Does Image Carousel have any unpatched vulnerabilities?

No. All known vulnerabilities in Image Carousel have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Image Carousel compatible with WordPress 6.9.4?

According to WordPress.org data, Image Carousel 1.0.0.41 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Image Carousel updated?

Image Carousel was last updated on Dec 10, 2025. Frequent updates are generally a positive security signal.

What is Image Carousel's security score?

Image Carousel has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Image Carousel Security & Risk Analysis

wordpress.org/plugins/image-carousel

Image Carousel Wordpress plugin that lets you create a beautiful responsive image carousel

1K active installs v1.0.0.41 PHP + WP 3.3+ Updated Dec 10, 2025

block-carouselcarouselgutenberg-carouselimage-carouselslider

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Image Carousel Safe to Use in 2026?

Generally Safe

Score 100/100

Image Carousel has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The image-carousel plugin v1.0.0.41 exhibits a generally good security posture based on the provided static analysis. There are no reported vulnerabilities in its history, and the code shows adherence to several security best practices, including the absence of dangerous functions, all SQL queries using prepared statements, and the presence of nonce and capability checks on its entry points. The limited attack surface, with no unprotected AJAX handlers or REST API routes, further contributes to its perceived safety. However, a notable area of concern is the output escaping, with nearly half of the outputs not being properly escaped. While there are no critical taint flows reported, this lack of robust output sanitization presents a potential risk for cross-site scripting (XSS) vulnerabilities if user-supplied data is directly included in outputs without proper encoding. The plugin also performs file operations, which, while not explicitly flagged as risky in this analysis, warrants attention in a broader security review, especially if the operations are not strictly controlled.

Key Concerns

Nearly half of outputs are not properly escaped
Plugin performs file operations

Vulnerabilities

None known

Image Carousel Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Image Carousel Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

51 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

48% escaped107 total outputs

Attack Surface

Image Carousel Attack Surface

Entry Points5

Unprotected0

AJAX Handlers 3

authwp_ajax_icp_ajax_save_settingsinc\functions\ajax\icp-admin-ajax.php:46

authwp_ajax_icp_clear_cache_ajaxinc\functions\ajax\icp-admin-ajax.php:81

authwp_ajax_icp_free_plugins_pageinc\functions\ajax\icp-admin-ajax.php:331

Shortcodes 2

[icp_widget_carousel] image-carousel.php:71

[gallery] inc\functions\icp-functions.php:41

WordPress Hooks 27

actionwp_enqueue_scriptsimage-carousel.php:35

actioninitimage-carousel.php:40

actionplugins_loadedimage-carousel.php:42

actionadmin_menuimage-carousel.php:55

filterplugin_action_linksimage-carousel.php:56

actionadmin_enqueue_scriptsimage-carousel.php:57

actionwp_enqueue_scriptsimage-carousel.php:69

filterthe_contentimage-carousel.php:70

actionadmin_headimage-carousel.php:141

actioncurrent_screenimage-carousel.php:146

actionadmin_initimage-carousel.php:184

actioninitinc\block\class-block.php:21

actionenqueue_block_assetsinc\block\class-block.php:24

filtericp_script_dependenciesinc\block\class-block.php:49

filterwp_image_editorsinc\class\BFI_Thumb.php:100

actionadmin_initinc\class\BFI_Thumb.php:130

filteradmin_noticesinc\class\BFI_Thumb.php:136

filterimage_resize_dimensionsinc\class\BFI_Thumb.php:775

filterimage_downsizeinc\class\BFI_Thumb.php:820

filterwp_get_attachment_image_attributesinc\functions\icp-functions.php:43

filterwp_calculate_image_srcset_metainc\functions\icp-functions.php:47

filterwp_get_attachment_image_attributesinc\functions\icp-functions.php:74

filterwp_calculate_image_srcset_metainc\functions\icp-functions.php:78

filterattachment_fields_to_editinc\functions\icp-functions.php:634

filterattachment_fields_to_saveinc\functions\icp-functions.php:654

actionadd_meta_boxesinc\icp-metabox.php:26

actionsave_postinc\icp-metabox.php:109

Maintenance & Trust

Image Carousel Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 10, 2025

PHP min version

Downloads110K

Community Trust

Rating52/100

Number of ratings14

Active installs1K

Alternatives

Image Carousel Alternatives

Carousel Slider

carousel-slider

Create SEO friendly Image, Logo, Video, Post, WooCommerce Product Carousel, and Slider.

30K 6 CVEs

WP Logo Showcase Responsive Slider and Carousel

wp-logo-showcase-responsive-slider-slider

100

WP Logo Showcase Responsive Slider and Carousel allows you to display logos of clients, sponsors, brands, or partners in a professional and responsive …

30K No CVEs

Meta Slider and Carousel with Lightbox

meta-slider-and-carousel-with-lightbox

Add a gallery meta box in your post, page and create a Image gallery menu tab. Display with a lightbox. Also work with Gutenberg shortcode block.

5K 2 CVEs

Content Slider Block – Slide Through Text or Media Content

content-slider-block

Power up your website with the Content Slider Block plugin. Easily create professional sliders using our new block editor integration!

3K 1 CVE

Custom Post Carousels with Owl

dd-post-carousel

Easily add post carousels to your website. Works with any custom post type or regular posts. Controls allow for insertion of multiple carousels on a s …

2K 2 CVEs

Developer Profile

Image Carousel Developer Profile

GhozyLab

10 plugins · 21K total installs

trust score

Avg Security Score

93/100

Avg Patch Time

872 days

View full developer profile

Detection Fingerprints

How We Detect Image Carousel

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/image-carousel/css/icp-style.css/wp-content/plugins/image-carousel/css/swiper.min.css/wp-content/plugins/image-carousel/js/icp-script.js/wp-content/plugins/image-carousel/js/swiper.min.js

Version Parameters

image-carousel/css/icp-style.css?ver=image-carousel/css/swiper.min.css?ver=image-carousel/js/icp-script.js?ver=image-carousel/js/swiper.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

icp-slidericp_settings_iconipc_settings_icon

HTML Comments

+5 more

Data Attributes

icp_meta_options

Shortcode Output

[icp_widget_carousel]

FAQ