WP-Safety

Easy Photo Album Security & Risk Analysis

wordpress.org/plugins/easy-photo-album

Easy Photo Album makes it easy for you to create and manage photo albums.

1K active installs v1.3.7 PHP + WP 3.7+ Updated Nov 28, 2017
albumimageslightboxphotosresponsive
84
B · Generally Safe
CVEs total1
Unpatched0
Last CVEApr 10, 2016
Download
Safety Verdict

Is Easy Photo Album Safe to Use in 2026?

Mostly Safe

Score 84/100

Easy Photo Album is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved. Keep it updated.

1 known CVELast CVE: Apr 10, 2016Updated 8yr ago
Risk Assessment

The "easy-photo-album" plugin v1.3.7 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by not making external HTTP requests, using prepared statements for all SQL queries, and implementing nonce and capability checks on its entry points. The static analysis found no critical or high-severity taint flows, and there are no currently unpatched vulnerabilities recorded.

However, several areas raise concerns. A significant weakness is the low percentage (38%) of properly escaped output, indicating a high potential for Cross-Site Scripting (XSS) vulnerabilities. While the static analysis didn't directly identify exploitable XSS due to the lack of taint flows with unsanitized paths, the high number of unescaped outputs presents a substantial risk. The plugin also bundles the TinyMCE library, which could be an outdated or vulnerable component if not properly managed.

The vulnerability history shows one previously recorded high-severity CVE related to "Exposure of Sensitive Information to an Unauthorized Actor." Although this vulnerability is patched and the last one was in 2016, it highlights a past weakness in the plugin's security that warrants attention. Coupled with the unescaped output issue, the plugin requires careful scrutiny and potentially further updates to ensure its ongoing security.

Key Concerns

  • Low percentage of properly escaped output
  • Bundled library (TinyMCE)
  • Past high severity vulnerability
Vulnerabilities
1

Easy Photo Album Security Vulnerabilities

CVEs by Year

1 CVE in 2016
2016
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

WF-40e09aec-48af-4bf9-9254-b34bad7008c3-easy-photo-albumhigh · 7.5Exposure of Sensitive Information to an Unauthorized Actor

Easy Photo Album <= 1.1.5 - Sensitive Information Disclosure

Apr 10, 2016 Patched in 1.1.6 (2844d)
Code Analysis
Analyzed Mar 16, 2026

Easy Photo Album Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
29
18 escaped
Nonce Checks
1
Capability Checks
4
File Operations
2
External Requests
0
Bundled Libraries
1

Bundled Libraries

TinyMCE

Output Escaping

38% escaped47 total outputs
Attack Surface

Easy Photo Album Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 1

authwp_ajax_epa_get_albumsEPA_Insert_Album.php:39

Shortcodes 1

[epa-album] EPA_Insert_Album.php:33
WordPress Hooks 39
actionupdate_option_EasyPhotoAlbumeasy-photo-album.php:124
actionadd_option_EasyPhotoAlbumeasy-photo-album.php:129
actionadmin_initEPA_Admin.php:28
actionadmin_menuEPA_Admin.php:32
actionnetwork_admin_menuEPA_Admin.php:36
actionadmin_headEPA_Admin.php:40
actionactivated_pluginEPA_Admin.php:44
actionadmin_enqueue_scriptsEPA_Admin.php:48
actionadmin_headEPA_Help.php:12
actioninitEPA_Insert_Album.php:17
actionafter_wp_tiny_mceEPA_Insert_Album.php:22
filtermce_external_languagesEPA_Insert_Album.php:28
filtermce_buttonsEPA_Insert_Album.php:51
filtermce_external_pluginsEPA_Insert_Album.php:55
actionadmin_footerEPA_List_Table.php:26
actioninitEPA_PostType.php:21
actioninitEPA_PostType.php:25
actionadmin_headEPA_PostType.php:29
actionsave_postEPA_PostType.php:33
actionsave_postEPA_PostType.php:37
actionwp_enqueue_scriptsEPA_PostType.php:41
actionwp_restore_post_revisionEPA_PostType.php:45
action_wp_post_revision_fieldsEPA_PostType.php:49
action_wp_post_revision_field_epa-revisionEPA_PostType.php:53
filterthe_contentEPA_PostType.php:60
filterthe_contentEPA_PostType.php:65
filterpost_updated_messagesEPA_PostType.php:69
filterthe_content_more_linkEPA_PostType.php:73
filterthe_excerptEPA_PostType.php:77
filterattachment_fields_to_saveEPA_PostType.php:81
actionpre_get_postsEPA_PostType.php:92
actionsave_postEPA_PostType.php:460
filtergettextEPA_Simple_CPT.php:80
actionadmin_head-post.phpEPA_Simple_CPT.php:83
actionadmin_head-post-new.phpEPA_Simple_CPT.php:84
actionadmin_headEPA_Simple_CPT.php:88
actionadmin_headEPA_Simple_CPT.php:91
actionadmin_headEPA_Simple_CPT.php:94
filterpost_row_actionsEPA_Simple_CPT.php:97
Maintenance & Trust

