Image Slider Slideshow Security & Risk Analysis

wordpress.org/plugins/image-slider-slideshow

Plugin useful for add slider in Post/Page. Responsive Image Slider plugin is an easy way to create responsive image slider.

2K active installs v1.8 PHP + WP 3.5.1+ Updated Apr 21, 2023
image-slideshowphoto-slidersliderslideshow
63
C · Use Caution
CVEs total1
Unpatched1
Last CVEJan 7, 2026
Safety Verdict

Is Image Slider Slideshow Safe to Use in 2026?

Use With Caution

Score 63/100

Image Slider Slideshow has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Jan 7, 2026Updated 3yr ago
Risk Assessment

The image-slider-slideshow plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and includes some nonce and capability checks. The total number of entry points is low, and importantly, none of them appear to be directly unprotected, which is a strong indicator of defensiveness against common attack vectors. However, significant concerns arise from the taint analysis, which reveals two high-severity flows with unsanitized paths. This suggests that user-supplied input could potentially be manipulated to achieve unintended actions or access sensitive data within the application context.

The vulnerability history further highlights a critical area of concern. The plugin has a known CVE, and it remains unpatched. The nature of the past vulnerability, 'Authorization Bypass Through User-Controlled Key,' coupled with the high-severity taint flows, indicates a pattern of potential authorization and input validation weaknesses. While the specific CVE is dated in the future, its existence and current unpatched status are major red flags. The plugin's proper output escaping is also a concern, with nearly half of outputs not being properly escaped, increasing the risk of cross-site scripting (XSS) vulnerabilities.

In conclusion, while the plugin implements some fundamental security controls, the presence of high-severity taint flows and an unpatched historical vulnerability significantly lowers its overall security score. The lack of proper output escaping adds another layer of risk. Users should be highly cautious, and immediate attention is required to address the identified taint issues and the unpatched CVE.

Key Concerns

  • High severity taint flow detected (2)
  • Unpatched CVE (1)
  • Low proper output escaping (48%)
  • File operations present
Vulnerabilities
1 published

Image Slider Slideshow Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-22489medium · 4.3Authorization Bypass Through User-Controlled Key

Image Slider Slideshow <= 1.8 - Authenticated (Contributor+) Insecure Direct Object Reference

Jan 7, 2026Unpatched
Version History

Image Slider Slideshow Release Timeline

v1.8Current1 CVE
v1.71 CVE
v1.61 CVE
v1.51 CVE
v1.41 CVE
v1.31 CVE
v1.21 CVE
v1.11 CVE
v1.01 CVE
Code Analysis
Analyzed Mar 16, 2026

Image Slider Slideshow Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
158
147 escaped
Nonce Checks
1
Capability Checks
1
File Operations
4
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

48% escaped305 total outputs
Data Flows · Security
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
<class-img-slider-field-builder> (includes\admin\class-img-slider-field-builder.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Image Slider Slideshow Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 1

authwp_ajax_portfolio_save_imagesincludes\admin\class-img-slider-admin.php:22

Shortcodes 2

[img-slider] includes\public\class-img-slider-shortcode.php:15
[Img-Slider] includes\public\class-img-slider-shortcode.php:16
WordPress Hooks 13
actionimg_slider_admin_tab_generalincludes\admin\class-img-slider-admin.php:17
actionadmin_headincludes\admin\class-img-slider-admin.php:20
actioninitincludes\admin\class-img-slider-cpt.php:93
actionload-post.phpincludes\admin\class-img-slider-cpt.php:96
actionload-post-new.phpincludes\admin\class-img-slider-cpt.php:97
actionadmin_menuincludes\admin\class-img-slider-cpt.php:100
actionadd_meta_boxesincludes\admin\class-img-slider-cpt.php:128
actionsave_postincludes\admin\class-img-slider-cpt.php:131
actionadmin_footerincludes\admin\class-img-slider-field-builder.php:11
actionadmin_enqueue_scriptsincludes\class-img-slider.php:32
actionplugins_loadedincludes\class-img-slider.php:155
actionwp_enqueue_scriptsincludes\public\class-img-slider-shortcode.php:17
actionadmin_enqueue_scriptsincludes\scripts.php:4
Maintenance & Trust

Image Slider Slideshow Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9
Last updatedApr 21, 2023
PHP min version
Downloads70K

Community Trust

Rating80/100
Number of ratings2
Active installs2K
Developer Profile

Image Slider Slideshow Developer Profile

Wptexture

59 plugins · 8K total installs

90
trust score
Avg Security Score
94/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Image Slider Slideshow

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/image-slider-slideshow/assets/css/portfolio-wp-cpt.css/wp-content/plugins/image-slider-slideshow/assets/css/bootstrap.css/wp-content/plugins/image-slider-slideshow/assets/css/font-awesome-latest/css/fontawesome-all.min.css/wp-content/plugins/image-slider-slideshow/assets/js/resizesensor.js/wp-content/plugins/image-slider-slideshow/assets/js/packery.min.js/wp-content/plugins/image-slider-slideshow/assets/js/wp-portfolio-wp-settings.js/wp-content/plugins/image-slider-slideshow/assets/js/wp-portfolio-wp-save.js/wp-content/plugins/image-slider-slideshow/assets/js/wp-portfolio-wp-items.js+4 more
Script Paths
wp-content/plugins/image-slider-slideshow/assets/js/resizesensor.jswp-content/plugins/image-slider-slideshow/assets/js/packery.min.jswp-content/plugins/image-slider-slideshow/assets/js/wp-portfolio-wp-settings.jswp-content/plugins/image-slider-slideshow/assets/js/wp-portfolio-wp-save.jswp-content/plugins/image-slider-slideshow/assets/js/wp-portfolio-wp-items.jswp-content/plugins/image-slider-slideshow/assets/js/wp-portfolio-wp-modal.js+3 more
Version Parameters
image-slider-slideshow/assets/css/portfolio-wp-cpt.css?ver=image-slider-slideshow/assets/css/bootstrap.css?ver=image-slider-slideshow/assets/css/font-awesome-latest/css/fontawesome-all.min.css?ver=image-slider-slideshow/assets/js/resizesensor.js?ver=image-slider-slideshow/assets/js/packery.min.js?ver=image-slider-slideshow/assets/js/wp-portfolio-wp-settings.js?ver=image-slider-slideshow/assets/js/wp-portfolio-wp-save.js?ver=image-slider-slideshow/assets/js/wp-portfolio-wp-items.js?ver=image-slider-slideshow/assets/js/wp-portfolio-wp-modal.js?ver=image-slider-slideshow/assets/js/wp-portfolio-wp-upload.js?ver=image-slider-slideshow/assets/js/wp-portfolio-wp-gallery.js?ver=image-slider-slideshow/assets/js/wp-portfolio-wp-conditions.js?ver=

HTML / DOM Fingerprints

CSS Classes
rpg_slider
JS Globals
IMG_SLIDER_CURRENT_VERSIONimg_slider_helper
FAQ

Frequently Asked Questions about Image Slider Slideshow