WP-Safety

Thumbnail carousel slider Security & Risk Analysis

wordpress.org/plugins/wp-responsive-thumbnail-slider

This is a beautiful responsive thumbnail slider for WordPress sites. Admin can manage any number of images into the responsive thumbnail slider.

2K active installs v1.1.14 PHP + WP 3.5+ Updated Dec 19, 2025
responsive-thumbnail-gallerywordpress-fluid-sliderwordpress-gallery-responsivewordpress-responsive-slider-carouselwordpress-responsive-slideshow
94
A · Safe
CVEs total6
Unpatched0
Last CVEMar 14, 2025
Plugin page Download
Safety Verdict

Is Thumbnail carousel slider Safe to Use in 2026?

Generally Safe

Score 94/100

Thumbnail carousel slider has a strong security track record. Known vulnerabilities have been patched promptly.

6 known CVEsLast CVE: Mar 14, 2025Updated 3mo ago
Risk Assessment

The wp-responsive-thumbnail-slider plugin, in version 1.1.14, exhibits a mixed security posture. While it demonstrates good practices like utilizing prepared statements for all SQL queries and incorporating nonce and capability checks, there are significant areas of concern. The static analysis reveals that 79% of output is not properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities where user-supplied data could be rendered unsafely. Furthermore, all three analyzed taint flows resulted in unsanitized paths, although no critical or high severity issues were flagged in the taint analysis itself, this still points to potential data handling weaknesses.

The plugin's vulnerability history is a major red flag. With a total of six known CVEs, including two high-severity vulnerabilities related to SQL Injection, CSRF, XSS, and unrestricted file uploads, past issues suggest recurring security flaws. The fact that there are currently no unpatched vulnerabilities is a positive sign, but the pattern of past vulnerabilities is concerning. The plugin has a moderate attack surface with two entry points, both of which appear to be protected by authentication checks, which is a positive.

Key Concerns

  • High percentage of unescaped output
  • All taint flows have unsanitized paths
  • History of high severity vulnerabilities (2 CVEs)
  • History of medium severity vulnerabilities (4 CVEs)
  • History of SQL Injection vulnerabilities
  • History of CSRF vulnerabilities
  • History of XSS vulnerabilities
  • History of Unrestricted File Upload vulnerabilities
Vulnerabilities
6

Thumbnail carousel slider Security Vulnerabilities

CVEs by Year

1 CVE in 2015
2015
1 CVE in 2020
2020
3 CVEs in 2023
2023
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

High
2
Medium
4

6 total CVEs

CVE-2019-25222medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Thumbnail carousel slider <= 1.0.4 - Authenticated (Admin+) SQL Injection

Mar 14, 2025 Patched in 1.0.5 (1d)
CVE-2023-5821medium · 4.3Cross-Site Request Forgery (CSRF)

Thumbnail carousel slider <= 1.0 - Cross-Site Request Forgery to Mass Slider Deletion

Oct 26, 2023 Patched in 1.0.1 (89d)
CVE-2023-1915medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Thumbnail carousel slider <= 1.1.9 - Reflected Cross-Site Scripting

Apr 18, 2023 Patched in 1.1.10 (280d)
CVE-2023-2120medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Thumbnail carousel slider <= 1.1.9 - Reflected Cross-Site Scripting

Apr 17, 2023 Patched in 1.1.10 (281d)
WF-0f87d37a-879f-4506-a651-8c965a558e28-wp-responsive-thumbnail-sliderhigh · 7.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Thumbnail carousel slider < 1.0.1 - Stored Cross-Site Scripting and Cross-Site Request Forgery

Dec 28, 2020 Patched in 1.0.1 (1121d)
CVE-2015-10144high · 8.8Unrestricted Upload of File with Dangerous Type

Responsive Thumbnail Slider < 1.0.1 - Authenticated (Subscriber+) Arbitrary File Upload

Aug 29, 2015 Patched in 1.0.1 (3618d)
Code Analysis
Analyzed Mar 17, 2026

Thumbnail carousel slider Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
13 prepared
Unescaped Output
224
60 escaped
Nonce Checks
5
Capability Checks
10
File Operations
10
External Requests
1
Bundled Libraries
1

Bundled Libraries

jQuery

SQL Query Safety

100% prepared13 total queries

Output Escaping

21% escaped284 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
responsive_thumbnail_image_management (wp-responsive-images-thumbnail-slider.php:881)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Thumbnail carousel slider Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 1

authwp_ajax_mass_upload_wrthsliderwp-responsive-images-thumbnail-slider.php:23

Shortcodes 1

[print_responsive_thumbnail_slider] wp-responsive-images-thumbnail-slider.php:18
WordPress Hooks 10
actionadmin_menuwp-responsive-images-thumbnail-slider.php:13
actionwp_enqueue_scriptswp-responsive-images-thumbnail-slider.php:17
actionadmin_noticeswp-responsive-images-thumbnail-slider.php:19
filterwidget_textwp-responsive-images-thumbnail-slider.php:20
filteruser_has_capwp-responsive-images-thumbnail-slider.php:21
actionplugins_loadedwp-responsive-images-thumbnail-slider.php:22
filtermap_meta_capwp-responsive-images-thumbnail-slider.php:28
filterwidget_text_contentwp-responsive-images-thumbnail-slider.php:3221
filterthe_contentwp-responsive-images-thumbnail-slider.php:3222
filterrender_blockwp-responsive-images-thumbnail-slider.php:3238
Maintenance & Trust

Thumbnail carousel slider Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 19, 2025
PHP min version
Downloads102K

Community Trust

Rating88/100
Number of ratings23
Active installs2K
Alternatives

Thumbnail carousel slider Alternatives

Xpro Gallery For Beaver Builder – Lite

Xpro Gallery For Beaver Builder – Lite

filterable-photo-gallery-beaver-builder-elementor

A
92

The Most Premium Gallery Addon for Your Beaver Builder Websites

100 No CVEs
Developer Profile

Thumbnail carousel slider Developer Profile

Nks

19 plugins · 23K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
350 days
View full developer profile
Detection Fingerprints

How We Detect Thumbnail carousel slider

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-responsive-thumbnail-slider/css/owl.carousel.min.css/wp-content/plugins/wp-responsive-thumbnail-slider/css/owl.theme.default.min.css/wp-content/plugins/wp-responsive-thumbnail-slider/css/responsive-thumbnail-slider.css/wp-content/plugins/wp-responsive-thumbnail-slider/js/owl.carousel.min.js/wp-content/plugins/wp-responsive-thumbnail-slider/js/responsive-thumbnail-slider.js
Script Paths
/wp-content/plugins/wp-responsive-thumbnail-slider/js/owl.carousel.min.js/wp-content/plugins/wp-responsive-thumbnail-slider/js/responsive-thumbnail-slider.js
Version Parameters
wp-responsive-thumbnail-slider/css/owl.carousel.min.css?ver=wp-responsive-thumbnail-slider/css/owl.theme.default.min.css?ver=wp-responsive-thumbnail-slider/css/responsive-thumbnail-slider.css?ver=wp-responsive-thumbnail-slider/js/owl.carousel.min.js?ver=wp-responsive-thumbnail-slider/js/responsive-thumbnail-slider.js?ver=

HTML / DOM Fingerprints

CSS Classes
owl-carouselowl-themeowl-dotsowl-navresponsive-thumbnail-slider
Data Attributes
data-rts-slider-id
JS Globals
rts_slider_options
Shortcode Output
[print_responsive_thumbnail_slider]
FAQ

Frequently Asked Questions about Thumbnail carousel slider