WP-Safety

GS Books Showcase – Display Books in Grid, Slider & More | Library for WordPress Security & Risk Analysis

wordpress.org/plugins/gs-books-showcase

Showcase your books in Grid, Slider, Filter & Flip layouts. GS Books Showcase is the ultimate book library plugin for WordPress.

500 active installs v3.1.1 PHP 5.6+ WP 4.3+ Updated Feb 22, 2026
affiliate-marketingauthorbooksgenreseries
99
A · Safe
CVEs total2
Unpatched0
Last CVEDec 11, 2024
Plugin page Download
Safety Verdict

Is GS Books Showcase – Display Books in Grid, Slider & More | Library for WordPress Safe to Use in 2026?

Generally Safe

Score 99/100

GS Books Showcase – Display Books in Grid, Slider & More | Library for WordPress has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Dec 11, 2024Updated 1mo ago
Risk Assessment

The gs-books-showcase v3.1.1 plugin presents a mixed security posture. On the positive side, it demonstrates good practices with a high percentage of properly escaped output and a significant portion of SQL queries utilizing prepared statements. The absence of bundled libraries and external HTTP requests that could be exploited for code execution are also strengths. However, significant concerns arise from the attack surface, with 7 out of 25 entry points lacking authentication checks, particularly AJAX handlers. This directly correlates with the taint analysis, which revealed 4 high-severity flows with unsanitized paths. While there are no currently unpatched CVEs, the history of 2 medium-severity Cross-Site Scripting (XSS) vulnerabilities, with the most recent in December 2024, indicates a recurring pattern of input validation weaknesses that attackers could potentially leverage.

The presence of multiple high-severity taint flows and the lack of authentication on several AJAX handlers represent the most immediate risks, suggesting potential for unauthorized actions or data manipulation. The past XSS vulnerabilities, even though patched, highlight a persistent area for improvement in input sanitization. While the plugin has a good number of implemented checks (nonce and capability), their effectiveness is diminished when critical entry points are not protected by authentication. Overall, the plugin is not critically insecure but requires immediate attention to address the unprotected entry points and the identified high-severity taint flows to mitigate the risk of exploitation.

Key Concerns

  • Unprotected AJAX handlers
  • High severity taint flows
  • Past XSS vulnerabilities
Vulnerabilities
2

GS Books Showcase – Display Books in Grid, Slider & More | Library for WordPress Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2024-11766medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WordPress Book Plugin for Displaying Books in Grid, Flip, Slider, Popup Layout and more <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 11, 2024 Patched in 1.3.2 (1d)
CVE-2023-0541medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

GS Books Showcase <= 1.3.0 - Authenticator (Contributor+) Stored Cross-Site Scripting via Shortcode

Jan 30, 2023 Patched in 1.3.1 (358d)
Code Analysis
Analyzed Mar 16, 2026

GS Books Showcase – Display Books in Grid, Slider & More | Library for WordPress Code Analysis

Dangerous Functions
0
Raw SQL Queries
7
16 prepared
Unescaped Output
76
497 escaped
Nonce Checks
21
Capability Checks
23
File Operations
4
External Requests
6
Bundled Libraries
0

SQL Query Safety

70% prepared23 total queries

Output Escaping

87% escaped573 total outputs
Data Flows
7 unsanitized

Data Flow Analysis

9 flows7 with unsanitized paths
gsadmin_signup_notice_message (includes\notices.php:88)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
7 unprotected

GS Books Showcase – Display Books in Grid, Slider & More | Library for WordPress Attack Surface

Entry Points25
Unprotected7

AJAX Handlers 24

authwp_ajax_gsbooks_dismiss_demo_data_noticeincludes\demo-data\gs-books-dummy-data.php:26
authwp_ajax_gs_books_import_book_dataincludes\demo-data\gs-books-dummy-data.php:27
authwp_ajax_gs_books_remove_book_dataincludes\demo-data\gs-books-dummy-data.php:28
authwp_ajax_gs_books_import_shortcode_dataincludes\demo-data\gs-books-dummy-data.php:29
authwp_ajax_gs_books_remove_shortcode_dataincludes\demo-data\gs-books-dummy-data.php:30
authwp_ajax_gs_books_import_all_dataincludes\demo-data\gs-books-dummy-data.php:31
authwp_ajax_gs_books_remove_all_dataincludes\demo-data\gs-books-dummy-data.php:32
authwp_ajax_gs_books_export_dataincludes\import-export.php:17
authwp_ajax_gs_books_import_dataincludes\import-export.php:18
authwp_ajax_gs_books_create_shortcodeincludes\shortcode-builder\builder.php:22
authwp_ajax_gs_books_clone_shortcodeincludes\shortcode-builder\builder.php:23
authwp_ajax_gs_books_get_shortcodeincludes\shortcode-builder\builder.php:24
authwp_ajax_gs_books_update_shortcodeincludes\shortcode-builder\builder.php:25
authwp_ajax_gs_books_delete_shortcodesincludes\shortcode-builder\builder.php:26
authwp_ajax_gs_books_temp_save_shortcode_settingsincludes\shortcode-builder\builder.php:27
authwp_ajax_gs_books_get_shortcodesincludes\shortcode-builder\builder.php:28
authwp_ajax_gs_books_get_shortcode_prefincludes\shortcode-builder\builder.php:30
authwp_ajax_gs_books_save_shortcode_prefincludes\shortcode-builder\builder.php:31
authwp_ajax_gs_books_get_localizationincludes\shortcode-builder\builder.php:33
authwp_ajax_gs_books_save_localizationincludes\shortcode-builder\builder.php:34
authwp_ajax_gsbooks_get_taxonomy_settingsincludes\shortcode-builder\builder.php:36
authwp_ajax_gsbooks_save_taxonomy_settingsincludes\shortcode-builder\builder.php:37
authwp_ajax_gsbooks_get_fields_visibility_settingsincludes\shortcode-builder\builder.php:39
authwp_ajax_gsbooks_save_fields_visibility_settingsincludes\shortcode-builder\builder.php:40

