Does GPP Slideshow have any unpatched vulnerabilities?

Yes — GPP Slideshow currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is GPP Slideshow compatible with WordPress 3.7.41?

According to WordPress.org data, GPP Slideshow 1.3.5 has been tested up to WordPress 3.7.41. Check the plugin's changelog for the latest compatibility information.

How often is GPP Slideshow updated?

GPP Slideshow was last updated on Jan 7, 2014. Frequent updates are generally a positive security signal.

What is GPP Slideshow's security score?

GPP Slideshow has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

GPP Slideshow Security & Risk Analysis

wordpress.org/plugins/gpp-slideshow

A minimalist slideshow plugin that creates a new gallery post type. Add slideshows to widgets, posts, pages and gallery posts.

200 active installs v1.3.5 PHP + WP 3.5+ Updated Jan 7, 2014

galleryimagesphotosportfolioslideshow

C · Use Caution

CVEs total1

Unpatched1

Last CVEJun 5, 2025

Plugin page Download

Safety Verdict

Is GPP Slideshow Safe to Use in 2026?

Use With Caution

Score 63/100

GPP Slideshow has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Jun 5, 2025Updated 12yr ago

Risk Assessment

The gpp-slideshow plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and includes some capability checks and a nonce check. There are no detected dangerous functions or external HTTP requests, and it doesn't bundle external libraries. However, a significant concern arises from the presence of an unprotected AJAX handler, which represents a direct entry point for potential attacks without proper authentication or authorization.

The static analysis did not reveal any taint flows, which is a positive indicator. Nevertheless, the limited output escaping (only 6% properly escaped) suggests a risk of Cross-Site Scripting (XSS) vulnerabilities in the plugin's output, even if not explicitly flagged by the taint analysis in this run. The plugin has a history of a medium severity vulnerability related to missing authorization, and the fact that this vulnerability is currently unpatched is a critical red flag.

In conclusion, while the plugin shows some security strengths in areas like SQL handling, the unprotected AJAX endpoint and the unpatched medium-severity vulnerability significantly detract from its overall security. The poor output escaping further compounds these risks, making the plugin a notable security concern that requires immediate attention and patching.

Key Concerns

Unpatched CVE
Unprotected AJAX handler
Low output escaping percentage

Vulnerabilities

GPP Slideshow Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-28996medium · 4.3Missing Authorization

GPP Slideshow <= 1.3.5 - Missing Authorization

Jun 5, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

GPP Slideshow Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

6% escaped69 total outputs

Attack Surface

1 unprotected

GPP Slideshow Attack Surface

Entry Points3

Unprotected1

AJAX Handlers 1

authwp_ajax_gpp_imageurlgpp_scripts.php:96

Shortcodes 2

[gallery] gpp_functions.php:158

[gallery] gpp_functions.php:164

WordPress Hooks 28

actioninitgpp_activate.php:31

actionadmin_noticesgpp_activate.php:50

filterplugin_action_linksgpp_activate.php:68

actionadmin_initgpp_ecommerce.php:8

actionadmin_menugpp_ecommerce.php:10

filterattachment_fields_to_editgpp_ecommerce.php:107

filterattachment_fields_to_savegpp_ecommerce.php:108

actionplugins_loadedgpp_ecommerce.php:160

actionadmin_headgpp_functions.php:114

actionwp_headgpp_functions.php:151

actioninitgpp_init.php:7

actioninitgpp_init.php:62

actionadmin_initgpp_init.php:94

actionadmin_menugpp_init.php:96

actionadmin_menugpp_init.php:193

actiontemplate_redirectgpp_init.php:254

actionwp_print_stylesgpp_init.php:263

actiontemplate_redirectgpp_init.php:276

actionwp_print_stylesgpp_init.php:287

actiontemplate_redirectgpp_init.php:300

actionwp_print_stylesgpp_init.php:307

actionadmin_menugpp_meta.php:71

actionsave_postgpp_meta.php:73

actionadmin_headgpp_scripts.php:87

actionwp_print_stylesgpp_scripts.php:129

actioninitgpp_scripts.php:154

actionwp_headgpp_scripts.php:163

actionwidgets_initgpp_widget.php:8

Maintenance & Trust

GPP Slideshow Maintenance & Trust

Maintenance Signals

WordPress version tested3.7.41

Last updatedJan 7, 2014

PHP min version

Downloads70K

Community Trust

Rating50/100

Number of ratings2

Active installs200

Alternatives

GPP Slideshow Alternatives

WPJaipho Mobile Gallery

wpjaipho

WPJaipho extends native Wordpress image gallery, NextGEN 1.x and NextCellent Gallery with optimized support for mobile users

60 No CVEs

NextGEN Gallery Date

nextgen-gallery-date

This plugin will let you sort the galleries by date and get info about gallery creation (and modification) date.

20 No CVEs

SSP Director Tools

ssp-director-tools

SSP Director Tools give you means for integrating SlideShowPro Director content into a WordPress blog.

10 No CVEs

Lightbox with PhotoSwipe

lightbox-photoswipe

100

Integration of PhotoSwipe (http://photoswipe.com) for WordPress.

20K No CVEs

Embed Google Photos album

embed-google-photos-album-easily

Embed Google Photos album using Player widget.

4K 1 CVE

Developer Profile

GPP Slideshow Developer Profile

Thad Allender

7 plugins · 1K total installs

trust score

Avg Security Score

82/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect GPP Slideshow

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/gpp-slideshow/css/style.css

Version Parameters

gpp-slideshow/css/style.css?ver=

HTML / DOM Fingerprints

CSS Classes

gpp_slideshow_wrappereachthumbs

Data Attributes

gpp_gallery_hiddenids

JS Globals

gpp_gallery_meta_box

Shortcode Output

[gallery ids=

FAQ