[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fNqynDXQuKZIHy9JmJf9d0zf_K-u677tC8lvx3PCh1c8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":37,"analysis":38,"fingerprints":222},"media-carousel-video-logo-and-image-slider-for-elementor","Media Carousel – Video, Logo and Image Slider for Elementor","0.9.5","Plugin Devs","https:\u002F\u002Fprofiles.wordpress.org\u002Fplugindevs\u002F","\u003Cp>Media Carousel for Elementor lets you add Image, Logo, Video with Elementor Page Builder. You can display your images, logo, videos with this slider as carousel. You can use this plugin as media carousel elementor, media slider elementor, elementor video carousel, elementor logo carousel, elementor carousel slider, image slider for elementor\u003C\u002Fp>\n\u003Ch4>0.9.5 (01-08-21)\u003C\u002Fh4>\n\u003Cp>Fix Undefined index image_link_to\u003C\u002Fp>\n\u003Cp>Fix Undefined index image_link_to_type\u003C\u002Fp>\n\u003Ch4>0.9.4 (01-08-21)\u003C\u002Fh4>\n\u003Cp>Make Compatible with WP 5.6\u003C\u002Fp>\n\u003Cp>Make Compatible with PHP 8\u003C\u002Fp>\n\u003Ch4>0.9.3 (07-27-20)\u003C\u002Fh4>\n\u003Cp>update readme\u003C\u002Fp>\n\u003Ch4>0.9.2 (07-27-20)\u003C\u002Fh4>\n\u003Cp>update readme\u003C\u002Fp>\n\u003Ch4>0.9.1 (07-27-20)\u003C\u002Fh4>\n\u003Cp>update readme\u003C\u002Fp>\n\u003Ch4>0.9.0 (07-27-20)\u003C\u002Fh4>\n\u003Cp>Beginning\u003C\u002Fp>\n","Media Carousel for Elementor lets you add Image, Logo, Video with Elementor Page Builder. You can display your images, logo, videos with this slider a …",80,1784,0,"2021-01-08T18:12:00.000Z","5.6.17","4.6","5.4",[19,20,21,22,23],"elementor-carousel-slider","elementor-logo-carousel","elementor-video-carousel","media-carousel-elementor","media-slider-elementor","https:\u002F\u002Fplugin-devs.com\u002Fproduct\u002Fmedia-carousel-slider-for-elementor\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmedia-carousel-video-logo-and-image-slider-for-elementor.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"plugindevs",14,18240,60,78,"2026-04-04T15:02:12.486Z",[],{"attackSurface":39,"codeSignals":140,"taintFlows":180,"riskAssessment":208,"analyzedAt":221},{"hooks":40,"ajaxHandlers":128,"restRoutes":137,"shortcodes":138,"cronEvents":139,"entryPointCount":46,"unprotectedCount":46},[41,47,51,55,60,63,66,69,73,77,81,85,90,92,97,102,106,110,113,117,122,125],{"type":42,"name":43,"callback":44,"file":45,"line":46},"action","admin_menu","wb_mc_menu_page","admin\\admin-pages.php",2,{"type":42,"name":48,"callback":49,"file":45,"line":50},"admin_enqueue_scripts","wb_mc_custom_css_js_scripts",99,{"type":42,"name":52,"callback":53,"file":45,"line":54},"admin_init","wb_mc_register_custom_css_setting",112,{"type":42,"name":56,"callback":57,"file":58,"line":59},"admin_notices","admin_notice_missing_main_plugin","admin\\media-carousel-utils.php",16,{"type":42,"name":56,"callback":61,"file":58,"line":62},"admin_notice_minimum_elementor_version",22,{"type":42,"name":56,"callback":64,"file":58,"line":65},"admin_notice_minimum_php_version",28,{"type":42,"name":48,"callback":67,"file":58,"line":68},"admin_scripts_styles",33,{"type":42,"name":70,"callback":71,"file":58,"line":72},"elementor\u002Ffrontend\u002Fafter_enqueue_styles","enqueue_styles",34,{"type":42,"name":74,"callback":75,"file":58,"line":76},"elementor\u002Ffrontend\u002Fafter_register_scripts","enqueue_scripts",37,{"type":42,"name":78,"callback":79,"file":58,"line":80},"elementor\u002Fwidgets\u002Fwidgets_registered","register_widgets",40,{"type":42,"name":56,"callback":82,"file":83,"line":84},"wb_nt_help_support_notice","admin\\notices\\support.php",10,{"type":42,"name":86,"callback":87,"file":88,"line":89},"admin_footer-plugins.php","goodbye_ajax","class-plugin-deactivate-feedback.php",62,{"type":42,"name":48,"callback":48,"file":88,"line":91},65,{"type":93,"name":94,"callback":95,"file":88,"line":96},"filter","wp_mail_content_type","set_content_type",119,{"type":42,"name":98,"callback":99,"file":100,"line":101},"elementor\u002Finit","wb_create_category","media-carousel-for-elementor.php",41,{"type":42,"name":103,"callback":104,"file":100,"line":105},"plugins_loaded","wb_media_carousel_register_function",92,{"type":42,"name":107,"callback":108,"file":100,"line":109},"wp_footer","wb_mc_display_custom_css",95,{"type":42,"name":107,"callback":111,"file":100,"line":112},"wb_mc_display_custom_js",108,{"type":93,"name":114,"callback":115,"file":100,"line":116},"custom_menu_order","wb_mc_order_submenu",147,{"type":42,"name":118,"callback":119,"file":120,"line":121},"wp_head","wbelps_support_form_ajax_header","support-page\\class-support-page.php",6,{"type":42,"name":48,"callback":123,"file":120,"line":124},"include_promo_page_scripts",142,{"type":42,"name":43,"callback":126,"file":120,"line":127},"show_promo_page_callback_func",171,[129,134],{"action":130,"nopriv":131,"callback":132,"hasNonce":131,"hasCapCheck":131,"file":88,"line":133},"wb_mc_goodbye_form",false,"goodbye_form_callback",63,{"action":135,"nopriv":131,"callback":135,"hasNonce":131,"hasCapCheck":131,"file":120,"line":136},"process_wbelps_promo_form",24,[],[],[],{"dangerousFunctions":141,"sqlUsage":142,"outputEscaping":144,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":179},[],{"prepared":13,"raw":13,"locations":143},[],{"escaped":145,"rawEcho":59,"locations":146},56,[147,150,151,153,154,156,158,161,162,164,166,168,170,172,174,176],{"file":45,"line":148,"context":149},53,"raw