Does Automatic YouTube Gallery have any unpatched vulnerabilities?

No. All known vulnerabilities in Automatic YouTube Gallery have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Automatic YouTube Gallery compatible with WordPress 6.9.4?

According to WordPress.org data, Automatic YouTube Gallery 2.7.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Automatic YouTube Gallery compatible with PHP 5.6.20+?

Automatic YouTube Gallery requires PHP 5.6.20 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Automatic YouTube Gallery updated?

Automatic YouTube Gallery was last updated on Feb 20, 2026. Frequent updates are generally a positive security signal.

What is Automatic YouTube Gallery's security score?

Automatic YouTube Gallery has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Automatic YouTube Gallery Security & Risk Analysis

wordpress.org/plugins/automatic-youtube-gallery

Build dynamic video galleries by simply adding a YouTube USERNAME, CHANNEL, PLAYLIST, SEARCH KEYWORDS, or a custom list of video URLs.

9K active installs v2.7.1 PHP 5.6.20+ WP 6.0+ Updated Feb 20, 2026

youtube-channelyoutube-embedyoutube-galleryyoutube-liveyoutube-playlist

A · Safe

CVEs total1

Unpatched0

Last CVESep 5, 2023

Plugin page Download

Safety Verdict

Is Automatic YouTube Gallery Safe to Use in 2026?

Generally Safe

Score 100/100

Automatic YouTube Gallery has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Sep 5, 2023Updated 1mo ago

Risk Assessment

The "automatic-youtube-gallery" v2.7.1 plugin exhibits a mixed security posture. While it demonstrates good practices in output escaping and SQL query preparation, significant concerns arise from its attack surface. A substantial number of AJAX handlers (6 out of 6) lack proper authentication checks, presenting a direct avenue for unauthorized actions if exploited. The presence of the `unserialize` function, though not explicitly shown to be vulnerable in the provided taint analysis, is a known risk factor that should be carefully managed with input validation. The plugin's vulnerability history shows one medium-severity CVE in the past, which is currently patched. However, the pattern of past vulnerabilities, including "Missing Authorization," reinforces the concern regarding the unprotected AJAX endpoints. The bundled Freemius library also needs to be monitored for its version and potential vulnerabilities. Overall, while some security fundamentals are present, the high number of unprotected entry points, particularly AJAX handlers, represents a significant security weakness that requires immediate attention.

Key Concerns

Unprotected AJAX handlers
Dangerous function unserialize present
Bundled library Freemius v1.0
Medium vulnerability in history

Vulnerabilities

Automatic YouTube Gallery Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-41866medium · 4.3Missing Authorization

Automatic YouTube Gallery <= 2.3.3 - Missing Authorization via AJAX actions

Sep 5, 2023 Patched in 2.3.5 (140d)

Code Analysis

Analyzed Mar 16, 2026

Automatic YouTube Gallery Code Analysis

Dangerous Functions

Raw SQL Queries

14 prepared

Unescaped Output

226 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$row->thumbnails = unserialize( $row->thumbnails );includes\functions.php:418

Bundled Libraries

Freemius1.0

SQL Query Safety

74% prepared19 total queries

Output Escaping

89% escaped254 total outputs

Attack Surface

6 unprotected

Automatic YouTube Gallery Attack Surface

Entry Points7

Unprotected6

AJAX Handlers 6

authwp_ajax_ayg_save_api_keyincludes\init.php:141

authwp_ajax_ayg_delete_cacheincludes\init.php:150

authwp_ajax_ayg_load_videosincludes\init.php:169

noprivwp_ajax_ayg_load_videosincludes\init.php:170

authwp_ajax_ayg_set_cookieincludes\init.php:171

noprivwp_ajax_ayg_set_cookieincludes\init.php:172

Shortcodes 1

[automatic_youtube_gallery] public\public.php:30

WordPress Hooks 25

actionafter_uninstallautomatic-youtube-gallery.php:169

actionplugins_loadedincludes\init.php:120

actionadmin_initincludes\init.php:134

actionadmin_enqueue_scriptsincludes\init.php:135

actionadmin_enqueue_scriptsincludes\init.php:136

actionelementor/editor/after_enqueue_stylesincludes\init.php:137

actionelementor/editor/after_enqueue_scriptsincludes\init.php:138

actionadmin_menuincludes\init.php:139

actionadmin_noticesincludes\init.php:140

actionadmin_menuincludes\init.php:148

actionadmin_initincludes\init.php:149

actionwp_enqueue_scriptsincludes\init.php:164

actionwp_enqueue_scriptsincludes\init.php:165

actionenqueue_block_editor_assetsincludes\init.php:166

actionelementor/editor/after_enqueue_scriptsincludes\init.php:167

actionelementor/preview/enqueue_scriptsincludes\init.php:168

filtersmush_skip_iframe_from_lazy_loadincludes\init.php:174

actionwpincludes\init.php:179

actionayg_schedule_weeklyincludes\init.php:180

filtercron_schedulesincludes\init.php:182

actioninitincludes\init.php:201

actionenqueue_block_editor_assetsincludes\init.php:202

filterblock_categories_allincludes\init.php:205

filterblock_categoriesincludes\init.php:207

actionwidgets_initincludes\init.php:218

Scheduled Events 1

ayg_schedule_weekly

Maintenance & Trust

Automatic YouTube Gallery Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 20, 2026

