WP-Safety

Master Slider – Responsive Touch Slider Security & Risk Analysis

wordpress.org/plugins/master-slider

Build SEO friendly sliders fast and easy with touch swipe navigation that works smoothly across all devices.

60K active installs v3.11.0 PHP 5.4+ WP 5.0+ Updated Aug 9, 2025
image-sliderslidervideo-sliderwordpress-slider
62
C · Use Caution
CVEs total18
Unpatched1
Last CVESep 22, 2025
Plugin page Download
Safety Verdict

Is Master Slider – Responsive Touch Slider Safe to Use in 2026?

Use With Caution

Score 62/100

Master Slider – Responsive Touch Slider has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

18 known CVEs 1 unpatched Last CVE: Sep 22, 2025Updated 9mo ago
Risk Assessment

The Master Slider plugin exhibits a mixed security posture. While the static analysis shows a good number of entry points are protected by authentication and permission checks, a significant concern arises from the taint analysis revealing flows with unsanitized paths. This, coupled with a history of 18 known CVEs, including a critical one and a high severity one, suggests a pattern of past vulnerabilities that require careful attention. The presence of unpatched vulnerabilities, including a critical one, is a significant risk. The plugin also shows a concerning history of common vulnerability types such as Missing Authorization, Cross-site Scripting, SQL Injection, and Deserialization of Untrusted Data, indicating recurring weaknesses in input handling and authorization logic. While the plugin demonstrates some good practices like the use of prepared statements in a majority of SQL queries and proper output escaping in a good percentage of cases, the unpatched critical vulnerability and the presence of unsanitized paths in taint flows are serious red flags that necessitate immediate remediation.

Key Concerns

  • Unpatched critical vulnerability
  • Unpatched high severity vulnerability
  • Unpatched medium severity vulnerability
  • Taint flows with unsanitized paths
  • Significant history of medium severity CVEs
  • Common vulnerability types in history (XSS, SQLi, etc.)
  • SQL queries not using prepared statements
  • Output escaping not properly handled
Vulnerabilities
18 published

Master Slider – Responsive Touch Slider Security Vulnerabilities

CVEs by Year

1 CVE in 2015
2015
1 CVE in 2016
2016
1 CVE in 2018
2018
9 CVEs in 2024
2024
6 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Critical
1
High
1
Medium
16

18 total CVEs

CVE-2025-58025medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Master Slider <= 3.11.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 22, 2025 Patched in 3.11.2 (232d)
CVE-2025-5291medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Master Slider <= 3.10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via masterslider_pb and ms_slide Shortcodes

Jun 16, 2025 Patched in 3.10.9 (1d)
CVE-2025-39412medium · 4.3Missing Authorization

Master Slider <= 3.11.1 - Missing Authorization

Apr 17, 2025 Patched in 3.11.2 (390d)
CVE-2024-13757medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Master Slider – Responsive Touch Slider <= 3.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_layer Shortcode

Mar 4, 2025Unpatched
CVE-2024-11731medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Master Slider – Responsive Touch Slider <= 3.10.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_slider Shortcode

Mar 4, 2025 Patched in 3.10.8 (84d)
CVE-2024-12173medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Master Slider <= 3.10.0 - Authenticated (Admin+) Stored Cross-Site Scripting

Jan 29, 2025 Patched in 3.10.5 (29d)
CVE-2024-37222medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Master Slider <= 3.10.0 - Reflected Cross-Site Scripting

Jun 20, 2024 Patched in 3.10.5 (181d)
CVE-2024-4375medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Master Slider – Responsive Touch Slider <= 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_layer Shortcode

Jun 17, 2024 Patched in 3.10.0 (105d)
CVE-2023-6382medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Master Slider - Responsive Touch Slider <= 3.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

May 31, 2024 Patched in 3.9.10 (494d)
CVE-2024-4470medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Master Slider – Responsive Touch Slider <= 3.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

May 20, 2024 Patched in 3.9.10 (1d)
CVE-2024-32600critical · 9.8Deserialization of Untrusted Data

Master Slider <= 3.9.5 - Unauthenticated PHP Object Injection

Apr 16, 2024 Patched in 3.9.7 (9d)
CVE-2024-32580medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Master Slider – Responsive Touch Slider <= 3.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 16, 2024 Patched in 3.9.9 (10d)
CVE-2023-6326medium · 5.4Cross-Site Request Forgery (CSRF)

