Does WP Smart Flexslider have any unpatched vulnerabilities?

Yes — WP Smart Flexslider currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is WP Smart Flexslider compatible with WordPress 4.8.28?

According to WordPress.org data, WP Smart Flexslider 2.5 has been tested up to WordPress 4.8.28. Check the plugin's changelog for the latest compatibility information.

How often is WP Smart Flexslider updated?

WP Smart Flexslider was last updated on Jan 23, 2018. Frequent updates are generally a positive security signal.

What is WP Smart Flexslider's security score?

WP Smart Flexslider has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Smart Flexslider Security & Risk Analysis

wordpress.org/plugins/wp-smart-flexslider

This is Bootstrap Flex Slider plugin. Its used for Bootstrap and Non Bootstrap themes

100 active installs v2.5 PHP + WP 3.0.1+ Updated Jan 23, 2018

bootstrap-flex-sliderbootstrap-sliderflex-sliderresponsive-sliderslider

C · Use Caution

CVEs total1

Unpatched1

Last CVEJul 14, 2025

Plugin page Download

Safety Verdict

Is WP Smart Flexslider Safe to Use in 2026?

Use With Caution

Score 63/100

WP Smart Flexslider has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Jul 14, 2025Updated 8yr ago

Risk Assessment

The wp-smart-flexslider plugin v2.5 exhibits a mixed security posture. On one hand, it demonstrates good practices by exclusively using prepared statements for SQL queries and avoiding file operations or external HTTP requests. It also includes nonce and capability checks on some entry points. However, significant concerns arise from the presence of unprotected AJAX handlers, which represent a direct attack vector. Furthermore, the taint analysis revealed a flow with unsanitized paths, indicating a potential for vulnerabilities even though no critical or high severity issues were identified in this specific analysis.

The plugin's vulnerability history is a major red flag. With one known medium-severity CVE that remains unpatched, and a common vulnerability type of Cross-site Scripting, this indicates a recurring pattern of security weaknesses. The presence of an unpatched vulnerability, regardless of its severity, exposes users to known risks. The last vulnerability being in July 2025 also suggests recent issues that haven't been addressed.

In conclusion, while the plugin has some strong security foundations, the unprotected AJAX handlers, the identified unsanitized taint flow, and most critically, the unpatched CVE significantly elevate the risk profile. Users should be cautious and prioritize updating to a version that addresses the known vulnerability. The lack of proper output escaping on a substantial portion of its outputs is also a concern that could lead to XSS vulnerabilities if not addressed.

Key Concerns

Unpatched CVE (medium severity)
Unprotected AJAX handlers
Unsanitized path in taint flow
Low output escaping percentage

Vulnerabilities

WP Smart Flexslider Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-49955medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Smart Flexslider <= 2.5 - Reflected Cross-Site Scripting

Jul 14, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

WP Smart Flexslider Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

9 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

20% escaped46 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

wpflexslider_ajax (admin\class-wpsmartflexslider-admin.php:341)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

WP Smart Flexslider Attack Surface

Entry Points3

Unprotected2

AJAX Handlers 2

noprivwp_ajax_wpflexslider_ajaxadmin\class-wpsmartflexslider-admin.php:59

authwp_ajax_wpflexslider_ajaxadmin\class-wpsmartflexslider-admin.php:60

Shortcodes 1

[display_flexslider] public\class-wpsmartflexslider-public.php:55

WordPress Hooks 9

actioninitadmin\class-wpsmartflexslider-admin.php:54

actionadd_meta_boxesadmin\class-wpsmartflexslider-admin.php:56

actionsave_postadmin\class-wpsmartflexslider-admin.php:57

actiondo_meta_boxesadmin\class-wpsmartflexslider-admin.php:61

actionplugins_loadedincludes\class-wpsmartflexslider.php:139

actionadmin_enqueue_scriptsincludes\class-wpsmartflexslider.php:154

actionadmin_enqueue_scriptsincludes\class-wpsmartflexslider.php:155

actionwp_enqueue_scriptsincludes\class-wpsmartflexslider.php:170

actionwp_enqueue_scriptsincludes\class-wpsmartflexslider.php:171

Maintenance & Trust

WP Smart Flexslider Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28

Last updatedJan 23, 2018

PHP min version

Downloads21K

Community Trust

Rating20/100

Number of ratings2

Active installs100

Alternatives

WP Smart Flexslider Alternatives

Responsive Slider

responsive-slider

A responsive slider for integrating into themes via a simple shortcode.

3K No CVEs

Advanced Bootstrap Carousel

advanced-bootstrap-carousel

Advanced Bootstrap Carousel is a light weighted responsive slider plugin.

300 No CVEs

WP Bootstrap Carousel by IT Pixelz

wp-bootstrap-carousel-by-it-pixelz

Bootstrap responsive carousel slider, just install in clicks and get ready your bootstrap slider for your website.

50 No CVEs

Slider Bootstrap Carousel

slider-bootstrap-carousel

Slider Bootstrap Carousel 4 for WordPress with image link and categories.

20 No CVEs

Bootstrap Slider By themescode

bootstrap-slider-by-themescode

Twitter Bootstrap based professional WordPress carousel slider plugin on click installation.use the shortcode where want to use

10 No CVEs

Developer Profile

WP Smart Flexslider Developer Profile

Rajan Vijayan

5 plugins · 130 total installs

trust score

Avg Security Score

81/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Smart Flexslider

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-smart-flexslider/assets/css/animate.css/wp-content/plugins/wp-smart-flexslider/assets/css/bootstrap.css/wp-content/plugins/wp-smart-flexslider/assets/css/flexslider.css/wp-content/plugins/wp-smart-flexslider/assets/js/bootstrap.js/wp-content/plugins/wp-smart-flexslider/assets/js/custom.js/wp-content/plugins/wp-smart-flexslider/assets/js/jquery.flexslider.js/wp-content/plugins/wp-smart-flexslider/admin/css/wpsmartflexslider-admin.css/wp-content/plugins/wp-smart-flexslider/admin/js/wpsmartflexslider-admin.js

Script Paths

/wp-content/plugins/wp-smart-flexslider/assets/js/jquery.flexslider.js/wp-content/plugins/wp-smart-flexslider/assets/js/custom.js

Version Parameters

/wp-content/plugins/wp-smart-flexslider/assets/css/flexslider.css?ver=/wp-content/plugins/wp-smart-flexslider/assets/js/jquery.flexslider.js?ver=/wp-content/plugins/wp-smart-flexslider/assets/js/custom.js?ver=

HTML / DOM Fingerprints

CSS Classes

wp-smart-flexsliderflex-direction-navflex-control-navflex-viewportwpsmartflexslider-admin-wrap

HTML Comments

Data Attributes

data-wpsmartflexslider-iddata-wpsmartflexslider-settings

JS Globals

wpsmartflexslider_params

Shortcode Output

<div class="wp-smart-flexslider" id="wpsmartflexslider-<div class="wpsmartflexslider-container">

FAQ