Does Post Carousel Slider for Elementor have any unpatched vulnerabilities?

Yes — Post Carousel Slider for Elementor currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Post Carousel Slider for Elementor compatible with WordPress 6.8.5?

According to WordPress.org data, Post Carousel Slider for Elementor 1.7.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Post Carousel Slider for Elementor compatible with PHP 7.2+?

Post Carousel Slider for Elementor requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Post Carousel Slider for Elementor updated?

Post Carousel Slider for Elementor was last updated on Jun 23, 2025. Frequent updates are generally a positive security signal.

What is Post Carousel Slider for Elementor's security score?

Post Carousel Slider for Elementor has a WP-Safety security score of 75/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Post Carousel Slider for Elementor Security & Risk Analysis

wordpress.org/plugins/post-carousel-slider-for-elementor

Post Carousel Slider for Elementor, Elementor Post Slider, Elementor Post Carousel help to add post carousel with Elementor

3K active installs v1.7.0 PHP 7.2+ WP 5.0+ Updated Jun 23, 2025

elementor-post-carouselelementor-post-sliderpost-carouselpost-carousel-elementorpost-slider

B · Generally Safe

CVEs total3

Unpatched1

Last CVESep 22, 2025

Plugin page Download

Safety Verdict

Is Post Carousel Slider for Elementor Safe to Use in 2026?

Mostly Safe

Score 75/100

Post Carousel Slider for Elementor is generally safe to use. 3 past CVEs were resolved. Keep it updated.

3 known CVEs 1 unpatched Last CVE: Sep 22, 2025Updated 9mo ago

Risk Assessment

The 'post-carousel-slider-for-elementor' plugin v1.7.0 exhibits a mixed security posture. While it demonstrates good practices like using prepared statements for all SQL queries and a high percentage of properly escaped output, significant concerns remain regarding its attack surface. The presence of one AJAX handler without authentication checks is a critical weakness, potentially allowing unauthorized users to trigger unintended functionality. The plugin's history of three known CVEs, with one remaining unpatched, particularly in the categories of missing authorization and cross-site scripting, is also a major red flag. This pattern suggests recurring security oversights in handling user input and access control, which could be exploited by attackers. Although the static analysis did not reveal critical or high severity taint flows, the combination of an unprotected entry point and a history of exploitable vulnerabilities indicates a moderate to high risk.

Key Concerns

Unprotected AJAX handler
Unpatched CVE detected
History of Missing Authorization vulnerabilities
History of XSS vulnerabilities
Bundled Freemius library

Vulnerabilities

Post Carousel Slider for Elementor Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

2 CVEs in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2025-57955medium · 5.4Missing Authorization

Post Carousel Slider for Elementor <= 1.7.0 - Missing Authorization

Sep 22, 2025Unpatched

CVE-2025-3863medium · 4.3Missing Authorization

Post Carousel Slider for Elementor <= 1.6.0 - Authenticated (Subscriber+) Missing Authorization via process_wbelps_promo_form Function

Jun 25, 2025 Patched in 1.7.0 (1d)

CVE-2024-53749medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Post Carousel Slider for Elementor <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Nov 28, 2024 Patched in 1.6.0 (152d)

Code Analysis

Analyzed Mar 17, 2026

Post Carousel Slider for Elementor Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

71 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

FreemiusjQuery

Output Escaping

85% escaped84 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

goodbye_form_callback (class-plugin-deactivate-feedback.php:365)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Post Carousel Slider for Elementor Attack Surface

Entry Points3

Unprotected1

AJAX Handlers 3

authwp_ajax_wb_ps_goodbye_formclass-plugin-deactivate-feedback.php:63

authwp_ajax_wb_ps_review_transientclass-plugin-review.php:21

authwp_ajax_process_wbelps_promo_formsupport-page\class-support-page.php:24

WordPress Hooks 25

actionadmin_menuadmin\admin-pages.php:2

actionadmin_enqueue_scriptsadmin\admin-pages.php:101

actionadmin_initadmin\admin-pages.php:114

actionadmin_noticesadmin\notices\support.php:10

actionadmin_noticesadmin\post-slider-utils.php:16

actionadmin_noticesadmin\post-slider-utils.php:22

actionadmin_noticesadmin\post-slider-utils.php:28

actionadmin_enqueue_scriptsadmin\post-slider-utils.php:33

actionelementor/frontend/after_enqueue_stylesadmin\post-slider-utils.php:34

actionelementor/frontend/after_register_scriptsadmin\post-slider-utils.php:37

actionelementor/widgets/registeradmin\post-slider-utils.php:40

actionadmin_footer-plugins.phpclass-plugin-deactivate-feedback.php:62

actionadmin_enqueue_scriptsclass-plugin-deactivate-feedback.php:65

filterwp_mail_content_typeclass-plugin-deactivate-feedback.php:119

actionadmin_noticesclass-plugin-review.php:19

actionadmin_footerclass-plugin-review.php:20

actionelementor/initpost-slider-for-elementor.php:43

actionplugins_loadedpost-slider-for-elementor.php:101

actionwp_footerpost-slider-for-elementor.php:103

filtercustom_menu_orderpost-slider-for-elementor.php:146

actionupgrader_process_completepost-slider-for-elementor.php:155

actioninitpost-slider-for-elementor.php:156

actionwp_headsupport-page\class-support-page.php:6

actionadmin_enqueue_scriptssupport-page\class-support-page.php:147

actionadmin_menusupport-page\class-support-page.php:176

Maintenance & Trust

Post Carousel Slider for Elementor Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJun 23, 2025

PHP min version7.2

Downloads81K

Community Trust

Rating90/100

Number of ratings50

Active installs3K

Alternatives

Post Carousel Slider for Elementor Alternatives

Post slider widget for Elementor

post-slider-widget-for-elementor

Post Slider Widget for Elementor helps you to display your wordpress post as a slider. This plugin helps you to create beautiful Post slider with Post …

0 No CVEs

Blog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, News

blog-designer-pack

News & Blog plugin for post grid, post slider, post carousel, post filter, masonry, ticker & list category posts using shortcode, Elementor & Divi.

30K 3 CVEs

AnWP Post Grid and Post Carousel Slider for Elementor

anwp-post-grid-for-elementor

Easily create awesome post grids and post carousel sliders. Different widget types, powerful filters, "load more" button and many customizab …

20K No CVEs

Post Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post Slider

post-slider-and-carousel

Post Slider and Post Carousel display WordPress post in slider and carousel layouts with shortcode and Latest/Recent vertical post scrolling widget.

10K 1 CVE

Carousel, Recent Post Slider and Banner Slider

spice-post-slider

100

Display your blog posts with a responsive, customizable slider that works smoothly on all devices.

8K 1 CVE

Developer Profile

Post Carousel Slider for Elementor Developer Profile

Plugin Devs

14 plugins · 18K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

60 days

View full developer profile

Detection Fingerprints

How We Detect Post Carousel Slider for Elementor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/post-carousel-slider-for-elementor/admin/css/admin-style.css/wp-content/plugins/post-carousel-slider-for-elementor/admin/js/admin-script.js/wp-content/plugins/post-carousel-slider-for-elementor/assets/css/post-slider-style.css/wp-content/plugins/post-carousel-slider-for-elementor/assets/js/slick.min.js/wp-content/plugins/post-carousel-slider-for-elementor/assets/js/post-slider-script.js

Script Paths

/wp-content/plugins/post-carousel-slider-for-elementor/admin/js/admin-script.js/wp-content/plugins/post-carousel-slider-for-elementor/assets/js/slick.min.js/wp-content/plugins/post-carousel-slider-for-elementor/assets/js/post-slider-script.js

Version Parameters

post-carousel-slider-for-elementor/admin/css/admin-style.css?ver=post-carousel-slider-for-elementor/admin/js/admin-script.js?ver=post-carousel-slider-for-elementor/assets/css/post-slider-style.css?ver=post-carousel-slider-for-elementor/assets/js/slick.min.js?ver=post-carousel-slider-for-elementor/assets/js/post-slider-script.js?ver=

HTML / DOM Fingerprints

CSS Classes

wb_ps-up-pro-linkwb-post-slider-wrap

HTML Comments

/*
Welcome to the Custom CSS editor!

Please add all your custom CSS here and avoid modifying the core plugin files. Don't use <style> tag
*/

/*
Welcome to the Custom JS editor!

Please add all your custom JS here and avoid modifying the core plugin files. Don't use <script> tag
*/

Data Attributes

name="wb_ps_custom_css"id="wb_ps_custom_css"name="wb_ps_custom_js"id="wb_ps_custom_js"

JS Globals

WB_PS_PRO_LINK

FAQ