PHP min version5.6.20

Downloads159K

Community Trust

Rating96/100

Number of ratings30

Active installs9K

Alternatives

Automatic YouTube Gallery Alternatives

Video Gallery – YouTube Playlist, Channel Gallery by YotuWP

yotuwp-easy-youtube-embed

Modern responsive YouTube video gallery helps your website getting noticed from visitors, increase the reach and stand out from the competitors.

20K 5 CVEs

Bubuku Disable Related Videos

bubuku-disable-related-videos

Plugin to disable related YouTube videos that appear at the end of the video when you embed it in Gutenberg

80 No CVEs

Embed Plus for YouTube Gallery, Livestream and Lazy Loading with Facades

youtube-embed-plus

100

A multi-featured plugin to embed YouTube in WordPress. Embed a video, YouTube channel gallery, playlist, or YouTube livestream. Defer JavaScript too!

100K 1 CVE

StreamWeasels YouTube Integration

streamweasels-youtube-integration

Embed YouTube content on your WordPress site. Easily embed a YouTube channel, shorts, gallery, feed, or live on your website.

1K 3 CVEs

GS YouTube Gallery – Video Feed, Channel Playlist & YouTube Slider

gs-youtube-gallery

100

Create a Stunning & Responsive Video Gallery for Channel or Playlist Videos.

80 No CVEs

Developer Profile

Automatic YouTube Gallery Developer Profile

Plugins360 Labs

3 plugins · 29K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

123 days

View full developer profile

Detection Fingerprints

How We Detect Automatic YouTube Gallery

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/automatic-youtube-gallery/assets/css/responsive-gallery.css/wp-content/plugins/automatic-youtube-gallery/assets/css/admin-style.css/wp-content/plugins/automatic-youtube-gallery/assets/js/jquery.isotope.min.js/wp-content/plugins/automatic-youtube-gallery/assets/js/isotope.min.js/wp-content/plugins/automatic-youtube-gallery/assets/js/custom.js/wp-content/plugins/automatic-youtube-gallery/assets/js/admin.js/wp-content/plugins/automatic-youtube-gallery/vendor/freemius/assets/js/freemius-sdk.min.js

Script Paths

vendor/freemius/assets/js/freemius-sdk.min.js

Version Parameters

automatic-youtube-gallery/assets/css/responsive-gallery.css?ver=automatic-youtube-gallery/assets/css/admin-style.css?ver=automatic-youtube-gallery/assets/js/jquery.isotope.min.js?ver=automatic-youtube-gallery/assets/js/isotope.min.js?ver=automatic-youtube-gallery/assets/js/custom.js?ver=automatic-youtube-gallery/assets/js/admin.js?ver=vendor/freemius/assets/js/freemius-sdk.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

ayg-gallery-containerayg-gallery-itemayg-video-wrapperayg-video-thumbnailayg-video-titleayg-load-more-buttonayg-gallery-settingsayg-admin-wrap+2 more

HTML Comments

+22 more

Data Attributes

data-gallery-iddata-youtube-iddata-playlist-iddata-channel-iddata-search-keywordsdata-ayg-settings

JS Globals

ayg_custom_scriptayg_ajax_object

Shortcode Output

<div class="ayg-gallery-container"<div class="ayg-gallery-item"<div class="ayg-video-wrapper"<div class="ayg-video-thumbnail"

FAQ

Automatic YouTube Gallery Security & Risk Analysis

Is Automatic YouTube Gallery Safe to Use in 2026?

Generally Safe

Key Concerns

Automatic YouTube Gallery Security Vulnerabilities

CVEs by Year

Severity Breakdown

Automatic YouTube Gallery Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Automatic YouTube Gallery Attack Surface

AJAX Handlers 6

Shortcodes 1

Scheduled Events 1

Automatic YouTube Gallery Maintenance & Trust

Maintenance Signals

Community Trust

Automatic YouTube Gallery Alternatives

Video Gallery – YouTube Playlist, Channel Gallery by YotuWP

Bubuku Disable Related Videos

Embed Plus for YouTube Gallery, Livestream and Lazy Loading with Facades

StreamWeasels YouTube Integration

GS YouTube Gallery – Video Feed, Channel Playlist & YouTube Slider

Automatic YouTube Gallery Developer Profile

How We Detect Automatic YouTube Gallery

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Automatic YouTube Gallery