WP-Safety

Niso Carousel Slider Security & Risk Analysis

wordpress.org/plugins/niso-carousel-slider

Niso carousel slider is a nice post, image and video carousel and slider wordpress plugin.

300 active installs v1.3.21 PHP + WP 4.5+ Updated Apr 20, 2025
galleryimage-carouselpost-sliderslidervideo-carousel
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Niso Carousel Slider Safe to Use in 2026?

Generally Safe

Score 100/100

Niso Carousel Slider has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11mo ago
Risk Assessment

The niso-carousel-slider plugin version 1.3.21 exhibits a generally good security posture based on the static analysis. The plugin has a limited attack surface with all identified entry points (AJAX handlers and shortcodes) lacking explicit authentication checks, which is a positive indicator. Furthermore, the absence of any recorded vulnerabilities (CVEs) in its history suggests a history of secure development practices or effective patching by developers. The code also demonstrates good practices by utilizing prepared statements for all SQL queries and incorporating a significant number of capability checks and nonce checks, which help protect against common attack vectors. The limited number of external dependencies and absence of file operations further contribute to its secure profile.

However, the presence of the `unserialize` function without explicit sanitization or context within the static analysis results presents a notable concern. While taint analysis did not reveal any immediate exploitable flows, `unserialize` can be a significant vulnerability if user-controlled data is unserialized without proper validation, potentially leading to arbitrary object injection and code execution. The output escaping rate, while good at 81%, still leaves room for improvement, as unescaped output can lead to Cross-Site Scripting (XSS) vulnerabilities, particularly if user-provided data is displayed without sanitization. The bundled libraries TinyMCE and Select2, while common, could potentially introduce vulnerabilities if they are outdated or have known security flaws, though this is not explicitly stated in the provided data.

In conclusion, niso-carousel-slider v1.3.21 appears to be a relatively secure plugin with a clean vulnerability history and good implementation of core security features. The primary areas for concern are the potential risks associated with the `unserialize` function and the minor percentage of unescaped output. These are manageable risks, but diligent monitoring and potential code review in these areas would be prudent. The absence of any known CVEs is a strong positive, indicating a well-maintained and secure plugin in its current state.

Key Concerns

  • Dangerous function unserialize found
  • 81% output escaping rate, not 100%
Vulnerabilities
None known

Niso Carousel Slider Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Niso Carousel Slider Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
63
269 escaped
Nonce Checks
3
Capability Checks
7
File Operations
0
External Requests
0
Bundled Libraries
2

Dangerous Functions Found

unserialize$datetime = @unserialize( trim( $date_value ), array( 'allowed_classes' => array( 'DateTime' ) ) );admin\src\cmb2\includes\CMB2_Utils.php:571

Bundled Libraries

TinyMCESelect2

Output Escaping

81% escaped332 total outputs
Attack Surface

Niso Carousel Slider Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 2

authwp_ajax_cmb2_oembed_handleradmin\src\cmb2\includes\CMB2_Ajax.php:51
noprivwp_ajax_cmb2_oembed_handleradmin\src\cmb2\includes\CMB2_Ajax.php:52

