WP-Safety

Gallery – Photo Albums Plugin Security & Risk Analysis

wordpress.org/plugins/easy-media-gallery

Image Gallery – Photo Albums Plugin is the easiest tool to create image gallery, photo albums, portfolio and also photo slider.

2K active installs v1.3.170 PHP 7.2+ WP 3.4+ Updated Jan 23, 2026
galleryimage-galleryimage-sliderphoto-galleryslider
76
B · Generally Safe
CVEs total4
Unpatched1
Last CVEMar 31, 2025
Plugin page Download
Safety Verdict

Is Gallery – Photo Albums Plugin Safe to Use in 2026?

Mostly Safe

Score 76/100

Gallery – Photo Albums Plugin is generally safe to use. 4 past CVEs were resolved.

4 known CVEs 1 unpatched Last CVE: Mar 31, 2025Updated 3mo ago
Risk Assessment

The "easy-media-gallery" plugin v1.3.170 exhibits a mixed security posture. While it demonstrates good practices in SQL query handling with 100% prepared statements and a significant number of nonce and capability checks (9 and 10 respectively), several critical areas raise concerns. The presence of dangerous functions like 'unserialize' and 'create_function' is a significant red flag, as these are often associated with deserialization vulnerabilities and code injection risks. Furthermore, the taint analysis revealing two high-severity flows with unsanitized paths indicates potential vulnerabilities where external input could be manipulated to execute unintended code or access unauthorized resources.

The plugin's vulnerability history, with four known medium-severity CVEs including a recent one in March 2025, suggests a recurring pattern of security weaknesses, particularly in Cross-site Scripting (XSS) and Cross-Site Request Forgery (CSRF). The fact that one CVE remains unpatched is a critical concern, leaving active exploits possible. The high percentage of improperly escaped output (82%) directly contributes to XSS risks, as user-supplied data is not adequately sanitized before being displayed to other users.

In conclusion, despite strengths in database security and input validation for certain functions, the "easy-media-gallery" plugin has significant security shortcomings. The presence of dangerous functions, high-severity taint flows, a history of multiple vulnerabilities, and a high rate of unescaped output collectively point to a substantial risk. Users should be cautious, and prompt patching of the known unpatched CVE is essential.

Key Concerns

  • Unpatched CVE found
  • High severity taint flows
  • Dangerous function 'unserialize'
  • Dangerous function 'create_function'
  • High percentage of unescaped output
  • AJAX handlers without auth checks
  • Multiple medium severity CVEs
Vulnerabilities
4 published

Gallery – Photo Albums Plugin Security Vulnerabilities

CVEs by Year

1 CVE in 2013
2013
1 CVE in 2014
2014
1 CVE in 2015
2015
1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
4

4 total CVEs

CVE-2025-31586medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Gallery – Photo Albums Plugin <= 1.3.170 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 31, 2025Unpatched
CVE-2015-7386medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Gallery – Photo Albums Plugin < 1.3.47 - Cross-Site Scripting

Sep 5, 2015 Patched in 1.3.50 (3062d)
WF-e438a090-1a73-450d-9325-276e45eee9ee-easy-media-gallerymedium · 4.3Cross-Site Request Forgery (CSRF)

Gallery – Photo Albums Plugin < 1.3.03 - Multiple Cross-Site Request Forgery

Sep 1, 2014 Patched in 1.3.03 (3431d)
WF-6bf7a5c3-f30d-42d6-91f9-8eb11089a499-easy-media-gallerymedium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Gallery – Photo Albums Plugin < 1.2.29 - Cross-Site Scripting

