WP-Safety

Thumbnail Slider With Lightbox Security & Risk Analysis

wordpress.org/plugins/wp-responsive-slider-with-lightbox

This is a beautiful responsive thumbnail slider for WordPress blogs and sites with responsive lightbox. Admin can manage any number of images into the …

700 active installs v1.0.22 PHP + WP 3.5+ Updated Dec 3, 2025
wordpress-image-lightboxwordpress-lightbox-gallerywordpress-responsive-lightbox-gallerywordpress-responsive-slider-lightboxwordpress-thumbnail-slider-lightbox
90
A · Safe
CVEs total5
Unpatched0
Last CVEOct 28, 2025
Plugin page Download
Safety Verdict

Is Thumbnail Slider With Lightbox Safe to Use in 2026?

Generally Safe

Score 90/100

Thumbnail Slider With Lightbox has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Oct 28, 2025Updated 4mo ago
Risk Assessment

The "wp-responsive-slider-with-lightbox" plugin, version 1.0.22, presents a mixed security posture. While the static analysis indicates a relatively small attack surface with no unprotected entry points and a good percentage of SQL queries utilizing prepared statements, there are significant concerns regarding output escaping and historical vulnerabilities. The fact that only 27% of outputs are properly escaped is a major red flag, suggesting a high risk of Cross-Site Scripting (XSS) vulnerabilities. The taint analysis, though limited in scope (3 flows), did find unsanitized paths, but fortunately, no critical or high severity issues were identified in this specific analysis. This plugin has a concerning history with 5 known CVEs, including high and medium severity issues such as SQL Injection, CSRF, and XSS. The presence of past vulnerabilities, especially the recurring types, indicates a pattern of insecure coding practices that may still exist, even if not immediately apparent in the current static analysis. The recent vulnerability dated 2025-10-28, although currently unpatched, suggests that past security flaws have been addressed, but the overall history warrants caution. In conclusion, the plugin shows some positive signs in its current implementation regarding SQL safety and entry point protection, but the poor output escaping and the past prevalence of critical vulnerability types necessitate careful monitoring and likely remediation.

Key Concerns

  • Low percentage of properly escaped outputs
  • Past high severity vulnerabilities (SQLi, CSRF, XSS)
  • Unsanitized paths found in taint analysis
  • Past medium severity vulnerabilities (SQLi, CSRF, XSS)
Vulnerabilities
5

Thumbnail Slider With Lightbox Security Vulnerabilities

CVEs by Year

4 CVEs in 2023
2023
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

High
2
Medium
3

5 total CVEs

CVE-2015-10146medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Thumbnail Slider With Lightbox <= 1.0.4 - Authenticated (Admin+) SQL Injection

Oct 28, 2025 Patched in 1.0.5 (1d)
CVE-2023-5820high · 8.3Cross-Site Request Forgery (CSRF)

Thumbnail Slider With Lightbox <= 1.0 - Cross-Site Request Forgery to Arbitrary File Upload

Oct 26, 2023 Patched in 1.0.1 (89d)
CVE-2023-5621medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Thumbnail Slider With Lightbox <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Image Title

Oct 17, 2023 Patched in 1.0.1 (98d)
CVE-2023-5531medium · 4.3Cross-Site Request Forgery (CSRF)

Thumbnail Slider With Lightbox <= 1.0 - Cross-Site Request Forgery

Oct 11, 2023 Patched in 1.0.1 (104d)
WF-33b92a86-bb3e-4307-b2cb-7dfde56505cc-wp-responsive-slider-with-lightboxhigh · 8.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Thumbnail Slider With Lightbox <= 1.0.17 - Reflected Cross-Site Scripting

Apr 25, 2023 Patched in 1.0.18 (273d)
Code Analysis
Analyzed Mar 16, 2026

Thumbnail Slider With Lightbox Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
14 prepared
Unescaped Output
195
71 escaped
Nonce Checks
5
Capability Checks
10
File Operations
10
External Requests
1
Bundled Libraries
0

