Does SlideOnline have any unpatched vulnerabilities?

Yes — SlideOnline currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is SlideOnline compatible with WordPress 3.6.1?

According to WordPress.org data, SlideOnline 1.2.1 has been tested up to WordPress 3.6.1. Check the plugin's changelog for the latest compatibility information.

How often is SlideOnline updated?

SlideOnline was last updated on Aug 10, 2013. Frequent updates are generally a positive security signal.

What is SlideOnline's security score?

SlideOnline has a WP-Safety security score of 64/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

SlideOnline Security & Risk Analysis

wordpress.org/plugins/slideonline

Easily embed your presentations in a WordPress blog. SlideOnline.com is a free service to share PowerPoint presentations online.

300 active installs v1.2.1 PHP + WP 2.8+ Updated Aug 10, 2013

powerpointpptslideslide-onlineslide-share

C · Use Caution

CVEs total1

Unpatched1

Last CVEMay 26, 2023

Plugin page Download

Safety Verdict

Is SlideOnline Safe to Use in 2026?

Use With Caution

Score 64/100

SlideOnline has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: May 26, 2023Updated 12yr ago

Risk Assessment

The slideonline plugin v1.2.1 presents a mixed security posture. While it boasts a small attack surface with no unprotected entry points and uses prepared statements for all SQL queries, several significant concerns exist. The complete lack of output escaping across all identified outputs is a major red flag, suggesting a high risk of Cross-Site Scripting (XSS) vulnerabilities. The absence of nonce checks and capability checks on the single identified shortcode entry point, despite one capability check being present elsewhere, warrants further investigation as it might indicate potential authorization bypasses or privilege escalation issues if not properly handled within the shortcode's logic.

The vulnerability history further exacerbates these concerns. The plugin has a known medium-severity CVE related to Cross-Site Scripting, which remains unpatched. This, combined with the static analysis findings of no output escaping, strongly suggests that the previous vulnerability was likely due to this oversight and could still be exploitable if not addressed. The pattern of XSS vulnerabilities and the current lack of proper output sanitization indicate a recurring and serious security weakness that needs immediate attention.

In conclusion, while the plugin demonstrates some good security practices like using prepared statements, the critical absence of output escaping and the unpatched XSS vulnerability significantly outweigh these positives. The plugin is currently in a vulnerable state, and immediate remediation is required to mitigate the risks of XSS attacks and potential data compromise.

Key Concerns

Unpatched CVE: Medium severity
All outputs unescaped
No nonce checks on shortcode
Only 1 capability check, could be insufficient

Vulnerabilities

SlideOnline Security Vulnerabilities

CVEs by Year

1 CVE in 2023 · unpatched

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-0489medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

SlideOnline <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

May 26, 2023Unpatched

Code Analysis

Analyzed Mar 16, 2026

SlideOnline Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped3 total outputs

Attack Surface

SlideOnline Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[slideonline] slideonline.php:37

WordPress Hooks 5

actionadmin_initslideonline.php:72

actionadmin_menuslideonline.php:81

actioninitslideonline.php:107

filterembed_oembed_htmlslideonline.php:138

filterembed_defaultsslideonline.php:152

Maintenance & Trust

SlideOnline Maintenance & Trust

Maintenance Signals

WordPress version tested3.6.1

Last updatedAug 10, 2013

PHP min version

Downloads13K

Community Trust

Rating84/100

Number of ratings5

Active installs300

Alternatives

SlideOnline Alternatives

Presenter

presenter

100

Slideshow presentations made simple on WordPress. Design each slide as you would a post using wysiwyg. Works with most presenter remotes as well!

100 No CVEs

Responsive Slide

responsive-slide

Responsive iframe for embed slideshow.

50 No CVEs

Presentation Block

presentation-block

100

Creates a custom post type “Presentation”, which will render as a presentation on the front end using Reveal.js.

20 No CVEs

pdf office documents converter

pdf-office-documents-converter

The specific functions are as follows:

10 No CVEs

Smart Slider 3

smart-slider-3

Responsive slider plugin to create sliders in visual editor easily. Build beautiful image slider, layer slider, video slider, post slider, and more.

800K 8 CVEs

Developer Profile

SlideOnline Developer Profile

Julian M.

3 plugins · 510 total installs

trust score

Avg Security Score

78/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect SlideOnline

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

slideonline-embed

HTML Comments

SlideOnline.comSlideOnline for WordPress Plugin WebsiteSlideOnline.com Website

Data Attributes

data-slideonline-id

JS Globals

slideonline_options

Shortcode Output

<iframe src="http://slideonline.com/embed/See more presentations on <a href="http://slideonline.com">SlideOnline.com</a>Publish your presentation on <a href="http://slideonline.com">SlideOnline.com</a>

FAQ