Does Document Gallery have any unpatched vulnerabilities?

No. All known vulnerabilities in Document Gallery have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Document Gallery compatible with WordPress 6.9.4?

According to WordPress.org data, Document Gallery 5.1.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Document Gallery compatible with PHP 5.6+?

Document Gallery requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Document Gallery updated?

Document Gallery was last updated on Dec 9, 2025. Frequent updates are generally a positive security signal.

What is Document Gallery's security score?

Document Gallery has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Document Gallery Security & Risk Analysis

wordpress.org/plugins/document-gallery

This plugin generates thumbnails for documents and displays them in a gallery-like format for easy sharing.

9K active installs v5.1.0 PHP 5.6+ WP 6.1+ Updated Dec 9, 2025

attachmentsdocumentslibrarypdfword

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Document Gallery Safe to Use in 2026?

Generally Safe

Score 100/100

Document Gallery has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The document-gallery plugin version 5.1.0 presents a mixed security posture. While it demonstrates some good practices, such as a high percentage of SQL queries using prepared statements and a relatively low number of file operations and external HTTP requests, there are significant concerns. A substantial portion of its attack surface, specifically 5 out of 6 entry points, lacks authentication checks. Furthermore, the presence of the `exec` function raises a red flag, as it's a powerful function that can lead to arbitrary code execution if not handled with extreme care and robust sanitization, which is not explicitly detailed in the provided signals. The taint analysis, while showing no critical or high severity flows, did find four flows with unsanitized paths, which could be a precursor to security issues, especially when combined with the unprotected entry points and dangerous functions.

Key Concerns

Unprotected AJAX handlers
Use of dangerous function (exec)
Taint flows with unsanitized paths
Low nonce checks
Low capability checks
Output escaping not fully implemented

Vulnerabilities

None known

Document Gallery Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Document Gallery Code Analysis

Dangerous Functions

Raw SQL Queries

5 prepared

Unescaped Output

51 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

execexec( $cmd, $out, $ret );src\inc\thumbers\class-ghostscript-thumber.php:54

exec$executable = exec( 'where gswin*c.exe' );src\inc\thumbers\class-ghostscript-thumber.php:99

exec$executable = exec( 'dir /o:n/s/b "C:\Program Files\gs\*gswin*c.exe"' );src\inc\thumbers\class-ghostscript-thumber.php:106

exec$executable = exec( 'dir /o:n/s/b "C:\Program Files (x86)\gs\*gswin32c.exe"' );src\inc\thumbers\class-ghostscript-thumber.php:112

exec$executable = exec( 'which gs' );src\inc\thumbers\class-ghostscript-thumber.php:119

execexec( 'test -e /usr/bin/gs', $dummy, $ret );src\inc\thumbers\class-ghostscript-thumber.php:127

SQL Query Safety

71% prepared7 total queries

Output Escaping

52% escaped98 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths

generateGallery (src\admin\class-ajax-handler.php:45)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

5 unprotected

Document Gallery Attack Surface

Entry Points6

Unprotected5

AJAX Handlers 5

authwp_ajax_dg_upload_thumbdocument-gallery.php:96

authwp_ajax_dg_generate_iconssrc\admin\class-ajax-handler.php:5

noprivwp_ajax_dg_generate_iconssrc\admin\class-ajax-handler.php:6

authwp_ajax_dg_generate_gallerysrc\admin\class-ajax-handler.php:8

noprivwp_ajax_dg_generate_gallerysrc\admin\class-ajax-handler.php:9

Shortcodes 1

[dg] document-gallery.php:153

WordPress Hooks 24

actionadmin_noticesdocument-gallery.php:23

actionwpmu_new_blogdocument-gallery.php:57

actioninitdocument-gallery.php:62

actionplugins_loadeddocument-gallery.php:65

actiondelete_attachmentdocument-gallery.php:78

filterplugin_row_metadocument-gallery.php:89

actionadmin_menudocument-gallery.php:92

actionadd_meta_boxesdocument-gallery.php:95

actionadmin_initdocument-gallery.php:99

actionwp_enqueue_scriptsdocument-gallery.php:104

actionwp_print_scriptsdocument-gallery.php:106

actionwp_enqueue_scriptsdocument-gallery.php:108

actioninitdocument-gallery.php:124

actionenqueue_block_editor_assetsdocument-gallery.php:139

actionadmin_enqueue_scriptssrc\admin\class-admin.php:107

actionadmin_print_footer_scriptssrc\admin\class-admin.php:125

filtermce_external_pluginssrc\admin\class-admin.php:145

filtermce_csssrc\admin\class-admin.php:146

actionadmin_enqueue_scriptssrc\admin\class-admin.php:403

actionwp_prepare_attachment_for_jssrc\admin\class-ajax-handler.php:11

actionadmin_print_footer_scriptssrc\admin\class-feature-pointers.php:26

actiondg_thumberssrc\inc\thumbers\class-abstract-thumber.php:27

filterallowed_http_originsrc\inc\thumbers\class-thumber-co-thumber.php:7

filterupload_mimessrc\inc\thumbers\class-thumber-co-thumber.php:8

Maintenance & Trust

Document Gallery Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 9, 2025

PHP min version5.6

Downloads320K

Community Trust

Rating96/100

Number of ratings112

Active installs9K

Alternatives

Document Gallery Alternatives

Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files

embed-any-document

Embed PDF, DOC, PPT and XLS documents easily on your WordPress website with the help of Google Docs Viewer or Microsoft Office Online.

50K 4 CVEs

Document Gallery – Display PDF Gallery from Many Folders

catfolders-document-gallery

100

Display WordPress PDF gallery and file gallery from folder. Comes with a clean, searchable & sortable list/grid layout.

3K No CVEs

FileBird – WordPress Media Library Folders & File Manager

filebird

Organize thousands of WordPress media files in folders / categories with ease.

200K 10 CVEs

Real Media Library: Media Library Folder & File Manager

real-media-library-lite

Organize uploaded media in folders, collections and galleries: A file manager for WordPress. Media management made easy with Real Media Library! (Alte …

100K 4 CVEs

Templateberg – Gutenberg Templates, WordPress Themes Template Kits & WordPress Templates

templateberg

100

Templateberg offers Gutenberg templates & WordPress theme kits. Import pre-designed layouts & build beautiful sites fast.

7K No CVEs

Developer Profile

Document Gallery Developer Profile

Dan Rossiter

2 plugins · 9K total installs

trust score

Avg Security Score

93/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Document Gallery

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/document-gallery/build/block.js/wp-content/plugins/document-gallery/src/css/document-gallery.css

Script Paths

/wp-content/plugins/document-gallery/build/block.js

Version Parameters

document-gallery/build/block.js?ver=document-gallery/src/css/document-gallery.css?ver=

HTML / DOM Fingerprints

HTML Comments

Data Attributes

data-dg-typedata-dg-post-iddata-dg-post-typedata-dg-post-mime-typedata-dg-post-urldata-dg-attachment-id+4 more

JS Globals

dgBlockConfig

Shortcode Output

[dg]

FAQ