Does Flickr Viewer have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Flickr Viewer compatible with WordPress 5.6.17?

According to WordPress.org data, Flickr Viewer 1.1.8 has been tested up to WordPress 5.6.17. Check the plugin's changelog for the latest compatibility information.

How often is Flickr Viewer updated?

Flickr Viewer was last updated on Jan 31, 2021. Frequent updates are generally a positive security signal.

What is Flickr Viewer's security score?

Flickr Viewer has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Flickr Viewer Security & Risk Analysis

wordpress.org/plugins/flickr-viewer

Awesome simple gallery plugin to display your Flickr Photostream, Favourites, Galleries and Albums on your website.

50 active installs v1.1.8 PHP + WP 4.0.1+ Updated Jan 31, 2021

albumflickrgalleryphotosphotostream

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Flickr Viewer Safe to Use in 2026?

Generally Safe

Score 85/100

Flickr Viewer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The flickr-viewer v1.1.8 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices with 100% of its SQL queries utilizing prepared statements and no known vulnerabilities in its history. The static analysis also indicates a relatively small attack surface, with all identified entry points (shortcodes) not explicitly flagged as unprotected in the provided data. However, significant concerns arise from the code signals. The presence of dangerous functions like `unserialize` and `create_function` is a major red flag, as these can lead to code execution vulnerabilities if user-supplied input is not rigorously sanitized. Furthermore, a low percentage (13%) of properly escaped output suggests a high risk of Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts could be injected and executed in the user's browser. The taint analysis, while showing no critical or high severity flows, does reveal that 100% of the analyzed flows involve unsanitized paths, which is concerning and warrants further investigation. The absence of nonce checks and capability checks is also a weakness, especially when combined with the use of dangerous functions.

Key Concerns

Dangerous functions identified (unserialize, create_function)
Low percentage of properly escaped output (13%)
All taint flows involve unsanitized paths
Missing nonce checks
Missing capability checks

Vulnerabilities

None known

Flickr Viewer Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Flickr Viewer Release Timeline

v1.1.8Current

v1.1.7

v1.1.6

v1.1.5

v1.1.4

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.0

v0.1

Code Analysis

Analyzed Apr 16, 2026

Flickr Viewer Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

131

20 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$this->parsed_response = $this->clean_text_nodes(unserialize($this->response));includes/api-libs/phpFlickr/phpFlickr.php:164

unserializereturn unserialize($this->memcache->get($reqhash));includes/api-libs/tbPhpFlickr/CacheManager.php:148

unserialize$this->parsed_response = $this->clean_text_nodes(unserialize($this->response));includes/api-libs/tbPhpFlickr/phpFlickr.php:164

unserialize$this->parsed_response = $this->clean_text_nodes(unserialize($this->response));includes/api-libs/tbPhpFlickr/tbPhpFlickr.php:97

unserializereturn unserialize(file_get_contents('http://phpflickr.com/geodata/?format=php&lat=' . $lat . '&lon=includes/api-libs/tbPhpFlickr/tbPhpFlickr.php:214

create_functionadd_action( 'widgets_init', create_function( '', 'return register_widget( "Widget_DisplayAlbums" );'widgets/widget-init.php:27

SQL Query Safety

100% prepared1 total queries

Output Escaping

13% escaped151 total outputs

Data Flows · Security

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

section_text (admin/class-cws-flickr-gallery-pro-admin.php:1297)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Flickr Viewer Attack Surface

Entry Points5

Unprotected0

Shortcodes 5

[cws_fgp_photoset] admin/class-cws-flickr-gallery-pro-admin.php:123

[cws_fgp_photostream] shortcodes/shortcode-init.php:33

[cws_fgp_favourites] shortcodes/shortcode-init.php:35

[cws_fgp_galleries] shortcodes/shortcode-init.php:36

[cws_fgp_albums] shortcodes/shortcode-init.php:37

WordPress Hooks 16

actionadmin_noticesadmin/class-cws-flickr-gallery-pro-admin.php:1993

actioninitcws-fgp-functions.php:33

filterquery_varscws-fgp-functions.php:63

actionwp_loadedcws-fgp-functions.php:98

actionwp_loadedcws-fgp-functions.php:119

actionwp_enqueue_scriptscws-fgp-functions.php:126

actionplugins_loadedincludes/class-cws-flickr-gallery-pro.php:154

actionadmin_enqueue_scriptsincludes/class-cws-flickr-gallery-pro.php:168

actionadmin_enqueue_scriptsincludes/class-cws-flickr-gallery-pro.php:169

actionadmin_menuincludes/class-cws-flickr-gallery-pro.php:176

actionadmin_menuincludes/class-cws-flickr-gallery-pro.php:179

actionadmin_menuincludes/class-cws-flickr-gallery-pro.php:184

actionadmin_initincludes/class-cws-flickr-gallery-pro.php:188

actionwp_enqueue_scriptsincludes/class-cws-flickr-gallery-pro.php:202

actionwp_enqueue_scriptsincludes/class-cws-flickr-gallery-pro.php:203

actionwidgets_initwidgets/widget-init.php:27

Maintenance & Trust

Flickr Viewer Maintenance & Trust

Maintenance Signals

WordPress version tested5.6.17

Last updatedJan 31, 2021

PHP min version

Downloads9K

Community Trust

Rating86/100

Number of ratings3

Active installs50

Alternatives

Flickr Viewer Alternatives

Flickr Photo Album

tantan-flickr

This Flickr plugin for WordPress will allow you to pull in your Flickr photosets and display them as albums on your WordPress site.

100 No CVEs

Meks Simple Flickr Widget

meks-simple-flickr-widget

Quickly display your Flickr photos inside WordPress widget.

20K No CVEs

Photoswipe Masonry Gallery

photoswipe-masonry

100

PhotoSwipe Masonry takes advantage of the built in gallery features of WordPress. The gallery is built using PhotoSwipe from Dmitry Semenov.

6K 1 CVE

Simple Google Photos Grid

simple-google-photos-grid

Provides a widget and shortcode to display photos from a public Google Photos album in a simple grid.

1K 1 CVE

WoowGallery

woowgallery

100

Fastest, easiest to use multifunctional image gallery plugin. Create Featured Posts Gallery, Dynamic Content Gallery, Albums!

1K No CVEs

Developer Profile

Flickr Viewer Developer Profile

nakunakifi

2 plugins · 60 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Flickr Viewer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/flickr-viewer/css/cws-flickr-gallery-pro-admin.css/wp-content/plugins/flickr-viewer/js/cws-flickr-gallery-pro-admin.js

Script Paths

/wp-content/plugins/flickr-viewer/js/cws-flickr-gallery-pro-admin.js

Version Parameters

cws-flickr-gallery-pro-admin.css?ver=cws-flickr-gallery-pro-admin.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-plugin-name="CWS_Flickr_Gallery_Pro"

Shortcode Output

[cws_fgp_photoset[flickr_viewer

FAQ