WP-Safety

Slider by 10Web – Responsive Image Slider Security & Risk Analysis

wordpress.org/plugins/slider-wd

Slider by 10Web plugin is the perfect slider solution for Wordpress.

20K active installs v1.2.62 PHP 5.2+ WP 3.4+ Updated Dec 26, 2024
image-sliderresponsive-slidersliderslideshowwordpress-slider
86
A · Safe
CVEs total10
Unpatched0
Last CVEMar 3, 2025
Plugin page Download
Safety Verdict

Is Slider by 10Web – Responsive Image Slider Safe to Use in 2026?

Generally Safe

Score 86/100

Slider by 10Web – Responsive Image Slider has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

10 known CVEsLast CVE: Mar 3, 2025Updated 1yr ago
Risk Assessment

The slider-wd plugin exhibits a mixed security posture, with some positive indicators but several significant areas of concern. While the plugin has no currently unpatched CVEs, its vulnerability history, with 10 known issues including two high-severity ones, suggests a recurring pattern of security weaknesses. The common vulnerability types of SQL Injection and Cross-site Scripting, coupled with the historical number of CVEs, indicate that the developers have struggled with secure coding practices in these areas.

The static analysis reveals a substantial attack surface with 14 entry points, of which 3 are unprotected. This lack of authentication on AJAX handlers is a critical vulnerability, as it allows unauthenticated users to trigger potentially harmful functionalities. Furthermore, the presence of the `unserialize` function without proper sanitization is a known risk for object injection vulnerabilities. The taint analysis highlights two high-severity flows with unsanitized paths, indicating potential for serious exploits. The low percentage of prepared statements (23%) and properly escaped output (11%) across a large number of SQL queries and outputs respectively, points to a general deficiency in secure data handling and presentation.

In conclusion, while the absence of unpatched vulnerabilities and the presence of some nonce and capability checks are positive signs, the plugin's history of vulnerabilities, unprotected entry points, risky function usage, and poor sanitization practices present a substantial risk. Users should exercise caution and consider the potential for exploitation due to these identified weaknesses.

Key Concerns

  • Unprotected AJAX handlers
  • High severity taint flows
  • Dangerous function: unserialize
  • Low percentage of prepared SQL statements
  • Low percentage of proper output escaping
  • High number of known CVEs
  • High severity CVEs in history
Vulnerabilities
10 published

Slider by 10Web – Responsive Image Slider Security Vulnerabilities

CVEs by Year

1 CVE in 2020
2020
2 CVEs in 2022
2022
5 CVEs in 2024
2024
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
2
Medium
8

10 total CVEs

CVE-2024-10565medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Slider by 10Web <= 1.2.61 - Authenticated (Administrator+) Stored Cross-Site Scripting via Widget

Mar 3, 2025 Patched in 1.2.62 (44d)
CVE-2024-10566medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Slider by 10Web <= 1.2.61 - Authenticated (Administrator+) Stored Cross-Site Scripting

Mar 3, 2025 Patched in 1.2.62 (44d)
CVE-2024-8283medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Slider by 10Web <= 1.2.58 - Authenticated (Administrator+) Stored Cross-Site Scripting

Sep 9, 2024 Patched in 1.2.59 (25d)
CVE-2024-7150high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Slider by 10Web – Responsive Image Slider <= 1.2.57 - Authenticated (Contributor+) SQL Injection via id Parameter

Aug 7, 2024 Patched in 1.2.58 (1d)
CVE-2024-6408medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Slider by 10Web <= 1.2.56 - Authenticated (Editor+) Stored Cross-Site Scripting

Jul 10, 2024 Patched in 1.2.57 (49d)
CVE-2024-6026medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Slider by 10Web <= 1.2.55 - Authenticated (Editor+) Stored Cross-Site Scripting

Jun 20, 2024 Patched in 1.2.56 (9d)
CVE-2024-32578medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Slider by 10Web – Responsive Image Slider <= 1.2.54 - Reflected Cross-Site Scripting

Apr 16, 2024 Patched in 1.2.55 (9d)
CVE-2022-4197medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Sliderby10Web <= 1.2.52 - Authenticated (Admin+) Cross-Site Scripting

Nov 30, 2022 Patched in 1.2.53 (419d)
CVE-2022-1320medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Slider by 10Web <= 1.2.51 - Admin+ Stored Cross-Site Scripting

Apr 26, 2022 Patched in 1.2.52 (637d)
CVE-2021-24132high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Slider by 10Web <= 1.2.35 - SQL Injection

