Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery Security & Risk Analysis

wordpress.org/plugins/aeroscroll-gallery

Wordpress Aeroscroll Gallery – A Infinite Scroll Image Gallery to create stunning photo galleries, Post Grids and News Scrollers

10 active installs v1.0.13 PHP 7.1+ WP 4.8+ Updated Aug 11, 2025
image-galleryinfinite-scrollnews-scrollerphoto-gallerypost-grid
79
B · Generally Safe
CVEs total1
Unpatched1
Last CVEJun 9, 2025
Safety Verdict

Is Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery Safe to Use in 2026?

Mostly Safe

Score 79/100

Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery is generally safe to use. 1 past CVE were resolved.

1 known CVE 1 unpatched Last CVE: Jun 9, 2025Updated 11mo ago
Risk Assessment

The aeroscroll-gallery plugin exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to secure coding practices by utilizing prepared statements for all SQL queries and performing capability checks on a significant portion of its entry points. The absence of dangerous functions is also a good sign. However, several critical areas raise concerns. The presence of 4 REST API routes without permission callbacks exposes potential vulnerabilities for unauthenticated users. The taint analysis revealed 2 flows with unsanitized paths and one high-severity flow, indicating a risk of malicious input being processed in a way that could lead to unintended actions, potentially related to file system access given the plugin's file operation count.

The vulnerability history is particularly concerning, with one known medium-severity CVE, specifically a 'Path Traversal' vulnerability, which is still unpatched. This, combined with the taint analysis findings, strongly suggests a recurring pattern of issues related to handling user-supplied path information insecurely. While the plugin has strengths in database interaction and access control for many endpoints, the combination of unprotected REST API routes and identified path-related vulnerabilities presents a tangible risk that requires immediate attention. The unpatched CVE indicates a lack of timely security patching, further exacerbating the risk.

Key Concerns

  • Unpatched CVE found
  • High severity taint flow found
  • REST API routes without permission callbacks
  • Flows with unsanitized paths found
  • 50% of output not properly escaped
  • No nonce checks found
Vulnerabilities
1 published

Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-49451medium · 5.3Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery <= 1.0.12 - Unauthenticated Directory Traversal

Jun 9, 2025Unpatched
Version History

Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery Release Timeline

v1.0.121 CVE
v1.0.111 CVE
v1.0.101 CVE
v1.0.91 CVE
v1.0.81 CVE
v1.0.71 CVE
v1.0.61 CVE
v1.0.51 CVE
Code Analysis
Analyzed Mar 17, 2026

Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
40 prepared
Unescaped Output
9
9 escaped
Nonce Checks
0
Capability Checks
20
File Operations
22
External Requests
1
Bundled Libraries
0

SQL Query Safety

100% prepared40 total queries

Output Escaping

50% escaped18 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths
upload_images (includes\class-aeroscroll-gallery-custom-endpoint.php:1082)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery Attack Surface

