Does Slideshow Gallery LITE have any unpatched vulnerabilities?

No. All known vulnerabilities in Slideshow Gallery LITE have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Slideshow Gallery LITE compatible with WordPress 6.8.5?

According to WordPress.org data, Slideshow Gallery LITE 1.8.5 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Slideshow Gallery LITE updated?

Slideshow Gallery LITE was last updated on Oct 29, 2025. Frequent updates are generally a positive security signal.

What is Slideshow Gallery LITE's security score?

Slideshow Gallery LITE has a WP-Safety security score of 90/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Slideshow Gallery LITE Security & Risk Analysis

wordpress.org/plugins/slideshow-gallery

Feature content in a JavaScript powered slideshow gallery showcase on your WordPress website.

6K active installs v1.8.5 PHP + WP 3.1+ Updated Oct 29, 2025

image-galleryslidesslideshowwordpress-pluginswordpress-slideshow-gallery

A · Safe

CVEs total17

Unpatched0

Last CVESep 30, 2024

Plugin page Download

Safety Verdict

Is Slideshow Gallery LITE Safe to Use in 2026?

Generally Safe

Score 90/100

Slideshow Gallery LITE has a strong security track record. Known vulnerabilities have been patched promptly.

17 known CVEsLast CVE: Sep 30, 2024Updated 5mo ago

Risk Assessment

The "slideshow-gallery" plugin v1.8.5 exhibits a mixed security posture. While it shows strengths in SQL query sanitization (88% prepared statements) and output escaping (87% proper), significant concerns arise from its attack surface and vulnerability history. The presence of 4 AJAX handlers, with 3 lacking authentication checks, is a notable weakness that could allow unauthorized actions. Furthermore, the taint analysis reveals 6 high-severity flows with unsanitized paths, indicating potential for serious vulnerabilities like cross-site scripting or SQL injection if user input is not properly handled.

The plugin's history of 17 known CVEs, including critical and high-severity vulnerabilities such as exposure of sensitive information, XSS, SQL injection, CSRF, and unrestricted file uploads, is a major red flag. The fact that the last vulnerability was recently reported (2024-09-30) suggests a pattern of recurring security issues. While there are currently no unpatched CVEs, the sheer volume and types of past vulnerabilities indicate a codebase that has historically been susceptible to exploitation.

In conclusion, the "slideshow-gallery" plugin presents a moderate to high risk. Its potential for unauthorized access via unprotected AJAX endpoints and the documented history of critical security flaws outweigh its positive aspects like good SQL sanitization. Users should exercise extreme caution and ensure the plugin is kept updated to the latest version, although the historical pattern of vulnerabilities suggests a need for ongoing vigilance and potential consideration of alternative solutions.

Key Concerns

3 unprotected AJAX handlers
6 high severity taint flows
1 critical CVE history
4 high CVE history
12 medium CVE history
Large attack surface (6 total)

Vulnerabilities

Slideshow Gallery LITE Security Vulnerabilities

CVEs by Year

1 CVE in 2014

2014

2 CVEs in 2015

2015

1 CVE in 2016

2016

2 CVEs in 2017

2017

3 CVEs in 2018

2018

1 CVE in 2021

2021

2 CVEs in 2023

2023

5 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

Critical

High

Medium

17 total CVEs

CVE-2024-47376medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Slideshow Gallery <= 1.8.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

Sep 30, 2024 Patched in 1.8.4 (11d)

CVE-2024-5543high · 8.1Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Slideshow Gallery LITE <= 1.8.1 - Authenticated (Contributor+) SQL Injection

Jun 11, 2024 Patched in 1.8.2 (1d)

CVE-2024-31353medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Slideshow Gallery <= 1.8 - Unauthenticated Sensitive Information Exposure

Apr 7, 2024 Patched in 1.8.1 (62d)

CVE-2024-31354medium · 4.3Cross-Site Request Forgery (CSRF)

Slideshow Gallery <= 1.7.8 - Cross-Site Request Forgery

Apr 7, 2024 Patched in 1.7.9 (39d)

CVE-2024-31355critical · 9.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Slideshow Gallery <= 1.7.8 - Authenticated (Contributor+) SQL Injection

Apr 7, 2024 Patched in 1.7.9 (39d)

CVE-2023-28497medium · 4.3Cross-Site Request Forgery (CSRF)

Slideshow Gallery LITE <= 1.7.6 - Cross-Site Request Forgery via admin_slides

Mar 15, 2023 Patched in 1.7.7 (314d)

CVE-2023-28491medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Slideshow Gallery LITE <= 1.7.6 - Authenticated(Admin+) SQL Injection

Mar 15, 2023 Patched in 1.7.7 (314d)