Dec 17, 2013 Patched in 1.2.29 (3689d)
Version History

Gallery – Photo Albums Plugin Release Timeline

v1.3.170Current1 CVE
CVE-2025-31586
v1.3.1691 CVE
CVE-2025-31586
v1.3.1671 CVE
CVE-2025-31586
v1.3.1651 CVE
CVE-2025-31586
v1.3.1631 CVE
CVE-2025-31586
v1.3.1611 CVE
CVE-2025-31586
v1.3.1591 CVE
CVE-2025-31586
v1.3.1571 CVE
CVE-2025-31586
v1.3.1551 CVE
CVE-2025-31586
v1.3.1531 CVE
CVE-2025-31586
v1.3.1511 CVE
CVE-2025-31586
v1.3.1501 CVE
CVE-2025-31586
v1.3.1391 CVE
CVE-2025-31586
v1.3.1371 CVE
CVE-2025-31586
v1.3.1351 CVE
CVE-2025-31586
v1.3.1331 CVE
CVE-2025-31586
v1.3.1311 CVE
CVE-2025-31586
v1.3.1301 CVE
CVE-2025-31586
v1.3.1291 CVE
CVE-2025-31586
v1.3.1271 CVE
CVE-2025-31586
Code Analysis
Analyzed Mar 16, 2026

Gallery – Photo Albums Plugin Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
2 prepared
Unescaped Output
305
68 escaped
Nonce Checks
9
Capability Checks
10
File Operations
2
External Requests
6
Bundled Libraries
2

Dangerous Functions Found

unserialize$plugin_info = unserialize( $response['body'] );includes\functions\functions.php:788
create_function$callback = create_function( '$post, $meta_box', 'easmedia_create_meta_box( $post, $meta_box["args"]includes\metaboxes.php:474

Bundled Libraries

TinyMCESelect2

SQL Query Safety

100% prepared2 total queries

Output Escaping

18% escaped373 total outputs
Data Flows · Security
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
<easy-media-gallery> (easy-media-gallery.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Gallery – Photo Albums Plugin Attack Surface

Entry Points12
Unprotected2

AJAX Handlers 10

authwp_ajax_easymedia_sorteasy-media-gallery.php:95
noprivwp_ajax_emg_get_data_slider_ajaxincludes\functions\functions.php:138
authwp_ajax_emg_get_data_slider_ajaxincludes\functions\functions.php:139
authwp_ajax_emg_cp_resetincludes\functions\functions.php:171
authwp_ajax_easmedia_img_media_remvincludes\functions\functions.php:207
authwp_ajax_easymedia_imgresize_ajaxincludes\functions\functions.php:550
authwp_ajax_emg_hide_notyincludes\functions\functions.php:936
authwp_ajax_emg_enable_auto_updateincludes\functions\functions.php:1251
authwp_ajax_emg_get_aff_dataincludes\functions\functions.php:1717
authwp_ajax_emg_hide_block_notifyincludes\functions\functions.php:1779