SQL Query Safety

88% prepared16 total queries

Output Escaping

27% escaped266 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
responsive_thumbnail_slider_with_lightbox_image_management_func (wp-responsive-slider-with-lightbox.php:843)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Thumbnail Slider With Lightbox Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 1

authwp_ajax_mass_upload_wrthsliderlboxwp-responsive-slider-with-lightbox.php:23

Shortcodes 1

[print_responsive_slider_plus_lightbox] wp-responsive-slider-with-lightbox.php:19
WordPress Hooks 10
filterwidget_textwp-responsive-slider-with-lightbox.php:13
actionadmin_menuwp-responsive-slider-with-lightbox.php:14
actionwp_enqueue_scriptswp-responsive-slider-with-lightbox.php:18
actionadmin_noticeswp-responsive-slider-with-lightbox.php:20
actionplugins_loadedwp-responsive-slider-with-lightbox.php:21
filteruser_has_capwp-responsive-slider-with-lightbox.php:22
filtermap_meta_capwp-responsive-slider-with-lightbox.php:28
filterwidget_text_contentwp-responsive-slider-with-lightbox.php:3204
filterthe_contentwp-responsive-slider-with-lightbox.php:3205
filterrender_blockwp-responsive-slider-with-lightbox.php:3222
Maintenance & Trust

Thumbnail Slider With Lightbox Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 3, 2025
PHP min version
Downloads47K

Community Trust

Rating76/100
Number of ratings11
Active installs700
Alternatives

Thumbnail Slider With Lightbox Alternatives

No alternatives data available yet.

Developer Profile

Thumbnail Slider With Lightbox Developer Profile

Nks

19 plugins · 23K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
350 days
View full developer profile
Detection Fingerprints

How We Detect Thumbnail Slider With Lightbox

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-responsive-slider-with-lightbox/assets/css/owl.carousel.css/wp-content/plugins/wp-responsive-slider-with-lightbox/assets/css/owl.theme.css/wp-content/plugins/wp-responsive-slider-with-lightbox/assets/css/responsive-slider.css/wp-content/plugins/wp-responsive-slider-with-lightbox/assets/js/owl.carousel.js/wp-content/plugins/wp-responsive-slider-with-lightbox/assets/js/responsive-slider.js/wp-content/plugins/wp-responsive-slider-with-lightbox/assets/js/responsive-lightbox.js
Script Paths
assets/js/owl.carousel.jsassets/js/responsive-slider.jsassets/js/responsive-lightbox.js
Version Parameters
wp-responsive-slider-with-lightbox/assets/css/owl.carousel.css?ver=wp-responsive-slider-with-lightbox/assets/css/owl.theme.css?ver=wp-responsive-slider-with-lightbox/assets/css/responsive-slider.css?ver=wp-responsive-slider-with-lightbox/assets/js/owl.carousel.js?ver=wp-responsive-slider-with-lightbox/assets/js/responsive-slider.js?ver=wp-responsive-slider-with-lightbox/assets/js/responsive-lightbox.js?ver=

HTML / DOM Fingerprints

CSS Classes
responsive-slider-wrapperrtswl-slider-containerrtswl-slider-itemrtswl-lightbox-overlayrtswl-lightbox-contentrtswl-lightbox-imagertswl-lightbox-closertswl-lightbox-prev+9 more
HTML Comments
<!-- responsive-slider-plus-lightbox Start --><!-- responsive-slider-plus-lightbox End --><!-- Responsive Slider Plus Lightbox Start --><!-- Responsive Slider Plus Lightbox End -->
Data Attributes
data-responsive-slider-iddata-rtswl-slider-iddata-rtswl-lightbox-url
JS Globals
rtswl_slider_settingsresponsive_slider_init
Shortcode Output
[print_responsive_slider_plus_lightbox<div class='responsive-slider-wrapper'
FAQ

Frequently Asked Questions about Thumbnail Slider With Lightbox