Shortcodes 1

[gs_bookshowcase] includes\shortcode.php:22
WordPress Hooks 87
actionswitch_themeincludes\appsero\Insights.php:166
actionswitch_themeincludes\appsero\Insights.php:167
actionadmin_footerincludes\appsero\Insights.php:177
actionadmin_noticesincludes\appsero\Insights.php:192
actionadmin_initincludes\appsero\Insights.php:195
filtercron_schedulesincludes\appsero\Insights.php:199
actionwp_footerincludes\asset-generator\gs-asset-generator-base.php:21
actionpost_updatedincludes\asset-generator\gs-asset-generator-base.php:22
filterwidget_update_callbackincludes\asset-generator\gs-asset-generator-base.php:23
actionupdate_option_sidebars_widgetsincludes\asset-generator\gs-asset-generator-base.php:24
actiongsp_shortcode_updatedincludes\asset-generator\gs-asset-generator-base.php:25
actiongsp_preference_updateincludes\asset-generator\gs-asset-generator-base.php:26
filtermanage_edit-gs_bookshowcase_columnsincludes\columns.php:20
actionmanage_posts_custom_columnincludes\columns.php:21
actioninitincludes\cpt.php:15
actioninitincludes\cpt.php:16
actionafter_setup_themeincludes\cpt.php:17
actionadmin_initincludes\demo-data\gs-books-dummy-data.php:33
actionedit_post_gs_book_showcase_sliderincludes\demo-data\gs-books-dummy-data.php:36
actiongsbooks_dummy_attachments_process_startincludes\demo-data\gs-books-dummy-data.php:39
actiongsbooks_dummy_attachments_process_finishedincludes\demo-data\gs-books-dummy-data.php:51
actiongsbooks_dummy_terms_process_finishedincludes\demo-data\gs-books-dummy-data.php:59
actiongsbooks_dummy_books_process_finishedincludes\demo-data\gs-books-dummy-data.php:67
actiongsbooks_dummy_shortcodes_process_startincludes\demo-data\gs-books-dummy-data.php:80
actiongsbooks_dummy_shortcodes_process_finishedincludes\demo-data\gs-books-dummy-data.php:92
filterhttp_request_argsincludes\demo-data\gs-books-dummy-data.php:749
filterget_terms_orderbyincludes\functions.php:135
actionadmin_noticesincludes\functions.php:295
filterwp_calculate_image_srcset_metaincludes\functions.php:355
actioninitincludes\gs-common-pages\gs-book-common-pages.php:7
actionadmin_menuincludes\gs-common-pages\gs-plugins-common-pages.php:13
actionadmin_menuincludes\gs-common-pages\gs-plugins-common-pages.php:14
actionadmin_enqueue_scriptsincludes\gs-common-pages\gs-plugins-common-pages.php:15
filtertemplate_includeincludes\hooks.php:12
filtertemplate_includeincludes\hooks.php:13
filtertaxonomy_templateincludes\hooks.php:14
actioninitincludes\hooks.php:15
actionadmin_menuincludes\hooks.php:16
actionadmin_menuincludes\hooks.php:17
actionin_admin_headerincludes\hooks.php:18
filterplugin_row_metaincludes\hooks.php:19
actionplugins_loadedincludes\hooks.php:20
filterpost_type_archive_linkincludes\hooks.php:21
actionadmin_menuincludes\import-export.php:19
actionplugins_loadedincludes\init.php:17
actioninitincludes\init.php:27
actioninitincludes\init.php:43
actioninitincludes\integrations\integration-beaver.php:23
actiondivi_extensions_initincludes\integrations\integration-divi.php:23
actionet_builder_modules_loadedincludes\integrations\integration-divi.php:31
actionwp_enqueue_scriptsincludes\integrations\integration-divi.php:32
actionwp_headincludes\integrations\integration-divi.php:33
actionelementor/widgets/registerincludes\integrations\integration-elementor.php:23
actionelementor/elements/categories_registeredincludes\integrations\integration-elementor.php:24
actionelementor/editor/after_enqueue_scriptsincludes\integrations\integration-elementor.php:26
actionelementor/editor/after_enqueue_stylesincludes\integrations\integration-elementor.php:27
actionelementor/preview/enqueue_stylesincludes\integrations\integration-elementor.php:29
actionelementor/preview/enqueue_scriptsincludes\integrations\integration-elementor.php:30
actioninitincludes\integrations\integration-gutenberg.php:18
actionenqueue_block_editor_assetsincludes\integrations\integration-gutenberg.php:19
actionplugins_loadedincludes\integrations\integration-oxygen.php:20
actioninitincludes\integrations\integration-oxygen.php:21
actionct_builder_startincludes\integrations\integration-oxygen.php:28
actionct_builder_endincludes\integrations\integration-oxygen.php:32
actionwp_enqueue_scriptsincludes\integrations\integration-oxygen.php:50
actiontd_global_afterincludes\integrations\integration-tagdiv.php:21
actionwp_enqueue_scriptsincludes\integrations\integration-tagdiv.php:22
actionadmin_enqueue_scriptsincludes\integrations\integration-tagdiv.php:23
actionvc_before_initincludes\integrations\integration-wpb-vc.php:21
actionadmin_footerincludes\integrations\integration-wpb-vc.php:22
actionadd_meta_boxesincludes\metabox.php:22
actionsave_postincludes\metabox.php:23
actionadmin_noticesincludes\notices.php:75
actionadmin_noticesincludes\notices.php:78
actionplugins_loadedincludes\plugin.php:57
actionwp_enqueue_scriptsincludes\scripts.php:37
actionadmin_enqueue_scriptsincludes\scripts.php:38
actionadmin_headincludes\scripts.php:39
actionwp_footerincludes\scripts.php:397
actionadmin_menuincludes\shortcode-builder\builder.php:18
actionadmin_enqueue_scriptsincludes\shortcode-builder\builder.php:19
actionwp_enqueue_scriptsincludes\shortcode-builder\builder.php:20
actiontemplate_includeincludes\shortcode-builder\builder.php:42
actionshow_admin_barincludes\shortcode-builder\builder.php:43
actionadmin_menuincludes\sortable.php:15
actionadmin_enqueue_scriptsincludes\sortable.php:16
actioninitincludes\template-loader.php:28
Maintenance & Trust

