Product Category Slider & Grid for WooCommerce – WooCategory Security & Risk Analysis

wordpress.org/plugins/woo-category-slider-grid

Display product categories in responsive sliders or grids to showcase them effectively on your WooCommerce store and improve shoppers' navigation.

10K active installs v1.6.5 PHP 7.0+ WP 5.0+ Updated Apr 15, 2026
category-carouselproduct-categoryproduct-category-showcaseshop-category-gridwoocommerce-category-slider
100
A · Safe
CVEs total1
Unpatched0
Last CVEAug 24, 2023
Safety Verdict

Is Product Category Slider & Grid for WooCommerce – WooCategory Safe to Use in 2026?

Generally Safe

Score 100/100

Product Category Slider & Grid for WooCommerce – WooCategory has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Aug 24, 2023Updated 2mo ago
Risk Assessment

The "woo-category-slider-grid" plugin v1.6.4 exhibits a mixed security posture. While it demonstrates good practices such as exclusively using prepared statements for SQL queries and a high percentage of properly escaped outputs, several concerning aspects exist. The presence of 10 AJAX handlers, with 3 lacking authentication checks, presents a significant attack surface. This is further exacerbated by the dangerous use of the `unserialize` function, which, if combined with an unauthenticated AJAX endpoint, could lead to critical vulnerabilities like Remote Code Execution. The plugin's vulnerability history, although currently clear of unpatched issues, includes a past medium-severity vulnerability attributed to Missing Authorization, a pattern that aligns with the identified unprotected AJAX handlers. The lack of any identified critical or high-severity taint flows is a positive sign, but the combination of the `unserialize` function and unprotected AJAX endpoints warrants caution. Overall, the plugin has strengths in its data handling but weaknesses in its access control for AJAX endpoints.

Key Concerns

  • AJAX handlers without authentication checks
  • Use of the unserialize() function
  • Past medium severity vulnerability (Missing Authorization)
Vulnerabilities
1 published

Product Category Slider & Grid for WooCommerce – WooCategory Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2023-41132medium · 4.3Missing Authorization

Category Slider for WooCommerce <= 1.4.15 - Missing Authorization via notice dismissal functionality

Aug 24, 2023 Patched in 1.4.16 (238d)
Version History

Product Category Slider & Grid for WooCommerce – WooCategory Release Timeline

v1.6.5Current
v1.6.4
v1.6.3
v1.6.2
v1.6.1
v1.6.0
v1.5.3
v1.5.2
v1.5.1
v1.5.0
v1.4.21
v1.4.20
v1.4.19
v1.4.18
v1.4.17
v1.4.16
v1.4.151 CVE
v1.4.141 CVE
v1.4.131 CVE
v1.4.121 CVE
Code Analysis
Analyzed Mar 16, 2026

Product Category Slider & Grid for WooCommerce – WooCategory Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
86
653 escaped
Nonce Checks
15
Capability Checks
14
File Operations
0
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

unserialize$plugins = unserialize( $response['body'] );admin\help-page\help-page.php:170

Output Escaping

88% escaped739 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

6 flows
<class-woo-category-slider-admin> (admin\class-woo-category-slider-admin.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Product Category Slider & Grid for WooCommerce – WooCategory Attack Surface

Entry Points11
Unprotected3

AJAX Handlers 10

authwp_ajax_sp-woocatslider-never-show-review-noticeadmin\partials\notices\review.php:28
authwp_ajax_dismiss_smart_brand_noticeadmin\partials\notices\review.php:29
authwp_ajax_dismiss_product_slider_noticeadmin\partials\notices\review.php:30
authwp_ajax_shapedplugin_dismiss_offer_banneradmin\partials\notices\ShapedPlugin_Offer_Banner.php:34
authwp_ajax_spf-get-iconsadmin\partials\wcsp-framework\functions\actions.php:78
authwp_ajax_spf-resetadmin\partials\wcsp-framework\functions\actions.php:102
authwp_ajax_sp_wcsp_preview_meta_boxadmin\preview\class-woo-category-slider-preview.php:36
authwp_ajax_wcsp_export_shortcodeswoo-category-slider-grid.php:188
authwp_ajax_wcsp_import_shortcodeswoo-category-slider-grid.php:189
authwp_ajax_dismiss_woo_noticewoo-category-slider-grid.php:208

