WP-Safety

Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts Security & Risk Analysis

wordpress.org/plugins/post-carousel

Display posts, pages, and taxonomies in beautiful carousel, slider, and grid layouts with advanced filtering. Customizable, Developer-friendly.

20K active installs v3.0.13 PHP + WP 5.0+ Updated Mar 25, 2026
latest-postspopular-postspost-gridpost-timelinerecent-posts
90
A · Safe
CVEs total5
Unpatched0
Last CVEApr 13, 2026
Plugin page Download
Safety Verdict

Is Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts Safe to Use in 2026?

Generally Safe

Score 90/100

Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

5 known CVEsLast CVE: Apr 13, 2026Updated 1mo ago
Risk Assessment

The post-carousel plugin version 3.0.12 presents a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and a high percentage of properly escaped outputs, there are notable areas of concern. The presence of two AJAX handlers without authentication checks represents a direct attack vector that could be exploited by unauthenticated users. Furthermore, the static analysis flagged the use of the 'unserialize' function, which can be dangerous if used with untrusted input, though no critical or high severity taint flows were identified in the provided data. The plugin's vulnerability history, with a total of four known CVEs including one high-severity vulnerability in the past, indicates a pattern of past security weaknesses. This suggests that while the current version might have addressed previous issues, the historical trend warrants caution and diligent monitoring for future updates. Overall, the plugin has strengths in its handling of database queries and output sanitization but weaknesses in its access control for AJAX endpoints and past security incidents that require attention.

Key Concerns

  • Unprotected AJAX handlers
  • Use of unserialize function
  • History of high severity vulnerability
  • History of medium severity vulnerabilities
Vulnerabilities
5 published

Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
1 CVE in 2023
2023
2 CVEs in 2024
2024
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

High
2
Medium
3

5 total CVEs

CVE-2026-3017high · 7.2Deserialization of Untrusted Data

Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts <= 3.0.12 - Authenticated (Administrator+) PHP Object Injection

Apr 13, 2026 Patched in 3.0.13 (1d)
CVE-2024-8187medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Smart Post Show <= 3.0.0 - Authenticated (Editor+) Stored Cross-Site Scripting via Pagination Color

Oct 8, 2024 Patched in 3.0.1 (1d)
CVE-2024-3996medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Post Grid, Post Carousel, & List Category Posts <= 2.4.27 - Authenticated (Editor+) Stored Cross-Site Scripting

Apr 4, 2024 Patched in 2.4.28 (104d)
CVE-2023-0097medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Post Grid, Post Carousel, & List Category Posts <= 2.4.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Jan 6, 2023 Patched in 2.4.19 (382d)
WF-3f2d6c42-4baa-4d15-934f-0f8998c7d654-post-carouselhigh · 7.3Improper Access Control

Post Carousel < 2.3.5 - Missing Capabilities Check

Aug 16, 2021 Patched in 2.3.5 (890d)
Version History

Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts Release Timeline

v3.0.13Current
v3.0.121 CVE
CVE-2026-3017
v3.0.111 CVE
CVE-2026-3017
v3.0.101 CVE
CVE-2026-3017
v3.0.91 CVE
CVE-2026-3017
v3.0.81 CVE
CVE-2026-3017
v3.0.71 CVE
CVE-2026-3017
v3.0.61 CVE
CVE-2026-3017
v3.0.51 CVE
CVE-2026-3017
v3.0.41 CVE
CVE-2026-3017
v3.0.31 CVE
CVE-2026-3017
v3.0.21 CVE
CVE-2026-3017
v3.0.11 CVE
CVE-2026-3017
v3.0.02 CVEs
CVE-2024-8187 CVE-2026-3017
v2.4.292 CVEs
CVE-2024-8187 CVE-2026-3017
v2.4.282 CVEs
CVE-2024-8187 CVE-2026-3017
v2.4.273 CVEs
CVE-2024-8187 CVE-2026-3017 CVE-2024-3996
v2.4.263 CVEs
CVE-2024-8187 CVE-2026-3017 CVE-2024-3996
v2.4.253 CVEs
CVE-2024-8187 CVE-2026-3017 CVE-2024-3996
v2.4.243 CVEs
CVE-2024-8187 CVE-2026-3017 CVE-2024-3996
Code Analysis
Analyzed Mar 16, 2026

Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
8 prepared
Unescaped Output
72
816 escaped
Nonce Checks
12
Capability Checks
9
File Operations
0
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

unserialize$plugins = unserialize( $response['body'] );admin\help-page\class-sps-recommended.php:169

SQL Query Safety

100% prepared8 total queries

Output Escaping

92% escaped888 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

4 flows
dismiss_offer_banner (admin\views\notices\offer-banner.php:154)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts Attack Surface

Entry Points11
Unprotected2

AJAX Handlers 8

authwp_ajax_spf_preview_meta_boxadmin\preview\class-spsp-preview.php:49
authwp_ajax_shapedplugin_dismiss_offer_banneradmin\views\notices\offer-banner.php:36
authwp_ajax_smart-post-show-never-show-review-noticeadmin\views\notices\review.php:27
authwp_ajax_sps_get_taxonomiesadmin\views\sp-framework\functions\actions.php:56
authwp_ajax_sps_get_termsadmin\views\sp-framework\functions\actions.php:89
authwp_ajax_spf-chosenadmin\views\sp-framework\functions\actions.php:117
authwp_ajax_pcp_export_shortcodesincludes\class-smart-post-show.php:225
authwp_ajax_pcp_import_shortcodesincludes\class-smart-post-show.php:226

Shortcodes 3

[smart_post_show] public\class-smart-post-show-public.php:57
[sp_postcarousel] public\class-smart-post-show-public.php:58
[post-carousel] public\class-smart-post-show-public.php:59
WordPress Hooks 48
actionafter_setup_themeadmin\class-smart-post-show-admin.php:66
filterplugin_action_linksadmin\class-smart-post-show-admin.php:69
actionelementor/preview/enqueue_stylesadmin\class-smart-post-show-element-shortcode-addons-deprecated.php:68
actionelementor/preview/enqueue_scriptsadmin\class-smart-post-show-element-shortcode-addons-deprecated.php:69
actionelementor/editor/before_enqueue_scriptsadmin\class-smart-post-show-element-shortcode-addons-deprecated.php:70
actionelementor/initadmin\class-smart-post-show-element-shortcode-addons-deprecated.php:142
actionelementor/widgets/registeradmin\class-smart-post-show-element-shortcode-addons-deprecated.php:159
actionelementor/preview/enqueue_stylesadmin\class-smart-post-show-element-shortcode-addons.php:68
actionelementor/preview/enqueue_scriptsadmin\class-smart-post-show-element-shortcode-addons.php:69
actionelementor/editor/before_enqueue_scriptsadmin\class-smart-post-show-element-shortcode-addons.php:70
actionelementor/initadmin\class-smart-post-show-element-shortcode-addons.php:142
actionelementor/widgets/registeradmin\class-smart-post-show-element-shortcode-addons.php:159
actioninitadmin\GutenbergBlock\class-smart-post-show-gutenberg-block-init.php:36
actionenqueue_block_editor_assetsadmin\GutenbergBlock\class-smart-post-show-gutenberg-block-init.php:37
actionadmin_menuadmin\help-page\class-sps-recommended.php:63
actionadmin_print_scriptsadmin\help-page\class-sps-recommended.php:69
actionspf_enqueueadmin\help-page\class-sps-recommended.php:70
actionadmin_noticesadmin\views\notices\offer-banner.php:35
actionadmin_noticesadmin\views\notices\review.php:26
actionwp_headadmin\views\sp-framework\classes\abstract.class.php:50
actionadd_meta_boxesadmin\views\sp-framework\classes\metabox.class.php:105
actionsave_postadmin\views\sp-framework\classes\metabox.class.php:106
actionedit_attachmentadmin\views\sp-framework\classes\metabox.class.php:107
actionadmin_menuadmin\views\sp-framework\classes\options.class.php:172
actionadmin_bar_menuadmin\views\sp-framework\classes\options.class.php:173
actionnetwork_admin_menuadmin\views\sp-framework\classes\options.class.php:177
actionafter_setup_themeadmin\views\sp-framework\classes\setup.class.php:103
actioninitadmin\views\sp-framework\classes\setup.class.php:104
actionswitch_themeadmin\views\sp-framework\classes\setup.class.php:105
actionadmin_enqueue_scriptsadmin\views\sp-framework\classes\setup.class.php:106
actionadmin_footeradmin\views\sp-framework\functions\actions.php:156
actioncustomize_controls_print_footer_scriptsadmin\views\sp-framework\functions\actions.php:157
actionplugins_loadedincludes\class-smart-post-show-updates.php:44
actionplugins_loadedincludes\class-smart-post-show.php:186
actioninitincludes\class-smart-post-show.php:197
actionadmin_enqueue_scriptsincludes\class-smart-post-show.php:210
actionadmin_enqueue_scriptsincludes\class-smart-post-show.php:211
filtermanage_sp_post_carousel_posts_columnsincludes\class-smart-post-show.php:213
filteradmin_footer_textincludes\class-smart-post-show.php:214
filterupdate_footerincludes\class-smart-post-show.php:215
actionmanage_sp_post_carousel_posts_custom_columnincludes\class-smart-post-show.php:216
filterplugin_row_metaincludes\class-smart-post-show.php:218
filterpost_updated_messagesincludes\class-smart-post-show.php:220
actionactivated_pluginincludes\class-smart-post-show.php:229
actionwp_enqueue_scriptsincludes\class-smart-post-show.php:241
actionwp_loadedincludes\class-smart-post-show.php:242
filterwp_revisions_to_keepincludes\updates\update-2.4.13.php:31
actionsave_postpublic\class-smart-post-show-public.php:60
Maintenance & Trust

Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 25, 2026
PHP min version
Downloads728K

Community Trust

Rating94/100
Number of ratings207
Active installs20K
Alternatives

Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts Alternatives

GS Posts Grid – Recent Posts, Category Posts, Post Filter, Slider & List

GS Posts Grid – Recent Posts, Category Posts, Post Filter, Slider & List

posts-grid

A
100

GS Posts Grid – A flexible plugin to display posts in Grid, Masonry, Slider, Popup, List, Card, Table, Filter & Justified Gallery views.

100 No CVEs
Content Views – Post Grid & Filter, Recent Posts, Category Posts … (Shortcode, Gutenberg Blocks, and Widgets for Elementor)

Content Views – Post Grid & Filter, Recent Posts, Category Posts … (Shortcode, Gutenberg Blocks, and Widgets for Elementor)

content-views-query-and-display-post-page

A
96

Easy to show posts, pages, custom posts in customizable grid, list, slider, accordion... Available as Widgets (for Elementor), Shortcode, and Blocks.

100K 4 CVEs
Smart Recent Posts Widget

Smart Recent Posts Widget

smart-recent-posts-widget

B
71

Provides advanced recent posts widget,you can display it with thumbnails, excerpt, date, author, comment count and more.

9K 1 unpatched
Custom Layouts – Post + Product grids made easy

Custom Layouts – Post + Product grids made easy

custom-layouts

A
98

Build a list or grid layout of any post type (posts, products, pages + more).

4K 2 CVEs
PE Recent Posts

PE Recent Posts

pe-recent-posts

A
85

The simple plugin that allows you to display image slides with title, description and read more linked to posts from selected category.

2K No CVEs
Developer Profile

Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts Developer Profile

ShapedPlugin LLC

18 plugins · 315K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
361 days
View full developer profile
Detection Fingerprints

How We Detect Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/post-carousel/admin/css/sp-pcp-admin.css/wp-content/plugins/post-carousel/public/css/swiper.min.css/wp-content/plugins/post-carousel/public/css/post-carousel.css/wp-content/plugins/post-carousel/admin/js/sp-pcp-admin.js/wp-content/plugins/post-carousel/public/js/swiper.min.js/wp-content/plugins/post-carousel/public/js/post-carousel.js
Script Paths
/wp-content/plugins/post-carousel/admin/js/sp-pcp-admin.js/wp-content/plugins/post-carousel/public/js/swiper.min.js/wp-content/plugins/post-carousel/public/js/post-carousel.js
Version Parameters
post-carousel/admin/css/sp-pcp-admin.css?ver=post-carousel/public/css/swiper.min.css?ver=post-carousel/public/css/post-carousel.css?ver=post-carousel/admin/js/sp-pcp-admin.js?ver=post-carousel/public/js/swiper.min.js?ver=post-carousel/public/js/post-carousel.js?ver=

HTML / DOM Fingerprints

CSS Classes
sp-pcp-wrappersp-pcp-slidersp-pcp-itemsp-pcp-contentsp-pcp-titlesp-pcp-excerptsp-pcp-readmoresp-pcp-meta+4 more
Data Attributes
data-sp-pcp-options
JS Globals
sp_pcp_params
Shortcode Output
[post_carousel]
FAQ

Frequently Asked Questions about Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts