Splide Carousel Block Security & Risk Analysis

wordpress.org/plugins/splide-carousel

Carousel block using Splide to create flexible and accessible sliders

3K active installs v1.7.1 PHP 7.0+ WP 6.5+ Updated Jan 17, 2026
blockcarouselfull-site-editingslidersplide
99
A · Safe
CVEs total1
Unpatched0
Last CVEMay 26, 2026
Download
Safety Verdict

Is Splide Carousel Block Safe to Use in 2026?

Generally Safe

Score 99/100

Splide Carousel Block has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: May 26, 2026Updated 5mo ago
Risk Assessment

The static analysis of Splide Carousel v1.7.1 reveals an exceptionally strong security posture. There are no identified entry points such as AJAX handlers, REST API routes, shortcodes, or cron events that are exposed without proper authentication or permission checks. Furthermore, the code exhibits excellent hygiene, with no dangerous functions used, all SQL queries being prepared statements, and all output being properly escaped. The absence of file operations, external HTTP requests, and the clear lack of any detected taint flows across analyzed paths further reinforce this positive assessment. The vulnerability history is also pristine, with zero known CVEs, indicating a consistent track record of secure development. This plugin demonstrates a robust commitment to security best practices, making it highly reliable from a code execution and vulnerability perspective. The only minor observation is the absence of nonce and capability checks on the identified entry points, which, while not a current vulnerability due to the lack of entry points, represents an area where future development should remain vigilant. Overall, Splide Carousel v1.7.1 appears to be a very secure plugin.

Key Concerns

  • No capability checks on entry points
  • No nonce checks on entry points
Vulnerabilities
1 published

Splide Carousel Block Security Vulnerabilities

CVEs by Year

1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-9022medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Splide Carousel Block <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'url' Block Attribute

May 26, 2026 Patched in 1.7.2 (1d)
Version History

Splide Carousel Block Release Timeline

v1.7.1Current1 CVE
v1.7.01 CVE
v1.6.01 CVE
v1.5.01 CVE
v1.4.71 CVE
v1.4.61 CVE
v1.4.51 CVE
v1.4.41 CVE
v1.4.31 CVE
v1.4.21 CVE
v1.4.11 CVE
v1.4.01 CVE
v1.3.01 CVE
v1.2.01 CVE
v1.1.01 CVE
v1.0.01 CVE
Code Analysis
Analyzed Mar 16, 2026

Splide Carousel Block Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0
Attack Surface

Splide Carousel Block Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 1
actioninitsplide-carousel.php:27
Maintenance & Trust

Splide Carousel Block Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 17, 2026
PHP min version7.0
Downloads28K

Community Trust

Rating100/100
Number of ratings11
Active installs3K
Developer Profile

Splide Carousel Block Developer Profile

David Jensen

5 plugins · 5K total installs

94
trust score
Avg Security Score
91/100
Avg Patch Time
1 days
View full developer profile
Detection Fingerprints

How We Detect Splide Carousel Block

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/splide-carousel/build/carousel.css/wp-content/plugins/splide-carousel/build/carousel.js/wp-content/plugins/splide-carousel/build/carousel-item.css/wp-content/plugins/splide-carousel/build/carousel-item.js
Script Paths
/wp-content/plugins/splide-carousel/build/carousel.js/wp-content/plugins/splide-carousel/build/carousel-item.js
Version Parameters
splide-carousel/build/carousel.css?ver=splide-carousel/build/carousel.js?ver=splide-carousel/build/carousel-item.css?ver=splide-carousel/build/carousel-item.js?ver=

HTML / DOM Fingerprints

CSS Classes
splide-carousel
FAQ

Frequently Asked Questions about Splide Carousel Block