprotected entry points and widespread output escaping issues. While the plugin demonstrates good practices in handling SQL queries with prepared statements and includes nonce and capability checks, these strengths are overshadowed by critical weaknesses. The presence of three AJAX handlers without any authentication or authorization checks creates a significant attack surface, making it vulnerable to unauthorized actions. Furthermore, the complete lack of output escaping on 176 outputs means that any data displayed by the slider could potentially be manipulated to execute malicious code, such as cross-site scripting (XSS) attacks.

The taint analysis shows two flows with unsanitized paths, which, combined with the lack of output escaping, strongly suggests a risk of XSS vulnerabilities. Although there's no recorded vulnerability history (CVEs), this absence does not guarantee future security. It might indicate a lack of historical scrutiny or that past vulnerabilities were not publicly disclosed. The plugin's strengths in SQL handling and the existence of some security checks are commendable, but they are insufficient to mitigate the severe risks posed by unprotected AJAX endpoints and unescaped output. A critical review and immediate remediation of these issues are highly recommended.

Key Concerns

  • AJAX handlers without auth checks
  • No output escaping
  • Taint flows with unsanitized paths
Vulnerabilities
None known

Plugin Name: GMO Slider Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Plugin Name: GMO Slider Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
176
0 escaped
Nonce Checks
4
Capability Checks
4
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared1 total queries

Output Escaping

0% escaped176 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
printSearchResults (classes\GMOsliderSlideInserter.php:53)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Plugin Name: GMO Slider Attack Surface

Entry Points3
Unprotected3

AJAX Handlers 3

authwp_ajax_gmoslider_slide_inserter_search_queryclasses\GMOsliderAJAX.php:6
authwp_ajax_gmoslider_jquery_image_gallery_load_stylesheetclasses\GMOsliderAJAX.php:8
noprivwp_ajax_gmoslider_jquery_image_gallery_load_stylesheetclasses\GMOsliderAJAX.php:9
WordPress Hooks 18
actionadmin_initclasses\GMOsliderGeneralSettings.php:35
actionadmin_menuclasses\GMOsliderGeneralSettings.php:37
actionadmin_enqueue_scriptsclasses\GMOsliderGeneralSettings.php:39
actioninitclasses\GMOsliderPostType.php:8
actionsave_postclasses\GMOsliderPostType.php:9
actionadmin_enqueue_scriptsclasses\GMOsliderPostType.php:10
actionadmin_action_gmoslider_jquery_image_gallery_duplicate_gmosliderclasses\GMOsliderPostType.php:12
filterpost_updated_messagesclasses\GMOsliderPostType.php:14
filterpost_row_actionsclasses\GMOsliderPostType.php:15
actionmedia_buttonsclasses\GMOsliderShortcode.php:16
actionadmin_enqueue_scriptsclasses\GMOsliderShortcode.php:18
actionadmin_footerclasses\GMOsliderSlideInserter.php:6
filterposts_whereclasses\GMOsliderSlideInserter.php:73
actionwp_enqueue_scriptsclasses\GMOsliderStylesheet.php:8
actioninitgmoslider.php:42
actionadmin_enqueue_scriptsgmoslider.php:44
actiongmoslider_slidergmoslider.php:54
actionwidgets_initgmoslider.php:58
Maintenance & Trust

Plugin Name: GMO Slider Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34
Last updatedJan 29, 2016
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Plugin Name: GMO Slider Alternatives

Classic Widgets

Classic Widgets

classic-widgets

A
100

Enables the previous "classic" widgets settings screens in Appearance - Widgets and the Customizer. Disables the block editor from managing widgets.

2.0M No CVEs
ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

elementskit-lite

A
89

Join millions who empower their websites with ElementsKit Elementor Addons. Get templates, & 100+ widgets like header-footer, mega menu, custom widget

2.0M 22 CVEs
Essential Addons for Elementor – Popular Elementor Templates & Widgets

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

B
76

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs
Ultimate Addons for Elementor

Ultimate Addons for Elementor

header-footer-elementor

A
96

Powerful Elementor addon with advanced Elementor widgets, templates, WooCommerce widgets & Header-Footer builder to build professional websites fa …

2.0M 12 CVEs
Smash Balloon Social Photo Feed – Easy Social Feeds Plugin

Smash Balloon Social Photo Feed – Easy Social Feeds Plugin

instagram-feed

A
98

Formerly "Instagram Feed". Display clean, customizable, and responsive Instagram feeds from multiple accounts. Supports Instagram oEmbeds.

1.0M 4 CVEs
Developer Profile

Plugin Name: GMO Slider Developer Profile

Z.com byGMO

6 plugins · 250 total installs

86
trust score
Avg Security Score
88/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Plugin Name: GMO Slider

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gmo-slider/css/gmoslider-admin.css/wp-content/plugins/gmo-slider/js/gmoslider-admin.js/wp-content/plugins/gmo-slider/style/GMOslider/functional.css/wp-content/plugins/gmo-slider/flexslider/flexslider.css/wp-content/plugins/gmo-slider/css/gmoslider.css/wp-content/plugins/gmo-slider/js/jquery.easing.1.3.min.js/wp-content/plugins/gmo-slider/flexslider/jquery.flexslider.min.js/wp-content/plugins/gmo-slider/js/gmoslider.js
Script Paths
//www.youtube.com/iframe_api/wp-content/plugins/gmo-slider/js/gmoslider-admin.js/wp-content/plugins/gmo-slider/js/jquery.easing.1.3.min.js/wp-content/plugins/gmo-slider/flexslider/jquery.flexslider.min.js/wp-content/plugins/gmo-slider/js/gmoslider.js
Version Parameters
gmo-slider/js/gmoslider-admin.js?ver=gmo-slider/style/GMOslider/functional.css?ver=gmo-slider/flexslider/flexslider.css?ver=gmo-slider/css/gmoslider.css?ver=gmo-slider/js/jquery.easing.1.3.min.js?ver=gmo-slider/flexslider/jquery.flexslider.min.js?ver=gmo-slider/js/gmoslider.js?ver=

HTML / DOM Fingerprints

CSS Classes
gmoslider-wrappergmoslider-container
HTML Comments
<!-- WordPress GMO Slider - No GMO Slider available -->
Data Attributes
data-gmoslider-id
JS Globals
GMOsliderSettings_gmoslider_jquery_image_gallery_script_adminURL
Shortcode Output
[gmoslider
FAQ

Frequently Asked Questions about Plugin Name: GMO Slider