Easy Photo Album Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33
Last updatedNov 28, 2017
PHP min version
Downloads65K

Community Trust

Rating94/100
Number of ratings15
Active installs1K
Alternatives

Easy Photo Album Alternatives

Responsive Lightbox2

Responsive Lightbox2

responsive-lightbox2

B
84

Add responsive lightbox effect to your images, pop up photos and photo gallery in lightbox

300 2 CVEs
FancyBox for WordPress

FancyBox for WordPress

fancybox-for-wordpress

A
96

Seamlessly integrates FancyBox lightbox into your WordPress blog: Upload, activate, and you're done. Additional configuration optional.

40K 3 CVEs
Lightbox with PhotoSwipe

Lightbox with PhotoSwipe

lightbox-photoswipe

A
100

Integration of PhotoSwipe (http://photoswipe.com) for WordPress.

20K No CVEs
Meow Lightbox

Meow Lightbox

meow-lightbox

A
100

The elegant lightbox built for photographers. Fast, responsive, and displays your photos beautifully with EXIF data and maps. You'll love it! 💕

10K No CVEs
WoowGallery

WoowGallery

woowgallery

A
100

Fastest, easiest to use multifunctional image gallery plugin. Create Featured Posts Gallery, Dynamic Content Gallery, Albums!

1K No CVEs
Developer Profile

Easy Photo Album Developer Profile

TV productions

1 plugin · 1K total installs

68
trust score
Avg Security Score
84/100
Avg Patch Time
2844 days
View full developer profile
Detection Fingerprints

How We Detect Easy Photo Album

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/easy-photo-album/css/admin.css/wp-content/plugins/easy-photo-album/css/custom.css/wp-content/plugins/easy-photo-album/css/easy-photo-album.css/wp-content/plugins/easy-photo-album/js/jquery.bxSlider.min.js/wp-content/plugins/easy-photo-album/js/jquery.easing.1.3.js/wp-content/plugins/easy-photo-album/js/jquery.fancybox.pack.js/wp-content/plugins/easy-photo-album/js/jquery.mousewheel-3.0.6.pack.js/wp-content/plugins/easy-photo-album/js/jquery.scrollpane.min.js+5 more
Version Parameters
/wp-content/plugins/easy-photo-album/css/admin.css?ver=/wp-content/plugins/easy-photo-album/css/custom.css?ver=/wp-content/plugins/easy-photo-album/css/easy-photo-album.css?ver=/wp-content/plugins/easy-photo-album/js/jquery.bxSlider.min.js?ver=/wp-content/plugins/easy-photo-album/js/jquery.easing.1.3.js?ver=/wp-content/plugins/easy-photo-album/js/jquery.fancybox.pack.js?ver=/wp-content/plugins/easy-photo-album/js/jquery.mousewheel-3.0.6.pack.js?ver=/wp-content/plugins/easy-photo-album/js/jquery.scrollpane.min.js?ver=/wp-content/plugins/easy-photo-album/js/jquery.scrollTo-1.4.2-min.js?ver=/wp-content/plugins/easy-photo-album/js/jquery.showLoading.min.js?ver=/wp-content/plugins/easy-photo-album/js/jquery.validate.min.js?ver=/wp-content/plugins/easy-photo-album/js/jquery.prettyPhoto.js?ver=/wp-content/plugins/easy-photo-album/js/easy-photo-album.js?ver=

HTML / DOM Fingerprints

CSS Classes
epa-gallery-thumbepa-fancyboxepa-gallery-itemepa-albums-navepa-albums-nav-link
HTML Comments
<!-- BEGIN Easy Photo Album --><!-- END Easy Photo Album --><!-- Begin Gallery --><!-- End Gallery -->
Data Attributes
data-fancybox-groupdata-photoiddata-albumid
JS Globals
EPA
Shortcode Output
[easy-photo-album]
FAQ

Frequently Asked Questions about Easy Photo Album