CVE-2021-24882medium · 4.8Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Slideshow Gallery < 1.7.4 - Cross-Site Scripting

Oct 25, 2021 Patched in 1.7.4 (820d)

CVE-2018-18017medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Slideshow Gallery <= 1.6.8 - Cross-Site Scripting

Oct 4, 2018 Patched in 1.6.9 (1937d)

CVE-2018-18018high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Slideshow Gallery <= 1.6.8 - SQL Injection

Oct 4, 2018 Patched in 1.6.9 (1937d)

CVE-2018-18019medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Slideshow Gallery <= 1.6.8 - Cross-Site Scripting

Oct 4, 2018 Patched in 1.6.9 (1937d)

CVE-2018-17946medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Slideshow Gallery <= 1.6.5 - Reflected Cross-Site Scripting

Apr 10, 2017 Patched in 1.6.6 (2479d)

WF-b5ba2813-56ff-45d0-966a-f83da862ec13-slideshow-gallerymedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Slideshow Gallery <= 1.6.5 - Cross-Site Scripting via method

Mar 1, 2017 Patched in 1.6.6 (2519d)

WF-7dc9c0ed-a77c-4ad8-8e6e-75c1a2998fe6-slideshow-gallerymedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Slideshow Gallery <= 1.6 - Cross-Site Scripting

Mar 21, 2016 Patched in 1.6.1 (2864d)

WF-01762804-df33-4c4d-b8f6-d94a1e5b5fc9-slideshow-galleryhigh · 8.8Cross-Site Request Forgery (CSRF)

Slideshow Gallery <= 1.5.3.1 - Cross-Site Request Forgery to Arbitrary File Upload

Aug 20, 2015 Patched in 1.5.3.2 (3078d)

WF-18aa817d-80e0-4c6f-852f-c8a91c9507c4-slideshow-gallerymedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Slideshow Gallery <= 1.5.3.2 - Reflected Cross-Site Scripting

Aug 20, 2015 Patched in 1.5.3.4 (3078d)

CVE-2014-5460high · 8.8Unrestricted Upload of File with Dangerous Type

Slideshow Gallery < 1.4.7 - Arbitrary File Upload

Aug 29, 2014 Patched in 1.4.7 (3434d)

Code Analysis

Analyzed Mar 16, 2026

Slideshow Gallery LITE Code Analysis

Dangerous Functions

Raw SQL Queries

29 prepared

Unescaped Output

183

1191 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2TinyMCE

SQL Query Safety

88% prepared33 total queries

Output Escaping

87% escaped1374 total outputs

Data Flows

6 unsanitized

Data Flow Analysis

8 flows6 with unsanitized paths

<settings-submitserial> (views\admin\settings-submitserial.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

Slideshow Gallery LITE Attack Surface

Entry Points6

Unprotected3

AJAX Handlers 4

authwp_ajax_slideshow_serialkeyincludes\checkinit.php:424

authwp_ajax_slideshow_slides_orderslideshow-gallery.php:67

authwp_ajax_slideshow_tinymceslideshow-gallery.php:68

authwp_ajax_slideshow_dismiss_smart_ratingslideshow-gallery.php:76

Shortcodes 2

[slideshow] slideshow-gallery.php:79

[tribulant_slideshow] slideshow-gallery.php:80

WordPress Hooks 49

actionadmin_print_stylesincludes\checkinit.php:429

actionadmin_print_scriptsincludes\checkinit.php:430

actionadmin_noticesincludes\checkinit.php:431

actioninitincludes\checkinit.php:432

actionadmin_menuincludes\checkinit.php:433

actioninstall_plugins_pre_plugin-informationincludes\checkinit.php:442

filterdefault_hidden_columnsincludes\checkinit.php:451

filterset-screen-optionincludes\checkinit.php:452

filterremovable_query_argsincludes\checkinit.php:453

filterupload_dirincludes\checkinit.php:458

filteroption_siteurlincludes\checkinit.php:459

filteroption_homeincludes\checkinit.php:460

filteroption_urlincludes\checkinit.php:461

filteroption_wpurlincludes\checkinit.php:462

filteroption_stylesheet_urlincludes\checkinit.php:463

filteroption_template_urlincludes\checkinit.php:464

filterwp_get_attachment_urlincludes\checkinit.php:465

filterwidget_textincludes\checkinit.php:466

filterlogin_urlincludes\checkinit.php:467

filterlanguage_attributesincludes\checkinit.php:468

filterslideshow_sectionsmodels\slideshow.php:11

actionslideshow_admin_menumodels\slideshow.php:13

actionadmin_bar_menumodels\slideshow.php:14

actionplugins_loadedmodels\slideshow.php:77

actionplugins_loadedslideshow-gallery.php:53

actionwp_headslideshow-gallery.php:54

actionwp_footerslideshow-gallery.php:55

actionadmin_menuslideshow-gallery.php:56

actionadmin_headslideshow-gallery.php:57

actionadmin_noticesslideshow-gallery.php:58

actionwp_print_stylesslideshow-gallery.php:59

actionadmin_print_stylesslideshow-gallery.php:60

actionwp_print_scriptsslideshow-gallery.php:61

actionadmin_print_scriptsslideshow-gallery.php:62

actioninitslideshow-gallery.php:63

actionadmin_initslideshow-gallery.php:64

filtermce_buttonsslideshow-gallery.php:71

filtermce_external_pluginsslideshow-gallery.php:72

actionslideshow_ratereviewhookslideshow-gallery.php:75

filtergettextslideshow-gallery.php:159

filterexcerpt_moreslideshow-gallery.php:495

filterexcerpt_lengthslideshow-gallery.php:496

filterwp_image_editorsvendors\BFI_Thumb.php:86

actionadmin_initvendors\BFI_Thumb.php:108

filteradmin_noticesvendors\BFI_Thumb.php:113

filterimage_resize_dimensionsvendors\BFI_Thumb.php:602

filterimage_downsizevendors\BFI_Thumb.php:640

filterjetpack_photon_override_image_downsizevendors\otf_regen_thumbs.php:123

filterimage_downsizevendors\otf_regen_thumbs.php:183

Scheduled Events 6

slideshow_ratereviewhook

Maintenance & Trust

Slideshow Gallery LITE Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedOct 29, 2025

PHP min version

Downloads776K

Community Trust

Rating92/100

Number of ratings742

Active installs6K

Alternatives

Slideshow Gallery LITE Alternatives

Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery

nextgen-gallery

The most popular gallery plugin that lets you create galleries and albums in seconds.

400K 37 CVEs

Gallery Images Ape

gallery-images-ape

Image gallery, responsive photo gallery grid, customizable image slider, simple interface, links, video links and lightbox, custom themes, thumbnails

1K 3 unpatched

Flare Lightbox Gallery for Elementor

flare-lightbox-gallery-for-elementor

100

Flare gallery for your Elementor Page Builder!.

10 No CVEs

Smart Slider 3

smart-slider-3

Responsive slider plugin to create sliders in visual editor easily. Build beautiful image slider, layer slider, video slider, post slider, and more.

800K 7 CVEs

Simple Lightbox

simple-lightbox

The highly customizable lightbox for WordPress

100K 1 CVE

Developer Profile

Slideshow Gallery LITE Developer Profile

Tribulant Software

7 plugins · 19K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

803 days

View full developer profile

Detection Fingerprints

How We Detect Slideshow Gallery LITE

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/slideshow-gallery/css/colorbox.css/wp-content/plugins/slideshow-gallery/css/frontend.css/wp-content/plugins/slideshow-gallery/css/jquery.fancybox.css/wp-content/plugins/slideshow-gallery/css/magnific-popup.css/wp-content/plugins/slideshow-gallery/css/styles.css/wp-content/plugins/slideshow-gallery/js/admin.js/wp-content/plugins/slideshow-gallery/js/colorbox.js/wp-content/plugins/slideshow-gallery/js/frontend.js+5 more

Script Paths

https://tribulant.com/cdn/wordpress/slideshow-gallery/1.8.5/scripts.min.js

Version Parameters

/wp-content/plugins/slideshow-gallery/css/styles.css?ver=/wp-content/plugins/slideshow-gallery/js/scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes

slideshow_gallery

HTML Comments

Data Attributes

data-slideshow-iddata-slideshow-heightdata-slideshow-width

JS Globals

slideshow_gallery_paramsslideshow_gallery_scripts

Shortcode Output

[slideshow[tribulant_slideshow

FAQ

Slideshow Gallery LITE Security & Risk Analysis

Is Slideshow Gallery LITE Safe to Use in 2026?

Generally Safe

Key Concerns

Slideshow Gallery LITE Security Vulnerabilities

CVEs by Year

Severity Breakdown

Slideshow Gallery LITE Code Analysis

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Slideshow Gallery LITE Attack Surface

AJAX Handlers 4

Shortcodes 2

Scheduled Events 6

Slideshow Gallery LITE Maintenance & Trust

Maintenance Signals

Community Trust

Slideshow Gallery LITE Alternatives

Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery

Gallery Images Ape

Flare Lightbox Gallery for Elementor

Smart Slider 3

Simple Lightbox

Slideshow Gallery LITE Developer Profile

How We Detect Slideshow Gallery LITE

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Slideshow Gallery LITE