Does Fusion Page Builder : Extension – Gallery have any unpatched vulnerabilities?

No. All known vulnerabilities in Fusion Page Builder : Extension – Gallery have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Fusion Page Builder : Extension – Gallery compatible with WordPress 6.8.5?

According to WordPress.org data, Fusion Page Builder : Extension – Gallery 1.7.7 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Fusion Page Builder : Extension – Gallery updated?

Fusion Page Builder : Extension – Gallery was last updated on Sep 11, 2025. Frequent updates are generally a positive security signal.

What is Fusion Page Builder : Extension – Gallery's security score?

Fusion Page Builder : Extension – Gallery has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Fusion Page Builder : Extension – Gallery Security & Risk Analysis

wordpress.org/plugins/fusion-extension-gallery

Extend Fusion with a Gallery Element.

600 active installs v1.7.7 PHP + WP 3.9+ Updated Sep 11, 2025

adminbuildercustomlayout-builderpage-builder

A · Safe

CVEs total1

Unpatched0

Last CVESep 22, 2025

Plugin page Download

Safety Verdict

Is Fusion Page Builder : Extension – Gallery Safe to Use in 2026?

Generally Safe

Score 99/100

Fusion Page Builder : Extension – Gallery has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Sep 22, 2025Updated 6mo ago

Risk Assessment

The "fusion-extension-gallery" plugin v1.7.7 exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries and having no file operations or external HTTP requests. The output escaping is also at a respectable 84%, and it correctly implements nonce and capability checks on some entry points.

However, there are significant concerns. The plugin exposes two AJAX handlers without any authentication checks, creating a direct attack vector. While taint analysis shows no critical or high severity flows, one unsanitized path was identified, which could potentially lead to vulnerabilities if exploited in conjunction with other weaknesses.

The vulnerability history reveals one past CVE, specifically Cross-site Scripting, which is a common and potentially severe type of vulnerability. While this CVE is currently patched, its existence indicates a past susceptibility that users should be aware of. The plugin's static analysis shows a moderate attack surface with a couple of unprotected entry points. Coupled with the high percentage of properly escaped outputs, the past XSS vulnerability might be addressed, but the unprotected AJAX handlers remain a clear and present risk.

Key Concerns

Unprotected AJAX handlers
Taint flow with unsanitized path
Past XSS vulnerability history

Vulnerabilities

Fusion Page Builder : Extension – Gallery Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-58965medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Fusion Page Builder : Extension - Gallery <= 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 22, 2025 Patched in 1.7.7 (5d)

Code Analysis

Analyzed Mar 16, 2026

Fusion Page Builder : Extension – Gallery Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

111 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

84% escaped132 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

fsn_get_gallery_image (includes\extensions\gallery.php:1096)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Fusion Page Builder : Extension – Gallery Attack Surface

Entry Points6

Unprotected2

AJAX Handlers 4

authwp_ajax_gallery_load_layoutincludes\extensions\gallery.php:25

authwp_ajax_gallery_add_itemincludes\extensions\gallery.php:40

noprivwp_ajax_gallery-lazy-loadincludes\extensions\gallery.php:1093

authwp_ajax_gallery-lazy-loadincludes\extensions\gallery.php:1094

Shortcodes 2

[fsn_gallery] includes\extensions\gallery.php:22

[fsn_gallery_item] includes\extensions\gallery.php:37

WordPress Hooks 15

actionplugins_loadedfusion-extension-gallery.php:30

actionadmin_enqueue_scriptsfusion-extension-gallery.php:33

actionwp_enqueue_scriptsfusion-extension-gallery.php:36

filterfsn_selectable_image_sizesfusion-extension-gallery.php:39

actionwp_footerfusion-extension-gallery.php:42

actionfsn_style_appendincludes\classes\masthead-styles.php:27

filterfsn_input_typesincludes\extensions\gallery.php:19

filterfsn_element_paramsincludes\extensions\gallery.php:28

actioninitincludes\extensions\gallery.php:31

actionwp_footerincludes\extensions\gallery.php:34

filterfsn_admin_shortcode_content_outputincludes\extensions\gallery.php:43

filterfsn_clean_shortcodesincludes\extensions\gallery.php:46

filteradd_gallery_layoutincludes\extensions\gallery.php:49

filteradd_gallery_layoutincludes\extensions\gallery.php:52

filteradd_gallery_layoutincludes\extensions\gallery.php:55

Maintenance & Trust

Fusion Page Builder : Extension – Gallery Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedSep 11, 2025

PHP min version

Downloads28K

Community Trust

Rating100/100

Number of ratings2

Active installs600

Alternatives

Fusion Page Builder : Extension – Gallery Alternatives

Fusion Page Builder

fusion

Fusion. The forever free, natively powerful, beautifully flexible, and easily expandable page builder for Wordpress.

