WP-Safety

Thumbnail Slider Security & Risk Analysis

wordpress.org/plugins/thumbnail-slider

This Plugin is used to display Custom Thumbnail Banner Image's slider in your page or posts. Display a awesome thumbnail slider in your wordpress …

10 active installs v1.0 PHP + WP 4.0+ Updated Oct 26, 2016
adminajaxslider-imageslider-pluginthumbnail-slider
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Thumbnail Slider Safe to Use in 2026?

Generally Safe

Score 85/100

Thumbnail Slider has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago
Risk Assessment

The thumbnail-slider v1.0 plugin exhibits a mixed security posture. On the positive side, it has a very small attack surface with only one shortcode entry point and no AJAX handlers, REST API routes, or cron events. The absence of file operations and external HTTP requests is also encouraging. The presence of a nonce check is a good practice. However, several areas raise concerns. The code analysis reveals that 44% of SQL queries are not using prepared statements, which is a significant risk for SQL injection. Furthermore, 33% of output is not properly escaped, potentially leading to cross-site scripting (XSS) vulnerabilities. The taint analysis highlights a flow with an unsanitized path of high severity, indicating a potential for command injection or other path traversal issues. The plugin's vulnerability history is clean, with no known CVEs, which suggests a lack of past exploitation. While the clean history is a positive indicator, it does not negate the risks identified in the current code analysis, especially the high-severity taint flow and the un-prepared SQL queries.

Key Concerns

  • SQL queries not using prepared statements (56%)
  • Output escaping is not proper for 33% of outputs
  • Taint analysis: High severity unsanitized path flow
  • Capability checks are missing
Vulnerabilities
None known

Thumbnail Slider Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Thumbnail Slider Release Timeline

No version history available.
Code Analysis
Analyzed Mar 17, 2026

Thumbnail Slider Code Analysis

Dangerous Functions
0
Raw SQL Queries
5
4 prepared
Unescaped Output
5
10 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

44% prepared9 total queries

Output Escaping

67% escaped15 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
<thumbnail-slider> (thumbnail-slider.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Thumbnail Slider Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[ts_slider_list_basic] thumbnail-slider.php:441
WordPress Hooks 5
actioninitthumbnail-slider.php:15
actionadmin_menuthumbnail-slider.php:57
actionadmin_initthumbnail-slider.php:333
actionsave_postthumbnail-slider.php:334
actionwp_enqueue_scriptsthumbnail-slider.php:439
Maintenance & Trust

Thumbnail Slider Maintenance & Trust

Maintenance Signals

WordPress version tested4.0.38
Last updatedOct 26, 2016
PHP min version
Downloads6K

Community Trust

Rating100/100
Number of ratings2
Active installs10
Alternatives

Thumbnail Slider Alternatives

Heartbeat Control

Heartbeat Control

heartbeat-control

A
85

Allows you to easily manage the frequency of the WordPress heartbeat API.

80K No CVEs
AJAX Thumbnail Rebuild

AJAX Thumbnail Rebuild

ajax-thumbnail-rebuild

A
85

AJAX Thumbnail Rebuild allows you to rebuild all thumbnails at once without script timeouts on your server.

30K 1 CVE
Dynamic Front-End Heartbeat Control

Dynamic Front-End Heartbeat Control

dynamic-front-end-heartbeat-control

A
100

An enhanced solution to optimize the performance of your WordPress website and automatically achieve the best Heartbeat API values.

1K No CVEs
Advanced All in One Admin Search by WP Spotlight

Advanced All in One Admin Search by WP Spotlight

wp-spotlight-search

A
91

Advanced All in One Admin Search by WP Spotlight Global Search is a powerful quick navigation plugin for WordPress Dashboard - it is an advancement of &hellip;

1K 1 CVE
Heartbeat Controller

Heartbeat Controller

heartbeat-controller

A
100

Control WordPress Heartbeat API to reduce load. Allow, disable, or set custom frequency for Dashboard, Post Editor, and Frontend.

800 No CVEs
Developer Profile

Thumbnail Slider Developer Profile

Kuldip Makadiya

2 plugins · 510 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Thumbnail Slider

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/thumbnail-slider/css/slider.css/wp-content/plugins/thumbnail-slider/js/responsive_child.js/wp-content/plugins/thumbnail-slider/js/jquery.bxSlider.min.js/wp-content/plugins/thumbnail-slider/js/responsive_tabs.js/wp-content/plugins/thumbnail-slider/js/jquery.bxSlider.js
Script Paths
//platform.twitter.com/widgets.js/wp-content/plugins/thumbnail-slider/js/responsive_child.js/wp-content/plugins/thumbnail-slider/js/jquery.bxSlider.min.js/wp-content/plugins/thumbnail-slider/js/responsive_tabs.js/wp-content/plugins/thumbnail-slider/js/jquery.bxSlider.js

HTML / DOM Fingerprints

CSS Classes
bx-viewportbx-wrapperbx-controls-directionbx-controls-pagerbx-pager-itembx-clonebx-prevbx-next+2 more
HTML Comments
<!-- Create custom post type using CPT --><!-- All Hooks are define in this below section --><!-- Create slider Settings tab in custom post type hook --><!-- On button submit if there is no table name then it will create table and update slider setting tab data into database -->
Data Attributes
data-hrefdata-layoutdata-sizedata-mobile-iframedata-show-countdata-show-screen-name
JS Globals
responsive_childjquery
FAQ

Frequently Asked Questions about Thumbnail Slider