Does CWO Photo have any unpatched vulnerabilities?

No. All known vulnerabilities in CWO Photo have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is CWO Photo compatible with WordPress 5.8.13?

According to WordPress.org data, CWO Photo 0.1 has been tested up to WordPress 5.8.13. Check the plugin's changelog for the latest compatibility information.

Is CWO Photo compatible with PHP 7.2.10+?

CWO Photo requires PHP 7.2.10 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is CWO Photo updated?

CWO Photo was last updated on Jul 12, 2021. Frequent updates are generally a positive security signal.

What is CWO Photo's security score?

CWO Photo has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

CWO Photo Security & Risk Analysis

wordpress.org/plugins/cwo-photo

The CWO Photo plugin allows you to import your own photos from your Google Photos albums and to display it in slider or in grid according to your pref …

10 active installs v0.1 PHP 7.2.10+ WP 5.0+ Updated Jul 12, 2021

albumgoogle-photogridphotosslider

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is CWO Photo Safe to Use in 2026?

Generally Safe

Score 85/100

CWO Photo has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

The "cwo-photo" plugin version 0.1 exhibits a concerning security posture despite a clean vulnerability history. The static analysis reveals significant weaknesses in secure coding practices. Notably, 100% of SQL queries are not using prepared statements, posing a high risk of SQL injection vulnerabilities. Furthermore, only 36% of output is properly escaped, increasing the likelihood of cross-site scripting (XSS) attacks. The complete absence of nonce checks and capability checks on any of the identified entry points means that unauthorized users could potentially trigger actions or access data without proper authentication or authorization. The presence of external HTTP requests also introduces potential risks if the target endpoints are compromised or if data is not handled securely. While the plugin has no recorded CVEs, this is likely due to its early version and minimal testing or public exposure. The lack of security features like prepared statements and proper output escaping in such a basic version strongly suggests that future versions will inherit these vulnerabilities unless addressed. The limited attack surface is a minor positive, but it is overshadowed by the severity of the insecure coding practices.

Key Concerns

Raw SQL queries without prepared statements
Low percentage of properly escaped output
No nonce checks implemented
No capability checks implemented
External HTTP requests without noted sanitization

Vulnerabilities

None known

CWO Photo Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

CWO Photo Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

5 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared32 total queries

Output Escaping

36% escaped14 total outputs

Attack Surface

CWO Photo Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[cwo_photo] cwo_photo.php:104

WordPress Hooks 3

actionadmin_menucwo_photo.php:86

actioninitcwo_photo.php:151

actionplugins_loadedcwo_photo.php:162

Maintenance & Trust

CWO Photo Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13

Last updatedJul 12, 2021

PHP min version7.2.10

Downloads8K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

CWO Photo Alternatives

Simple Google Photos Grid

simple-google-photos-grid

Provides a widget and shortcode to display photos from a public Google Photos album in a simple grid.

1K 1 CVE

Shared Albums for Google Photos (by JanZeman)

janzeman-shared-albums-for-google-photos

100

Display publicly shared Google Photos albums with a modern, responsive Swiper-based gallery viewer.

20 No CVEs

Grisha's GPlus Gallery Shortcode

grisha-gplus-gallery

Shortcode that lets you display your public Google Albums as a photo gallery on your website

10 No CVEs

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid

the-post-grid

Display WordPress posts in beautiful grid, list, slider, and filter layouts. Works with Gutenberg, Elementor, Divi, and Shortcodes.

100K 11 CVEs

Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX

ultimate-post

A highly customizable plugin to create news, magazines, and any kind of blog site with post grid, post filter, post slider, and post blocks.

40K 23 CVEs

Developer Profile

CWO Photo Developer Profile

paulmiernathan

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect CWO Photo

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