3K 1 unpatched

Fusion Page Builder : Extension – Image

fusion-extension-image

Extend Fusion with an Image Element.

500 No CVEs

Fusion Page Builder : Extension – Button

fusion-extension-button

Extend Fusion with a Button Element.

400 No CVEs

Fusion Page Builder : Extension – Contact Form

fusion-extension-contact-form

Extend Fusion with a Contact Form Element.

300 No CVEs

Fusion Page Builder : Extension – Divider

fusion-extension-divider

Extend Fusion with a Divider Element.

300 No CVEs

Developer Profile

Fusion Page Builder : Extension – Gallery Developer Profile

Agency Dominion Inc.

14 plugins · 7K total installs

trust score

Avg Security Score

86/100

Avg Patch Time

34 days

View full developer profile

Detection Fingerprints

How We Detect Fusion Page Builder : Extension – Gallery

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/fusion-extension-gallery/includes/css/fusion-extension-gallery-admin.css/wp-content/plugins/fusion-extension-gallery/includes/js/fusion-extension-gallery-admin.js/wp-content/plugins/fusion-extension-gallery/includes/utilities/flexslider/flexslider.css/wp-content/plugins/fusion-extension-gallery/includes/utilities/photoswipe/photoswipe.css/wp-content/plugins/fusion-extension-gallery/includes/utilities/photoswipe/default-skin/default-skin.css/wp-content/plugins/fusion-extension-gallery/includes/utilities/video-js/video-js.min.css/wp-content/plugins/fusion-extension-gallery/includes/css/fusion-extension-gallery.css

Script Paths

/wp-content/plugins/fusion-extension-gallery/includes/js/fusion-extension-gallery-admin.js/wp-content/plugins/fusion-extension-gallery/includes/utilities/flexslider/jquery.flexslider-min.js/wp-content/plugins/fusion-extension-gallery/includes/utilities/photoswipe/photoswipe.min.js/wp-content/plugins/fusion-extension-gallery/includes/utilities/photoswipe/photoswipe-ui-default.min.js/wp-content/plugins/fusion-extension-gallery/includes/utilities/video-js/video.js/wp-content/plugins/fusion-extension-gallery/includes/js/fusion-extension-gallery.js

Version Parameters

fusion-extension-gallery/includes/css/fusion-extension-gallery-admin.css?ver=fusion-extension-gallery/includes/js/fusion-extension-gallery-admin.js?ver=fusion-extension-gallery/includes/utilities/flexslider/flexslider.css?ver=fusion-extension-gallery/includes/utilities/photoswipe/photoswipe.css?ver=fusion-extension-gallery/includes/utilities/photoswipe/default-skin/default-skin.css?ver=fusion-extension-gallery/includes/utilities/video-js/video-js.min.css?ver=fusion-extension-gallery/includes/css/fusion-extension-gallery.css?ver=fusion-extension-gallery/includes/utilities/flexslider/jquery.flexslider-min.js?ver=fusion-extension-gallery/includes/utilities/photoswipe/photoswipe.min.js?ver=fusion-extension-gallery/includes/utilities/photoswipe/photoswipe-ui-default.min.js?ver=fusion-extension-gallery/includes/utilities/video-js/video.js?ver=fusion-extension-gallery/includes/js/fusion-extension-gallery.js?ver=

HTML / DOM Fingerprints

CSS Classes

pswppswp__bgpswp__scroll-wrappswp__containerpswp__itempswp__uipswp__ui--hiddenpswp__top-bar+18 more

HTML Comments

Data Attributes

tabindex="-1"role="dialog"aria-hidden="true"class="pswp"class="pswp__bg"class="pswp__scroll-wrap"+25 more

JS Globals

fsnExtGalleryJSfsnExtGalleryL10nfsnGalleryExtAjax

FAQ