Does Poros Slider have any unpatched vulnerabilities?

No. All known vulnerabilities in Poros Slider have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Poros Slider compatible with WordPress 3.4.2?

According to WordPress.org data, Poros Slider 1.0.1 has been tested up to WordPress 3.4.2. Check the plugin's changelog for the latest compatibility information.

How often is Poros Slider updated?

Poros Slider was last updated on Nov 14, 2012. Frequent updates are generally a positive security signal.

What is Poros Slider's security score?

Poros Slider has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Poros Slider Security & Risk Analysis

wordpress.org/plugins/poros-slider

Create a beautiful slideshow with an optional vertical scroller and fully customizable caption.

10 active installs v1.0.1 PHP + WP 3.0.1+ Updated Nov 14, 2012

imagepresentationslidesliderslideshow

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Poros Slider Safe to Use in 2026?

Generally Safe

Score 85/100

Poros Slider has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago

Risk Assessment

The poros-slider plugin v1.0.1 exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL query security, utilizing prepared statements exclusively, and it has no recorded vulnerability history (CVEs). The attack surface appears minimal, with only one shortcode entry point and no unprotected AJAX handlers or REST API routes. Furthermore, the plugin makes no external HTTP requests, reducing the risk of supply chain attacks or SSRF vulnerabilities.

However, several significant concerns are raised by the static analysis. The presence of the `create_function` dangerous function is a red flag, as it can be a vector for code injection if not handled with extreme care, especially if user-supplied data is involved in its execution. More critically, a complete lack of output escaping is a major weakness, directly exposing the plugin to Cross-Site Scripting (XSS) vulnerabilities. Any data displayed to users without proper sanitization and escaping can be manipulated to inject malicious scripts. The absence of nonce checks and capability checks, while not immediately exploitable due to the limited entry points, indicates a lack of robust authorization and CSRF protection mechanisms, which could become problematic if the attack surface expands or if functionality is introduced later.

In conclusion, while the plugin has a clean vulnerability history and good SQL practices, the critical flaw of unescaped output and the presence of a dangerous function, combined with missing security checks, present a notable risk of XSS and potential code execution. These issues need to be addressed to improve the overall security of the plugin.

Key Concerns

No output escaping
Dangerous function used (create_function)
No nonce checks
No capability checks

Vulnerabilities

None known

Poros Slider Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Poros Slider Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_action( 'plugins_loaded', create_function( '', '$poros_admin_plugin = new Poros_Admin_Plugin;' )includes\porosadmin.php:926

SQL Query Safety

100% prepared6 total queries

Output Escaping

0% escaped37 total outputs

Attack Surface

Poros Slider Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[poros_show] poroslider.php:53

WordPress Hooks 8

actioninitincludes\porosadmin.php:22

actionadmin_initincludes\porosadmin.php:23

actionadmin_initincludes\porosadmin.php:24

actionadmin_initincludes\porosadmin.php:25

actionadmin_initincludes\porosadmin.php:26

actionadmin_menuincludes\porosadmin.php:27

actionplugins_loadedincludes\porosadmin.php:926

actiontemplate_redirectincludes\porosclient.php:3

Maintenance & Trust

Poros Slider Maintenance & Trust

Maintenance Signals

WordPress version tested3.4.2

Last updatedNov 14, 2012

PHP min version

Downloads5K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

Poros Slider Alternatives

Smart Slider 3

smart-slider-3

Responsive slider plugin to create sliders in visual editor easily. Build beautiful image slider, layer slider, video slider, post slider, and more.

800K 8 CVEs

Serious Slider

cryout-serious-slider

Serious Slider is a free highly efficient SEO friendly fully translatable accessibility ready image slider for WordPress. Seriously!

20K 4 CVEs

Slider by 10Web – Responsive Image Slider

slider-wd

Slider by 10Web plugin is the perfect slider solution for Wordpress.

20K 10 CVEs

Ovation Elements

ovation-elements

Transform your site with captivating sliders. Perfect for beginners and advanced users. Create and customize with our ultimate slider plugin.

10K 1 CVE

Wonder Slider Lite

wonderplugin-slider-lite

Fully responsive WordPress slider - 3D transition effects, built-in Lightbox gallery, supports images, mp4 videos, YouTube, Vimeo and WordPress posts.

9K 2 CVEs

Developer Profile

Poros Slider Developer Profile

jleo2255

2 plugins · 30 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Poros Slider

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/poros-slider/css/porosadminstyle.css/wp-content/plugins/poros-slider/js/porosadminscript.js

Version Parameters

porosadminstyle.css?ver=porosadminscript.js?ver=

HTML / DOM Fingerprints

CSS Classes

jcm_poros_containerjcm_poros_slide_showjcm_poros_slide_captionjcm_poros_thumb_slidejcm_poros_downnav_nextjcm_poros_forwardnav_nextjcm_poros_backnav_back

HTML Comments

/*
    Copyright 2012  JAMES MCBRIDE  (email : jleo2525@hotmail.com)

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License, version 2, as 
    published by the Free Software Foundation.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
*/

 * The main plugin class, holds everything our plugin does,
 * initialized right after declaration

 * Add shortcode so show can be displayed on home page

shortcode adds divs that jQuery fills on the client side.

Data Attributes

id="jcm_poros_container"id="jcm_poros_slide_show"id="jcm_poros_slide_caption"id="jcm_poros_thumb_slide"id="jcm_poros_downnav_next"id="jcm_poros_forwardnav_next"+1 more

JS Globals

jcm_poros_shortcode_page

Shortcode Output

<div id="jcm_poros_container"><div id="jcm_poros_slide_show"><div id="jcm_poros_slide_caption"></div></div><div id="jcm_poros_thumb_slide"></div><a href="#" id="jcm_poros_downnav_next"></a><a href="#" id="jcm_poros_forwardnav_next"></a><a href="#" id="jcm_poros_backnav_back"></a></div>

FAQ