Does RS WP Book Showcase – A Complete Book Catalogue & Library System have any unpatched vulnerabilities?

Yes — RS WP Book Showcase – A Complete Book Catalogue & Library System currently has 2 unpatched vulnerabilities. We recommend switching to an alternative or applying any available workarounds.

Is RS WP Book Showcase – A Complete Book Catalogue & Library System compatible with WordPress 6.9.4?

According to WordPress.org data, RS WP Book Showcase – A Complete Book Catalogue & Library System 6.7.58 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is RS WP Book Showcase – A Complete Book Catalogue & Library System compatible with PHP 8.0+?

RS WP Book Showcase – A Complete Book Catalogue & Library System requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

RS WP Book Showcase – A Complete Book Catalogue & Library System Security & Risk Analysis

wordpress.org/plugins/rs-wp-books-showcase

Premier WordPress book gallery plugin, offering advanced search options and multiple layouts for effortless book showcasing.

1K active installs v6.7.58 PHP 8.0+ WP 4.9+ Updated Feb 25, 2026

book-carouselbook-cataloguebook-collectionbook-displaybook-library

C · Use Caution

CVEs total2

Unpatched2

Last CVEMay 16, 2025

Plugin page Download

Safety Verdict

Is RS WP Book Showcase – A Complete Book Catalogue & Library System Safe to Use in 2026?

Use With Caution

Score 57/100

RS WP Book Showcase – A Complete Book Catalogue & Library System has 2 unpatched vulnerabilities. Evaluate alternatives or apply available mitigations.

2 known CVEs 2 unpatched Last CVE: May 16, 2025Updated 1mo ago

Risk Assessment

The 'rs-wp-books-showcase' plugin version 6.7.58 exhibits a mixed security posture. While it demonstrates strengths in areas like the absence of dangerous functions and a reasonable percentage of properly escaped output, significant concerns arise from its attack surface and historical vulnerability data. The plugin exposes a considerable number of entry points, with a notable portion lacking proper authentication or permission checks, particularly AJAX handlers and REST API routes. This uncontrolled access significantly increases the risk of unauthorized actions or data manipulation.

The taint analysis reveals flows with unsanitized paths, which, despite not reaching a critical or high severity in this scan, indicate potential weaknesses in input validation that could be exploited. The vulnerability history is particularly concerning, with two known medium-severity CVEs currently unpatched, both related to code injection and cross-site scripting. This pattern suggests recurring issues with how user input is handled, and the fact that these vulnerabilities are not patched implies a lack of diligent security maintenance or a delayed response to reported issues.

In conclusion, while the plugin has some positive security signals, the combination of a large, unprotected attack surface and a history of unpatched code injection and XSS vulnerabilities points to a moderate to high-security risk. Users should exercise caution and prioritize updating to a version that addresses these historical issues, if available. The current version's unprotected entry points and past vulnerabilities warrant careful consideration.

Key Concerns

Unprotected AJAX handlers
Unprotected REST API routes
Unpatched CVEs (2 medium)
Flows with unsanitized paths
SQL queries without prepared statements

Vulnerabilities

RS WP Book Showcase – A Complete Book Catalogue & Library System Security Vulnerabilities

CVEs by Year

2 CVEs in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-48119medium · 6.5Improper Control of Generation of Code ('Code Injection')

RS WP Book Showcase <= 6.7.41 - Unauthenticated Arbitrary Shortcode Execution

May 16, 2025Unpatched

CVE-2025-47679medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

RS WP Book Showcase <= 6.7.40 - Authenticated (Contributor+) Stored Cross-Site Scripting

May 7, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

RS WP Book Showcase – A Complete Book Catalogue & Library System Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

205

902 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

50% prepared8 total queries

Output Escaping

81% escaped1107 total outputs

Data Flows

6 unsanitized

Data Flow Analysis

9 flows6 with unsanitized paths

rswp_book_showcase_settings_page (admin\settings\general-settings.php:158)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

10 unprotected

RS WP Book Showcase – A Complete Book Catalogue & Library System Attack Surface

Entry Points33

Unprotected10

AJAX Handlers 16

authwp_ajax_rswpbs_setup_book_gallery_pageadmin\setup-book-gallery-page\setup-book-gallery-page.php:135

authwp_ajax_rswpbs_dismiss_setup_noticeadmin\setup-book-gallery-page\setup-book-gallery-page.php:205

authwp_ajax_rswpbs_import_more_booksadmin\setup-book-gallery-page\setup-book-gallery-page.php:235

noprivwp_ajax_handle_ajax_add_to_cartfrontend\enqueue-scripts.php:203

authwp_ajax_handle_ajax_add_to_cartfrontend\enqueue-scripts.php:204

authwp_ajax_load_more_authorsfrontend\shortcodes\authors-shortcode.php:101

noprivwp_ajax_load_more_authorsfrontend\shortcodes\authors-shortcode.php:102

authwp_ajax_rs_wp_book_showcasefrontend\shortcodes\rs-wp-book-showcase-shortcode.php:443

noprivwp_ajax_rs_wp_book_showcasefrontend\shortcodes\rs-wp-book-showcase-shortcode.php:444

authwp_ajax_load_more_seriesfrontend\shortcodes\series-shortcode.php:101

noprivwp_ajax_load_more_seriesfrontend\shortcodes\series-shortcode.php:102

authwp_ajax_rswpbs_refresh_amazon_tag_checkincludes\detect-amz-affiliate-id.php:220

authwp_ajax_rswpbs_amz_dismiss_foreverincludes\import-books-from-json\import-books-from-json-menu-page.php:113

authwp_ajax_rswpbs_amz_remind_laterincludes\import-books-from-json\import-books-from-json-menu-page.php:121

noprivwp_ajax_rswpbs_submit_review_formreview-system\review-form.php:100

authwp_ajax_rswpbs_submit_review_formreview-system\review-form.php:101

REST API Routes 2

GET/wp-json/rswpbs/v1/render-shortcodeblocks\book-gallery\book-gallery-block.php:214

GET/wp-json/rswpbs/v1/plugin-status/includes\register-rest-api-for-plugin-status.php:13

Shortcodes 15

[rswpbs_author_shortcode] frontend\shortcodes\authors-shortcode.php:5

[rswpbs_advanced_search] frontend\shortcodes\book-advanced-search-shortcode.php:3

[rswpbs_book_author_page] frontend\shortcodes\book-author-page.php:5

[rswpbs_book_category_page] frontend\shortcodes\book-category-page.php:5

[rswpbs_book_gallery] frontend\shortcodes\book-grid-shortcode.php:2

[rswpbs_reviews] frontend\shortcodes\book-review-shortcode.php:7

[rswpbs_book_series_page] frontend\shortcodes\book-series-page.php:5

[rswpbs_book_single_page] frontend\shortcodes\book-single-page.php:2

[rswpbs_book_slider] frontend\shortcodes\book-slider-shortcode.php:25

[rswpbs_full_width_book_slider] frontend\shortcodes\full-width-book-slider.php:8

[rswpbs_popup_book] frontend\shortcodes\popup-book-shortcode.php:6

[rs_wp_book_showcase_ajax] frontend\shortcodes\rs-wp-book-showcase-shortcode.php:2

