WP-Safety

Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget Security & Risk Analysis

wordpress.org/plugins/post-grid-carousel-ultimate

The easiest and most useful plugin to display blog posts, pages, or custom posts in beautiful post layouts like post grid, post carousel & post slider

1K active installs v1.7 PHP + WP 4.0+ Updated Jan 23, 2025
post-carouselpost-gridpost-listpost-sliderpost-view
86
A · Safe
CVEs total7
Unpatched0
Last CVEJan 27, 2025
Plugin page Download
Safety Verdict

Is Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget Safe to Use in 2026?

Generally Safe

Score 86/100

Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget has a strong security track record. Known vulnerabilities have been patched promptly.

7 known CVEsLast CVE: Jan 27, 2025Updated 1yr ago
Risk Assessment

The post-grid-carousel-ultimate plugin version 1.7 shows a mixed security posture. On the positive side, the static analysis reveals a low number of unprotected entry points, with all AJAX handlers, REST API routes, and shortcodes appearing to have authorization checks. The plugin also utilizes prepared statements for all SQL queries and has a high percentage of properly escaped output, indicating good practices in these areas. However, the presence of the `unserialize` function without explicit taint analysis results is a significant concern, as deserialization vulnerabilities can be severe. The historical vulnerability data paints a worrying picture, with 7 known CVEs, including 4 high and 3 medium severity issues. The common vulnerability types like Remote File Inclusion, Path Traversal, Cross-site Scripting, and Deserialization of Untrusted Data suggest recurring weaknesses that attackers have exploited in the past. The fact that the last vulnerability was in early 2025 and none are currently unpatched is a positive sign for this specific version, but the history indicates a pattern of past security flaws that demand vigilance.

Key Concerns

  • Dangerous function `unserialize` detected
  • Total known CVEs: 7 (4 high, 3 medium)
  • Vulnerability history includes RFI and Path Traversal
  • Vulnerability history includes XSS
  • Vulnerability history includes Deserialization of Untrusted Data
  • Vulnerability history includes Missing Authorization
Vulnerabilities
7

Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget Security Vulnerabilities

CVEs by Year

2 CVEs in 2022
2022
2 CVEs in 2024
2024
3 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
4
Medium
3

7 total CVEs

CVE-2025-24782high · 8.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Post Grid, Slider & Carousel Ultimate <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion

Jan 27, 2025 Patched in 1.7 (8d)
CVE-2024-13409high · 7.5Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion via post_type_ajax_handler()

Jan 23, 2025 Patched in 1.7 (1d)
CVE-2024-13408high · 7.5Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion

Jan 23, 2025 Patched in 1.7 (1d)
CVE-2024-29925medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Post Grid, Slider & Carousel Ultimate <= 1.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 25, 2024 Patched in 1.6.7 (8d)
CVE-2024-2006high · 8.8Deserialization of Untrusted Data

Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.7 - Authenticated (Contributor+) PHP Object Injection in outpost_shortcode_metabox_markup

Mar 5, 2024 Patched in 1.6.8 (149d)
WF-84003388-c47c-41db-8d2d-4643aa375a89-post-grid-carousel-ultimatemedium · 4.3Missing Authorization

Appsero <= 1.2.1 - Missing Authorization

Dec 16, 2022 Patched in 1.6.4 (699d)
CVE-2022-1266medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Post Grid, Slider & Carousel Ultimate <= 1.4.3 - Authenticated (Admin+) Cross-Site Scripting

May 26, 2022 Patched in 1.5.0 (607d)
Code Analysis
Analyzed Mar 16, 2026

Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
2 prepared
Unescaped Output
76
389 escaped
Nonce Checks
4
Capability Checks
7
File Operations
1
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

unserialize$unserialized_data = unserialize( base64_decode( $wcpscu_data ) );post-grid-and-carousel-ultimate.php:128

SQL Query Safety

100% prepared2 total queries

Output Escaping

84% escaped465 total outputs
Attack Surface

Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget Attack Surface

Entry Points6
Unprotected0

AJAX Handlers 3

authwp_ajax_pgcu_post_typeincludes\classes\ajax.php:13
authwp_ajax_pgcu_sortableincludes\classes\ajax.php:15
noprivwp_ajax_pgcu_sortableincludes\classes\ajax.php:16

Shortcodes 3

[pgcu] includes\classes\shortcode.php:11
[PGCU] includes\classes\shortcode.php:12
[post_grid_carousel] includes\classes\shortcode.php:13
WordPress Hooks 26
actionswitch_themeincludes\appsero\src\Insights.php:132
actionswitch_themeincludes\appsero\src\Insights.php:133
actionadmin_footerincludes\appsero\src\Insights.php:145
actionadmin_noticesincludes\appsero\src\Insights.php:162
actionadmin_initincludes\appsero\src\Insights.php:165
filtercron_schedulesincludes\appsero\src\Insights.php:171
actionadmin_menuincludes\appsero\src\License.php:219
actionafter_switch_themeincludes\appsero\src\License.php:774
actionswitch_themeincludes\appsero\src\License.php:775
filterpre_set_site_transient_update_pluginsincludes\appsero\src\Updater.php:51
filterplugins_apiincludes\appsero\src\Updater.php:52
filterpre_set_site_transient_update_themesincludes\appsero\src\Updater.php:61
actioninitincludes\classes\custom-post.php:13
actionadd_meta_boxesincludes\classes\metabox.php:14
actionsave_postincludes\classes\metabox.php:17
actionelementor/widgets/registerincludes\elementor\init.php:11
actioninitincludes\gutenberg\init.php:94
actionadmin_enqueue_scriptspost-grid-and-carousel-ultimate.php:78
actiontemplate_redirectpost-grid-and-carousel-ultimate.php:79
actioninitpost-grid-and-carousel-ultimate.php:80
actionelementor/preview/enqueue_stylespost-grid-and-carousel-ultimate.php:84
actionelementor/preview/enqueue_scriptspost-grid-and-carousel-ultimate.php:85
actionenqueue_block_editor_assetspost-grid-and-carousel-ultimate.php:87
actionadmin_menupost-grid-and-carousel-ultimate.php:89
actionwp_headpost-grid-and-carousel-ultimate.php:90
actionadmin_initpost-grid-and-carousel-ultimate.php:93
Maintenance & Trust

Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedJan 23, 2025
PHP min version
Downloads52K

Community Trust

Rating90/100
Number of ratings8
Active installs1K
Alternatives

Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget Alternatives

Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX

Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX

ultimate-post

A
88

A highly customizable plugin to create news, magazines, and any kind of blog site with post grid, post filter, post slider, and post blocks.

40K 23 CVEs
Blog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, News

Blog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, News

blog-designer-pack

A
94

News & Blog plugin for post grid, post slider, post carousel, post filter, masonry, ticker & list category posts using shortcode, Elementor & Divi.

30K 3 CVEs
AnWP Post Grid and Post Carousel Slider for Elementor

AnWP Post Grid and Post Carousel Slider for Elementor

anwp-post-grid-for-elementor

A
92

Easily create awesome post grids and post carousel sliders. Different widget types, powerful filters, "load more" button and many customizab &hellip;

20K No CVEs
Advanced Post Block – Showcase Posts with Grid, List, Card Layouts and Filters

Advanced Post Block – Showcase Posts with Grid, List, Card Layouts and Filters

advanced-post-block

A
99

Advanced Post Block lets you add dynamic post grids, lists, sliders, and tickers. Filter content by category, tag, author, or custom post type.

10K 1 CVE
Post Blocks & Tools

Post Blocks & Tools

bnm-blocks

A
99

Post grid, post list, and post slider Gutenberg blocks to design blog and magazine layouts easily.

300 1 CVE
Developer Profile

Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget Developer Profile

wpWax

15 plugins · 62K total installs

67
trust score
Avg Security Score
83/100
Avg Patch Time
210 days
View full developer profile
Detection Fingerprints

How We Detect Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/post-grid-carousel-ultimate/admin/css/admin-style.css/wp-content/plugins/post-grid-carousel-ultimate/assets/css/slick.css/wp-content/plugins/post-grid-carousel-ultimate/assets/css/style.css/wp-content/plugins/post-grid-carousel-ultimate/assets/css/magnific-popup.css/wp-content/plugins/post-grid-carousel-ultimate/assets/js/custom.js/wp-content/plugins/post-grid-carousel-ultimate/assets/js/slick.min.js/wp-content/plugins/post-grid-carousel-ultimate/assets/js/jquery.magnific-popup.min.js/wp-content/plugins/post-grid-carousel-ultimate/assets/js/isotope.min.js+4 more
Script Paths
/wp-content/plugins/post-grid-carousel-ultimate/assets/js/custom.js/wp-content/plugins/post-grid-carousel-ultimate/assets/js/slick.min.js/wp-content/plugins/post-grid-carousel-ultimate/assets/js/jquery.magnific-popup.min.js/wp-content/plugins/post-grid-carousel-ultimate/assets/js/isotope.min.js/wp-content/plugins/post-grid-carousel-ultimate/assets/js/imagesloaded.pkgd.min.js/wp-content/plugins/post-grid-carousel-ultimate/assets/js/waypoints.min.js+1 more
Version Parameters
/wp-content/plugins/post-grid-carousel-ultimate/admin/css/admin-style.css?ver=/wp-content/plugins/post-grid-carousel-ultimate/assets/css/slick.css?ver=/wp-content/plugins/post-grid-carousel-ultimate/assets/css/style.css?ver=/wp-content/plugins/post-grid-carousel-ultimate/assets/css/magnific-popup.css?ver=/wp-content/plugins/post-grid-carousel-ultimate/assets/js/custom.js?ver=/wp-content/plugins/post-grid-carousel-ultimate/assets/js/slick.min.js?ver=/wp-content/plugins/post-grid-carousel-ultimate/assets/js/jquery.magnific-popup.min.js?ver=/wp-content/plugins/post-grid-carousel-ultimate/assets/js/isotope.min.js?ver=/wp-content/plugins/post-grid-carousel-ultimate/assets/js/imagesloaded.pkgd.min.js?ver=/wp-content/plugins/post-grid-carousel-ultimate/assets/js/waypoints.min.js?ver=/wp-content/plugins/post-grid-carousel-ultimate/assets/js/isotope.pkgd.min.js?ver=/wp-content/plugins/post-grid-carousel-ultimate/admin/js/admin-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
pgcu-post-gridpgcu-carouselpgcu-grid-itemspgcu-carousel-wrapperpgcu-post-itempgcu-post-titlepgcu-post-excerptpgcu-post-meta+2 more
HTML Comments
<!-- Post Grid & Carousel Ultimate --><!-- Post Grid & Carousel Ultimate Pro -->
Data Attributes
data-pgcu-iddata-pgcu-settings
JS Globals
pgcu_custom_ajax_object
Shortcode Output
[post_grid][post_carousel][post_grid_carousel]
FAQ

Frequently Asked Questions about Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget