WP-Safety

Vertical Carousel Security & Risk Analysis

wordpress.org/plugins/vertical-carousel-slider

Display vertical carousel slider with the help of a shortcode.

90 active installs v1.0.2 PHP + WP 3.5.0+ Updated Jul 25, 2022
clients-carouselclients-slidertestimonial-sliderverticalvertical-slider
64
C · Use Caution
CVEs total1
Unpatched1
Last CVENov 28, 2024
Plugin page Download
Safety Verdict

Is Vertical Carousel Safe to Use in 2026?

Use With Caution

Score 64/100

Vertical Carousel has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Nov 28, 2024Updated 3yr ago
Risk Assessment

The "vertical-carousel-slider" plugin, v1.0.2, presents a mixed security posture. While it demonstrates good practices by utilizing prepared statements for all SQL queries and includes a nonce check, significant concerns remain. The static analysis reveals a low attack surface with no AJAX handlers or REST API routes, which is generally positive. However, the plugin exhibits poor output escaping, with only 25% of identified outputs being properly escaped. This indicates a potential for Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the user's browser. The plugin's vulnerability history further exacerbates this concern, with one currently unpatched medium severity CVE related to XSS. This history, coupled with the output escaping issue, suggests a recurring problem that has not been fully addressed. Therefore, despite some positive coding practices, the unpatched XSS vulnerability and insufficient output sanitization pose a significant risk.

Key Concerns

  • Unpatched medium severity CVE
  • Insufficient output escaping
  • No capability checks on entry points
Vulnerabilities
1

Vertical Carousel Security Vulnerabilities

CVEs by Year

1 CVE in 2024 · unpatched
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-53756medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Vertical Carousel <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Nov 28, 2024Unpatched
Code Analysis
Analyzed Mar 16, 2026

Vertical Carousel Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
3
1 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

25% escaped4 total outputs
Attack Surface

Vertical Carousel Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[vertical-carousel-slider] wp-vertical-carousel-slider.php:213
WordPress Hooks 6
actioninitwp-vertical-carousel-slider.php:14
filtermanage_posts_columnswp-vertical-carousel-slider.php:49
actionmanage_posts_custom_columnwp-vertical-carousel-slider.php:62
actionadd_meta_boxeswp-vertical-carousel-slider.php:94
actionsave_postwp-vertical-carousel-slider.php:133
actionadmin_headwp-vertical-carousel-slider.php:146
Maintenance & Trust

Vertical Carousel Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11
Last updatedJul 25, 2022
PHP min version
Downloads8K

Community Trust

Rating80/100
Number of ratings3
Active installs90
Alternatives

Vertical Carousel Alternatives

Gallery with thumbnail slider

Gallery with thumbnail slider

gallery-with-thumbnail-slider

B
76

Highly customizable gallery plugin with sliders, lightbox, vertical gallery, and batch image upload for WordPress.

3K 1 unpatched
Post Ticker Ultimate

Post Ticker Ultimate

ticker-ultimate

A
100

Add and display horizontal or vertical post ticker on website that work with WordPress posts with the help of shortcode or Gutenberg block.

1K No CVEs
Vertical Image Slider

Vertical Image Slider

wp-vertical-image-slider

A
98

This is a beautiful responsive vertical image slider for wp blogs and sites. Admin can manage any number of images into the responsive vertical slider &hellip;

1K 4 CVEs
jQuery Vertical Scroller

jQuery Vertical Scroller

jquery-vertical-scroller

A
85

Use jQuery Vertical Scroller plugin to display posts as a vertical scroll in a widget, post or page. Supports multiple instances.

500 No CVEs
Vertical Client Carousel

Vertical Client Carousel

vertical-client-carousel

A
85

This plugin will add vertical client carousel slider in your wordpress site.

30 No CVEs
Developer Profile

Vertical Carousel Developer Profile

Aftab Husain

5 plugins · 3K total installs

77
trust score
Avg Security Score
75/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Vertical Carousel

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/vertical-carousel-slider/includes/carousel_style.css
Script Paths
/wp-content/plugins/vertical-carousel-slider/includes/carousel-js.js
Version Parameters
vertical-carousel-slider/includes/carousel_style.css?ver=1.0

HTML / DOM Fingerprints

CSS Classes
wpvc-jcarousel-skinwpvc-carousel
Data Attributes
wpvc_link_meta_url
JS Globals
jQuery
Shortcode Output
<div class="wpvc-jcarousel-skin"><ul id="wpvc-carousel">
FAQ

Frequently Asked Questions about Vertical Carousel