Shortcodes 1

[woocatslider] includes\class-woo-category-slider-shortcode.php:55
WordPress Hooks 50
actionafter_setup_themeadmin\class-woo-category-slider-admin.php:43
actionadmin_action_wcs_shortcode_duplicateadmin\class-woo-category-slider-admin.php:45
filterpost_row_actionsadmin\class-woo-category-slider-admin.php:46
actionelementor/preview/enqueue_scriptsadmin\class-woo-category-slider-element-shortcode-addons-deprecated.php:69
actionelementor/preview/enqueue_stylesadmin\class-woo-category-slider-element-shortcode-addons-deprecated.php:70
actionelementor/editor/before_enqueue_scriptsadmin\class-woo-category-slider-element-shortcode-addons-deprecated.php:71
actionelementor/initadmin\class-woo-category-slider-element-shortcode-addons-deprecated.php:142
actionelementor/widgets/registeradmin\class-woo-category-slider-element-shortcode-addons-deprecated.php:159
actionelementor/preview/enqueue_scriptsadmin\class-woo-category-slider-element-shortcode-addons.php:72
actionelementor/preview/enqueue_stylesadmin\class-woo-category-slider-element-shortcode-addons.php:73
actionelementor/editor/before_enqueue_scriptsadmin\class-woo-category-slider-element-shortcode-addons.php:74
actionelementor/initadmin\class-woo-category-slider-element-shortcode-addons.php:145
actionelementor/widgets/registeradmin\class-woo-category-slider-element-shortcode-addons.php:162
actioninitadmin\GutenbergBlock\class-woo-category-slider-shortcode-init.php:36
actionenqueue_block_editor_assetsadmin\GutenbergBlock\class-woo-category-slider-shortcode-init.php:37
actionadmin_menuadmin\help-page\help-page.php:63
actionadmin_print_scriptsadmin\help-page\help-page.php:69
actionspf_enqueueadmin\help-page\help-page.php:70
actionadmin_noticesadmin\partials\notices\review.php:27
actionadmin_noticesadmin\partials\notices\ShapedPlugin_Offer_Banner.php:33
actionwp_enqueue_scriptsadmin\partials\wcsp-framework\classes\abstract.class.php:51
actionwp_headadmin\partials\wcsp-framework\classes\abstract.class.php:56
actionadd_meta_boxesadmin\partials\wcsp-framework\classes\metabox.class.php:107
actionsave_postadmin\partials\wcsp-framework\classes\metabox.class.php:108
actionadmin_menuadmin\partials\wcsp-framework\classes\options.class.php:169
actionadmin_bar_menuadmin\partials\wcsp-framework\classes\options.class.php:170
actionnetwork_admin_menuadmin\partials\wcsp-framework\classes\options.class.php:174
actionafter_setup_themeadmin\partials\wcsp-framework\classes\setup.class.php:95
actioninitadmin\partials\wcsp-framework\classes\setup.class.php:96
actionswitch_themeadmin\partials\wcsp-framework\classes\setup.class.php:97
actionadmin_enqueue_scriptsadmin\partials\wcsp-framework\classes\setup.class.php:98
actionadmin_footeradmin\partials\wcsp-framework\functions\actions.php:140
actioncustomize_controls_print_footer_scriptsadmin\partials\wcsp-framework\functions\actions.php:141
actionplugins_loadedincludes\class-woo-category-slider-updates.php:45
actionwidgets_initincludes\class-woo-category-slider-widget.php:150
actionadmin_enqueue_scriptswoo-category-slider-grid.php:191
actioninitwoo-category-slider-grid.php:192
actionmanage_sp_wcslider_posts_custom_columnwoo-category-slider-grid.php:193
filtermanage_sp_wcslider_posts_columnswoo-category-slider-grid.php:194
filterplugin_action_linkswoo-category-slider-grid.php:195
filterplugin_row_metawoo-category-slider-grid.php:196
filterpost_updated_messageswoo-category-slider-grid.php:197
filteradmin_footer_textwoo-category-slider-grid.php:198
filterupdate_footerwoo-category-slider-grid.php:199
actionactivated_pluginwoo-category-slider-grid.php:202
actionadmin_noticeswoo-category-slider-grid.php:206
actionbefore_woocommerce_initwoo-category-slider-grid.php:209
actionwp_loadedwoo-category-slider-grid.php:235
actionwp_enqueue_scriptswoo-category-slider-grid.php:236
actionsave_postwoo-category-slider-grid.php:237
Maintenance & Trust

Product Category Slider & Grid for WooCommerce – WooCategory Maintenance & Trust

Maintenance Signals

WordPress version tested7.0
Last updatedApr 15, 2026
PHP min version7.0
Downloads245K

Community Trust

Rating96/100
Number of ratings91
Active installs10K
Developer Profile

Product Category Slider & Grid for WooCommerce – WooCategory Developer Profile

ShapedPlugin LLC

18 plugins · 315K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
349 days
View full developer profile
Detection Fingerprints

How We Detect Product Category Slider & Grid for WooCommerce – WooCategory

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woo-category-slider-grid/public/css/woo-category-slider.css/wp-content/plugins/woo-category-slider-grid/public/css/slick.css/wp-content/plugins/woo-category-slider-grid/public/css/slick-theme.css/wp-content/plugins/woo-category-slider-grid/public/js/woo-category-slider.js/wp-content/plugins/woo-category-slider-grid/public/js/slick.min.js/wp-content/plugins/woo-category-slider-grid/public/js/isotope.pkgd.min.js/wp-content/plugins/woo-category-slider-grid/public/js/imagesloaded.pkgd.min.js/wp-content/plugins/woo-category-slider-grid/admin/css/admin-style.css+5 more
Script Paths
woo-category-slider-grid/public/js/woo-category-slider.jswoo-category-slider-grid/public/js/slick.min.jswoo-category-slider-grid/public/js/isotope.pkgd.min.jswoo-category-slider-grid/public/js/imagesloaded.pkgd.min.jswoo-category-slider-grid/admin/js/admin-script.jswoo-category-slider-grid/admin/js/wcsp-framework/assets/js/wcsp-framework.js+1 more
Version Parameters
woo-category-slider-grid/public/css/woo-category-slider.css?ver=woo-category-slider-grid/public/js/woo-category-slider.js?ver=woo-category-slider-grid/admin/css/admin-style.css?ver=woo-category-slider-grid/admin/js/admin-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
wcsp-wcs-slider-wrapperwcsp-wcs-category-slider-gridsp-wc-category-slidersp-wc-category-gridsp-wc-category-hierarchy-gridsp-wc-category-inline-layoutsp-wc-category-slider-itemsp-wc-category-grid-item+2 more
HTML Comments
<!-- Start WooCategory Product Category Slider/Grid --><!-- End WooCategory Product Category Slider/Grid --><!-- WooCategory Framework Notice --><!-- WooCategory Review Notice -->
Data Attributes
data-wcsp-options
JS Globals
wcsp_wcs_php_vars
Shortcode Output
[woo_category_slider][woo_category_grid][woo_category_hierarchy_grid][woo_category_inline_layout]
FAQ

Frequently Asked Questions about Product Category Slider & Grid for WooCommerce – WooCategory