Master Slider - Responsive Touch Slider <= 3.9.10 - Cross-Site Request Forgery via process_bulk_action

Mar 1, 2024 Patched in 3.10.0 (214d)
CVE-2024-0611medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Master Slider – Responsive Touch Slider <= 3.9.9 - Authenticated(Editor+) Stored Cross-Site Scripting via slider callback

Mar 1, 2024 Patched in 3.9.10 (214d)
CVE-2024-1449medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Master Slider – Responsive Touch Slider <= 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 1, 2024 Patched in 3.10.0 (214d)
CVE-2018-20368medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Master Slider <= 3.7.0 - Authenticated Stored Cross-Site Scripting

Nov 14, 2018 Patched in 3.7.5 (1896d)
WF-ae8a316f-a9ad-451a-9892-cf5068072a78-master-slidermedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Master Slider <= 2.7.1 - Cross-Site Scripting

Jul 16, 2016 Patched in 2.8.0 (2747d)
WF-9391474f-8cf8-4e8b-b3e6-39b397b7b6b6-master-sliderhigh · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Master Slider - Responsive Touch Slider <= 2.5.1 - Authenticated Blind SQL Injection

Aug 20, 2015 Patched in 2.5.2 (3078d)
Version History

Master Slider – Responsive Touch Slider Release Timeline

v3.11.0Current3 CVEs
CVE-2025-39412 CVE-2024-13757 CVE-2025-58025
v3.10.93 CVEs
CVE-2025-39412 CVE-2024-13757 CVE-2025-58025
v3.10.84 CVEs
CVE-2025-39412 CVE-2024-13757 CVE-2025-5291 +1 more
v3.10.75 CVEs
CVE-2025-39412 CVE-2024-13757 CVE-2025-5291 +2 more
v3.10.65 CVEs
CVE-2025-39412 CVE-2024-13757 CVE-2025-5291 +2 more
v3.10.55 CVEs
CVE-2025-39412 CVE-2024-13757 CVE-2025-5291 +2 more
v3.10.07 CVEs
CVE-2025-39412 CVE-2024-12173 CVE-2024-13757 +4 more
v3.9.1010 CVEs
CVE-2025-39412 CVE-2024-12173 CVE-2024-13757 +7 more
v3.9.913 CVEs
CVE-2025-39412 CVE-2024-12173 CVE-2024-13757 +10 more
v3.9.814 CVEs
CVE-2025-39412 CVE-2024-12173 CVE-2024-13757 +11 more
v3.9.714 CVEs
CVE-2025-39412 CVE-2024-12173 CVE-2024-13757 +11 more
v3.9.515 CVEs
CVE-2025-39412 CVE-2024-12173 CVE-2024-13757 +12 more
v3.9.315 CVEs
CVE-2025-39412 CVE-2024-12173 CVE-2024-13757 +12 more
v3.9.115 CVEs
CVE-2025-39412 CVE-2024-12173 CVE-2024-13757 +12 more
v3.9.015 CVEs
CVE-2025-39412 CVE-2024-12173 CVE-2024-13757 +12 more
v3.8.715 CVEs
CVE-2025-39412 CVE-2024-12173 CVE-2024-13757 +12 more
v3.8.615 CVEs
CVE-2025-39412 CVE-2024-12173 CVE-2024-13757 +12 more
v3.8.515 CVEs
CVE-2025-39412 CVE-2024-12173 CVE-2024-13757 +12 more
v3.8.115 CVEs
CVE-2025-39412 CVE-2024-12173 CVE-2024-13757 +12 more
v3.8.015 CVEs
CVE-2025-39412 CVE-2024-12173 CVE-2024-13757 +12 more
Code Analysis
Analyzed Mar 16, 2026

Master Slider – Responsive Touch Slider Code Analysis

Dangerous Functions
0
Raw SQL Queries
8
13 prepared
Unescaped Output
99
228 escaped
Nonce Checks
9
Capability Checks
22
File Operations
9
External Requests
5
Bundled Libraries
0