Shortcodes 2

[easy-media] includes\shortcode.php:275
[easymedia-gallery] includes\shortcode.php:386
WordPress Hooks 68
actioniniteasy-media-gallery.php:83
actioniniteasy-media-gallery.php:84
actionplugins_loadedeasy-media-gallery.php:85
actionadmin_initeasy-media-gallery.php:86
actionadmin_initeasy-media-gallery.php:87
actionadmin_noticeseasy-media-gallery.php:88
filterplugin_action_linkseasy-media-gallery.php:89
filterplugin_row_metaeasy-media-gallery.php:90
actionadmin_print_styleseasy-media-gallery.php:91
actionadmin_headeasy-media-gallery.php:92
filtermanage_edit-easymediagallery_columnseasy-media-gallery.php:93
filtermanage_posts_custom_columneasy-media-gallery.php:94
actionmanage_edit-easymediagallery_columnseasy-media-gallery.php:96
actionmanage_easymediagallery_posts_custom_columneasy-media-gallery.php:97
filtermanage_edit-easymediagallery_sortable_columnseasy-media-gallery.php:98
filterpre_get_postseasy-media-gallery.php:99
actioniniteasy-media-gallery.php:100
filterwidget_texteasy-media-gallery.php:101
filterthe_excerpteasy-media-gallery.php:102
filterthe_excerpteasy-media-gallery.php:103
actionadmin_menueasy-media-gallery.php:104
filterpost_row_actionseasy-media-gallery.php:598
actionemg_auto_updateeasy-media-gallery.php:646
actionwidgets_initincludes\easywidget.php:66
actioninitincludes\emg-block\init.php:25
actionadmin_noticesincludes\emg-notice.php:6
actionadmin_initincludes\emg-notice.php:23
actionadmin_initincludes\emg-settings.php:11
actionadmin_headincludes\emg-settings.php:92
actionadmin_enqueue_scriptsincludes\emg-settings.php:93
actionadmin_menuincludes\emg-settings.php:565
actionwp_print_stylesincludes\frontend.php:12
actionwp_enqueue_scriptsincludes\frontend.php:44
actionwp_headincludes\frontend.php:75
actionadmin_initincludes\functions\functions.php:57
actionwp_enqueue_scriptsincludes\functions\functions.php:69
actioninitincludes\functions\functions.php:344
filteradmin_footer_textincludes\functions\functions.php:365
actionadmin_headincludes\functions\functions.php:567
actionadmin_footer-edit-tags.phpincludes\functions\functions.php:593
actionadmin_menuincludes\functions\functions.php:662
filtergettextincludes\functions\functions.php:744
filtergettextincludes\functions\functions.php:761
actionwp_dashboard_setupincludes\functions\functions.php:806
actionadmin_bar_menuincludes\functions\functions.php:1025
actionadmin_print_footer_scriptsincludes\functions\functions.php:1278
actionadmin_bar_menuincludes\functions\functions.php:1328
actionenqueue_block_editor_assetsincludes\functions\functions.php:1768
actiondo_meta_boxesincludes\metaboxes.php:16
actionadmin_headincludes\metaboxes.php:25
actionadmin_noticesincludes\metaboxes.php:60
actionadmin_footerincludes\metaboxes.php:65
actionadmin_enqueue_scriptsincludes\metaboxes.php:808
actionadmin_print_stylesincludes\metaboxes.php:809
actionadd_meta_boxesincludes\metaboxes.php:814
actionsave_postincludes\metaboxes.php:1049
actionadmin_menuincludes\pages\emg-pricing.php:9
actionadmin_menuincludes\pages\emg-welcome.php:32
actionadmin_headincludes\pages\emg-welcome.php:33
actionadmin_initincludes\pages\emg-welcome.php:34
actioninitincludes\taxonomy.php:38
actionadmin_headincludes\tinymce-dlg.php:8
actionadmin_footerincludes\tinymce-dlg.php:9
actionmedia_buttonsincludes\tinymce-dlg.php:32
filtermce_external_pluginsincludes\tinymce_plugin\register_mce_button.php:8
actioncurrent_screenincludes\tinymce_plugin\register_mce_button.php:9
filtermce_buttonsincludes\tinymce_plugin\register_mce_button.php:20
actionenqueue_block_editor_assetsincludes\tinymce_plugin\register_mce_button.php:21

Scheduled Events 1

emg_auto_update
Maintenance & Trust

Gallery – Photo Albums Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 23, 2026
PHP min version7.2
Downloads1.7M

Community Trust

Rating76/100
Number of ratings277
Active installs2K
Alternatives

Gallery – Photo Albums Plugin Alternatives

Image Gallery Block – Create and display photo gallery/photo album.

Image Gallery Block – Create and display photo gallery/photo album.

3d-image-gallery

A
99

Image Gallery Block helps you create responsive photo galleries, masonry layouts, and 3D sliders. Offers professional layouts and lightbox effects.

2K 1 CVE
Ultimate Responsive Image Slider

Ultimate Responsive Image Slider

ultimate-responsive-image-slider

A
100

Create stunning responsive sliders in minutes. Drag-and-drop builder, unlimited sliders, mobile-friendly & SEO optimized!

30K 1 CVE
All in One Addons For WPBakery Page Builder (formerly Visual Composer)

All in One Addons For WPBakery Page Builder (formerly Visual Composer)

all-in-one-visual-composer-addons

A
100

Easy solution for building attractive pages with WPBakery Page Builder.

