Does WP Owl Carousel have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Owl Carousel have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Owl Carousel compatible with WordPress 4.4.34?

According to WordPress.org data, WP Owl Carousel 1.1.3 has been tested up to WordPress 4.4.34. Check the plugin's changelog for the latest compatibility information.

How often is WP Owl Carousel updated?

WP Owl Carousel was last updated on Mar 9, 2016. Frequent updates are generally a positive security signal.

What is WP Owl Carousel's security score?

WP Owl Carousel has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Owl Carousel Security & Risk Analysis

wordpress.org/plugins/wp-owl-carousel

Owl Carousel integration for Wordpress

200 active installs v1.1.3 PHP + WP 4.0+ Updated Mar 9, 2016

carouselowl-carouselsliderslideshow

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is WP Owl Carousel Safe to Use in 2026?

Generally Safe

Score 85/100

WP Owl Carousel has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The wp-owl-carousel plugin version 1.1.3 exhibits a generally good security posture based on the provided static analysis and vulnerability history. The absence of known CVEs and the consistent use of prepared statements for SQL queries are strong indicators of a well-maintained and secure codebase. Furthermore, the plugin demonstrates good practices by incorporating nonce and capability checks, and it has no recorded vulnerabilities, suggesting a proactive approach to security.

However, a critical concern arises from the presence of the `unserialize` function. This function is notoriously dangerous when processing untrusted input, as it can lead to Remote Code Execution (RCE) vulnerabilities if not handled with extreme care and proper validation of the serialized data. The static analysis also indicates that only 42% of output is properly escaped, which could expose the plugin to Cross-Site Scripting (XSS) vulnerabilities. While no taint flows were identified, this does not negate the inherent risk associated with `unserialize` and insufficient output escaping.

In conclusion, while the plugin's vulnerability history and SQL practices are commendable, the presence of `unserialize` and the moderate output escaping rate present significant potential risks. Developers should prioritize sanitizing and validating any data processed by `unserialize` and ensure all output is correctly escaped to mitigate these identified weaknesses.

Key Concerns

Use of unserialize()
Moderate output escaping (42% proper)

Vulnerabilities

None known

WP Owl Carousel Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Owl Carousel Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

28 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$datetime = unserialize( $args['value'] );CMB2\includes\CMB2_Types.php:574

SQL Query Safety

100% prepared2 total queries

Output Escaping

42% escaped66 total outputs

Attack Surface

WP Owl Carousel Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[wp_owl] wp_owl_carousel.php:53

WordPress Hooks 23

actioncmb2_initCMB2\example-functions.php:53

actioncmb2_initCMB2\example-functions.php:340

actioncmb2_initCMB2\example-functions.php:371

actioncmb2_initCMB2\example-functions.php:436

actioncmb2_initCMB2\example-functions.php:508

filterget_post_metadataCMB2\includes\CMB2_Ajax.php:112

filterupdate_post_metadataCMB2\includes\CMB2_Ajax.php:115

filtercmb2_show_onCMB2\includes\CMB2_hookup.php:48

actionadd_meta_boxesCMB2\includes\CMB2_hookup.php:65

actionadd_attachmentCMB2\includes\CMB2_hookup.php:66

actionedit_attachmentCMB2\includes\CMB2_hookup.php:67

actionsave_postCMB2\includes\CMB2_hookup.php:68

actionshow_user_profileCMB2\includes\CMB2_hookup.php:97

actionedit_user_profileCMB2\includes\CMB2_hookup.php:98

actionuser_new_formCMB2\includes\CMB2_hookup.php:99

actionpersonal_options_updateCMB2\includes\CMB2_hookup.php:101

actionedit_user_profile_updateCMB2\includes\CMB2_hookup.php:102

actionuser_registerCMB2\includes\CMB2_hookup.php:103

actioninitCMB2\init.php:68

actionwp_enqueue_scriptswp_owl_carousel.php:47

actioninitwp_owl_carousel.php:48

actionedit_form_after_titlewp_owl_carousel.php:49

actioncmb2_initwp_owl_carousel.php:51

Maintenance & Trust

WP Owl Carousel Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34

Last updatedMar 9, 2016

PHP min version

Downloads11K

Community Trust

Rating86/100

Number of ratings4

Active installs200

Alternatives

WP Owl Carousel Alternatives

Smart Slider 3

smart-slider-3

Responsive slider plugin to create sliders in visual editor easily. Build beautiful image slider, layer slider, video slider, post slider, and more.

800K 7 CVEs

Depicter — Popup & Slider Builder

depicter

Build Stunning Slider and Popup. Exit intent Popup, Image slider carousel, video slider carousel, post slider carousel, product slider, promote popup

90K 14 CVEs

Carousel, Slider, Photo Gallery with Lightbox, Video Slider, by WP Carousel

wp-carousel-free

Carousel, Slider, and Photo Gallery with Lightbox plugin. Create Image Carousel, Video Slider, Post Carousel, Post Grid, Product Carousel, and more.

70K 5 CVEs

Slider by Soliloquy – Responsive Image Slider for WordPress

soliloquy-lite

The best WordPress slider plugin. Drag & Drop responsive slider builder that helps you create a beautiful image slideshows with just a few clicks.

30K 2 CVEs

Responsive Owl Carousel for Elementor

responsive-owl-carousel-elementor

A highly customizable, powerful & responsive carousel plugin for Elementor page builder that is based on the Owl Carousel jQuery plugin.

7K 1 CVE

Developer Profile

WP Owl Carousel Developer Profile

Dabuuker

1 plugin · 200 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Owl Carousel

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-owl-carousel/owl-carousel/owl.carousel.css/wp-content/plugins/wp-owl-carousel/owl-carousel/owl.theme.css/wp-content/plugins/wp-owl-carousel/owl-carousel/owl.carousel.min.js/wp-content/plugins/wp-owl-carousel/js/wp-owl-carousel.js

Script Paths

/wp-content/plugins/wp-owl-carousel/owl-carousel/owl.carousel.min.js/wp-content/plugins/wp-owl-carousel/js/wp-owl-carousel.js

Version Parameters

wp-owl-carousel/owl-carousel/owl.carousel.css?ver=wp-owl-carousel/owl-carousel/owl.theme.css?ver=wp-owl-carousel/owl-carousel/owl.carousel.min.js?ver=wp-owl-carousel/js/wp-owl-carousel.js?ver=

HTML / DOM Fingerprints

CSS Classes

owl-carousellazyOwl

Data Attributes

data-owloptions

Shortcode Output

[wp_owl id="

FAQ