SQL Query Safety

62% prepared21 total queries

Output Escaping

70% escaped327 total outputs
Data Flows · Security
4 unsanitized

Data Flow Analysis

5 flows4 with unsanitized paths
search_box (admin\includes\classes\class-axiom-list-table.php:195)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Master Slider – Responsive Touch Slider Attack Surface

Entry Points14
Unprotected0

AJAX Handlers 5

authwp_ajax_msp_panel_handleradmin\includes\classes\class-msp-admin-ajax.php:13
authwp_ajax_msp_create_new_handleradmin\includes\classes\class-msp-admin-ajax.php:14
authwp_ajax_msp_dismiss_noticeadmin\includes\classes\class-msp-admin-ajax.php:15
authwp_ajax_msp_dismiss_rate_noticeadmin\includes\classes\class-msp-admin-ajax.php:16
authwp_ajax_msp_skip_depicter_intro_modaladmin\includes\classes\class-msp-admin-ajax.php:17

Shortcodes 9

[msp-stats] admin\includes\msp-admin-functions.php:222
[masterslider] includes\msp-shortcodes.php:7
[master_slider] includes\msp-shortcodes.php:8
[masterslider_pb] includes\msp-shortcodes.php:26
[ms_slider] includes\msp-shortcodes.php:55
[ms_slide] includes\msp-shortcodes.php:631
[ms_layer] includes\msp-shortcodes.php:813
[ms_slide_info] includes\msp-shortcodes.php:1056
[ms_slide_flickr] includes\msp-shortcodes.php:1085
WordPress Hooks 53
actioninitadmin\class-master-slider-admin.php:54
actionadmin_initadmin\class-master-slider-admin.php:86
actionadmin_enqueue_scriptsadmin\class-master-slider-admin.php:89
actionadmin_menuadmin\class-master-slider-admin.php:92
filterplugin_row_metaadmin\class-master-slider-admin.php:98
actionadmin_footeradmin\includes\classes\class-axiom-list-table.php:94
actionin_admin_headeradmin\includes\classes\class-axiom-screen-help.php:47
actionadmin_headadmin\includes\classes\class-msp-admin-editor.php:29
actionadmin_enqueue_scriptsadmin\includes\classes\class-msp-admin-editor.php:31
filtertiny_mce_versionadmin\includes\classes\class-msp-admin-editor.php:32
filtermce_external_pluginsadmin\includes\classes\class-msp-admin-editor.php:45
filtermce_buttonsadmin\includes\classes\class-msp-admin-editor.php:46
actionadmin_menuadmin\includes\classes\class-msp-importer.php:41
actionadmin_noticesadmin\includes\classes\class-msp-importer.php:208
actionadmin_noticesadmin\includes\classes\class-msp-importer.php:233
actionadmin_noticesadmin\includes\classes\class-msp-importer.php:259
filterhttp_request_timeoutadmin\includes\classes\class-msp-importer.php:647
actionadmin_noticesadmin\includes\classes\class-msp-list-table.php:136
actionadmin_noticesadmin\includes\classes\class-msp-list-table.php:150
actionadmin_enqueue_scriptsadmin\includes\classes\class-msp-pointers.php:55
actionadmin_print_footer_scriptsadmin\includes\classes\class-msp-pointers.php:56
actionadmin_print_footer_scriptsadmin\includes\classes\class-msp-pointers.php:81
actionadmin_noticesadmin\includes\msp-admin-functions.php:142
actionplugins_loadedadmin\includes\msp-compatibility.php:7
filtermembers_get_capabilitiesadmin\includes\msp-compatibility.php:12
filtermasterslider_admin_menu_titleadmin\includes\msp-hooks.php:12
filterplugin_row_metaadmin\includes\msp-hooks.php:23
actionadmin_noticesadmin\includes\msp-hooks.php:35
actionadmin_initadmin\includes\msp-hooks.php:38
filteradmin_body_classadmin\includes\msp-hooks.php:125
filtermasterslider_starter_fieldsadmin\includes\msp-hooks.php:147
actionsave_postadmin\includes\msp-hooks.php:181
filteradmin_footer_textadmin\views\index.php:30
actionadmin_initadmin\views\setting\class-msp-settings.php:21
actionadmin_menuadmin\views\setting\class-msp-settings.php:22
actionadmin_action_msp_envato_licenseadmin\views\setting\class-msp-settings.php:23
actionadmin_footer-master-slider_page_masterslider-settingadmin\views\setting\class-msp-settings.php:25
filteraxiom_wedev_setting_section_submit_buttonadmin\views\setting\class-msp-settings.php:26
actionadmin_enqueue_scriptsadmin\views\setting\class-settings-api.php:36
filterwpmu_drop_tablesincludes\classes\class-msp-db.php:98
actionwidgets_initincludes\classes\class-msp-main-widget.php:103
filterbody_classincludes\msp-hooks.php:12
actionadmin_noticesincludes\msp-hooks.php:14
actionadmin_noticesmaster-slider.php:39
actioninitpublic\class-master-slider.php:50
actionwpmu_new_blogpublic\class-master-slider.php:53
filterattachment_fields_to_editpublic\class-master-slider.php:360
filterattachment_fields_to_savepublic\class-master-slider.php:361
actionwp_enqueue_scriptspublic\includes\class-msp-frontend-assets.php:33
actionwp_headpublic\includes\class-msp-frontend-assets.php:34
actionwp_headpublic\includes\class-msp-frontend-assets.php:35
actionadmin_enqueue_scriptspublic\includes\class-msp-frontend-assets.php:44
actionadmin_headpublic\includes\class-msp-frontend-assets.php:45
Maintenance & Trust

