Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider

ml-slider · by metaslider · wordpress.org ↗ · SVN ↗

Active installs: 500k+
Current version: 3.108.0
Added: 2013-02-15
Last updated: 2026-04-16 (15d ago)
First seen by beacon: 10d ago
Total downloads: 33,725,473

Alerts (0)

No open alerts.

Show 2 resolved alerts

Critical code_pattern Resolved · no_longer_matches 2026-04-24 17:01:47 (7d ago)

Slug	ml-slider
Pattern	`unserialize_after_remote_call`
Kind	`builtin`
Version	`3.108.0`
Hit count	3
First hit	File `lib/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer.php` Line 73 Snippet L73: return unserialize(file_get_contents($file)); → L73: return unserialize(file_get_contents($file));
Explanation	a remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak.

View raw JSON

{
    "slug": "ml-slider",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "3.108.0",
    "hit_count": 3,
    "first_hit": {
        "file": "lib/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer.php",
        "line": 73,
        "snippet": "L73: return unserialize(file_get_contents($file));  \u2192  L73: return unserialize(file_get_contents($file));"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak."
}

Critical code_scan_delta Resolved · fp_vendored_library_local_cache 2026-04-24 15:52:38 (7d ago)

Slug ml-slider

Previous version 3.108.0

Current version 3.108.0

New findings

Pattern	Kind	File	Line	Snippet	Confidence
`unserialize_after_remote_call`	`builtin`	`lib/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer.php`	73	L73: return unserialize(file_get_contents($file)); → L73: return unserialize(file_get_contents($file));	`high`
`unserialize_after_remote_call`	`builtin`	`lib/htmlpurifier/library/HTMLPurifier/ConfigSchema.php`	72	L71: $contents = file_get_contents(HTMLPURIFIER_PREFIX . '/HTMLPurifier/ConfigSchema/sc → L72: $r = unserialize($contents);	`high`
`unserialize_after_remote_call`	`builtin`	`lib/htmlpurifier/library/HTMLPurifier/EntityLookup.php`	26	L26: $this->table = unserialize(file_get_contents($file)); → L26: $this->table = unserialize(file_get_contents($file));	`high`

New finding count 3

View raw JSON

{
    "slug": "ml-slider",
    "previous_version": "3.108.0",
    "current_version": "3.108.0",
    "new_findings": [
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "lib/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer.php",
            "line": 73,
            "snippet": "L73: return unserialize(file_get_contents($file));  \u2192  L73: return unserialize(file_get_contents($file));",
            "confidence": "high"
        },
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "lib/htmlpurifier/library/HTMLPurifier/ConfigSchema.php",
            "line": 72,
            "snippet": "L71: $contents = file_get_contents(HTMLPURIFIER_PREFIX . '/HTMLPurifier/ConfigSchema/sc  \u2192  L72: $r = unserialize($contents);",
            "confidence": "high"
        },
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "lib/htmlpurifier/library/HTMLPurifier/EntityLookup.php",
            "line": 26,
            "snippet": "L26: $this->table = unserialize(file_get_contents($file));  \u2192  L26: $this->table = unserialize(file_get_contents($file));",
            "confidence": "high"
        }
    ],
    "new_finding_count": 3
}

SVN committers (6)

Accounts with actual commit access to ml-slider on plugins.svn.wordpress.org, reconstructed from svn log. This is the list that matters for ownership changes — not the readme contributors.

Committer	Member since	Commits	First commit	Latest commit
matchalabs	2013-01-06	237	2014-04-10 · r890566	2017-05-31 · r1667619
MetaSlider Young account	2020-08-09	93	2020-08-28 · r2370840	2024-06-13 · r3102369
Steve Burge	2016-11-28	66	2023-01-25 · r2854719	2026-04-10 · r3503480
andergmartins	2016-12-22	30	2022-07-14 · r2756438	2026-04-16 · r3508206
David Anderson / Team Updraft	2008-01-02	7	2017-05-31 · r1667625	2020-08-17 · r2363226
htmgarcia	2015-07-30	4	2024-07-10 · r3115225	2025-04-16 · r3274753

Readme contributors (6)

Names the plugin's readme declares as contributors. A soft signal — anyone can be listed. The SVN access column is the ground-truth cross-reference: does this contributor actually commit code?

Contributor	Member since	SVN access	Status
MetaSlider	2020-08-09	93 commits	Active
Steve Burge	2016-11-28	66 commits	Active
andergmartins	2016-12-22	30 commits	Active
htmgarcia	2015-07-30	4 commits	Active
PublishPress	2018-01-18	—	Active
rochdesigns	2021-02-08	—	Active

Versions (100 most recent)