GS Books Showcase – Display Books in Grid, Slider & More | Library for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 22, 2026
PHP min version5.6
Downloads29K

Community Trust

Rating94/100
Number of ratings37
Active installs500
Alternatives

GS Books Showcase – Display Books in Grid, Slider & More | Library for WordPress Alternatives

Books CPT

Books CPT

books

A
92

A WordPress Custom Post Type for books. Supports Genre and Series.

50 No CVEs
HM Books Gallery – Build a Book Showcase, Store or a Library in minutes

HM Books Gallery – Build a Book Showcase, Store or a Library in minutes

wp-books-gallery

A
100

Book Gallery will build a mobile-friendly Book Store, Showcase or Library in a few minutes. You can also display pdfs, documents in a grid/list view.

2K 1 CVE
Osom Author Pro

Osom Author Pro

genesis-author-pro

A
100

The Osom Author Pro plugin creates a library which allows you to add books to any WordPress theme.

1K No CVEs
MyBookTable Bookstore by Stormhill Media

MyBookTable Bookstore by Stormhill Media

mybooktable

C
67

A WordPress Bookstore Plugin to help authors boost book sales on sites like Amazon and Apple iBooks with great-looking book pages.

1K 1 unpatched
Novelist

Novelist

novelist

A
98

Easily organize and display your portfolio of books.

1K 3 CVEs
Developer Profile

GS Books Showcase – Display Books in Grid, Slider & More | Library for WordPress Developer Profile

GS Plugins

19 plugins · 41K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
173 days
View full developer profile
Detection Fingerprints

How We Detect GS Books Showcase – Display Books in Grid, Slider & More | Library for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gs-books-showcase/assets/css/gs-books-showcase-public.css/wp-content/plugins/gs-books-showcase/assets/js/gs-books-showcase-public.js
Version Parameters
gs-books-showcase/assets/css/gs-books-showcase-public.css?ver=gs-books-showcase/assets/js/gs-books-showcase-public.js?ver=

HTML / DOM Fingerprints

CSS Classes
gsb-titlegsb-title h3gs-star-ratinggsb-book-infogsb-book-info pgsb-descgsb-desc p
Data Attributes
gs_book_area_
Shortcode Output
[gs_bookshowcase id=
FAQ

Frequently Asked Questions about GS Books Showcase – Display Books in Grid, Slider & More | Library for WordPress