Master Slider – Responsive Touch Slider Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedAug 9, 2025
PHP min version5.4
Downloads3.2M

Community Trust

Rating92/100
Number of ratings501
Active installs60K
Alternatives

Master Slider – Responsive Touch Slider Alternatives

Ovation Elements

Ovation Elements

ovation-elements

A
99

Transform your site with captivating sliders. Perfect for beginners and advanced users. Create and customize with our ultimate slider plugin.

10K 1 CVE
Slider by webxapp – Responsive Image Slider for WordPress

Slider by webxapp – Responsive Image Slider for WordPress

slider-by-webxapp

A
85

The best WordPress slider plugin. Responsive slider builder that helps you create a beautiful image slideshows with just a few clicks.

30 No CVEs
Shader Spiral Carousel

Shader Spiral Carousel

shader-spiral-carousel

A
100

A lightweight, responsive multimedia spiral carousel powered by Three.js and custom shaders—smooth 3D transitions

0 No CVEs
Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider

Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider

ml-slider

A
89

Slider, gallery, carousel plugin for WordPress. Build your image slider, video slider, post slider, YouTube slider, or WooCommerce product slider.

500K 14 CVEs
Prime Slider – Addons for Elementor

Prime Slider – Addons for Elementor

bdthemes-prime-slider-lite

A
95

Create responsive sliders using Elementor for hero sections, posts, logos, images, products, testimonials, and more.

100K 16 CVEs
Developer Profile

Master Slider – Responsive Touch Slider Developer Profile

averta

6 plugins · 310K total installs

62
trust score
Avg Security Score
76/100
Avg Patch Time
252 days
View full developer profile
Detection Fingerprints

How We Detect Master Slider – Responsive Touch Slider

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/master-slider/admin/assets/css/master-slider-admin.css/wp-content/plugins/master-slider/admin/assets/js/master-slider-admin.js/wp-content/plugins/master-slider/public/assets/css/masterslider.css/wp-content/plugins/master-slider/public/assets/css/masterslider-icon.css/wp-content/plugins/master-slider/public/assets/js/masterslider.min.js
Script Paths
/wp-content/plugins/master-slider/admin/assets/js/master-slider-admin.js/wp-content/plugins/master-slider/public/assets/js/masterslider.min.js
Version Parameters
/wp-content/plugins/master-slider/admin/assets/css/master-slider-admin.css?ver=/wp-content/plugins/master-slider/admin/assets/js/master-slider-admin.js?ver=/wp-content/plugins/master-slider/public/assets/css/masterslider.css?ver=/wp-content/plugins/master-slider/public/assets/css/masterslider-icon.css?ver=/wp-content/plugins/master-slider/public/assets/js/masterslider.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
master-sliderms-containerms-slides-container
HTML Comments
<!-- Master Slider -->
Data Attributes
data-masterslider
JS Globals
MasterSlider
FAQ

Frequently Asked Questions about Master Slider – Responsive Touch Slider