Version	Released	Download
3.108.0	2026-04-16 · 15d ago	zip
3.107.0	2026-04-10 · 21d ago	zip
3.106.0	2026-03-02 · 2mo ago	zip
3.105.0	2026-01-27 · 3mo ago	zip
3.104.0	2025-12-16 · 4mo ago	zip
3.103.0	2025-12-12 · 4mo ago	zip
3.102.0	2025-10-16 · 6mo ago	zip
3.101.0	2025-09-11 · 7mo ago	zip
3.100.1	2025-08-08 · 8mo ago	zip
3.100.0	2025-07-21 · 9mo ago	zip
3.99.0	2025-06-11 · 10mo ago	zip
3.98.0	2025-05-13 · 11mo ago	zip
3.97.0	2025-04-16 · 1y ago	zip
3.96.0	2025-02-13 · 1y ago	zip
3.95.0	2025-01-27 · 1y ago	zip
3.94.0	2025-01-07 · 1y ago	zip
3.93.0	2024-11-14 · 1y ago	zip
3.92.1	2024-10-28 · 1y ago	zip
3.92.0	2024-10-14 · 1y ago	zip
3.91.0	2024-09-09 · 1y ago	zip
3.90.1	2024-08-02 · 1y ago	zip
3.90.0	2024-08-02 · 1y ago	zip
3.80.0	2024-06-12 · 1y ago	zip
3.70.2	2024-04-10 · 2y ago	zip
3.70.1	2024-04-09 · 2y ago	zip
3.70.0	2024-04-03 · 2y ago	zip
3.62.0	2024-04-02 · 2y ago	zip
3.61.0	2024-02-05 · 2y ago	zip
3.60.1	2024-01-11 · 2y ago	zip
3.60.0	2023-12-13 · 2y ago	zip
3.50.0	2023-12-04 · 2y ago	zip
3.40.0	2023-10-10 · 2y ago	zip
3.37.0	2023-09-14 · 2y ago	zip
3.36.0	2023-08-14 · 2y ago	zip
3.35.0	2023-08-10 · 2y ago	zip
3.34.0	2023-08-10 · 2y ago	zip
3.33.0	2023-08-08 · 2y ago	zip
3.30.0	2023-08-08 · 2y ago	zip
3.30.1	2023-08-08 · 2y ago	zip
3.32.0	2023-06-28 · 2y ago	zip
3.31.0	2023-05-24 · 2y ago	zip
3.29.1	2023-03-30 · 3y ago	zip
3.29.0	2023-03-21 · 3y ago	zip
3.28.3	2023-01-26 · 3y ago	zip
3.28.2	2022-12-20 · 3y ago	zip
3.28.1	2022-12-20 · 3y ago	zip
3.28.0	2022-12-01 · 3y ago	zip
3.27.14	2022-11-17 · 3y ago	zip
3.27.13	2022-11-01 · 3y ago	zip
3.27.12	2022-09-08 · 3y ago	zip
3.27.11	2022-09-07 · 3y ago	zip
3.27.10	2022-09-07 · 3y ago	zip
3.27.9	2022-09-06 · 3y ago	zip
3.27.9-beta.3	2022-08-29 · 3y ago	zip
3.27.9-beta.2	2022-08-29 · 3y ago	zip
3.27.8	2022-07-18 · 3y ago	zip
3.27.7	2022-07-14 · 3y ago	zip
3.27.6	2022-06-27 · 3y ago	zip
3.27.5	2022-05-24 · 3y ago	zip
3.27.4	2022-05-11 · 3y ago	zip
3.27.3	2022-03-22 · 4y ago	zip
3.27.2	2022-03-08 · 4y ago	zip
3.27.1	2022-02-23 · 4y ago	zip
3.27.0	2022-02-23 · 4y ago	zip
3.26.0	2022-02-09 · 4y ago	zip
3.25.2	2022-02-01 · 4y ago	zip
3.25.1	2022-01-26 · 4y ago	zip
3.25.0	2022-01-25 · 4y ago	zip
3.24.0	2022-01-07 · 4y ago	zip
3.23.5	2021-11-30 · 4y ago	zip
3.23.4	2021-11-23 · 4y ago	zip
3.23.3	2021-11-13 · 4y ago	zip
3.23.2	2021-11-11 · 4y ago	zip
3.23.1	2021-11-11 · 4y ago	zip
3.23.0	2021-08-27 · 4y ago	zip
3.22.1	2021-08-11 · 4y ago	zip
3.22.0	2021-08-06 · 4y ago	zip
3.21.0	2021-07-22 · 4y ago	zip
3.20.3	2021-03-04 · 5y ago	zip
3.20.2	2021-02-09 · 5y ago	zip
3.20.1	2021-02-04 · 5y ago	zip
3.20.0	2021-01-20 · 5y ago	zip
3.19.1	2020-12-01 · 5y ago	zip
3.19.0	2020-11-12 · 5y ago	zip
3.18.9	2020-11-05 · 5y ago	zip
3.18.8	2020-11-02 · 5y ago	zip
3.18.7	2020-10-27 · 5y ago	zip
3.18.6	2020-10-26 · 5y ago	zip
3.18.5	2020-10-26 · 5y ago	zip
3.18.4	2020-10-21 · 5y ago	zip
3.18.3	2020-10-15 · 5y ago	zip
3.18.2	2020-10-02 · 5y ago	zip
3.18.1	2020-09-21 · 5y ago	zip
3.18.0	2020-09-10 · 5y ago	zip
3.17.6	2020-09-02 · 5y ago	zip
3.17.5	2020-08-31 · 5y ago	zip
3.17.4	2020-08-29 · 5y ago	zip
3.17.3	2020-08-29 · 5y ago	zip
3.17.2	2020-08-28 · 5y ago	zip
3.17.1	2020-08-17 · 5y ago	zip