WP-Safety

EGPS – Easy Sell for Google Photo Security & Risk Analysis

wordpress.org/plugins/egps-easy-sell-for-google-photo

The simpliest way to display and sell your images from your Google Photos account on your WordPress site.

0 active installs v1.0.1 PHP 7.4+ WP 5.6+ Updated Sep 26, 2025
galleryphoto-galleryphotographysell-photoswordpress-gallery-plugin
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is EGPS – Easy Sell for Google Photo Safe to Use in 2026?

Generally Safe

Score 100/100

EGPS – Easy Sell for Google Photo has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago
Risk Assessment

The egps-easy-sell-for-google-photo plugin exhibits a significant security concern due to its extensive, unprotected REST API routes. While the plugin demonstrates good practices in its use of prepared statements for SQL queries and proper output escaping, the complete lack of permission callbacks on all 28 REST API routes presents a substantial attack surface. This means any unauthenticated user could potentially interact with these endpoints, leading to unauthorized actions or data exposure if the functionality behind them is vulnerable.

The static analysis revealed no dangerous functions, no taint flows, and a clean vulnerability history, which are positive indicators. However, the absence of capability checks on the vast majority of entry points, specifically the REST API, is a critical oversight. The presence of nonce checks on only a few points further exacerbates this, as it doesn't cover the most exposed areas. The plugin's clean historical record suggests it hasn't been a target for known vulnerabilities, but this doesn't mitigate the current risks posed by its design.

In conclusion, the plugin has strengths in its database query and output handling, but its security posture is severely undermined by its unprotected REST API. The lack of authorization on these numerous endpoints is the primary risk, outweighing the positive aspects of its code quality in other areas. This necessitates immediate attention to implement proper authentication and authorization checks.

Key Concerns

  • 28 REST API routes without permission callbacks
  • 28 entry points are unprotected
  • Capability checks: 0
  • Nonce checks: 3 (low coverage)
Vulnerabilities
None known

EGPS – Easy Sell for Google Photo Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

EGPS – Easy Sell for Google Photo Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
74 prepared
Unescaped Output
0
248 escaped
Nonce Checks
3
Capability Checks
0
File Operations
26
External Requests
8
Bundled Libraries
0

SQL Query Safety

99% prepared75 total queries

Output Escaping

100% escaped248 total outputs
Attack Surface
28 unprotected

EGPS – Easy Sell for Google Photo Attack Surface

Entry Points28
Unprotected28

REST API Routes 28

GET/wp-json/egps_restget_add_to_cart_buttonscommon\EgpsREST.php:20
GET/wp-json/egps_restget_albumscommon\EgpsREST.php:27
GET/wp-json/egps_restget_albums_order/(?P<order>([a-z])+)common\EgpsREST.php:34
GET/wp-json/egps_restget_tagcloudcommon\EgpsREST.php:48
GET/wp-json/egps_restget_photo_list/(?P<id>([a-zA-Z0-9.-])+)common\EgpsREST.php:55
GET/wp-json/egps_restget_photo_list_order/(?P<id>([a-zA-Z0-9.-])+)/(?P<order>([a-z])+)common\EgpsREST.php:69
GET/wp-json/egps_restget_tagsearch/(?P<tagname>([a-zA-Z0-9.-])+)common\EgpsREST.php:88
GET/wp-json/egps_restget_tagsearch_order/(?P<tagname>([a-zA-Z0-9.-])+)/(?P<order>([a-z])+)common\EgpsREST.php:102
GET/wp-json/egps_restget_camerasearch/(?P<tagname>([a-zA-Z0-9.-])+)common\EgpsREST.php:116
GET/wp-json/egps_restget_camerasearch_order/(?P<tagname>([a-zA-Z0-9.-])+)/(?P<order>([a-z])+)common\EgpsREST.php:131
GET/wp-json/egps_restget_photo_data/(?P<id>\d+)common\EgpsREST.php:146
GET/wp-json/egps_restget_photo_permission/(?P<id>\d+)common\EgpsREST.php:160
GET/wp-json/egps_restget_prices_datacommon\EgpsREST.php:174
GET/wp-json/egps_restget_photo_per_page_datacommon\EgpsREST.php:181
GET/wp-json/egps_restget_firebase_datacommon\EgpsREST.php:188
GET/wp-json/egps_restget_sum_price/(?P<email>\S+)common\EgpsREST.php:195
GET/wp-json/egps_restegps_send_email_reg/(?P<email>\S+)common\EgpsREST.php:209
GET/wp-json/egps_restget_client_photos/(?P<email>\S+)common\EgpsREST.php:223
GET/wp-json/egps_restget_client_invoices/(?P<email>\S+)common\EgpsREST.php:237
GET/wp-json/egps_restget_photo_production/(?P<email>\S+)/(?P<id>\S+)common\EgpsREST.php:251
GET/wp-json/egps_restinc_dwldcount/(?P<email>\S+)/(?P<id>\S+)common\EgpsREST.php:270
GET/wp-json/egps_restget_order_details/(?P<email>\S+)/(?P<id>\S+)common\EgpsREST.php:289
GET/wp-json/egps_restegps_save_order/(?P<email>\S+)/(?P<id>\S+)common\EgpsREST.php:308
GET/wp-json/egps_restegps_empty_cart_db/(?P<email>\S+)common\EgpsREST.php:327
GET/wp-json/egps_restegps_save_cart_to_db/(?P<email>\S+)/(?P<text>\S+)/(?P<items>\S+)common\EgpsREST.php:341
GET/wp-json/egps_restegps_get_pp_clientidcommon\EgpsREST.php:365
POST/wp-json/egps_restupdate_egps_lickeycommon\EgpsREST.php:379
POST/wp-json/egps_restupdate_egps_photometacommon\EgpsREST.php:393
WordPress Hooks 13
actioninitadmin\Initialize.php:16
filtercron_schedulesadmin\Initialize.php:28
actionegps_schedule_timeadmin\Initialize.php:50
actionadmin_enqueue_scriptsadmin\Initialize.php:131
actionadmin_menuadmin\Initialize.php:591
filtertheme_page_templatesadmin\Initialize.php:616
filtertemplate_includeadmin\Initialize.php:629
actioninitadmin\Initialize.php:674
filterquery_varsadmin\Initialize.php:683
filtertheme_page_templatescommon\EgpsCreatePages.php:33
filtertemplate_includecommon\EgpsCreatePages.php:34
filterwp_nav_menu_itemscommon\EgpsCreatePages.php:36
actionrest_api_initcommon\EgpsREST.php:14

