Does MK Slider have any unpatched vulnerabilities?

No. All known vulnerabilities in MK Slider have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is MK Slider compatible with WordPress 3.5.2?

According to WordPress.org data, MK Slider 1.3.4 has been tested up to WordPress 3.5.2. Check the plugin's changelog for the latest compatibility information.

How often is MK Slider updated?

MK Slider was last updated on Jun 16, 2015. Frequent updates are generally a positive security signal.

What is MK Slider's security score?

MK Slider has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

MK Slider Security & Risk Analysis

wordpress.org/plugins/mk-slider

Wordpress Slider for posts & pages. Supports shortcode and sidebar widget to display slideshow.

100 active installs v1.3.4 PHP + WP 3.0+ Updated Jun 16, 2015

galleryimage-rotatorsliderwordpress-sliderwordpress-slideshow

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is MK Slider Safe to Use in 2026?

Generally Safe

Score 85/100

MK Slider has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The "mk-slider" v1.3.4 plugin exhibits a mixed security posture. While the plugin demonstrates good practices by avoiding SQL injection vulnerabilities through prepared statements and conducting nonce and capability checks, several areas raise concerns. The presence of 11 dangerous functions, including `create_function` and `unserialize`, is a significant red flag, as these functions are known to be highly susceptible to various code execution and deserialization vulnerabilities if not handled with extreme care and proper sanitization. Furthermore, a low percentage of output escaping (10%) indicates a high likelihood of cross-site scripting (XSS) vulnerabilities being present, as user-supplied data is likely being rendered without sufficient sanitization.

The static analysis also reveals a single shortcode, which represents the plugin's primary entry point. While this entry point is not immediately flagged as unprotected, the general lack of robust output escaping across the plugin's code diminishes this positive aspect. The absence of any recorded vulnerabilities in its history is a positive indicator of past development, but it does not negate the inherent risks identified in the current code analysis. Developers should prioritize addressing the use of dangerous functions and improving output escaping to mitigate potential security risks.

Key Concerns

Dangerous functions used (create_function, unserialize)
Low percentage of output escaping

Vulnerabilities

None known

MK Slider Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

MK Slider Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

7 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_action( 'widgets_init', create_function( '', 'register_widget( "MK_Slider_Widget" );' ) );admin\init.php:54

unserialize$mk_images = unserialize($mk_meta['mk_images'][0]);admin\slides-metabox.php:26

unserialize$mk_links = unserialize($mk_meta['mk_links'][0]);admin\slides-metabox.php:27

unserialize$mk_links_target = unserialize($mk_meta['mk_links_target'][0]);admin\slides-metabox.php:28

unserialize$mk_titles = unserialize($mk_meta['mk_titles'][0]);admin\slides-metabox.php:29

unserialize$mk_desc = unserialize($mk_meta['mk_desc'][0]);admin\slides-metabox.php:30

unserialize$mk_images = unserialize($slideMeta['mk_images'][0]);mk_slider.php:39

unserialize$mk_links = unserialize($slideMeta['mk_links'][0]);mk_slider.php:40

unserialize$mk_links_target = unserialize($slideMeta['mk_links_target'][0]);mk_slider.php:41

unserialize$mk_titles = unserialize($slideMeta['mk_titles'][0]);mk_slider.php:42

unserialize$mk_desc = unserialize($slideMeta['mk_desc'][0]);mk_slider.php:43

Output Escaping

10% escaped69 total outputs

Attack Surface

MK Slider Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[MK-SLIDER] mk_slider.php:119

WordPress Hooks 11

actionadmin_enqueue_scriptsadmin\init.php:19

actionadmin_headadmin\init.php:22

actionwidgets_initadmin\init.php:54

actioninitadmin\post-type.php:6

actionmanage_posts_custom_columnadmin\post-type.php:43

filtermanage_edit-mkslider_columnsadmin\post-type.php:44

actionadd_meta_boxesadmin\slides-metabox.php:6

actionsave_postadmin\slides-metabox.php:9

actionadd_meta_boxesadmin\slides-sidebar-metabox.php:6

actionwp_enqueue_scriptsmk_slider.php:20

actionmk_scriptmk_slider.php:91

Maintenance & Trust

MK Slider Maintenance & Trust

Maintenance Signals

WordPress version tested3.5.2

Last updatedJun 16, 2015

PHP min version

Downloads20K

Community Trust

Rating70/100

Number of ratings4

Active installs100

Alternatives

MK Slider Alternatives

Jssor Slider by jssor.com

jssor-slider

Responsive Touch Slideshow/Slider/Gallery/Carousel/Banner

300 No CVEs

GIGA Slider

giga-slider

GIGA slider is an awesome WordPress slider plug-in with a lot of nice features. It is very simple to create slider for your WordPress site, you can ad …

100 No CVEs

Fancy Header Slider

fancy-heaer-slider

Image gallery with fancy transitions effects. This is a "strip curtain" effect

50 No CVEs

RG Responsive Gallery

rg-responsive-gallery

Add a simple and light weighted image gallery. Featured image slider

10 No CVEs

Slider Galerie Native Responsive

slider-galerie-native-responsive

100

Ajoute un style "Slider" responsive principalement en CSS à la galerie native de WordPress (bloc Galerie).

10 No CVEs

Developer Profile

MK Slider Developer Profile

Manoj Kumar

3 plugins · 250 total installs

trust score

Avg Security Score

87/100

Avg Patch Time

1 days

View full developer profile

Detection Fingerprints

How We Detect MK Slider

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/mk-slider/css/skitter.styles.css/wp-content/plugins/mk-slider/js/jquery.easing.1.3.js/wp-content/plugins/mk-slider/js/jquery.animate-colors-min.js/wp-content/plugins/mk-slider/js/jquery.skitter.min.js

Script Paths

/wp-content/plugins/mk-slider/admin/js/mk-admin.js

HTML / DOM Fingerprints

CSS Classes

box_skitterlabel_text

Data Attributes

data-mk-slider

JS Globals

jQuery('#mk-slider

Shortcode Output

[MK-SLIDER id=

FAQ