Does Fancy Image Show have any unpatched vulnerabilities?

No. All known vulnerabilities in Fancy Image Show have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Fancy Image Show compatible with WordPress 6.4.8?

According to WordPress.org data, Fancy Image Show 9.1 has been tested up to WordPress 6.4.8. Check the plugin's changelog for the latest compatibility information.

How often is Fancy Image Show updated?

Fancy Image Show was last updated on Oct 29, 2023. Frequent updates are generally a positive security signal.

What is Fancy Image Show's security score?

Fancy Image Show has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Fancy Image Show Security & Risk Analysis

wordpress.org/plugins/fancy-image-show

This is a simple image rotation plugin. The image rotation happens with five different fancy effects, so it is named fancy image show.

90 active installs v9.1 PHP + WP 5.8+ Updated Oct 29, 2023

fancyimagesslideshow

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Fancy Image Show Safe to Use in 2026?

Generally Safe

Score 85/100

Fancy Image Show has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The "fancy-image-show" v9.1 plugin exhibits a generally positive security posture with some areas for concern. Its attack surface is minimal, with only one shortcode and no unprotected entry points identified. The code employs prepared statements for the vast majority of its SQL queries, which is a strong indicator of good database security practices. Furthermore, the absence of known CVEs and historical vulnerabilities suggests a well-maintained and secure codebase. However, a significant area for improvement lies in output escaping, with only 42% of outputs being properly escaped. This indicates a potential risk of Cross-Site Scripting (XSS) vulnerabilities, especially if user-supplied data is involved in these unescaped outputs. The presence of two taint flows with unsanitized paths, although not rated critical or high severity, warrants attention as it suggests potential pathways for malicious input to reach sensitive functions without proper sanitization.

Key Concerns

Low output escaping rate
Taint flows with unsanitized paths

Vulnerabilities

None known

Fancy Image Show Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Fancy Image Show Code Analysis

Dangerous Functions

Raw SQL Queries

19 prepared

Unescaped Output

22 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

95% prepared20 total queries

Output Escaping

42% escaped52 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths

FancyImg_control (fancy-image-show.php:231)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Fancy Image Show Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[fancy-img-show] fancy-image-show.php:315

WordPress Hooks 4

actionadmin_menufancy-image-show.php:204

actionplugins_loadedfancy-image-show.php:314

actionwp_enqueue_scriptsfancy-image-show.php:316

actionadmin_enqueue_scriptsfancy-image-show.php:320

Maintenance & Trust

Fancy Image Show Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8

Last updatedOct 29, 2023

PHP min version

Downloads31K

Community Trust

Rating0/100

Number of ratings0

Active installs90

Alternatives

Fancy Image Show Alternatives

FancyBox for WordPress

fancybox-for-wordpress

Seamlessly integrates FancyBox lightbox into your WordPress blog: Upload, activate, and you're done. Additional configuration optional.

40K 3 CVEs

WP Header Images

wp-header-images

100

A great WordPress plugin which helps you to choose a unique image for each menu page.

6K 1 CVE

FancyBox

fancy-box

Enables fancybox on all image links including BMP, GIF, JPG, JPEG, and PNG links.

4K 1 unpatched

WP-Cycle

wp-cycle

This plugin creates an image slideshow in your theme, using the jQuery Cycle plugin. You can upload/delete images via the administration panel, and di …

3K No CVEs

PhotoSwipe

photo-swipe

A very light implementation of PhotoSwipe javascript plugin for WordPress

1K No CVEs

Developer Profile

Fancy Image Show Developer Profile

gopi_plus

8 plugins · 1K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

1046 days

View full developer profile

Detection Fingerprints

How We Detect Fancy Image Show

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/fancy-image-show/js/fancy-image-show.js

Script Paths

http://www.gopiplus.com/work/2011/11/06/fancy-image-show-wordpress-plugin/

HTML / DOM Fingerprints

Data Attributes

FancyImg_GalleryFancyImg_WidthFancyImg_HeightFancyImg_EffectFancyImg_delayFancyImg_Strips+7 more

JS Globals

FancyImgFancyImgShowFancyImg_installFancyImg_admin_optionsFancyImg_shortcodeFancyImg_deactivation+5 more

Shortcode Output

<script> $j(function() { $j(document).ready(function(){ $j("#GALLERY[0-9]+").FancyImageShow({ width: [0-9]+, height: [0-9]+, effect: '.*', delay: [0-9]+, strips: [0-9]+, stripDelay: [0-9]+ }); }); }); </script>

<div id="GALLERY[0-9]+">.*</div>

FAQ