Does Sneakers have any unpatched vulnerabilities?

No. All known vulnerabilities in Sneakers have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Sneakers compatible with WordPress 5.6.17?

According to WordPress.org data, Sneakers 1.1 has been tested up to WordPress 5.6.17. Check the plugin's changelog for the latest compatibility information.

Is Sneakers compatible with PHP 5.6+?

Sneakers requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Sneakers updated?

Sneakers was last updated on Dec 28, 2020. Frequent updates are generally a positive security signal.

What is Sneakers's security score?

Sneakers has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Sneakers Security & Risk Analysis

wordpress.org/plugins/sneakers

Easily add visually appealing Collapsible Panels facing any direction on the screen, without jQuery. Supports Shortcode, Custom Colors and 12 differen …

10 active installs v1.1 PHP 5.6+ WP 4.4+ Updated Dec 28, 2020

collapsible-panelscss3css3-collapsible-panelsfeatured-contentslides

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Sneakers Safe to Use in 2026?

Generally Safe

Score 85/100

Sneakers has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The "sneakers" v1.1 plugin presents a mixed security posture. On the positive side, it demonstrates good practices in SQL query handling, exclusively using prepared statements, and has no recorded vulnerability history, suggesting a generally secure development approach. The absence of file operations, external HTTP requests, and critical taint flows further bolsters its security.

However, significant concerns arise from the plugin's attack surface. It exposes two AJAX handlers, both of which lack authentication checks. This is a critical oversight, as it allows any unauthenticated user to trigger these actions. Additionally, the presence of a dangerous `unserialize` function, while not immediately exploitable without a specific entry point, introduces a potential risk if an attacker can control the serialized data passed to it. The low percentage of properly escaped output (7%) is another notable weakness, increasing the likelihood of cross-site scripting (XSS) vulnerabilities.

While the plugin has no known CVEs, the identified code-level risks, particularly the unprotected AJAX endpoints and the `unserialize` function, warrant careful attention. The lack of authentication on entry points is a fundamental security flaw that overshadows the otherwise positive aspects. A balanced view acknowledges the good SQL handling and lack of past vulnerabilities but highlights the immediate and significant risks posed by the unprotected AJAX handlers and the potential for XSS due to poor output escaping.

Key Concerns

AJAX handlers without authentication checks
Low percentage of properly escaped output
Dangerous function (unserialize) present

Vulnerabilities

None known

Sneakers Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Sneakers Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

190

14 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$datetime = unserialize( $meta );helpers\cmb_Meta_Box_types.php:305

SQL Query Safety

100% prepared2 total queries

Output Escaping

7% escaped204 total outputs

Data Flows

All sanitized

Data Flow Analysis

1 flows

<init> (init.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Sneakers Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_cmb_oembed_handlerinit.php:1124

noprivwp_ajax_cmb_oembed_handlerinit.php:1125

WordPress Hooks 26

filterget_post_metadatahelpers\cmb_Meta_Box_ajax.php:112

filterupdate_post_metadatahelpers\cmb_Meta_Box_ajax.php:114

filtercmb_meta_boxesinc\metaboxes.php:42

filtercmb_meta_boxesinc\metaboxes.php:97

filtercmb_meta_boxesinc\metaboxes.php:122

filtercmb_meta_boxesinc\metaboxes.php:169

filtercmb_meta_boxesinc\metaboxes.php:300

filtercmb_show_oninit.php:156

actionadmin_enqueue_scriptsinit.php:160

actionadmin_menuinit.php:163

actionadd_attachmentinit.php:164

actionedit_attachmentinit.php:165

actionsave_postinit.php:166

actionadmin_enqueue_scriptsinit.php:167

actionadmin_headinit.php:170

actionshow_user_profileinit.php:185

actionedit_user_profileinit.php:186

actionpersonal_options_updateinit.php:188

actionedit_user_profile_updateinit.php:189

actionadmin_headinit.php:192

actioninitsneakers.php:22

actionwp_footersneakers.php:107

actionwp_headsneakers.php:129

actionwp_enqueue_scriptssneakers.php:135

actionadmin_enqueue_scriptssneakers.php:146

actioninitsneakers.php:149

Maintenance & Trust

Sneakers Maintenance & Trust

Maintenance Signals

WordPress version tested5.6.17

Last updatedDec 28, 2020

PHP min version5.6

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Sneakers Alternatives

WP Featured Content and Slider

wp-featured-content-and-slider

100

A quick, easy way to add and display what features your company, product or service offers, using our shortcode OR template code or Gutenberg block.

1K No CVEs

HTML5 Slideshow Presentations

html5-slideshow-presentations

Create HTML5 slideshow presentations using our favorite cms, WordPress. Host your own presentations and share/present them anytime.

100 No CVEs

WP Content Slideshow

wp-content-slideshow

WP Content Slideshow is the perfect Slideshow for Wordpress. It displays up to 5 Posts or Pages with Tile, Description and Image for every Post.

100 No CVEs

Animate Slider

animate-slider

Animated Slideshow boost your theme through shortcode with a beautiful CSS3 animated image and content slideshow.

80 No CVEs

Featured Item Slider

featured-item-slider

Featured item slider is the perfect Slideshow for Wordpress. It displays up to 5 Posts or Pages with Title,Description and Image for every Post.

40 No CVEs

Developer Profile

Sneakers Developer Profile

G Matta

4 plugins · 2K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

630 days

View full developer profile

Detection Fingerprints

How We Detect Sneakers

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/sneakers/css/sneakers.css/wp-content/plugins/sneakers/js/html5.js/wp-content/plugins/sneakers/js/sneaker.js

Script Paths

/wp-content/plugins/sneakers/js/html5.js/wp-content/plugins/sneakers/js/sneaker.js

HTML / DOM Fingerprints

CSS Classes

collapsible-containersneakers-stlyecollapsible-panelsneak

HTML Comments

+10 more

Data Attributes

name="collapsible-id="collapsible-for="collapsible-class="collapsible-container test class="collapsible-panel sneak"

JS Globals

SNEAKERS_DIRSNEAKERS_URLSNEAKERS_BASENAMESNEAKERS_VERSION

FAQ