Does Post Carousel & Slider have any unpatched vulnerabilities?

Yes — Post Carousel & Slider currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Post Carousel & Slider compatible with WordPress 6.5.8?

According to WordPress.org data, Post Carousel & Slider 1.0.4 has been tested up to WordPress 6.5.8. Check the plugin's changelog for the latest compatibility information.

Is Post Carousel & Slider compatible with PHP 7.1+?

Post Carousel & Slider requires PHP 7.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Post Carousel & Slider updated?

Post Carousel & Slider was last updated on Mar 1, 2025. Frequent updates are generally a positive security signal.

What is Post Carousel & Slider's security score?

Post Carousel & Slider has a WP-Safety security score of 70/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Post Carousel & Slider Security & Risk Analysis

wordpress.org/plugins/post-types-carousel-slider

Post Carousel & Slider is simple way to build slider and carousel.

300 active installs v1.0.4 PHP 7.1+ WP 5.0+ Updated Mar 1, 2025

carouselpost-carouselpost-sliderresponsive-sliderslider

B · Generally Safe

CVEs total2

Unpatched1

Last CVEJan 14, 2025

Plugin page Download

Safety Verdict

Is Post Carousel & Slider Safe to Use in 2026?

Mostly Safe

Score 70/100

Post Carousel & Slider is generally safe to use though it hasn't been updated recently. 2 past CVEs were resolved. Keep it updated.

2 known CVEs 1 unpatched Last CVE: Jan 14, 2025Updated 1yr ago

Risk Assessment

The 'post-types-carousel-slider' plugin exhibits a mixed security posture. While it demonstrates good practices by exclusively using prepared statements for SQL queries and a high percentage of properly escaped output, significant concerns arise from its attack surface. A notable number of AJAX handlers lack authentication checks, creating potential entry points for unauthorized actions. The absence of nonce checks on these AJAX handlers further exacerbates this risk. The vulnerability history reveals a pattern of medium-severity Cross-Site Scripting (XSS) vulnerabilities, with one actively unpatched CVE. This indicates a recurring weakness in input sanitization or output escaping in specific contexts, despite the generally good overall output escaping rate. While the plugin doesn't expose dangerous functions, unescaped file operations, or external HTTP requests, the combination of unprotected entry points and a history of XSS vulnerabilities suggests a Moderate to High risk, particularly for sites utilizing the plugin's AJAX functionalities without additional security measures.

Key Concerns

Unpatched CVE
AJAX handlers without auth checks
Missing nonce checks on AJAX
Unsanitized paths in taint flows
Medium severity CVE history (XSS)

Vulnerabilities

Post Carousel & Slider Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-22750medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Post Carousel & Slider <= 1.0.4 - Reflected Cross-Site Scripting

Jan 14, 2025Unpatched

CVE-2024-11770medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Post Carousel & Slider <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 13, 2024 Patched in 1.0.4 (10d)

Code Analysis

Analyzed Mar 16, 2026

Post Carousel & Slider Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

454 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

87% escaped519 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

postcs_page (includes\admin.php:43)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

Post Carousel & Slider Attack Surface

Entry Points6

Unprotected4

AJAX Handlers 4

authwp_ajax_postcs_getdataincludes\ajax.php:9

noprivwp_ajax_postcs_getdataincludes\ajax.php:10

authwp_ajax_postcs_getdataincludes\front.php:6

noprivwp_ajax_postcs_getdataincludes\front.php:7

Shortcodes 2

[post-cs] includes\ajax.php:6

[post-cs] includes\shortcode.php:6

WordPress Hooks 7

actionadmin_menuincludes\admin.php:6

actionadmin_initincludes\admin.php:9

actionadmin_initincludes\admin.php:12

actionwp_headincludes\css_js.php:6

actionwp_enqueue_scriptsincludes\css_js.php:9

actionadmin_enqueue_scriptsincludes\css_js.php:12

actionadmin_footerincludes\css_js.php:15

Maintenance & Trust

Post Carousel & Slider Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8

Last updatedMar 1, 2025

PHP min version7.1

Downloads9K

Community Trust

Rating100/100

Number of ratings4

Active installs300

Alternatives

Post Carousel & Slider Alternatives

Blog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, News

blog-designer-pack

News & Blog plugin for post grid, post slider, post carousel, post filter, masonry, ticker & list category posts using shortcode, Elementor & Divi.

30K 3 CVEs

AnWP Post Grid and Post Carousel Slider for Elementor

anwp-post-grid-for-elementor

Easily create awesome post grids and post carousel sliders. Different widget types, powerful filters, "load more" button and many customizab …

20K No CVEs

Post Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post Slider

post-slider-and-carousel

Post Slider and Post Carousel display WordPress post in slider and carousel layouts with shortcode and Latest/Recent vertical post scrolling widget.

10K 1 CVE

Carousel, Recent Post Slider and Banner Slider

spice-post-slider

100

Display your blog posts with a responsive, customizable slider that works smoothly on all devices.

8K 1 CVE

Post Carousel Slider for Elementor

post-carousel-slider-for-elementor

Post Carousel Slider for Elementor, Elementor Post Slider, Elementor Post Carousel help to add post carousel with Elementor

3K 1 unpatched

Developer Profile

Post Carousel & Slider Developer Profile

Patel

2 plugins · 380 total installs

trust score

Avg Security Score

71/100

Avg Patch Time

10 days

View full developer profile

Detection Fingerprints

How We Detect Post Carousel & Slider

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/post-types-carousel-slider/assets/css/animate.css/wp-content/plugins/post-types-carousel-slider/assets/css/post-cs.css/wp-content/plugins/post-types-carousel-slider/assets/js/jquery.mousewheel.min.js/wp-content/plugins/post-types-carousel-slider/assets/js/jquery.touchSwipe.min.js/wp-content/plugins/post-types-carousel-slider/assets/js/post-cs.js

Script Paths

/wp-content/plugins/post-types-carousel-slider/assets/js/post-cs.js

HTML / DOM Fingerprints

CSS Classes

post-cs

Data Attributes

data-mwdata-ildata-ts

JS Globals

ajaxurl

Shortcode Output

<div id='post-cs'

FAQ