WP-Safety

Divi Carousel Free (Divi5 Support) Security & Risk Analysis

wordpress.org/plugins/wow-carousel-for-divi-lite

Create beautiful, responsive image and logo carousels for the Divi Builder — no code required.

30K active installs v3.0.6 PHP 7.4+ WP 6.0+ Updated Mar 12, 2026
carouseldividivi-carouselimage-carousellogo-carousel
99
A · Safe
CVEs total1
Unpatched0
Last CVEJan 24, 2025
Plugin page Download
Safety Verdict

Is Divi Carousel Free (Divi5 Support) Safe to Use in 2026?

Generally Safe

Score 99/100

Divi Carousel Free (Divi5 Support) has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Jan 24, 2025Updated 2mo ago
Risk Assessment

The wow-carousel-for-divi-lite v3.0.6 plugin exhibits a generally good security posture with several positive indicators. The attack surface is minimal and appears to be well-secured, with no unprotected entry points identified. The extensive use of output escaping (95%) and the presence of nonce and capability checks on the single AJAX handler suggest that common web vulnerabilities like Cross-Site Scripting are well-mitigated within the core functionality. The absence of critical or high-severity taint flows further reinforces this. However, the vulnerability history reveals a past medium-severity Cross-Site Scripting vulnerability, which is a notable concern despite being patched. This suggests that while the current code may be secure, the plugin's past indicates a potential for such issues. Additionally, the presence of a single SQL query that is not using prepared statements is a minor but present risk, as it could be susceptible to SQL injection if the input is not meticulously sanitized before being used in the query.

Key Concerns

  • Past medium severity XSS vulnerability
  • SQL query not using prepared statements
Vulnerabilities
1 published

Divi Carousel Free (Divi5 Support) Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-0350medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Divi Carousel Lite <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Carousel and Logo Carousel Widgets

Jan 24, 2025 Patched in 2.1.0 (1d)
Version History

Divi Carousel Free (Divi5 Support) Release Timeline

v3.0.6Current
v3.0.5
v3.0.4
v3.0.3
v3.0.2
v3.0.1
v3.0.0
v2.1.5
v2.1.4
v2.1.3
v2.1.2
v2.1.1
v2.1.0
v2.0.41 CVE
CVE-2025-0350
v2.0.31 CVE
CVE-2025-0350
v2.0.21 CVE
CVE-2025-0350
v2.0.11 CVE
CVE-2025-0350
v2.0.01 CVE
CVE-2025-0350
v1.2.141 CVE
CVE-2025-0350
v1.2.131 CVE
CVE-2025-0350
Code Analysis
Analyzed Mar 16, 2026

Divi Carousel Free (Divi5 Support) Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
4
74 escaped
Nonce Checks
1
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared1 total queries

Output Escaping

95% escaped78 total outputs
Attack Surface

Divi Carousel Free (Divi5 Support) Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_dcf_dismiss_upgrade_noticeincludes\class-upgrade-notice.php:22
WordPress Hooks 26
actionadmin_menuincludes\class-admin.php:11
actionadmin_enqueue_scriptsincludes\class-admin.php:12
filterdivi_frontend_assets_dynamic_assets_global_assets_listincludes\class-assets.php:21
filterdivi_frontend_assets_dynamic_assets_late_global_assets_listincludes\class-assets.php:27
actionwp_enqueue_scriptsincludes\class-assets.php:35
actiondivi_visual_builder_assets_before_enqueue_scriptsincludes\class-assets.php:38
actionadmin_headincludes\class-dp-menu.php:61
actionplugins_loadedincludes\class-plugin.php:17
actionadmin_initincludes\class-plugin.php:18
actionwpincludes\class-plugin.php:28
actionet_builder_readyincludes\class-plugin.php:29
actionrest_api_initincludes\class-rest-api.php:21
actionadmin_noticesincludes\class-upgrade-notice.php:21
actionwp_enqueue_scriptsincludes\divi4\class-assets-d4.php:16
actionwp_enqueue_scriptsincludes\divi4\class-assets-d4.php:17
actioninitincludes\divi5\modules\ImageCarousel\ImageCarousel.php:32
actioninitincludes\divi5\modules\ImageCarouselChild\ImageCarouselChild.php:32
actioninitincludes\divi5\modules\LogoCarousel\LogoCarousel.php:32
actioninitincludes\divi5\modules\LogoCarouselChild\LogoCarouselChild.php:32
actiondivi_module_library_modules_dependency_treeincludes\divi5\modules\Modules.php:31
filterdivi.moduleLibrary.conversion.moduleConversionOutlineFileincludes\divi5\modules\Modules.php:43
filteret_global_assets_listincludes\functions.php:46
filteret_late_global_assets_listincludes\functions.php:47
actionadmin_noticeswow-divi-carousel-lite.php:28
actionplugins_loadedwow-divi-carousel-lite.php:56
actionadmin_noticeswow-divi-carousel-lite.php:66
Maintenance & Trust

