WP-Safety

Ultimate Before After Image Slider & Gallery – BEAF Security & Risk Analysis

wordpress.org/plugins/beaf-before-and-after-gallery

Need a Before After Image Comparison slider? Create your before and after slider with BEAF. Addon for Elementor Before and After Slider is included.

30K active installs v4.7.14 PHP 7.4+ WP 4.0+ Updated Feb 8, 2026
before-afterbefore-after-sliderbefore-and-after-sliderbefore-after-elementorelementor-before-and-after-slider
97
A · Safe
CVEs total2
Unpatched0
Last CVEMay 7, 2025
Plugin page Download
Safety Verdict

Is Ultimate Before After Image Slider & Gallery – BEAF Safe to Use in 2026?

Generally Safe

Score 97/100

Ultimate Before After Image Slider & Gallery – BEAF has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: May 7, 2025Updated 1mo ago
Risk Assessment

The 'beaf-before-and-after-gallery' plugin version 4.7.14 exhibits a mixed security posture. While it demonstrates good practices by using prepared statements for all SQL queries and a high percentage of properly escaped output, there are significant concerns regarding its attack surface and historical vulnerabilities.

The static analysis reveals a notable attack surface with 6 AJAX handlers, and critically, 3 of these lack authentication checks, presenting a direct pathway for potential exploitation if these handlers are susceptible to unauthorized actions. The presence of the `unserialize` function is a known risky function, although no critical or high-severity taint flows were identified in the limited analysis. The plugin also bundles the Select2 library, which could potentially be an outdated or vulnerable component depending on its specific version.

Historically, the plugin has a track record of security issues, with 2 known CVEs. Although none are currently unpatched, the previous vulnerabilities included 'Unrestricted Upload of File with Dangerous Type' and 'Cross-Site Request Forgery (CSRF)', indicating a pattern of weaknesses that could resurface. The last vulnerability was recorded relatively recently, suggesting ongoing security challenges. Despite good internal coding practices in areas like SQL, the external factors of attack surface and historical issues warrant caution.

Key Concerns

  • 3 AJAX handlers without auth checks
  • Presence of 'unserialize' function
  • 2 known CVEs in vulnerability history
  • Bundled library (Select2) may be outdated
Vulnerabilities
2

Ultimate Before After Image Slider & Gallery – BEAF Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
1

2 total CVEs

CVE-2025-47549high · 7.2Unrestricted Upload of File with Dangerous Type

BEAF <= 4.6.10 - Authenticated (Admin+) Arbitrary File Upload

May 7, 2025 Patched in 4.6.11 (6d)
CVE-2024-32433medium · 4.3Cross-Site Request Forgery (CSRF)

BEAF <= 4.5.4 - Cross-Site Request Forgery to Notice Dismissal

Apr 12, 2024 Patched in 4.5.5 (6d)
Code Analysis
Analyzed Mar 16, 2026

Ultimate Before After Image Slider & Gallery – BEAF Code Analysis

Dangerous Functions
4
Raw SQL Queries
0
0 prepared
Unescaped Output
99
726 escaped
Nonce Checks
8
Capability Checks
3
File Operations
0
External Requests
1
Bundled Libraries
1

Dangerous Functions Found

unserialize$rooms = unserialize( $tf_hotel_rooms_value );admin\tf-options\fields\ical\BEAF_ical.php:24
unserialize$mapdata = unserialize( $mapdata );admin\tf-options\fields\map\BEAF_map.php:18
unserialize$data = unserialize( $tf_rep_value );admin\tf-options\fields\repeater\BEAF_repeater.php:30
unserialize$data = ( ! is_array( $this->value ) ) ? unserialize( $this->value ) : $this->value;admin\tf-options\fields\tab\BEAF_tab.php:46

Bundled Libraries

Select2

Output Escaping

88% escaped825 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
bafg_shortcode_callback (inc\Hook\PostType.php:90)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Ultimate Before After Image Slider & Gallery – BEAF Attack Surface

Entry Points9
Unprotected3

AJAX Handlers 6

authwp_ajax_beaf_options_saveadmin\tf-options\classes\BEAF_Settings.php:37
authwp_ajax_beaf_themefic_manage_pluginadmin\tf-options\classes\BEAF_Settings.php:39
authwp_ajax_bafg_black_friday_notice_dismiss_callbackinc\class-sidebar-banner.php:68
authwp_ajax_bafg_black_friday_notice_bafg_dismiss_callbackinc\class-sidebar-banner.php:92
authwp_ajax_bafg_dashboard_widget_dismissinc\class-sidebar-banner.php:107
authwp_ajax_bafg_review_notice_callbackinc\functions.php:423

Shortcodes 3

[bafg] inc\Hook\Shortcode.php:14
[bafg_gallery] inc\Hook\Shortcode.php:19
[bafg_preview] inc\Hook\Shortcode.php:23
WordPress Hooks 86
actionadmin_enqueue_scriptsadmin\bafg-admin.php:15
filtermanage_bafg_posts_columnsadmin\bafg-admin.php:20
actionmanage_posts_custom_columnadmin\bafg-admin.php:21
actionmanage_posts_custom_columnadmin\bafg-admin.php:22
filtermanage_edit-bafg_gallery_columnsadmin\bafg-admin.php:27
filtermanage_bafg_gallery_custom_columnadmin\bafg-admin.php:28
actionadmin_footeradmin\bafg-admin.php:33
actionadmin_noticesadmin\bafg-admin.php:38
actionadmin_initadmin\bafg-admin.php:39
actionadmin_initadmin\inc\functions.php:136
actionadmin_enqueue_scriptsadmin\tf-options\BEAF_Options.php:41
actionadd_meta_boxesadmin\tf-options\classes\BEAF_Metabox.php:20
actionsave_postadmin\tf-options\classes\BEAF_Metabox.php:21
actionadmin_menuadmin\tf-options\classes\BEAF_Settings.php:31
actionadmin_initadmin\tf-options\classes\BEAF_Settings.php:34
actionadmin_footeradmin\tf-options\fields\icon\BEAF_icon.php:15
actionplugins_loadedbefore-and-after-gallery.php:31
actioninitinc\bafg-elementor\bafg-elementor.php:14
actionelementor/widgets/widgets_registeredinc\bafg-elementor\bafg-register.php:57
actionadmin_initinc\class-helper-banner.php:9
filterbeaf_dashboard_helper_bannerinc\class-helper-banner.php:16
actionadmin_footerinc\class-helper-banner.php:17
filtercron_schedulesinc\class-sidebar-banner.php:48
actionbafg_sidebar_banner__scheduleinc\class-sidebar-banner.php:54
actionadmin_noticesinc\class-sidebar-banner.php:67
actionadd_meta_boxesinc\class-sidebar-banner.php:89
filterget_user_option_meta-box-order_bafginc\class-sidebar-banner.php:91
actionwp_dashboard_setupinc\class-sidebar-banner.php:106
actionbafg_after_sliderinc\functions.php:34
actionbafg_before_sliderinc\functions.php:101
actionadmin_initinc\functions.php:300
actionadmin_noticesinc\functions.php:417
actionadmin_noticesinc\functions.php:492
filterbeaf_before_after_methodinc\functions.php:508
filterbafg_publicly_queriableinc\functions.php:561
filterbefore_image_linkinc\functions.php:565
filterafter_image_linkinc\functions.php:582
filterbafg_readmore_textinc\functions.php:599
filterbafg_before_after_styleinc\functions.php:616
filtershow_label_outside_imageinc\functions.php:674
filterbafg_auto_slideinc\functions.php:691
filterbafg_before_after_imageinc\functions.php:706
filterbafg_first_imageinc\functions.php:721
filterbafg_second_imageinc\functions.php:737
filterbafg_third_imageinc\functions.php:753
filterbafg_slider_video_typeinc\functions.php:769
filterbafg_before_videoinc\functions.php:785
filterbafg_after_videoinc\functions.php:801
filterbafg_before_vimeo_videoinc\functions.php:817
filterbafg_after_vimeo_videoinc\functions.php:833
filterbafg_before_self_videoinc\functions.php:849
filterbafg_after_self_videoinc\functions.php:865
filterbafg_filter_styleinc\functions.php:881
filterbafg_on_scroll_slideinc\functions.php:897
filterbafg_popup_previewinc\functions.php:913
filterbafg_handle_colorinc\functions.php:929
filterbafg_overlay_colorinc\functions.php:945
filterbafg_widthinc\functions.php:961
filterbafg_heightinc\functions.php:977
filterbafg_video_widthinc\functions.php:993
filterbafg_video_heightinc\functions.php:1009
filterbafg_slider_alignmentinc\functions.php:1025
filterbafg_filter_applyinc\functions.php:1041
filterbafg_before_after_image_linkinc\functions.php:1057
filterbafg_open_url_new_tabinc\functions.php:1073
filterbafg_enable_watermarkinc\functions.php:1105
filterbafg_enable_opacityinc\functions.php:1109
filterbafg_watermark_opacityinc\functions.php:1129
filterbafg_watermark_positioninc\functions.php:1149
filterbafg_bafg_preview_shortcodeinc\functions.php:1169
filterbafg_three_image_slider_methodinc\functions.php:1190
filterbafg_video_slider_methodinc\functions.php:1211
filterbafg_watermark_enable_field_metainc\functions.php:1231
actioninitinc\Hook\Hook.php:17
actioninitinc\Hook\Hook.php:26
actioninitinc\Hook\Hook.php:39
actioninitinc\Hook\Hook.php:56
actionadd_meta_boxesinc\Hook\Hook.php:67
actioninitinc\Hook\Hook.php:77
actionadmin_menuinc\Hook\Hook.php:87
actioninitinc\Hook\Hook.php:109
actionwp_enqueue_scriptsinc\Hook\Hook.php:125
actionelementor/editor/before_enqueue_scriptsinc\Hook\Hook.php:142
actionadmin_enqueue_scriptsinc\Hook\Hook.php:148
filtersingle_templateinc\Hook\Hook.php:159
actionwidgets_initinc\widget\bafg-widget.php:12