Shortcodes 1

[ncarousel] includes\niso-carousel-shortcode.php:268
WordPress Hooks 69
filtermce_external_pluginsadmin\niso-button-tinymce.php:20
filtermce_buttonsadmin\niso-button-tinymce.php:21
actionadmin_headadmin\niso-button-tinymce.php:24
actionadmin_initadmin\niso-carousel-admin-role.php:33
filtermanage_niso-carousel_posts_columnsadmin\niso-carousel-column-set.php:72
actionmanage_niso-carousel_posts_custom_columnadmin\niso-carousel-column-set.php:81
actioncmb2_initadmin\niso-carousel-meta-tab.php:53
actionadmin_noticesadmin\niso-carousel-meta-tab.php:1060
actioninitadmin\niso-carousel-meta-tab.php:1070
actionadmin_noticesadmin\niso-carousel-meta-tab.php:1089
actioninitadmin\niso-carousel-post.php:61
filterenter_title_hereadmin\niso-carousel-post.php:81
actioncmb2_admin_initadmin\niso-carousel-smeta.php:19
filterpost_updated_messagesadmin\niso-carousel-update-massage.php:49
actionplugins_loadedadmin\src\cmb2\cmb2-conditionals.php:11
actionadmin_initadmin\src\cmb2\cmb2-conditionals.php:21
actionadmin_footeradmin\src\cmb2\cmb2-conditionals.php:22
actioncmb2_save_options-page_fieldsadmin\src\cmb2\includes\CMB2_Ajax.php:54
filterget_post_metadataadmin\src\cmb2\includes\CMB2_Ajax.php:147
filterupdate_post_metadataadmin\src\cmb2\includes\CMB2_Ajax.php:150
filtercmb2_show_onadmin\src\cmb2\includes\CMB2_hookup.php:79
actionedit_form_topadmin\src\cmb2\includes\CMB2_hookup.php:118
actionedit_form_before_permalinkadmin\src\cmb2\includes\CMB2_hookup.php:122
actionedit_form_after_titleadmin\src\cmb2\includes\CMB2_hookup.php:126
actionedit_form_after_editoradmin\src\cmb2\includes\CMB2_hookup.php:130
actionadd_meta_boxesadmin\src\cmb2\includes\CMB2_hookup.php:134
actionadd_meta_boxesadmin\src\cmb2\includes\CMB2_hookup.php:137
actionadd_attachmentadmin\src\cmb2\includes\CMB2_hookup.php:138
actionedit_attachmentadmin\src\cmb2\includes\CMB2_hookup.php:139
actionsave_postadmin\src\cmb2\includes\CMB2_hookup.php:140
actionpre_get_postsadmin\src\cmb2\includes\CMB2_hookup.php:147
actionadd_meta_boxes_commentadmin\src\cmb2\includes\CMB2_hookup.php:155
actionedit_commentadmin\src\cmb2\includes\CMB2_hookup.php:156
filtermanage_edit-comments_columnsadmin\src\cmb2\includes\CMB2_hookup.php:159
actionmanage_comments_custom_columnadmin\src\cmb2\includes\CMB2_hookup.php:160
filtermanage_edit-comments_sortable_columnsadmin\src\cmb2\includes\CMB2_hookup.php:161
actionpre_get_postsadmin\src\cmb2\includes\CMB2_hookup.php:162
actionshow_user_profileadmin\src\cmb2\includes\CMB2_hookup.php:171
actionedit_user_profileadmin\src\cmb2\includes\CMB2_hookup.php:172
actionuser_new_formadmin\src\cmb2\includes\CMB2_hookup.php:173
actionpersonal_options_updateadmin\src\cmb2\includes\CMB2_hookup.php:175
actionedit_user_profile_updateadmin\src\cmb2\includes\CMB2_hookup.php:176
actionuser_registeradmin\src\cmb2\includes\CMB2_hookup.php:177
filtermanage_users_columnsadmin\src\cmb2\includes\CMB2_hookup.php:180
filtermanage_users_custom_columnadmin\src\cmb2\includes\CMB2_hookup.php:181
filtermanage_users_sortable_columnsadmin\src\cmb2\includes\CMB2_hookup.php:182
actionpre_get_postsadmin\src\cmb2\includes\CMB2_hookup.php:183
actionpre_get_postsadmin\src\cmb2\includes\CMB2_hookup.php:229
actioncreated_termadmin\src\cmb2\includes\CMB2_hookup.php:233
actionedited_termsadmin\src\cmb2\includes\CMB2_hookup.php:234
actiondelete_termadmin\src\cmb2\includes\CMB2_hookup.php:235
filterwp_prepare_attachment_for_jsadmin\src\cmb2\includes\CMB2_Hookup_Field.php:54
actionadmin_enqueue_scriptsadmin\src\cmb2\includes\CMB2_Hookup_Field.php:71
actioncmb2_do_oembedadmin\src\cmb2\includes\helper-functions.php:131
filteris_protected_metaadmin\src\cmb2\includes\rest-api\CMB2_REST.php:144
actioninitadmin\src\cmb2\init.php:131
filtercmb2_render_pw_selectadmin\src\cmb2-select2\cmb-field-select2.php:20
filtercmb2_render_pw_multiselectadmin\src\cmb2-select2\cmb-field-select2.php:21
filtercmb2_sanitize_pw_multiselectadmin\src\cmb2-select2\cmb-field-select2.php:22
filtercmb2_types_esc_pw_multiselectadmin\src\cmb2-select2\cmb-field-select2.php:23
filtercmb2_repeat_table_row_typesadmin\src\cmb2-select2\cmb-field-select2.php:24
filtercmb2_render_own_slideradmin\src\cmb2-slider\slider-field.php:15
actioncmb2_before_post_form_metabox_tabsadmin\src\cmb2tab\tab.php:9
actionadmin_enqueue_scriptsadmin\src\cmb2tab\tab.php:36
actionwp_footerincludes\niso-carousel-options.php:214
actionwp_headincludes\niso-carousel-options.php:299
actionwp_enqueue_scriptsniso-carousel-slider.php:77
actionadmin_enqueue_scriptsniso-carousel-slider.php:100
actionplugins_loadedniso-carousel-slider.php:152
Maintenance & Trust

Niso Carousel Slider Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedApr 20, 2025
PHP min version
Downloads31K

Community Trust

Rating80/100
Number of ratings4
Active installs300
Alternatives

Niso Carousel Slider Alternatives

Meta Slider and Carousel with Lightbox

Meta Slider and Carousel with Lightbox

meta-slider-and-carousel-with-lightbox

A
99

Add a gallery meta box in your post, page and create a Image gallery menu tab. Display with a lightbox. Also work with Gutenberg shortcode block.