1K No CVEs
Gallery Images Ape

Gallery Images Ape

gallery-images-ape

F
28

Image gallery, responsive photo gallery grid, customizable image slider, simple interface, links, video links and lightbox, custom themes, thumbnails

1K 3 unpatched
a3 Responsive Slider

a3 Responsive Slider

a3-responsive-slider

A
96

A robust and versatile responsive image slider for WordPress.

200 3 CVEs
Developer Profile

Gallery – Photo Albums Plugin Developer Profile

GhozyLab

11 plugins · 21K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
847 days
View full developer profile
Detection Fingerprints

How We Detect Gallery – Photo Albums Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/easy-media-gallery/includes/css/emg-frontend.css/wp-content/plugins/easy-media-gallery/includes/css/emg-frontend-old.css/wp-content/plugins/easy-media-gallery/includes/css/emg-responsive.css/wp-content/plugins/easy-media-gallery/includes/css/easy-gallery-lightbox.css/wp-content/plugins/easy-media-gallery/includes/js/emg-frontend.js/wp-content/plugins/easy-media-gallery/includes/js/easy-gallery-lightbox.js/wp-content/plugins/easy-media-gallery/includes/js/jquery.mousewheel.min.js/wp-content/plugins/easy-media-gallery/includes/js/jquery.sweet-modal.min.js+4 more
Script Paths
/wp-content/plugins/easy-media-gallery/includes/js/emg-frontend.js/wp-content/plugins/easy-media-gallery/includes/js/easy-gallery-lightbox.js/wp-content/plugins/easy-media-gallery/includes/js/jquery.mousewheel.min.js/wp-content/plugins/easy-media-gallery/includes/js/jquery.sweet-modal.min.js/wp-content/plugins/easy-media-gallery/includes/js/fancybox.umd.js/wp-content/plugins/easy-media-gallery/includes/js/magnific-popup.js+2 more
Version Parameters
/wp-content/plugins/easy-media-gallery/includes/css/emg-frontend.css?ver=/wp-content/plugins/easy-media-gallery/includes/css/emg-frontend-old.css?ver=/wp-content/plugins/easy-media-gallery/includes/css/emg-responsive.css?ver=/wp-content/plugins/easy-media-gallery/includes/css/easy-gallery-lightbox.css?ver=/wp-content/plugins/easy-media-gallery/includes/js/emg-frontend.js?ver=/wp-content/plugins/easy-media-gallery/includes/js/easy-gallery-lightbox.js?ver=/wp-content/plugins/easy-media-gallery/includes/js/jquery.mousewheel.min.js?ver=/wp-content/plugins/easy-media-gallery/includes/js/jquery.sweet-modal.min.js?ver=/wp-content/plugins/easy-media-gallery/includes/js/fancybox.umd.js?ver=/wp-content/plugins/easy-media-gallery/includes/js/magnific-popup.js?ver=/wp-content/plugins/easy-media-gallery/includes/js/lightcase.js?ver=/wp-content/plugins/easy-media-gallery/includes/js/bxslider.js?ver=

HTML / DOM Fingerprints

CSS Classes
emg-gallery-wrapperemg-gallery-containeremg-media-itememg-gallery-item-wrapemg-gallery-lightbox-wrapper
HTML Comments
<!-- EASY MEDIA GALLERY LITE START --><!-- EASY MEDIA GALLERY LITE END --><!-- Easy Media Gallery Lite --><!-- EASY MEDIA GALLERY LITE SHORTCODE START -->+2 more
Data Attributes
data-emg-gallery-iddata-emg-item-iddata-emg-typedata-emg-media-id
JS Globals
easy_media_gallery_optionsemg_varsemg_frontend_params
Shortcode Output
[easy_media_gallery][easy_media_gallery id=[emg][emg_gallery]
FAQ

Frequently Asked Questions about Gallery – Photo Albums Plugin