Scheduled Events 1

egps_schedule_time
Maintenance & Trust

EGPS – Easy Sell for Google Photo Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8
Last updatedSep 26, 2025
PHP min version7.4
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

EGPS – Easy Sell for Google Photo Alternatives

WP iSell Photo

WP iSell Photo

wp-isell-photo

A
100

Easily Sell photos, images, digital print etc. using the built-in WordPress gallery feature. Convert your WordPress gallery into a photo store.

50 No CVEs
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery

Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery

nextgen-gallery

B
76

The most popular gallery plugin that lets you create galleries and albums in seconds.

400K 37 CVEs
Photo Gallery by 10Web – Mobile-Friendly Image Gallery

Photo Gallery by 10Web – Mobile-Friendly Image Gallery

photo-gallery

D
39

Photo Gallery is a powerful image gallery plugin with a list of advanced options for creating responsive image galleries with beautiful lightbox.

200K 1 unpatched
Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More

Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More

envira-gallery-lite

A
95

Envira Gallery is a fast, easy and powerful gallery builder with lightbox, masonry and grid layouts, albums, videos, and responsive displays and more

100K 10 CVEs
Robo Gallery – Photo & Image Slider

Robo Gallery – Photo & Image Slider

robo-gallery

A
87

Robo Gallery is a powerful image gallery and photo gallery plugin with advanced features to create responsive galleries with a beautiful lightbox

40K 17 CVEs
Developer Profile

EGPS – Easy Sell for Google Photo Developer Profile

feldkaresz

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect EGPS – Easy Sell for Google Photo

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/egps-easy-sell-for-google-photo/css/egps_admin.css/wp-content/plugins/egps-easy-sell-for-google-photo/libs/bootstrap/bootstrap.css/wp-content/plugins/egps-easy-sell-for-google-photo/libs/bootstrap/bootstrap.js/wp-content/plugins/egps-easy-sell-for-google-photo/js/functions.js/wp-content/plugins/egps-easy-sell-for-google-photo/frontend/build/static/css/egps_allinonefile.css/wp-content/plugins/egps-easy-sell-for-google-photo/frontend/build/static/js/egps_allinonefile.js/wp-content/plugins/egps-easy-sell-for-google-photo/libs/bootstrap/bootstrap.min.css/wp-content/plugins/egps-easy-sell-for-google-photo/libs/bootstrap/bootstrap.min.js+2 more
Script Paths
/wp-content/plugins/egps-easy-sell-for-google-photo/libs/bootstrap/bootstrap.js/wp-content/plugins/egps-easy-sell-for-google-photo/js/functions.js/wp-content/plugins/egps-easy-sell-for-google-photo/frontend/build/static/js/egps_allinonefile.js/wp-content/plugins/egps-easy-sell-for-google-photo/libs/bootstrap/bootstrap.min.js/wp-content/plugins/egps-easy-sell-for-google-photo/libs/js/egps_frontend.js
Version Parameters
egps-easy-sell-for-google-photo/css/egps_admin.css?ver=egps-easy-sell-for-google-photo/libs/bootstrap/bootstrap.css?ver=egps-easy-sell-for-google-photo/libs/bootstrap/bootstrap.js?ver=egps-easy-sell-for-google-photo/js/functions.js?ver=egps-easy-sell-for-google-photo/frontend/build/static/css/egps_allinonefile.css?ver=egps-easy-sell-for-google-photo/frontend/build/static/js/egps_allinonefile.js?ver=egps-easy-sell-for-google-photo/libs/bootstrap/bootstrap.min.css?ver=egps-easy-sell-for-google-photo/libs/bootstrap/bootstrap.min.js?ver=egps-easy-sell-for-google-photo/libs/js/egps_frontend.js?ver=egps-easy-sell-for-google-photo/libs/css/egps_frontend.css?ver=

HTML / DOM Fingerprints

Data Attributes
egps_settings_options_google
FAQ

Frequently Asked Questions about EGPS – Easy Sell for Google Photo