5K 2 CVEs
Custom Post Carousels with Owl

Custom Post Carousels with Owl

dd-post-carousel

A
98

Easily add post carousels to your website. Works with any custom post type or regular posts. Controls allow for insertion of multiple carousels on a s …

2K 2 CVEs
video carousel slider with lightbox

video carousel slider with lightbox

wp-responsive-video-gallery-with-lightbox

A
98

This is a beautiful responsive video carousel slider with responsive lightbox for WordPress blogs and sites. Admin can manage any number of videos int …

1K 3 CVEs
Slidr

Slidr

slidr

A
85

A clean, simple, responsive and touch-friendly Carousel with no bells and whistles but plenty of flexibility.

60 No CVEs
Eazy CSS Slider

Eazy CSS Slider

eazy-css-slider

A
100

This plugin creates a custom post type for slides allowing you to use core WordPress functions and CSS to display a slider.

10 No CVEs
Developer Profile

Niso Carousel Slider Developer Profile

Noor Alam

102 plugins · 29K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
233 days
View full developer profile
Detection Fingerprints

How We Detect Niso Carousel Slider

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/niso-carousel-slider/admin/css/cmb2-conditionals.css/wp-content/plugins/niso-carousel-slider/admin/css/cmb2-select2.css/wp-content/plugins/niso-carousel-slider/admin/css/cmb2-slider-styles.css/wp-content/plugins/niso-carousel-slider/admin/js/cmb2-conditionals.js/wp-content/plugins/niso-carousel-slider/admin/js/cmb2-select2.js/wp-content/plugins/niso-carousel-slider/admin/js/cmb2-slider.js/wp-content/plugins/niso-carousel-slider/admin/js/cmb2.js/wp-content/plugins/niso-carousel-slider/admin/js/colorpicker.js+9 more
Script Paths
/wp-content/plugins/niso-carousel-slider/admin/js/tinymce/tinymce.min.js
Version Parameters
/wp-content/plugins/niso-carousel-slider/includes/css/style.css?ver=/wp-content/plugins/niso-carousel-slider/includes/js/script.js?ver=/wp-content/plugins/niso-carousel-slider/includes/js/jquery.niso-carousel-slider.js?ver=/wp-content/plugins/niso-carousel-slider/admin/js/custom.js?ver=/wp-content/plugins/niso-carousel-slider/admin/js/colorpicker.js?ver=/wp-content/plugins/niso-carousel-slider/admin/js/iconpicker.js?ver=/wp-content/plugins/niso-carousel-slider/admin/js/gallery.js?ver=/wp-content/plugins/niso-carousel-slider/admin/js/cmb2.js?ver=/wp-content/plugins/niso-carousel-slider/admin/js/cmb2-slider.js?ver=/wp-content/plugins/niso-carousel-slider/admin/js/cmb2-select2.js?ver=/wp-content/plugins/niso-carousel-slider/admin/js/cmb2-conditionals.js?ver=/wp-content/plugins/niso-carousel-slider/admin/css/cmb2-slider-styles.css?ver=/wp-content/plugins/niso-carousel-slider/admin/css/cmb2-select2.css?ver=/wp-content/plugins/niso-carousel-slider/admin/css/cmb2-conditionals.css?ver=/wp-content/plugins/niso-carousel-slider/includes/css/owl.carousel.min.css?ver=/wp-content/plugins/niso-carousel-slider/includes/js/owl.carousel.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
niso-carousel-slider-wrapperniso-owl-carouselniso_meta_tabniso_carouel_optionsniso-carousel-post-wrapperniso-carousel-colniso_tinymce_button
HTML Comments
<!-- Niso Carousel Slider -->
Data Attributes
data-slider-iddata-slider-navdata-slider-dotsdata-slider-margindata-slider-loopdata-slider-autoplay+10 more
JS Globals
niso_carousel_optionsniso_carousel_slider
Shortcode Output
[niso_carousel_slider
FAQ

Frequently Asked Questions about Niso Carousel Slider