Simple SEO Slideshow Security & Risk Analysis

wordpress.org/plugins/simple-seo-slideshow

A plugin to display slideshow in a widget with title, description and custom link from page or post gallery.

20 active installs v1.2.8 PHP + WP 3.2+ Updated Aug 16, 2013
page-slideshow-widgetpost-slideshow-widgetslideshow-widget
84
B · Generally Safe
CVEs total1
Unpatched0
Last CVEJun 5, 2026
Safety Verdict

Is Simple SEO Slideshow Safe to Use in 2026?

Mostly Safe

Score 84/100

Simple SEO Slideshow is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved.

1 known CVELast CVE: Jun 5, 2026Updated 12yr ago
Risk Assessment

The plugin 'simple-seo-slideshow' v1.2.8 exhibits a generally positive security posture due to its lack of known vulnerabilities and a significant portion of its SQL queries using prepared statements. The absence of external HTTP requests and file operations further contributes to a reduced attack surface. However, there are notable areas of concern. The presence of the dangerous `create_function` function, even if it's only one instance, can be a significant security risk if not handled with extreme care, as it allows for arbitrary code execution. Furthermore, the low percentage (22%) of properly escaped output is a substantial weakness, indicating a high potential for Cross-Site Scripting (XSS) vulnerabilities. The absence of nonce checks on the identified entry point (shortcode) also means that actions triggered by this shortcode are susceptible to Cross-Site Request Forgery (CSRF) attacks. While the vulnerability history is clean, the identified code-level weaknesses suggest that this plugin could be vulnerable if exploited through its limited entry points.

Key Concerns

  • Dangerous function create_function used
  • Low percentage of properly escaped output
  • Missing nonce check on entry point (shortcode)
Vulnerabilities
1 published

Simple SEO Slideshow Security Vulnerabilities

CVEs by Year

1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-8900medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Simple SEO Slideshow <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

Jun 5, 2026 Patched in 1.2.9 (1d)
Version History

Simple SEO Slideshow Release Timeline

v1.2.61 CVE
v1.2.51 CVE
v1.2.41 CVE
v1.2.31 CVE
v1.2.21 CVE
v1.2.11 CVE
v1.2.01 CVE
v1.1.11 CVE
v1.1.01 CVE
Code Analysis
Analyzed Mar 16, 2026

Simple SEO Slideshow Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
42
12 escaped
Nonce Checks
0
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

create_functionadd_action( 'widgets_init', create_function('', 'return register_widget("simpleSEOSlideshowWidget");simpleslideshow.php:421

Output Escaping

22% escaped54 total outputs
Attack Surface

Simple SEO Slideshow Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[simpleslideshow] simpleslideshow.php:356
WordPress Hooks 7
filtermce_external_pluginssimpleslideshow.php:363
filtermce_buttonssimpleslideshow.php:364
actioninitsimpleslideshow.php:376
filtertiny_mce_versionsimpleslideshow.php:383
filterattachment_fields_to_editsimpleslideshow.php:402
filterattachment_fields_to_savesimpleslideshow.php:416
actionwidgets_initsimpleslideshow.php:421
Maintenance & Trust

Simple SEO Slideshow Maintenance & Trust

Maintenance Signals

WordPress version tested3.6.1
Last updatedAug 16, 2013
PHP min version
Downloads8K

Community Trust

Rating74/100
Number of ratings3
Active installs20
Alternatives

Simple SEO Slideshow Alternatives

No alternatives data available yet.

Developer Profile

Simple SEO Slideshow Developer Profile

Nitroweb

3 plugins · 5K total installs

90
trust score
Avg Security Score
85/100
Avg Patch Time
1 days
View full developer profile
Detection Fingerprints

How We Detect Simple SEO Slideshow

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/simple-seo-slideshow/slideshow.css/wp-content/plugins/simple-seo-slideshow/slideshow.js/wp-content/plugins/simple-seo-slideshow/widget.css
Script Paths
/wp-content/plugins/simple-seo-slideshow/slideshow.js
Version Parameters
simple-seo-slideshow/slideshow.css?ver=simple-seo-slideshow/slideshow.js?ver=simple-seo-slideshow/widget.css?ver=

HTML / DOM Fingerprints

CSS Classes
simpleSlideshowWidgetsss-containersss-imgsss-captionsss-prevsss-nextsss-bulletssss-bullet
HTML Comments
<!-- Simple SEO Slideshow Widget --><!-- /Simple SEO Slideshow Widget --><!-- Slideshow Start --><!-- Slideshow End -->
Data Attributes
data-sss-delaydata-sss-heightdata-sss-display-bulletsdata-sss-display-arrowsdata-sss-display-captiondata-sss-bullets-position+4 more
JS Globals
simpleSEOSlideshow
Shortcode Output
[simple_slideshow]
FAQ

Frequently Asked Questions about Simple SEO Slideshow