WP Clinic
Log in Sign up

PLUGIN SECURITY

Is Ml Slider safe?

Known vulnerabilities, PHP compatibility and safer alternatives for the Ml Slider WordPress plugin — checked against WP Clinic's local security database.

Plugin details

  • Slug: ml-slider
  • Requires PHP: 7.0+
  • Max supported PHP (analyzed): 8.4

Known vulnerabilities

  • Slider, Gallery, and Carousel by MetaSlider &#8211; Image Slider, Video Slider [ml-slider] < 2.6 [CVE-2014-4846, WordPress Meta Slider Plugin <= 2.5 - XSS, Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Plugin <= 2.5 - Cross-Site Scripting, Meta Slider &lt;= 2.5 - Cross-Site Scripting (XSS)]
  • Slider, Gallery, and Carousel by MetaSlider &#8211; Image Slider, Video Slider [ml-slider] < 3.17.2 [WordPress Responsive Slider by MetaSlider plugin <= 3.17.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability]
  • Slider, Gallery, and Carousel by MetaSlider &#8211; Image Slider, Video Slider [ml-slider] < 2.2 [WordPress Meta Slider Plugin <= 2.1.6 - Full Path Disclosure]
  • Slider, Gallery, and Carousel by MetaSlider &#8211; Image Slider, Video Slider [ml-slider] < 3.27.9 [CVE-2022-2823, Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Plugin <= 3.27.8 - Authenticated (Administrator+) Stored Cross-Site Scripting, WordPress Responsive Slider by MetaSlider Plugin <= 3.27.8 is vulnerable to Cross Site Scripting (XSS), Slider, Gallery, and Carousel by MetaSlider &lt; 3.27.9 - Admin+ Stored Cross Site Scripting]
  • Slider, Gallery, and Carousel by MetaSlider &#8211; Image Slider, Video Slider [ml-slider] < 3.17.2 [Slider, Gallery, and Carousel by MetaSlider <= 3.17.1 - Authenticated Stored Cross-Site Scripting]
+ 14 more known vulnerabilities
  • Slider, Gallery, and Carousel by MetaSlider &#8211; Image Slider, Video Slider [ml-slider] < 2.2 [Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Plugin <= 2.1.6 - Full Path Disclosure]
  • Slider, Gallery, and Carousel by MetaSlider &#8211; Image Slider, Video Slider [ml-slider] < 3.29.1 [Slider, Gallery, and Carousel by MetaSlider <= 3.29.0 - Reflected Cross-Site Scripting]
  • Slider, Gallery, and Carousel by MetaSlider &#8211; Image Slider, Video Slider [ml-slider] < 3.28.1 [CVE-2022-47150, WordPress Responsive Slider by MetaSlider Plugin <= 3.28.0 is vulnerable to Cross Site Request Forgery (CSRF)]
  • Slider, Gallery, and Carousel by MetaSlider &#8211; Image Slider, Video Slider [ml-slider] < 3.29.1 [WordPress Meta Slider Plugin <= 3.29.0 is vulnerable to Cross Site Scripting (XSS)]
  • Slider, Gallery, and Carousel by MetaSlider &#8211; Image Slider, Video Slider [ml-slider] < 3.29.1 [CVE-2023-1473, WordPress Meta Slider Plugin <= 3.29.0 is vulnerable to Cross Site Scripting (XSS), Responsive WordPress Slideshows 3.29.0 - Reflected XSS]
  • Slider, Gallery, and Carousel by MetaSlider &#8211; Image Slider, Video Slider [ml-slider] < 3.17.2 [MetaSlider &lt; 3.17.2 - Authenticated Stored Cross-Site Scripting (XSS)]
  • Slider, Gallery, and Carousel by MetaSlider &#8211; Image Slider, Video Slider [ml-slider] < 2.2 [Meta Slider 2.1.6 - Multiple Full Path Disclosure]
  • Slider, Gallery, and Carousel by MetaSlider &#8211; Image Slider, Video Slider [ml-slider] < 3.70.1 [CVE-2024-3285, Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows <= 3.70.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via metaslider Shortcode, WordPress Responsive Slider by MetaSlider Plugin <= 3.70.0 is vulnerable to Cross Site Scripting (XSS)]
  • Slider, Gallery, and Carousel by MetaSlider &#8211; Image Slider, Video Slider [ml-slider] < 3.92.1 [CVE-2025-24533, EUVD-2025-3745, Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider <= 3.92.0 - Cross-Site Request Forgery]
  • Slider, Gallery, and Carousel by MetaSlider &#8211; Image Slider, Video Slider [ml-slider] < 3.95.0 [CVE-2025-26763, WordPress Responsive Slider by MetaSlider Plugin <= 3.94.0 is vulnerable to PHP Object Injection, Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider <= 3.94.0 - Authenticated (Editor+) PHP Object Injection, EUVD-2025-4431]
  • Slider, Gallery, and Carousel by MetaSlider &#8211; Image Slider, Video Slider [ml-slider] < 3.95.0 [Slider, Gallery, Carousel by MetaSlider < 3.95.0 - Editor+ Stored XSS, EUVD-2025-8002, Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider <= 3.94.0 - Authenticated (Admin+) Stored Cross-Site Scripting, EUVD-2025-8000]
  • Slider, Gallery, and Carousel by MetaSlider &#8211; Image Slider, Video Slider [ml-slider] < 3.99.0 [CVE-2025-5337, Slider, Gallery, and Carousel by MetaSlider <= 3.98.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via aria-label Parameter, EUVD-2025-18336]
  • Slider, Gallery, and Carousel by MetaSlider &#8211; Image Slider, Video Slider [ml-slider] < 3.107.0 [CVE-2026-39467, Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider <= 3.106.0 - Authenticated (Editor+) PHP Object Injection]
  • Slider, Gallery, and Carousel by MetaSlider &#8211; Image Slider, Video Slider [ml-slider] < 3.107.0 [CVE-2026-39465, Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider <= 3.106.0 - Authenticated (Editor+) Remote Code Execution, EUVD-2026-36932]

Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.

Safer / more established alternatives

Check your own WordPress site

Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.