Does WP Contact Slider – Contact Form Slider Widget have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Contact Slider – Contact Form Slider Widget have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Contact Slider – Contact Form Slider Widget compatible with WordPress 6.9.4?

According to WordPress.org data, WP Contact Slider – Contact Form Slider Widget 2.5.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is WP Contact Slider – Contact Form Slider Widget updated?

WP Contact Slider – Contact Form Slider Widget was last updated on Feb 17, 2026. Frequent updates are generally a positive security signal.

What is WP Contact Slider – Contact Form Slider Widget's security score?

WP Contact Slider – Contact Form Slider Widget has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Contact Slider – Contact Form Slider Widget Security & Risk Analysis

wordpress.org/plugins/wp-contact-slider

Helps you to show slide out contact form to display CF7, Gravity forms, Ninja Forms, WP Forms, display random text/HTML and support some other forms.

10K active installs v2.5.4 PHP + WP 4.7+ Updated Feb 17, 2026

contact-form-7contact-sliderformidable-formsgravity-formsninja-forms

A · Safe

CVEs total2

Unpatched0

Last CVEOct 10, 2022

Plugin page Download

Safety Verdict

Is WP Contact Slider – Contact Form Slider Widget Safe to Use in 2026?

Generally Safe

Score 99/100

WP Contact Slider – Contact Form Slider Widget has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Oct 10, 2022Updated 1mo ago

Risk Assessment

The wp-contact-slider plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices in its handling of SQL queries, exclusively using prepared statements, and boasts a high percentage of properly escaped output. The plugin also incorporates nonce and capability checks, suggesting an awareness of common WordPress security mechanisms. However, the presence of two AJAX handlers without authentication checks presents a significant concern, creating a direct attack surface that could be exploited by unauthenticated users. The vulnerability history reveals two medium-severity CVEs, both related to Cross-site Scripting, with the last one occurring in late 2022. While no currently unpatched vulnerabilities are reported, this history indicates a recurring pattern of input validation or output sanitization issues that attackers have successfully exploited in the past. The lack of taint analysis results makes it difficult to assess the sanitization of dynamic paths, but the identified AJAX vulnerabilities are concrete points of concern.

Key Concerns

Unprotected AJAX handlers
Medium severity CVE history (2)
Bundled outdated library (Freemius v1.0)

Vulnerabilities

WP Contact Slider – Contact Form Slider Widget Security Vulnerabilities

CVEs by Year

2 CVEs in 2022

2022

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2022-3237medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Contact Slider <= 2.4.7 - Authenticated (Administrator+) Stored Cross-Site Scripting

Oct 10, 2022 Patched in 2.4.8 (470d)

CVE-2022-1301medium · 4.8Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Contact Slider <= 2.4.6 - Stored Cross-Site Scripting

Jun 13, 2022 Patched in 2.4.7 (589d)

Code Analysis

Analyzed Mar 16, 2026

WP Contact Slider – Contact Form Slider Widget Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

302 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0Select2

Output Escaping

96% escaped316 total outputs

Attack Surface

2 unprotected

WP Contact Slider – Contact Form Slider Widget Attack Surface

Entry Points4

Unprotected2

AJAX Handlers 3

authwp_ajax_rwmb_delete_fileinc\meta-box\inc\fields\file.php:36

authwp_ajax_rwmb_get_embedinc\meta-box\inc\fields\oembed.php:49

authwp_ajax_dismiss_wpcs_noticeinc\wpcs_update_notice.php:205

Shortcodes 1

[rwmb_meta] inc\meta-box\inc\functions.php:294

WordPress Hooks 43

filterplugin_action_links_meta-box/meta-box.phpinc\meta-box\inc\about\about.php:17

actionadmin_menuinc\meta-box\inc\about\about.php:20

actionadmin_menuinc\meta-box\inc\about\about.php:21

actionadmin_headinc\meta-box\inc\about\about.php:24

actionactivated_plugininc\meta-box\inc\about\about.php:27

filteradmin_footer_textinc\meta-box\inc\about\about.php:80

filterplugin_action_links_meta-box/meta-box.phpinc\meta-box\inc\core.php:20

actioninitinc\meta-box\inc\core.php:23

actionedit_page_forminc\meta-box\inc\core.php:24

actionpost_edit_form_taginc\meta-box\inc\fields\file.php:35

filterupload_dirinc\meta-box\inc\fields\file.php:484

actionprint_media_templatesinc\meta-box\inc\fields\media.php:49

actioninitinc\meta-box\inc\media-modal.php:25

filterattachment_fields_to_editinc\meta-box\inc\media-modal.php:27

filterattachment_fields_to_saveinc\meta-box\inc\media-modal.php:28

filterrwmb_showinc\meta-box\inc\media-modal.php:30

actionadmin_enqueue_scriptsinc\meta-box\inc\meta-box.php:109

actionadd_meta_boxesinc\meta-box\inc\meta-box.php:123

filterdefault_hidden_meta_boxesinc\meta-box\inc\meta-box.php:126

actionedit_attachmentinc\meta-box\inc\meta-box.php:133

actionadd_attachmentinc\meta-box\inc\meta-box.php:134

actionrwmb_afterinc\meta-box\inc\validation.php:17

actionrwmb_enqueue_scriptsinc\meta-box\inc\validation.php:18

actioninitinc\meta-box\inc\wpml.php:28

filterwpml_duplicate_generic_stringinc\meta-box\inc\wpml.php:38

filterrwmb_normalize_fieldinc\meta-box\inc\wpml.php:39

actioninitinc\wpcs_admin_functions.php:87

filterget_sample_permalink_htmlinc\wpcs_admin_functions.php:92

filterpre_get_shortlinkinc\wpcs_admin_functions.php:110

filtergettextinc\wpcs_admin_functions.php:122

actionadmin_print_footer_scriptsinc\wpcs_admin_functions.php:131

actiondo_meta_boxesinc\wpcs_admin_functions.php:240

actionpost_submitbox_minor_actionsinc\wpcs_admin_functions.php:250

actionadmin_menuinc\wpcs_bundle_menu.php:7

actionwp_enqueue_scriptsinc\wpcs_enque_scripts.php:3

actionadmin_enqueue_scriptsinc\wpcs_enque_styles.php:40

filterconnect_message_on_updateinc\wpcs_freemius.php:63

filterconnect_messageinc\wpcs_freemius.php:91

actionwp_footerinc\wpcs_frontend_functions.php:3

filterrwmb_meta_boxesinc\wpcs_meta_fields.php:3

actionsubmitpost_boxinc\wpcs_meta_fields.php:313

actionadmin_footerinc\wpcs_update_notice.php:4

actionadmin_noticesinc\wpcs_update_notice.php:165

Maintenance & Trust

WP Contact Slider – Contact Form Slider Widget Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 17, 2026

PHP min version

Downloads327K

Community Trust

Rating96/100

Number of ratings38

Active installs10K

Alternatives

WP Contact Slider – Contact Form Slider Widget Alternatives

Autopreenchimento de endereço em formulários

cf7-cep-autofill

Preenchimento automático de campos de endereço baseado no CEP informado.

1K No CVEs

WP Mautic Form Integrator

wp-mautic-form-integrator

Mautic is a marketing automation software and WP Mautic Form Integrator plugin is a bridge between Mautic and several highly used form plugins.

200 No CVEs

Proweblook Phone Validator

proweblook-phone-validator

With the Proweblook Phone Validator plugin you can easily verify if a phone number is really valid and callable (https://proweblook.com).

0 No CVEs

WPGContacts

wpgcontacts

Send your Contact Form 7 data directly to your Google Contacts spreadsheet.

0 No CVEs

Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms

cf7-mailchimp

100

Send Contact Form 7, WPforms, Elementor, Ninja Forms, CRM Perks Forms and many other contact form submissions to Mailchimp.

9K 1 CVE

Developer Profile

WP Contact Slider – Contact Form Slider Widget Developer Profile

Saad Iqbal

84 plugins · 1.4M total installs

trust score

Avg Security Score

96/100

Avg Patch Time

287 days

View full developer profile

Detection Fingerprints

How We Detect WP Contact Slider – Contact Form Slider Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-contact-slider/inc/wpcs_admin_functions.php/wp-content/plugins/wp-contact-slider/inc/wpcs_slider.php/wp-content/plugins/wp-contact-slider/inc/wpcs_frontend_functions.php/wp-content/plugins/wp-contact-slider/inc/wpcs_enque_styles.php/wp-content/plugins/wp-contact-slider/inc/wpcs_enque_scripts.php/wp-content/plugins/wp-contact-slider/inc/wpcs_bundle_menu.php/wp-content/plugins/wp-contact-slider/freemius/start.php

HTML / DOM Fingerprints

CSS Classes

wpcs-contact-form-slider

Data Attributes

data-wpcs-slider-iddata-wpcs-slider-settings

JS Globals

wpcs_slider_data

REST Endpoints

/wp-json/wpcs/v1/get-slider-data

Shortcode Output

[wp_contact_slider id=

FAQ