WP-Safety

Post Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post Slider Security & Risk Analysis

wordpress.org/plugins/post-slider-and-carousel

Post Slider and Post Carousel display WordPress post in slider and carousel layouts with shortcode and Latest/Recent vertical post scrolling widget.

10K active installs v3.5.5 PHP 5.4+ WP 6.1+ Updated Mar 7, 2026
blogpost-carouselpost-sliderrecent-postvertical-post-scrolling
99
A · Safe
CVEs total1
Unpatched0
Last CVEMay 13, 2025
Plugin page Download
Safety Verdict

Is Post Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post Slider Safe to Use in 2026?

Generally Safe

Score 99/100

Post Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post Slider has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: May 13, 2025Updated 27d ago
Risk Assessment

The post-slider-and-carousel plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries, implementing nonce checks for all entry points, and conducting capability checks. The vast majority of output is properly escaped, and there are no external HTTP requests or file operations, which reduces common attack vectors. However, concerns arise from the taint analysis, which revealed 5 flows with unsanitized paths and 2 high-severity taint flows. These high-severity flows indicate potential for serious vulnerabilities if not addressed. The vulnerability history, while currently showing no unpatched CVEs, shows a past medium-severity Cross-Site Scripting vulnerability. This, coupled with the high-severity taint flows, suggests that inputs to the plugin may not always be sufficiently validated, potentially leading to injection attacks or XSS if these paths are exploited. The plugin has a history of vulnerabilities, indicating a need for continued vigilance in secure coding practices.

Key Concerns

  • High severity taint flows detected
  • Unsanitized paths found in taint flows
  • Past medium severity XSS vulnerability
  • Bundled outdated Freemius library (v1.0)
Vulnerabilities
1

Post Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post Slider Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-4567medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Post Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post Slider <= 3.2.9 - Authenticated (Admin+) Stored Cross-Site Scripting

May 13, 2025 Patched in 3.2.10 (25d)
Code Analysis
Analyzed Mar 16, 2026

Post Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post Slider Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
48
544 escaped
Nonce Checks
6
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
2

Bundled Libraries

Select2Freemius1.0

Output Escaping

92% escaped592 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

8 flows5 with unsanitized paths
search_box (includes\admin\shortcode-builder\class-psacp-layout-list.php:258)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Post Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post Slider Attack Surface

Entry Points6
Unprotected0

AJAX Handlers 2

authwp_ajax_psac_get_shrt_params_dataincludes\admin\shortcode-builder\class-psacp-shortcode-generator.php:19
authwp_ajax_psac_category_suggincludes\admin\shortcode-builder\class-psacp-shortcode-generator.php:22

REST API Routes 1

GET/wp-json/psacp-layout-selector/v1/search-layoutsincludes\blocks\psacp-blocks.php:39

Shortcodes 3

[psac_post_carousel] includes\shortcodes\psacp-post-carousel.php:170
[psac_post_slider] includes\shortcodes\psacp-post-slider.php:169
[psacp_tmpl] includes\shortcodes\psacp-shrt-tmpl.php:74
WordPress Hooks 33
actionadmin_menuincludes\admin\class-psacp-admin.php:19
actioncurrent_screenincludes\admin\class-psacp-admin.php:22
actionadmin_initincludes\admin\class-psacp-admin.php:25
filterpost_row_actionsincludes\admin\class-psacp-admin.php:28
actionadd_meta_boxesincludes\admin\class-psacp-metabox.php:19
actionpsac_settings_tab_cssincludes\admin\settings\psacp-css-settings.php:56
actionpsac_settings_tab_generalincludes\admin\settings\psacp-general-settings.php:128
actionpsac_settings_tab_miscincludes\admin\settings\psacp-misc-settings.php:75
actionpsac_settings_tab_proincludes\admin\settings\psacp-pro-settings.php:136
actionadmin_initincludes\admin\settings\psacp-register-settings.php:24
filterpsac_validate_settings_generalincludes\admin\settings\psacp-register-settings.php:181
filterpsac_validate_settings_cssincludes\admin\settings\psacp-register-settings.php:194
filterpsac_validate_settings_miscincludes\admin\settings\psacp-register-settings.php:210
actionpsac_settings_tab_sharingincludes\admin\settings\psacp-sharing-settings.php:132
actionpsac_settings_tab_trendingincludes\admin\settings\psacp-trending-settings.php:68
actionpsac_settings_tab_welcomeincludes\admin\settings\psacp-welcome-settings.php:108
actioninitincludes\blocks\psacp-blocks.php:33
actionrest_api_initincludes\blocks\psacp-blocks.php:58
actionupdate_option_active_pluginsincludes\class-psacp-install.php:38
actionadmin_enqueue_scriptsincludes\class-psacp-scripts.php:20
actionwp_enqueue_scriptsincludes\class-psacp-scripts.php:23
actionwp_headincludes\class-psacp-scripts.php:26
actionelementor/editor/after_enqueue_scriptsincludes\class-psacp-scripts.php:29
actionelementor/controls/controls_registeredincludes\integrations\elementor\elementor.php:23
actionelementor/widgets/registerincludes\integrations\elementor\elementor.php:35
actionvc_before_initincludes\integrations\wpbakery\wpbakery.php:59
filtervc_autocomplete_psacp_tmpl_layout_id_callbackincludes\integrations\wpbakery\wpbakery.php:65
filtervc_autocomplete_psacp_tmpl_layout_id_renderincludes\integrations\wpbakery\wpbakery.php:68
actioninitincludes\psacp-post-types.php:60
actionwidgets_initincludes\widgets\class-psacp-widgets.php:25
actionafter_setup_themepost-slider-and-carousel.php:223
actionplugins_loadedpost-slider-and-carousel.php:224
actioninitpost-slider-and-carousel.php:225
Maintenance & Trust