[rswpbs_series_shortcode] frontend\shortcodes\series-shortcode.php:5

[rswpbs_single_book] frontend\shortcodes\single-book-shortcode.php:6

[rswpbs_review_form] review-system\review-form.php:26

WordPress Hooks 84

actionadmin_enqueue_scriptsadmin\init.php:6

actionadmin_enqueue_scriptsadmin\init.php:30

actionadd_meta_boxesadmin\metabox\book-mockup-meta-box.php:12

actionsave_postadmin\metabox\book-mockup-meta-box.php:58

actionadd_meta_boxesadmin\register-cmb.php:12

actionsave_postadmin\register-cmb.php:13

actioninitadmin\register-cpt.php:8

actioninitadmin\register-cpt.php:9

actioninitadmin\register-cpt.php:10

actioninitadmin\register-cpt.php:11

filtermanage_book_posts_columnsadmin\register-cpt.php:12

actionadmin_menuadmin\settings\advanced-search-form.php:20

actionadmin_initadmin\settings\advanced-search-form.php:21

actionadmin_enqueue_scriptsadmin\settings\advanced-search-form.php:22

actionadmin_menuadmin\settings\book-archive-page.php:7

actionadmin_initadmin\settings\book-archive-page.php:72

actionadmin_menuadmin\settings\book-single-page.php:9

actionadmin_initadmin\settings\book-single-page.php:283

actionadmin_menuadmin\settings\change-static-text.php:33

actionadmin_initadmin\settings\change-static-text.php:34

actionadmin_menuadmin\settings\colors-settings.php:30

actionadmin_initadmin\settings\colors-settings.php:100

actionadmin_enqueue_scriptsadmin\settings\colors-settings.php:151

actionadmin_menuadmin\settings\general-settings.php:143

actionadmin_initadmin\settings\general-settings.php:244

actionadmin_enqueue_scriptsadmin\setup-book-gallery-page\setup-book-gallery-page.php:3

actionwp_insert_postadmin\setup-book-gallery-page\setup-book-gallery-page.php:18

actionbefore_delete_postadmin\setup-book-gallery-page\setup-book-gallery-page.php:19

actionadmin_noticesadmin\setup-book-gallery-page\setup-book-gallery-page.php:139

actionin_admin_headeradmin\tutorial.php:2

actionadmin_menuadmin\tutorial.php:22

actionadd_meta_boxesadmin\woocommerce-fields\downloadable-cmb.php:8

actioninitblocks\book-gallery\book-gallery-block.php:137

actionrest_api_initblocks\book-gallery\book-gallery-block.php:220

actionwp_enqueue_scriptsblocks\book-gallery\book-gallery-block.php:277

actionenqueue_block_editor_assetsfrontend\enqueue-scripts.php:5

actionwp_enqueue_scriptsfrontend\enqueue-scripts.php:6

actionwp_footerfrontend\enqueue-scripts.php:206

actionpre_get_postsincludes\default-loop-modify.php:5

actionsave_postincludes\detect-amz-affiliate-id.php:128

actionupdate_optionincludes\detect-amz-affiliate-id.php:138

actionadmin_noticesincludes\detect-amz-affiliate-id.php:204

actionadmin_menuincludes\import-books-from-csv\import-books-from-csv-menu-page.php:3

actionadmin_initincludes\import-books-from-csv\import-books-from-csv-menu-page.php:54

actionadmin_enqueue_scriptsincludes\import-books-from-csv\import-books-from-csv-menu-page.php:87

actionadmin_noticesincludes\import-books-from-json\import-books-from-json-menu-page.php:106

actionadmin_menuincludes\import-books-from-json\import-books-from-json-menu-page.php:124

actionadmin_post_rswpbs_import_books_from_jsonincludes\import-books-from-json\import-books-from-json-menu-page.php:212

actionadmin_enqueue_scriptsincludes\import-books-from-json\import-books-from-json-menu-page.php:282

actionrest_api_initincludes\register-rest-api-for-plugin-status.php:19

actionadmin_noticesincludes\solve-book-not-found-issue.php:56

actionbook-author_add_form_fieldsincludes\taxonomy-meta-fields\taxonomy-meta-fields.php:11

actionbook-author_edit_form_fieldsincludes\taxonomy-meta-fields\taxonomy-meta-fields.php:62

actioncreated_book-authorincludes\taxonomy-meta-fields\taxonomy-meta-fields.php:122

actionedited_book-authorincludes\taxonomy-meta-fields\taxonomy-meta-fields.php:123

actionbook-series_add_form_fieldsincludes\taxonomy-meta-fields\taxonomy-meta-fields.php:150

actionbook-series_edit_form_fieldsincludes\taxonomy-meta-fields\taxonomy-meta-fields.php:169