Sep 29, 2020 Patched in 1.2.36 (1211d)
Version History

Slider by 10Web – Responsive Image Slider Release Timeline

v1.2.62Current
v1.2.612 CVEs
CVE-2024-10565 CVE-2024-10566
v1.2.602 CVEs
CVE-2024-10565 CVE-2024-10566
v1.2.592 CVEs
CVE-2024-10565 CVE-2024-10566
v1.2.583 CVEs
CVE-2024-10565 CVE-2024-10566 CVE-2024-8283
v1.2.574 CVEs
CVE-2024-10565 CVE-2024-10566 CVE-2024-7150 +1 more
v1.2.565 CVEs
CVE-2024-10565 CVE-2024-10566 CVE-2024-7150 +2 more
v1.2.556 CVEs
CVE-2024-6026 CVE-2024-10565 CVE-2024-10566 +3 more
v1.2.547 CVEs
CVE-2024-6026 CVE-2024-10565 CVE-2024-10566 +4 more
v1.2.537 CVEs
CVE-2024-6026 CVE-2024-10565 CVE-2024-10566 +4 more
v1.2.528 CVEs
CVE-2024-6026 CVE-2024-10565 CVE-2022-4197 +5 more
v1.2.519 CVEs
CVE-2024-6026 CVE-2024-10565 CVE-2022-4197 +6 more
v1.2.509 CVEs
CVE-2024-6026 CVE-2024-10565 CVE-2022-4197 +6 more
v1.2.499 CVEs
CVE-2024-6026 CVE-2024-10565 CVE-2022-4197 +6 more
v1.2.489 CVEs
CVE-2024-6026 CVE-2024-10565 CVE-2022-4197 +6 more
v1.2.479 CVEs
CVE-2024-6026 CVE-2024-10565 CVE-2022-4197 +6 more
v1.2.469 CVEs
CVE-2024-6026 CVE-2024-10565 CVE-2022-4197 +6 more
v1.2.459 CVEs
CVE-2024-6026 CVE-2024-10565 CVE-2022-4197 +6 more
v1.2.449 CVEs
CVE-2024-6026 CVE-2024-10565 CVE-2022-4197 +6 more
v1.2.439 CVEs
CVE-2024-6026 CVE-2024-10565 CVE-2022-4197 +6 more
Code Analysis
Analyzed Mar 16, 2026

Slider by 10Web – Responsive Image Slider Code Analysis

Dangerous Functions
2
Raw SQL Queries
126
37 prepared
Unescaped Output
2671
322 escaped
Nonce Checks
7
Capability Checks
9
File Operations
79
External Requests
10
Bundled Libraries
0

Dangerous Functions Found

unserialize$page_score = unserialize($post['meta_value']);booster\AdminBar.php:258
unserialize$body = unserialize($request['body']);wd\includes\overview.php:64

SQL Query Safety

23% prepared163 total queries

Output Escaping

11% escaped2993 total outputs
Data Flows · Security
15 unsanitized

Data Flow Analysis

19 flows15 with unsanitized paths
get_google_page_speed (booster\controller.php:534)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Slider by 10Web – Responsive Image Slider Attack Surface

Entry Points14
Unprotected3

AJAX Handlers 11

authwp_ajax_twb_check_scorebooster\main.php:63
authwp_ajax_twb_notif_checkbooster\main.php:64
authwp_ajax_WDSShareslider-wd.php:130
noprivwp_ajax_WDSShareslider-wd.php:131
authwp_ajax_WDSShortcodeslider-wd.php:139
authwp_ajax_WDSPostsslider-wd.php:140
authwp_ajax_WDSExportslider-wd.php:142
authwp_ajax_WDSImportslider-wd.php:143
authwp_ajax_wds_UploadHandlerslider-wd.php:148
authwp_ajax_addImageslider-wd.php:149
authwp_ajax_wds_addEmbedslider-wd.php:162

Shortcodes 3

[wds] framework\WDW_S_Sitemap.php:36
[wds] slider-wd.php:134
[SliderPreview] slider-wd.php:135
WordPress Hooks 57
actionelementor/editor/after_enqueue_scriptsbooster\Elementor.php:14
actionelementor/documents/register_controlsbooster\Elementor.php:15
actionenqueue_block_editor_assetsbooster\Gutenberg.php:10
actioninitbooster\init.php:2
filtertenweb_booster_sdkbooster\init.php:3
actioninitbooster\init.php:18
filtermanage_post_posts_columnsbooster\List.php:16
filtermanage_page_posts_columnsbooster\List.php:17
actionmanage_post_posts_custom_columnbooster\List.php:18
actionmanage_page_posts_custom_columnbooster\List.php:19
actioninitbooster\main.php:56
actionadmin_enqueue_scriptsbooster\main.php:57
actionwp_enqueue_scriptsbooster\main.php:58
actionadmin_menubooster\main.php:60
actionadmin_bar_menubooster\main.php:69
actioninitslider-wd.php:122
actioninitslider-wd.php:123
actionadmin_menuslider-wd.php:125
actionadmin_noticesslider-wd.php:127
actionmedia_buttonsslider-wd.php:136
actionadmin_headslider-wd.php:146
actionwidgets_initslider-wd.php:153
actionadmin_initslider-wd.php:158
actionwp_enqueue_scriptsslider-wd.php:165
actionadmin_enqueue_scriptsslider-wd.php:166
filterset-screen-optionslider-wd.php:168
filtermedia_upload_tabsslider-wd.php:170
filtermedia_view_stringsslider-wd.php:171
actionmedia_upload_wds_postsslider-wd.php:172
actionmedia_upload_wds_embedslider-wd.php:173
actionmedia_upload_wds_custom_uploaderslider-wd.php:174
filterplugin_row_metaslider-wd.php:177
actionplugins_loadedslider-wd.php:179
filtertw_get_plugin_blocksslider-wd.php:181
filtertw_get_block_editor_assetsslider-wd.php:183
actionenqueue_block_editor_assetsslider-wd.php:184
actionadmin_initslider-wd.php:187
actionelementor/widgets/widgets_registeredslider-wd.php:190
actionelementor/elements/categories_registeredslider-wd.php:192
actionelementor/editor/after_enqueue_stylesslider-wd.php:194
actionelementor/editor/after_enqueue_scriptsslider-wd.php:195
filterbuilder_import_sliderslider-wd.php:198
filterwd_seo_sitemap_imagesslider-wd.php:207
filterwpseo_sitemap_urlimagesslider-wd.php:208
actioninitslider-wd.php:276
actioninitslider-wd.php:277
filtertenweb_free_users_lib_pathslider-wd.php:952
actionelementor/editor/before_enqueue_scriptsslider-wd.php:1274
actionwp_enqueue_scriptsslider-wd.php:1277
actioninitslider-wd.php:1318
actionadmin_footerwd\includes\deactivate.php:53
actionadmin_initwd\includes\deactivate.php:54
actionadmin_initwd\includes\notices.php:18
actionadmin_initwd\includes\notices.php:20
actionadmin_noticeswd\includes\notices.php:21
actionadmin_initwd\includes\subscribe.php:24
actionadmin_menuwd\wd.php:27
Maintenance & Trust

Slider by 10Web – Responsive Image Slider Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13
Last updatedDec 26, 2024
PHP min version5.2
Downloads2.4M

Community Trust

Rating90/100
Number of ratings290
Active installs20K
Alternatives

Slider by 10Web – Responsive Image Slider Alternatives

Serious Slider

Serious Slider

cryout-serious-slider

A
95

Serious Slider is a free highly efficient SEO friendly fully translatable accessibility ready image slider for WordPress. Seriously!

20K 4 CVEs
Ovation Elements

Ovation Elements

ovation-elements

A
99

Transform your site with captivating sliders. Perfect for beginners and advanced users. Create and customize with our ultimate slider plugin.

10K 1 CVE
Your Simple Slider

Your Simple Slider

your-simple-slider

A
100

Responsive slider plugin to create sliders in visual editor easily. Build beautiful image slider.

50 No CVEs
MaxSlider

MaxSlider

maxslider

A
90

MaxSlider is a free WordPress slider plugin that lets you create responsive sliders for your website. Shortcode and Visual Composer support included.

7K 1 CVE
Block Slider – Responsive Image Slider, Video Slider & Post Slider

Block Slider – Responsive Image Slider, Video Slider & Post Slider

block-slider

C
63

Create Responsive Sliders using WordPress Blocks. Image slider, video slider, YouTube slider, post slider, product slider, WooCommerce slider & more.

4K 1 unpatched
Developer Profile

Slider by 10Web – Responsive Image Slider Developer Profile

10Web

9 plugins · 355K total installs

69
trust score
Avg Security Score
86/100
Avg Patch Time
683 days
View full developer profile
Detection Fingerprints

How We Detect Slider by 10Web – Responsive Image Slider

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/slider-wd/assets/css/wds-frontend.css/wp-content/plugins/slider-wd/assets/css/wds-player.css/wp-content/plugins/slider-wd/assets/css/wds-settings.css/wp-content/plugins/slider-wd/assets/js/wds-frontend.js/wp-content/plugins/slider-wd/assets/js/wds-settings.js
Script Paths
/wp-content/plugins/slider-wd/assets/js/wds-frontend.js/wp-content/plugins/slider-wd/assets/js/wds-settings.js/wp-content/plugins/slider-wd/assets/js/wds-player.js
Version Parameters
slider-wd/assets/css/wds-frontend.css?ver=slider-wd/assets/css/wds-player.css?ver=slider-wd/assets/css/wds-settings.css?ver=slider-wd/assets/js/wds-frontend.js?ver=slider-wd/assets/js/wds-player.js?ver=slider-wd/assets/js/wds-settings.js?ver=

HTML / DOM Fingerprints

CSS Classes
wds-containerwds-sliderwds-elementwds-slidewds-bulletswds-controls
Data Attributes
data-wds-optionsdata-slider-id
JS Globals
wds_frontend_options
Shortcode Output
[wds[SliderPreview
FAQ

Frequently Asked Questions about Slider by 10Web – Responsive Image Slider