Post Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post Slider Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 7, 2026
PHP min version5.4
Downloads304K

Community Trust

Rating94/100
Number of ratings31
Active installs10K
Alternatives

Post Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post Slider Alternatives

Blog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, News

Blog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, News

blog-designer-pack

A
94

News & Blog plugin for post grid, post slider, post carousel, post filter, masonry, ticker & list category posts using shortcode, Elementor & Divi.

30K 3 CVEs
Carousel, Recent Post Slider and Banner Slider

Carousel, Recent Post Slider and Banner Slider

spice-post-slider

A
100

Display your blog posts with a responsive, customizable slider that works smoothly on all devices.

8K 1 CVE
Blog Designer – Post and Widget

Blog Designer – Post and Widget

blog-designer-for-post-and-widget

A
100

Display Post on your website with 2 designs(Grid and Slider) with 1 widget. Also work with Gutenberg shortcode block.

5K 1 CVE
Post Carousel for Elementor

Post Carousel for Elementor

post-carousel-for-elementor

A
100

Post Carousel for Elementor – Add beautifully responsive and modern post carousels to your Elementor pages with 40+ ready preset styles.

0 No CVEs
AnWP Post Grid and Post Carousel Slider for Elementor

AnWP Post Grid and Post Carousel Slider for Elementor

anwp-post-grid-for-elementor

A
92

Easily create awesome post grids and post carousel sliders. Different widget types, powerful filters, "load more" button and many customizab &hellip;

20K No CVEs
Developer Profile

Post Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post Slider Developer Profile

pluginandplay

1 plugin · 10K total installs

93
trust score
Avg Security Score
99/100
Avg Patch Time
25 days
View full developer profile
Detection Fingerprints

How We Detect Post Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post Slider

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/post-slider-and-carousel/assets/css/slick.css/wp-content/plugins/post-slider-and-carousel/assets/css/slick-theme.css/wp-content/plugins/post-slider-and-carousel/assets/css/psac-public.css/wp-content/plugins/post-slider-and-carousel/assets/css/psac-owl.carousel.min.css/wp-content/plugins/post-slider-and-carousel/assets/css/magnific-popup.css/wp-content/plugins/post-slider-and-carousel/assets/js/slick.min.js/wp-content/plugins/post-slider-and-carousel/assets/js/psac-public.js/wp-content/plugins/post-slider-and-carousel/assets/js/psac-owl.carousel.min.js+3 more
Script Paths
/wp-content/plugins/post-slider-and-carousel/assets/js/slick.min.js/wp-content/plugins/post-slider-and-carousel/assets/js/psac-public.js/wp-content/plugins/post-slider-and-carousel/assets/js/psac-owl.carousel.min.js/wp-content/plugins/post-slider-and-carousel/assets/js/jquery.magnific-popup.min.js/wp-content/plugins/post-slider-and-carousel/assets/js/psac-admin.js
Version Parameters
post-slider-and-carousel/assets/css/slick.css?ver=post-slider-and-carousel/assets/css/slick-theme.css?ver=post-slider-and-carousel/assets/css/psac-public.css?ver=post-slider-and-carousel/assets/css/psac-owl.carousel.min.css?ver=post-slider-and-carousel/assets/css/magnific-popup.css?ver=post-slider-and-carousel/assets/js/slick.min.js?ver=post-slider-and-carousel/assets/js/psac-public.js?ver=post-slider-and-carousel/assets/js/psac-owl.carousel.min.js?ver=post-slider-and-carousel/assets/js/jquery.magnific-popup.min.js?ver=post-slider-and-carousel/assets/js/psac-admin.js?ver=post-slider-and-carousel/assets/css/psac-admin.css?ver=

HTML / DOM Fingerprints

CSS Classes
psac-post-sliderpsac-post-carouselpsac-slick-sliderpsac-owl-carouselpsac-popup-gallery
HTML Comments
<!-- POST SLIDER AND CAROUSEL END -->
Data Attributes
data-psac-iddata-psac-settings
JS Globals
psac_public_ajax_objectpsac_admin_ajax_object
REST Endpoints
/wp-json/psac/v1/search_posts
Shortcode Output
[psac_post_slider][psac_post_carousel]
FAQ

Frequently Asked Questions about Post Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post Slider