actioncreated_book-seriesincludes\taxonomy-meta-fields\taxonomy-meta-fields.php:191

actionedited_book-seriesincludes\taxonomy-meta-fields\taxonomy-meta-fields.php:192

actionadmin_enqueue_scriptsincludes\taxonomy-meta-fields\taxonomy-meta-fields.php:205

filtertemplate_includeincludes\template-hook.php:6

filtersingle_templateincludes\template-hook.php:64

actionrswpbs_author_taxonomy_page_headerincludes\template-hook.php:67

actionrswpbs_archive_before_book_loopincludes\template-hook.php:100

actionwpincludes\themes-compatibility\oceanwp.php:11

actionwidgets_initincludes\widgets\books-list.php:141

actionwidgets_initincludes\widgets\featured-book.php:129

actionadmin_menureview-system\import-reviews.php:15

filtermanage_book_reviews_posts_columnsreview-system\review-admin.php:12

actionmanage_book_reviews_posts_custom_columnreview-system\review-admin.php:41

actionadmin_post_approve_reviewreview-system\review-admin.php:61

actionadd_meta_boxesreview-system\review-cmb.php:15

actionsave_postreview-system\review-cmb.php:111

actioninitreview-system\review-cpt.php:42

actionrest_api_initreview-system\review-cpt.php:62

actionrswpbs_book_page_afterreview-system\review-form.php:154

actionrswpbs_book_page_afterreview-system\reviews-list.php:2

actionplugin_loadedrs-wp-books-showcase.php:91

filterbody_classrs-wp-books-showcase.php:92

actionupdate_option_rswpbs_roles_to_manage_booksrs-wp-books-showcase.php:291

actionupdate_option_rswpbs_roles_to_manage_booksrs-wp-books-showcase.php:292

filterwoocommerce_prevent_admin_accessrs-wp-books-showcase.php:297

actionadmin_menurs-wp-books-showcase.php:328

filteruse_block_editor_for_post_typers-wp-books-showcase.php:366

Maintenance & Trust

RS WP Book Showcase – A Complete Book Catalogue & Library System Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 25, 2026

PHP min version8.0

Downloads135K

Community Trust

Rating74/100

Number of ratings22

Active installs1K

Alternatives

RS WP Book Showcase – A Complete Book Catalogue & Library System Alternatives

No alternatives data available yet.

Developer Profile

RS WP Book Showcase – A Complete Book Catalogue & Library System Developer Profile

RS WP THEMES

14 plugins · 6K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect RS WP Book Showcase – A Complete Book Catalogue & Library System

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/rs-wp-books-showcase/includes/import-books-from-json/import-books-from-json.css/wp-content/plugins/rs-wp-books-showcase/includes/import-books-from-json/import-books-from-json.js/wp-content/plugins/rs-wp-books-showcase/admin/css/admin-notice.css

Script Paths

/wp-content/plugins/rs-wp-books-showcase/includes/import-books-from-json/import-books-from-json.js/wp-content/plugins/rs-wp-books-showcase/admin/js/admin-notice.js

Version Parameters

rs-wp-books-showcase/includes/import-books-from-json/import-books-from-json.css?ver=rs-wp-books-showcase/includes/import-books-from-json/import-books-from-json.js?ver=rs-wp-books-showcase/admin/css/admin-notice.css?ver=rs-wp-books-showcase/admin/js/admin-notice.js?ver=

HTML / DOM Fingerprints

CSS Classes

rswpbs-amz-admin-noticeamz-notice-sub-headingrswpbs-amz-admin-notice-btn-wrapperrswpbs-notice-dismiss-linksrswpbs-dismiss-foreverrswpbs-remind-laterimport-books-from-amazon-btn

HTML Comments

+7 more

Data Attributes

data-nonce

JS Globals

rswpbs_amz_notice_dismissed_foreverrswpbs_amz_notice_dismissed_timerswpbs_import_books_from_json_page

REST Endpoints

/wp-json/rswpbs/v1/books

FAQ