Does Event Stream Gallery have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Event Stream Gallery compatible with WordPress 4.7.33?

According to WordPress.org data, Event Stream Gallery 1.0.9 has been tested up to WordPress 4.7.33. Check the plugin's changelog for the latest compatibility information.

How often is Event Stream Gallery updated?

Event Stream Gallery was last updated on May 17, 2017. Frequent updates are generally a positive security signal.

What is Event Stream Gallery's security score?

Event Stream Gallery has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Event Stream Gallery Security & Risk Analysis

wordpress.org/plugins/event-stream-gallery

Simple plugin to create a gallery. It also allows upload from the front-end.

10 active installs v1.0.9 PHP + WP 3.0+ Updated May 17, 2017

galleryimage-galleryimagesphoto-galleryphotos

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Event Stream Gallery Safe to Use in 2026?

Generally Safe

Score 85/100

Event Stream Gallery has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The "event-stream-gallery" v1.0.9 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for its SQL queries and making no external HTTP requests. The absence of known vulnerabilities and critical taint flows is also a strong indicator of a relatively well-maintained codebase. However, significant concerns arise from the static analysis. A substantial portion of its attack surface, specifically 6 out of 8 entry points (AJAX handlers), lacks authentication checks. This means that any unauthenticated user could potentially interact with these AJAX endpoints, creating a direct pathway for attackers to exploit potential weaknesses. Furthermore, the low percentage of properly escaped output (18%) is a serious red flag, suggesting a high likelihood of cross-site scripting (XSS) vulnerabilities.

Key Concerns

Unprotected AJAX handlers
Low output escaping percentage
No nonce checks on AJAX

Vulnerabilities

None known

Event Stream Gallery Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Event Stream Gallery Release Timeline

v1.0.9Current

v1.0.8

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3

v1.0.2

v1.0.1

Code Analysis

Analyzed Mar 16, 2026

Event Stream Gallery Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

20 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

18% escaped114 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

1 flows

<cpt> (modules\cpt.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

Event Stream Gallery Attack Surface

Entry Points8

Unprotected6

AJAX Handlers 6

authwp_ajax_esg_admin_ajax_add_image_to_gallerymodules\cpt.php:29

noprivwp_ajax_esg_admin_ajax_add_image_to_gallerymodules\cpt.php:30

authwp_ajax_esg_admin_ajax_remove_image_from_gallerymodules\cpt.php:33

noprivwp_ajax_esg_admin_ajax_remove_image_from_gallerymodules\cpt.php:34

authwp_ajax_esg_ajax_uploadmodules\shortcodes.php:7

noprivwp_ajax_esg_ajax_uploadmodules\shortcodes.php:8

Shortcodes 2

[esg_upload] modules\shortcodes.php:14

[esg_gallery] modules\shortcodes.php:15

WordPress Hooks 23

actionafter_switch_themeevent-stream-gallery.php:34

actioninitmodules\admin.php:4

actionadmin_menumodules\admin.php:12

actionadmin_initmodules\admin.php:13

actionadmin_footer-edit.phpmodules\admin.php:14

actionadmin_footer-post.phpmodules\admin.php:15

filtertiny_mce_before_initmodules\admin.php:17

filterget_sample_permalink_htmlmodules\admin.php:18

filterpost_row_actionsmodules\admin.php:19

filterplugin_action_linksmodules\admin.php:80

filterparent_filemodules\admin.php:85

actioninitmodules\asset_loader.php:4

actionwp_enqueue_scriptsmodules\asset_loader.php:14

actionadmin_enqueue_scriptsmodules\asset_loader.php:15

actionwp_print_scriptsmodules\asset_loader.php:132

actioninitmodules\cpt.php:5

actionadmin_initmodules\cpt.php:6

actionesg_action_after_gallery_itemmodules\cpt.php:26

actionadmin_enqueue_scriptsmodules\cpt.php:40

filterpost_updated_messagesmodules\cpt.php:237

actionsave_postmodules\cpt.php:484

actioninitmodules\shortcodes.php:4

filterupload_dirmodules\shortcodes.php:72

Maintenance & Trust

Event Stream Gallery Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.33

Last updatedMay 17, 2017

PHP min version

Downloads2K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

Event Stream Gallery Alternatives

WP iSell Photo

wp-isell-photo

Easily Sell photos, images, digital print etc. using the built-in WordPress gallery feature. Convert your WordPress gallery into a photo store.

50 No CVEs

Bitvolution Image Galleria

bitvolution-image-galleria

This plugin replaces the default Wordpress gallery feature with a more fancy image gallery inspired by the "Galleria" JQuery Image gallery.

10 No CVEs

Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery

nextgen-gallery

The most popular gallery plugin that lets you create galleries and albums in seconds.

400K 38 CVEs

Photo Gallery by 10Web – Mobile-Friendly Image Gallery

photo-gallery

Photo Gallery is a powerful image gallery plugin with a list of advanced options for creating responsive image galleries with beautiful lightbox.

200K 62 CVEs

Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More

envira-gallery-lite

Envira Gallery is a fast, easy and powerful gallery builder with lightbox, masonry and grid layouts, albums, videos, and responsive displays and more

100K 11 CVEs

Developer Profile

Event Stream Gallery Developer Profile

Svetoslav Marinov

28 plugins · 12K total installs

trust score

Avg Security Score

86/100

Avg Patch Time

722 days

View full developer profile

Detection Fingerprints

How We Detect Event Stream Gallery

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/event-stream-gallery/assets/css/main.css/wp-content/plugins/event-stream-gallery/assets/js/main.js/wp-content/plugins/event-stream-gallery/share/jQuery-File-Upload-master/js/vendor/jquery.ui.widget.js/wp-content/plugins/event-stream-gallery/share/jQuery-File-Upload-master/js/jquery.iframe-transport.min.js/wp-content/plugins/event-stream-gallery/share/jQuery-File-Upload-master/js/jquery.fileupload.min.js/wp-content/plugins/event-stream-gallery/share/uikit/uikit.min.js/wp-content/plugins/event-stream-gallery/share/uikit/modal.min.js/wp-content/plugins/event-stream-gallery/share/uikit/lightbox.min.js+4 more

Script Paths

/wp-content/plugins/event-stream-gallery/assets/js/main.js/wp-content/plugins/event-stream-gallery/share/jQuery-File-Upload-master/js/vendor/jquery.ui.widget.js/wp-content/plugins/event-stream-gallery/share/jQuery-File-Upload-master/js/jquery.iframe-transport.min.js/wp-content/plugins/event-stream-gallery/share/jQuery-File-Upload-master/js/jquery.fileupload.min.js/wp-content/plugins/event-stream-gallery/share/uikit/uikit.min.js/wp-content/plugins/event-stream-gallery/share/uikit/modal.min.js+2 more

HTML / DOM Fingerprints

CSS Classes

esg_asset_

JS Globals

esg_asset_loader_objesg_module_adminesg_session

FAQ