Does Slider Blocks have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Slider Blocks compatible with WordPress 6.9.4?

According to WordPress.org data, Slider Blocks 2.11.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Slider Blocks compatible with PHP 7.4+?

Slider Blocks requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Slider Blocks updated?

Slider Blocks was last updated on Mar 2, 2026. Frequent updates are generally a positive security signal.

What is Slider Blocks's security score?

Slider Blocks has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Slider Blocks Security & Risk Analysis

wordpress.org/plugins/slider-blocks

Slider Blocks is a WordPress Slider Block Plugin that allows you to create a slider or carousel with both static and dyanmic content.

5K active installs v2.11.4 PHP 7.4+ WP 6.5+ Updated Mar 2, 2026

block-slidercarouselgutenberg-slidersliderslider-block

A · Safe

CVEs total1

Unpatched0

Last CVEJul 10, 2024

Download

Safety Verdict

Is Slider Blocks Safe to Use in 2026?

Generally Safe

Score 99/100

Slider Blocks has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Jul 10, 2024Updated 2mo ago

Risk Assessment

The slider-blocks plugin v2.11.4 exhibits a mixed security posture. On the positive side, the code demonstrates good practices by utilizing prepared statements for all SQL queries and properly escaping all output. The plugin also includes some nonce and capability checks, indicating an awareness of security. However, a significant concern arises from the presence of an unprotected REST API route, which presents a direct attack vector. The static analysis identified a total of 2 entry points, with 1 being unprotected, highlighting a potential vulnerability.

The vulnerability history reveals a past medium-severity Cross-Site Scripting (XSS) vulnerability, last patched on 2024-07-10. While there are no currently unpatched vulnerabilities, this history suggests that the plugin has had exploitable flaws in the past. The absence of critical or high severity taint flows is a positive sign, but the single unprotected REST API route remains a critical oversight that could be exploited without proper authentication.

In conclusion, while the plugin utilizes secure coding practices for database interactions and output handling, the unprotected REST API route introduces a substantial risk. The past XSS vulnerability also warrants attention, suggesting a need for continuous security diligence. The plugin's strengths lie in its output escaping and SQL practices, but its weakness is the exposed REST API endpoint.

Key Concerns

Unprotected REST API route
Past medium severity CVE

Vulnerabilities

1 published

Slider Blocks Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-37955medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

GutSlider – All in One Block Slider <= 2.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jul 10, 2024 Patched in 2.7.3 (22d)

Version History

Slider Blocks Release Timeline

v2.11.4Current

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.1

v2.10.0

v2.9.17

v2.9.16

v2.9.15

v2.9.14

v2.9.13

v2.9.12

v2.9.11

v2.9.10

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

Code Analysis

Analyzed Mar 16, 2026

Slider Blocks Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

38 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped38 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

2 flows

toggle_block_status (admin\admin.php:368)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Slider Blocks Attack Surface

Entry Points2

Unprotected1

AJAX Handlers 1

authwp_ajax_gutslider_toggle_blockadmin\admin.php:48

REST API Routes 1

GET/wp-json/gutslider/v1/blocksincludes\Api\BlocksApi.php:44

WordPress Hooks 18

actionadmin_menuadmin\admin.php:44

actionadmin_enqueue_scriptsadmin\admin.php:45

actionadmin_initadmin\admin.php:46

actionrest_api_initadmin\admin.php:47

actionrest_api_initincludes\Api\BlocksApi.php:29

actioninitincludes\Api\BlocksApi.php:30

actionenqueue_block_editor_assetsincludes\Assets\EnqueueAssets.php:45

actionenqueue_block_assetsincludes\Assets\EnqueueAssets.php:46

actionwp_enqueue_scriptsincludes\Assets\LoadFonts.php:53

actionadmin_enqueue_scriptsincludes\Assets\LoadFonts.php:54

actiongutsliders_render_blockincludes\Assets\LoadFonts.php:55

filterblock_categories_allincludes\Blocks\BlocksCategory.php:29

actioninitincludes\Blocks\RegisterBlocks.php:29

filtershould_load_separate_core_block_assetsincludes\Blocks\RegisterBlocks.php:32

actionadmin_initincludes\Plugin.php:67

filterrender_blockincludes\Style\DynamicStyle.php:53

actionwp_enqueue_scriptsincludes\Style\DynamicStyle.php:56

actionwp_footerincludes\Style\DynamicStyle.php:58

Maintenance & Trust

Slider Blocks Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 2, 2026

PHP min version7.4

Downloads95K

Community Trust

Rating96/100

Number of ratings12

Active installs5K

Alternatives

Slider Blocks Alternatives

Simple Slider Block – Create Sliders From Core Blocks

gutenberg-block-for-slick-slider

100

Create sliders from core blocks.

500 No CVEs

BubiBlock Slider

bubiblock-slider

Slider Block for Gutenberg. Create a image slider, color slider, video slider, fullscreen slider with this powerful and simple slider block.

40 No CVEs

Awesome Logo Carousel Block

awesome-logo-carousel-block

Awesome Logo Carousel Block allows you to create interactive client logos carousel with Gutenberg Block Editor.

5K 1 CVE

WP Swiper

wp-swiper

100

Gutenberg Block The Most Modern Mobile Touch Slider. Swiper is the most modern free mobile touch slider with hardware accelerated transitions and amaz …

5K No CVEs

Slider and Carousel Block – Responsive, Accessible

blablablocks-slider-block

100

Build responsive, accessible sliders or carousel in the Block Editor fast templates, no code needed.

200 No CVEs

Developer Profile

Slider Blocks Developer Profile

Binsaifullah

5 plugins · 27K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

10 days

View full developer profile

Detection Fingerprints

How We Detect Slider Blocks

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/slider-blocks/admin/css/admin.css/wp-content/plugins/slider-blocks/admin/js/admin.js/wp-content/plugins/slider-blocks/build/index.js/wp-content/plugins/slider-blocks/build/index.asset.php

Script Paths

/wp-content/plugins/slider-blocks/admin/js/admin.js/wp-content/plugins/slider-blocks/build/index.js

Version Parameters

slider-blocks/admin/css/admin.css?ver=slider-blocks/admin/js/admin.js?ver=slider-blocks/build/index.js?ver=

HTML / DOM Fingerprints

CSS Classes

gutslider-blocks-editor-wrapperblock-editor-block-list__block

Data Attributes

data-gutsilder-block-id

JS Globals

window.gutSliderBlocksData

REST Endpoints

/wp-json/gutslider/v1/blocks/settings

FAQ