Scheduled Events 1

bafg_sidebar_banner__schedule
Maintenance & Trust

Ultimate Before After Image Slider & Gallery – BEAF Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 8, 2026
PHP min version7.4
Downloads1.0M

Community Trust

Rating98/100
Number of ratings103
Active installs30K
Alternatives

Ultimate Before After Image Slider & Gallery – BEAF Alternatives

Twenty20 Image Before-After

Twenty20 Image Before-After

twenty20

A
92

Professional before & after image comparison slider for WordPress. Create engaging visual comparisons with an intuitive drag & drop interface.

20K 1 CVE
Before After Image Comparison Slider for Elementor

Before After Image Comparison Slider for Elementor

before-after-image-comparison-slider-for-elementor

A
100

Before After Image Comparison Slider for Elementor is an image comparison slider plugin for Elementor Page Builder. This plugin allows you to create t &hellip;

10K No CVEs
Before After Image Comparison Slider for WPBakery Page Builder

Before After Image Comparison Slider for WPBakery Page Builder

before-after-image-comparison-slider-for-visual-composer

A
92

Before After Image Comparison Slider for WPBakery is an image comparison slider plugin for WPBakery Page Builder. This plugin allows you to create the &hellip;

1K No CVEs
Image Before After Addon for Elementor – WPTD

Image Before After Addon for Elementor – WPTD

wptd-image-compare

A
85

WPTD Image Before After is advanced elementor image compare plugin. You can easily compare two images by selection. Also we Provide here horizontal an &hellip;

200 No CVEs
Before After Slider for WooCommerce – eBEAF

Before After Slider for WooCommerce – eBEAF

before-after-for-woocommerce

A
92

Want to show comparison of two images on your WooCommerce Store? Easily create before and after image slider for WooCommerce and add it on your single &hellip;

100 No CVEs
Developer Profile

Ultimate Before After Image Slider & Gallery – BEAF Developer Profile

Themefic

11 plugins · 97K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
93 days
View full developer profile
Detection Fingerprints

How We Detect Ultimate Before After Image Slider & Gallery – BEAF

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/beaf-before-and-after-gallery/assets/css/beaf-admin-options.css/wp-content/plugins/beaf-before-and-after-gallery/assets/js/beaf-options.js/wp-content/plugins/beaf-before-and-after-gallery/assets/libs/notyf/notyf.min.css/wp-content/plugins/beaf-before-and-after-gallery/assets/css/bafg-admin-style.css/wp-content/plugins/beaf-before-and-after-gallery/assets/js/wp-color-picker-alpha.min.js/wp-content/plugins/beaf-before-and-after-gallery/assets/libs/notyf/notyf.min.js/wp-content/plugins/beaf-before-and-after-gallery/assets/js/bafg-script.js
Script Paths
/wp-content/plugins/beaf-before-and-after-gallery/assets/js/beaf-options.js/wp-content/plugins/beaf-before-and-after-gallery/assets/js/wp-color-picker-alpha.min.js/wp-content/plugins/beaf-before-and-after-gallery/assets/libs/notyf/notyf.min.js/wp-content/plugins/beaf-before-and-after-gallery/assets/js/bafg-script.js
Version Parameters
beaf-admin-options.css?ver=beaf-options.js?ver=notyf.min.css?ver=bafg-admin-style.css?ver=wp-color-picker-alpha.min.js?ver=notyf.min.js?ver=bafg-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
bafg_copy
Data Attributes
bafg_before_after_methodbafg_before_after_imagebafg_first_imagebafg_before_imagebeaf_meta
JS Globals
beaf_optionsbeaf_admin_data
Shortcode Output
[bafg
FAQ

Frequently Asked Questions about Ultimate Before After Image Slider & Gallery – BEAF