Does Catch Gallery have any unpatched vulnerabilities?

No. All known vulnerabilities in Catch Gallery have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Catch Gallery compatible with WordPress 6.9.4?

According to WordPress.org data, Catch Gallery 2.4.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Catch Gallery updated?

Catch Gallery was last updated on Feb 25, 2026. Frequent updates are generally a positive security signal.

What is Catch Gallery's security score?

Catch Gallery has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Catch Gallery Security & Risk Analysis

wordpress.org/plugins/catch-gallery

Catch Gallery allows you to add three different types of layouts (in addition to the default layout provided by WordPress – Thumbnail Grid) for your g …

10K active installs v2.4.1 PHP + WP 5.9+ Updated Feb 25, 2026

carouselgalleryimage-gallerymosaictiled-gallery

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Catch Gallery Safe to Use in 2026?

Generally Safe

Score 100/100

Catch Gallery has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The 'catch-gallery' plugin v2.4.1 exhibits a generally good security posture due to its adherence to several secure coding practices. The complete absence of SQL injection vulnerabilities, thanks to 100% prepared statement usage, and a high rate of output escaping (96%) are significant strengths. Furthermore, the plugin has no recorded vulnerability history, indicating a strong track record of security. However, there are notable concerns stemming from its attack surface. Seven AJAX handlers are present, with two of them lacking proper authentication checks. This creates potential entry points for attackers to interact with the plugin without proper authorization. While taint analysis shows no issues, and there are a reasonable number of nonce and capability checks, the two unprotected AJAX endpoints represent the most significant immediate risk. The lack of critical or high-severity historical vulnerabilities is a positive sign, but the unprotected AJAX endpoints warrant attention to maintain a robust security profile.

Key Concerns

Unprotected AJAX handlers

Vulnerabilities

None known

Catch Gallery Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Catch Gallery Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

106 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

96% escaped110 total outputs

Attack Surface

2 unprotected

Catch Gallery Attack Surface

Entry Points7

Unprotected2

AJAX Handlers 7

authwp_ajax_query-themesinc\CatchThemesThemePlugin.php:11

authwp_ajax_customize_load_themesinc\CatchThemesThemePlugin.php:21

authwp_ajax_ctp_switchinc\ctp-tabs-removal.php:99

authwp_ajax_get_attachment_commentsinc\jetpack-carousel.php:41

noprivwp_ajax_get_attachment_commentsinc\jetpack-carousel.php:42

authwp_ajax_post_attachment_commentinc\jetpack-carousel.php:43

noprivwp_ajax_post_attachment_commentinc\jetpack-carousel.php:44

WordPress Hooks 23

actionadmin_menuadmin\admin.php:32

actionadmin_enqueue_scriptsadmin\admin.php:64

actionadmin_initadmin\admin.php:80

filterplugin_action_linksadmin\admin.php:160

actionplugins_loadedcatch-gallery.php:88

actionadmin_enqueue_scriptsinc\CatchThemesThemePlugin.php:13

actioncustomize_registerinc\CatchThemesThemePlugin.php:16

filterinstall_plugins_tabsinc\CatchThemesThemePlugin.php:23

filterinstall_plugins_table_api_args_catchpluginsinc\CatchThemesThemePlugin.php:24

actioninstall_plugins_catchpluginsinc\CatchThemesThemePlugin.php:25

actionadmin_initinc\ctp-tabs-removal.php:18

actionadmin_initinc\functions.php:17

filterplugin_row_metainc\functions.php:18

actionwp_enqueue_mediainc\functions.php:37

actionprint_media_templatesinc\functions.php:38

filterwidget_media_gallery_instance_schemainc\functions.php:41

actioninitinc\jetpack-carousel.php:19

filterpost_galleryinc\jetpack-carousel.php:52

filtergallery_styleinc\jetpack-carousel.php:53

filterwp_get_attachment_linkinc\jetpack-carousel.php:54

filterjetpack_gallery_typesinc\tiled-gallery.php:31

filterpost_galleryinc\tiled-gallery.php:498

actioninitinc\tiled-gallery.php:869

Maintenance & Trust

Catch Gallery Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 25, 2026

PHP min version

Downloads519K

Community Trust

Rating80/100

Number of ratings16

Active installs10K

Alternatives

Catch Gallery Alternatives

Tiled Gallery Carousel Without JetPack

tiled-gallery-carousel-without-jetpack

Tiled Gallery with Full Screen Carousel slideshow without Jetpack.

10K No CVEs

Gallerya

gallerya

100

Change the native post gallery to be displayed as a slider with lightbox support.

10 No CVEs

Image 3D Carousel

image-3d-carousel

100

Image 3D Carousel With Shortcode for WordPress.

10 No CVEs

zTransitions Image Video Carousel Gallery

ztransitions-compatibility

This is a free zTransitions image and video gallery compatibility plugin for Wordpress. Visit https://www.ztransitions.com to generate unlimited free …

0 No CVEs

Smart Slider 3

smart-slider-3

Responsive slider plugin to create sliders in visual editor easily. Build beautiful image slider, layer slider, video slider, post slider, and more.

800K 7 CVEs

Developer Profile

Catch Gallery Developer Profile

Catch Themes

155 plugins · 226K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

251 days

View full developer profile

Detection Fingerprints

How We Detect Catch Gallery

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/catch-gallery/inc/tiled-gallery.css/wp-content/plugins/catch-gallery/js/jquery.prettyPhoto.js/wp-content/plugins/catch-gallery/js/catch-gallery.js/wp-content/plugins/catch-gallery/css/catch-gallery.css/wp-content/plugins/catch-gallery/css/prettyPhoto.css/wp-content/plugins/catch-gallery/js/jquery.jcarousel.min.js/wp-content/plugins/catch-gallery/inc/carousel.css

Script Paths

/wp-content/plugins/catch-gallery/js/jquery.matchHeight.min.js/wp-content/plugins/catch-gallery/js/admin.js

Version Parameters

catch-gallery/inc/tiled-gallery.css?ver=catch-gallery/js/jquery.prettyPhoto.js?ver=catch-gallery/js/catch-gallery.js?ver=catch-gallery/css/catch-gallery.css?ver=catch-gallery/css/prettyPhoto.css?ver=catch-gallery/js/jquery.jcarousel.min.js?ver=catch-gallery/inc/carousel.css?ver=

HTML / DOM Fingerprints

CSS Classes

catch-gallery-wrapgallery-wrappergallery-columns-catch-gallery-slidergallery-captiongallery-icon

Data Attributes

data-themedata-descriptiondata-title

JS Globals

catch_gallery_paramscatch_gallery_slider_params

Shortcode Output

[gallery type="circle"][gallery type="square"][gallery type="tiled"]

FAQ