output",{"file":45,"line":133,"context":149},{"file":45,"line":152,"context":149},82,{"file":45,"line":105,"context":149},{"file":88,"line":155,"context":149},317,{"file":88,"line":157,"context":149},338,{"file":159,"line":160,"context":149},"effects\\carousel\\template.php",51,{"file":159,"line":34,"context":149},{"file":159,"line":163,"context":149},66,{"file":159,"line":165,"context":149},71,{"file":100,"line":167,"context":149},105,{"file":100,"line":169,"context":149},118,{"file":120,"line":171,"context":149},13,{"file":120,"line":173,"context":149},101,{"file":120,"line":175,"context":149},205,{"file":177,"line":178,"context":149},"widgets\\media-carousel.php",451,[],[181,200],{"entryPoint":182,"graph":183,"unsanitizedCount":198,"severity":199},"goodbye_form_callback (class-plugin-deactivate-feedback.php:365)",{"nodes":184,"edges":196},[185,190],{"id":186,"type":187,"label":188,"file":88,"line":189},"n0","source","$_POST (x4)",368,{"id":191,"type":192,"label":193,"file":88,"line":194,"wp_function":195},"n1","sink","update_option() [Settings Manipulation]",369,"update_option",[197],{"from":186,"to":191,"sanitized":131},4,"low",{"entryPoint":201,"graph":202,"unsanitizedCount":198,"severity":199},"\u003Cclass-plugin-deactivate-feedback> (class-plugin-deactivate-feedback.php:0)",{"nodes":203,"edges":206},[204,205],{"id":186,"type":187,"label":188,"file":88,"line":189},{"id":191,"type":192,"label":193,"file":88,"line":194,"wp_function":195},[207],{"from":186,"to":191,"sanitized":131},{"summary":209,"deductions":210},"This plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, exclusively using prepared statements, and has no recorded vulnerability history, suggesting a generally well-maintained codebase. However, significant concerns arise from its attack surface.  The presence of two AJAX handlers without any authentication or capability checks presents a clear risk.  Furthermore, the taint analysis revealed two flows with unsanitized paths, although these did not escalate to critical or high severity in this analysis.  The lack of any nonce checks on these unprotected AJAX endpoints is a notable oversight that could be exploited.\n\nDespite the absence of documented CVEs, the identified unprotected entry points and unsanitized paths in the taint analysis are direct security risks that should be addressed. The plugin's strengths lie in its SQL handling and historical lack of vulnerabilities, but these are overshadowed by the critical need for robust authentication and input sanitization on its AJAX handlers. A balanced conclusion would be that while the plugin has a clean history and good SQL practices, its current implementation of its attack surface introduces significant potential vulnerabilities.",[211,213,215,218],{"reason":212,"points":84},"Unprotected AJAX handlers",{"reason":214,"points":121},"Taint flows with unsanitized paths",{"reason":216,"points":217},"Missing nonce checks on AJAX",7,{"reason":219,"points":220},"Unescaped output (22% of outputs)",5,"2026-03-16T21:31:09.514Z",{"wat":223,"direct":232},{"assetPaths":224,"generatorPatterns":229,"scriptPaths":230,"versionParams":231},[225,226,227,228],"\u002Fwp-content\u002Fplugins\u002Fmedia-carousel-video-logo-and-image-slider-for-elementor\u002Fadmin\u002Fmedia-carousel-utils.php","\u002Fwp-content\u002Fplugins\u002Fmedia-carousel-video-logo-and-image-slider-for-elementor\u002Ffunctions.php","\u002Fwp-content\u002Fplugins\u002Fmedia-carousel-video-logo-and-image-slider-for-elementor\u002Fclass-plugin-deactivate-feedback.php","\u002Fwp-content\u002Fplugins\u002Fmedia-carousel-video-logo-and-image-slider-for-elementor\u002Fsupport-page\u002Fclass-support-page.php",[],[],[],{"cssClasses":233,"htmlComments":235,"htmlAttributes":240,"restEndpoints":244,"jsGlobals":245,"shortcodeOutput":246},[234],"wb_mc-up-pro-link",[236,237,238,239],"\u002F*\nWelcome to the Custom CSS editor!\n\nPlease add all your custom CSS here and avoid modifying the core plugin files. Don't use \u003Cstyle> tag\n*\u002F","\u002F*\nWelcome to the Custom JS editor!\n\nPlease add all your custom JS here and avoid modifying the core plugin files. Don't use \u003Cscript> tag\n*\u002F","\u002F* Custom CSS *\u002F","\u002F* Custom JS *\u002F",[241,242,243],"id=\"wb_mc_custom_css\"","name=\"wb_mc_custom_js\"","id=\"wb_mc_custom_js\"",[],[],[]]