Divi Carousel Free (Divi5 Support) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 12, 2026
PHP min version7.4
Downloads608K

Community Trust

Rating96/100
Number of ratings146
Active installs30K
Alternatives

Divi Carousel Free (Divi5 Support) Alternatives

Divi Carousel Lite – 17+ Carousel Module

Divi Carousel Lite – 17+ Carousel Module

carousels-slider-for-divi

A
100

Divi Carousel Lite, the ultimate Divi Builder plugin with 17+ modules like image carousel, testimonial carousel, logo carousel, team carousel, and mor &hellip;

10K No CVEs
Image Carousel Module for Divi

Image Carousel Module for Divi

image-carousel-divi

A
100

This plugin add an image carousel module to the Divi theme.

9K No CVEs
Ultimate Carousel For Divi

Ultimate Carousel For Divi

ultimate-carousel-for-divi

A
100

Create stunning, branded carousels with ease. Showcase your products, post types, categories, and images like never before with Ultimate Divi Carousel

800 No CVEs
WP Logo Showcase Responsive Slider and Carousel

WP Logo Showcase Responsive Slider and Carousel

wp-logo-showcase-responsive-slider-slider

A
100

WP Logo Showcase Responsive Slider and Carousel allows you to display logos of clients, sponsors, brands, or partners in a professional and responsive &hellip;

30K No CVEs
Awesome Logo Carousel Block

Awesome Logo Carousel Block

awesome-logo-carousel-block

A
99

Awesome Logo Carousel Block allows you to create interactive client logos carousel with Gutenberg Block Editor.

5K 1 CVE
Developer Profile

Divi Carousel Free (Divi5 Support) Developer Profile

Fahim Reza

7 plugins · 102K total installs

99
trust score
Avg Security Score
99/100
Avg Patch Time
1 days
View full developer profile
Detection Fingerprints

How We Detect Divi Carousel Free (Divi5 Support)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wow-carousel-for-divi-lite/dist/divi5/frontend.css/wp-content/plugins/wow-carousel-for-divi-lite/dist/divi5/frontend.js/wp-content/plugins/wow-carousel-for-divi-lite/dist/libs/swiper/swiper-bundle.css/wp-content/plugins/wow-carousel-for-divi-lite/dist/libs/swiper/swiper-bundle.js/wp-content/plugins/wow-carousel-for-divi-lite/dist/admin/admin.css/wp-content/plugins/wow-carousel-for-divi-lite/dist/admin/admin.js
Script Paths
/wp-content/plugins/wow-carousel-for-divi-lite/dist/divi5/frontend.js/wp-content/plugins/wow-carousel-for-divi-lite/dist/libs/swiper/swiper-bundle.min.js/wp-content/plugins/wow-carousel-for-divi-lite/dist/admin/admin.js
Version Parameters
wow-carousel-for-divi-lite/dist/divi5/frontend.js?ver=wow-carousel-for-divi-lite/dist/libs/swiper/swiper-bundle.min.css?ver=wow-carousel-for-divi-lite/dist/libs/swiper/swiper-bundle.min.js?ver=wow-carousel-for-divi-lite/dist/admin/admin.css?ver=wow-carousel-for-divi-lite/dist/admin/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
dcf-swiperdivi-carousel-free-admindivi-carousel-free-admin-root
JS Globals
dcfAdmin
REST Endpoints
/wp-json/divi-carousel-free/v1
FAQ

Frequently Asked Questions about Divi Carousel Free (Divi5 Support)