Entry Points25
Unprotected4

REST API Routes 25

GET/wp-json/aeroscroll/v1/getpostsincludes\class-aeroscroll-gallery-custom-endpoint.php:31
GET/wp-json/aeroscroll/v1/getimagegallerydataincludes\class-aeroscroll-gallery-custom-endpoint.php:37
GET/wp-json/aeroscroll/v1/settingsincludes\class-aeroscroll-gallery-custom-endpoint.php:43
POST/wp-json/aeroscroll/v1/settingsincludes\class-aeroscroll-gallery-custom-endpoint.php:50
GET/wp-json/aeroscroll/v1/getgridsincludes\class-aeroscroll-gallery-custom-endpoint.php:64
POST/wp-json/aeroscroll/v1/updategridincludes\class-aeroscroll-gallery-custom-endpoint.php:74
POST/wp-json/aeroscroll/v1/addgridincludes\class-aeroscroll-gallery-custom-endpoint.php:84
POST/wp-json/aeroscroll/v1/deletegridincludes\class-aeroscroll-gallery-custom-endpoint.php:94
GET/wp-json/aeroscroll/v1/getimagegalleriesincludes\class-aeroscroll-gallery-custom-endpoint.php:106
POST/wp-json/aeroscroll/v1/addimagegalleryincludes\class-aeroscroll-gallery-custom-endpoint.php:116
POST/wp-json/aeroscroll/v1/updateimagegalleryincludes\class-aeroscroll-gallery-custom-endpoint.php:126
POST/wp-json/aeroscroll/v1/deleteimagegalleryincludes\class-aeroscroll-gallery-custom-endpoint.php:136
POST/wp-json/aeroscroll/v1/uploadimagesincludes\class-aeroscroll-gallery-custom-endpoint.php:147
POST/wp-json/aeroscroll/v1/listfolderincludes\class-aeroscroll-gallery-custom-endpoint.php:158
POST/wp-json/aeroscroll/v1/deleteitemincludes\class-aeroscroll-gallery-custom-endpoint.php:168
POST/wp-json/aeroscroll/v1/renameitemincludes\class-aeroscroll-gallery-custom-endpoint.php:178
POST/wp-json/aeroscroll/v1/createfolderincludes\class-aeroscroll-gallery-custom-endpoint.php:188
GET/wp-json/aeroscroll/v1/getgalleryimagesincludes\class-aeroscroll-gallery-custom-endpoint.php:198
POST/wp-json/aeroscroll/v1/addgalleryimagesincludes\class-aeroscroll-gallery-custom-endpoint.php:208
POST/wp-json/aeroscroll/v1/deletegalleryimagesincludes\class-aeroscroll-gallery-custom-endpoint.php:218
POST/wp-json/aeroscroll/v1/updategalleryimagesincludes\class-aeroscroll-gallery-custom-endpoint.php:228
GET/wp-json/aeroscroll/v1/manageserialincludes\class-aeroscroll-gallery-pro-endpoints.php:11
POST/wp-json/aeroscroll/v1/exportimagegalleryincludes\class-aeroscroll-gallery-pro-endpoints.php:20
POST/wp-json/aeroscroll/v1/importimagegalleryincludes\class-aeroscroll-gallery-pro-endpoints.php:31
POST/wp-json/aeroscroll/v1/optimizeimagesincludes\class-aeroscroll-gallery-pro-endpoints.php:43
WordPress Hooks 12
actionwp_enqueue_scriptsadmin\class-aeroscroll-gallery-admin.php:111
actionwp_headadmin\class-aeroscroll-gallery-admin.php:112
actionadmin_enqueue_scriptsadmin\class-aeroscroll-gallery-pro-features.php:26
actionrest_api_initincludes\class-aeroscroll-gallery-custom-endpoint.php:25
actionrest_api_initincludes\class-aeroscroll-gallery-pro-endpoints.php:6
actionplugins_loadedincludes\class-aeroscroll-gallery.php:155
actionadmin_menuincludes\class-aeroscroll-gallery.php:169
actionadmin_initincludes\class-aeroscroll-gallery.php:172
actionadmin_enqueue_scriptsincludes\class-aeroscroll-gallery.php:173
actionadmin_enqueue_scriptsincludes\class-aeroscroll-gallery.php:174
actionwp_enqueue_scriptsincludes\class-aeroscroll-gallery.php:187
actionwp_enqueue_scriptsincludes\class-aeroscroll-gallery.php:188
Maintenance & Trust

Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedAug 11, 2025
PHP min version7.1
Downloads4K

Community Trust

Rating100/100
Number of ratings2
Active installs10
Developer Profile

Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery Developer Profile

yannisraft

1 plugin · 10 total installs

79
trust score
Avg Security Score
79/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/aeroscroll-gallery/dist/css/app.css/wp-content/plugins/aeroscroll-gallery/css/aeroscroll-gallery-admin.css
Version Parameters
aeroscroll-gallery/css/aeroscroll-gallery-admin.css?v=dist/css/app.css?v=

HTML / DOM Fingerprints

CSS Classes
aeroscroll-gallery-wrap
HTML Comments
<!-- aeroscroll-gallery-wrap --><!-- aeroscroll-gallery-wrap end -->
Data Attributes
data-aeroscroll-iddata-aeroscroll-auto-playdata-aeroscroll-auto-play-delaydata-aeroscroll-loopdata-aeroscroll-speeddata-aeroscroll-gap+27 more
JS Globals
window.aeroscrollGallerywindow.aeroscroll_gallery_object
Shortcode Output
[aeroscroll_gallery
FAQ

Frequently Asked Questions about Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery