Does Gallery Box have any unpatched vulnerabilities?

No. All known vulnerabilities in Gallery Box have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Gallery Box compatible with WordPress 6.8.5?

According to WordPress.org data, Gallery Box 1.7.38 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Gallery Box compatible with PHP 7.4+?

Gallery Box requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Gallery Box updated?

Gallery Box was last updated on Apr 19, 2025. Frequent updates are generally a positive security signal.

What is Gallery Box's security score?

Gallery Box has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Gallery Box Security & Risk Analysis

wordpress.org/plugins/gallery-box

You can create awesome image, portfolio, audio, video and i-frame gellery with lots of effects By this plugin.

1K active installs v1.7.38 PHP 7.4+ WP 5.0+ Updated Apr 19, 2025

galleryiframe-galleryimage-galleryportfolio-galleryyoutube-gallery

A · Safe

CVEs total1

Unpatched0

Last CVEDec 16, 2022

Plugin page Download

Safety Verdict

Is Gallery Box Safe to Use in 2026?

Generally Safe

Score 100/100

Gallery Box has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 16, 2022Updated 11mo ago

Risk Assessment

The gallery-box plugin exhibits a generally good security posture, with a significant number of entry points well-protected by nonce and capability checks. The code analysis shows excellent adherence to secure coding practices, including 100% prepared statement usage for SQL queries and a very high percentage of properly escaped output. The absence of critical or high severity taint flows is also a positive indicator. However, the presence of the `unserialize` function, while not currently exploited according to the taint analysis, represents a potential risk if not handled with extreme care, as it can lead to object injection vulnerabilities if fed untrusted data. The plugin also has a history of a medium severity vulnerability related to missing authorization, which was patched. While there are no currently unpatched CVEs, this past vulnerability highlights the importance of continued vigilance regarding authorization checks.

Key Concerns

Dangerous function 'unserialize' present
Past medium severity vulnerability (Missing Authorization)

Vulnerabilities

Gallery Box Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

WF-84003388-c47c-41db-8d2d-4643aa375a89-gallery-boxmedium · 4.3Missing Authorization

Appsero <= 1.2.1 - Missing Authorization

Dec 16, 2022 Patched in 1.7.31 (699d)

Code Analysis

Analyzed Mar 16, 2026

Gallery Box Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1046 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$vimg_default = unserialize(file_get_contents('http://vimeo.com/api/v2/video/'.$vimeo_id.'.php', falincludes\all-gallery\vimeo-gallery\vimeo-gallery.php:103

Bundled Libraries

TinyMCESelect2

Output Escaping

94% escaped1112 total outputs

Attack Surface

Gallery Box Attack Surface

Entry Points6

Unprotected0

AJAX Handlers 2

authwp_ajax_cmb2_oembed_handleradmin\src\CMB2\includes\CMB2_Ajax.php:51

noprivwp_ajax_cmb2_oembed_handleradmin\src\CMB2\includes\CMB2_Ajax.php:52

Shortcodes 4

[GalleryBox] includes\gallerybox-shortcode.php:128

[gallerybox] includes\gallerybox-shortcode.php:129

[gbox_youtube] includes\other-shortcode.php:23

[gbox_vimeo] includes\other-shortcode.php:39

WordPress Hooks 104

filtermce_external_pluginsadmin\add-button-tinymce.php:20

filtermce_buttonsadmin\add-button-tinymce.php:21

actionadmin_headadmin\add-button-tinymce.php:24

actioncmb2_admin_initadmin\gallerybox-meta.php:1486

actionadmin_initadmin\gallerybox-options.php:19

actionadmin_menuadmin\gallerybox-options.php:20

actioninitadmin\gallerybox-post-type.php:59

filterpost_updated_messagesadmin\gallerybox-post-type.php:99

filtermanage_gallery_box_posts_columnsadmin\gallerybox-post-type.php:165

actionmanage_gallery_box_posts_custom_columnadmin\gallerybox-post-type.php:172

actionadmin_initadmin\gallerybox-post-type.php:211

filterenter_title_hereadmin\gallerybox-post-type.php:252

actionadmin_footeradmin\gallerybox-tabjs.php:98

actionafter_plugin_row_wp-gallery-box/gallery-box.phpadmin\gallerybox-tabjs.php:116

actionvc_before_initadmin\gallerybox-visual-composer.php:38

actionadmin_enqueue_scriptsadmin\src\class.settings-api.php:22

filterwp_prepare_attachment_for_jsadmin\src\CMB2\includes\CMB2.php:1572

actionadmin_enqueue_scriptsadmin\src\CMB2\includes\CMB2.php:1589

actioncmb2_save_options-page_fieldsadmin\src\CMB2\includes\CMB2_Ajax.php:54

filterget_post_metadataadmin\src\CMB2\includes\CMB2_Ajax.php:147

filterupdate_post_metadataadmin\src\CMB2\includes\CMB2_Ajax.php:150

filtercmb2_show_onadmin\src\CMB2\includes\CMB2_Hookup.php:79

actionedit_form_topadmin\src\CMB2\includes\CMB2_Hookup.php:118

actionedit_form_before_permalinkadmin\src\CMB2\includes\CMB2_Hookup.php:122

actionedit_form_after_titleadmin\src\CMB2\includes\CMB2_Hookup.php:126

actionedit_form_after_editoradmin\src\CMB2\includes\CMB2_Hookup.php:130

actionadd_meta_boxesadmin\src\CMB2\includes\CMB2_Hookup.php:134

actionadd_meta_boxesadmin\src\CMB2\includes\CMB2_Hookup.php:137

actionadd_attachmentadmin\src\CMB2\includes\CMB2_Hookup.php:138

actionedit_attachmentadmin\src\CMB2\includes\CMB2_Hookup.php:139

actionsave_postadmin\src\CMB2\includes\CMB2_Hookup.php:140

actionpre_get_postsadmin\src\CMB2\includes\CMB2_Hookup.php:147

actionadd_meta_boxes_commentadmin\src\CMB2\includes\CMB2_Hookup.php:155

actionedit_commentadmin\src\CMB2\includes\CMB2_Hookup.php:156

filtermanage_edit-comments_columnsadmin\src\CMB2\includes\CMB2_Hookup.php:159

actionmanage_comments_custom_columnadmin\src\CMB2\includes\CMB2_Hookup.php:160

filtermanage_edit-comments_sortable_columnsadmin\src\CMB2\includes\CMB2_Hookup.php:161

actionpre_get_postsadmin\src\CMB2\includes\CMB2_Hookup.php:162

actionshow_user_profileadmin\src\CMB2\includes\CMB2_Hookup.php:171

actionedit_user_profileadmin\src\CMB2\includes\CMB2_Hookup.php:172

actionuser_new_formadmin\src\CMB2\includes\CMB2_Hookup.php:173

actionpersonal_options_updateadmin\src\CMB2\includes\CMB2_Hookup.php:175

actionedit_user_profile_updateadmin\src\CMB2\includes\CMB2_Hookup.php:176

actionuser_registeradmin\src\CMB2\includes\CMB2_Hookup.php:177

filtermanage_users_columnsadmin\src\CMB2\includes\CMB2_Hookup.php:180

filtermanage_users_custom_columnadmin\src\CMB2\includes\CMB2_Hookup.php:181

filtermanage_users_sortable_columnsadmin\src\CMB2\includes\CMB2_Hookup.php:182

actionpre_get_postsadmin\src\CMB2\includes\CMB2_Hookup.php:183

actionpre_get_postsadmin\src\CMB2\includes\CMB2_Hookup.php:229

actioncreated_termadmin\src\CMB2\includes\CMB2_Hookup.php:233

actionedited_termsadmin\src\CMB2\includes\CMB2_Hookup.php:234

actiondelete_termadmin\src\CMB2\includes\CMB2_Hookup.php:235

actioncmb2_do_oembedadmin\src\CMB2\includes\helper-functions.php:131

filteris_protected_metaadmin\src\CMB2\includes\rest-api\CMB2_REST.php:144

actioninitadmin\src\CMB2\init.php:113

actioncmb2_render_radio_imageadmin\src\cmb2-radio-image.php:21

filtercmb2_list_input_attributesadmin\src\cmb2-radio-image.php:22

actionadmin_headadmin\src\cmb2-radio-image.php:23

filtercmb2_render_pw_selectadmin\src\cmb2-select2\select2.php:20

filtercmb2_render_pw_multiselectadmin\src\cmb2-select2\select2.php:21

filtercmb2_sanitize_pw_multiselectadmin\src\cmb2-select2\select2.php:22

filtercmb2_types_esc_pw_multiselectadmin\src\cmb2-select2\select2.php:23

filtercmb2_repeat_table_row_typesadmin\src\cmb2-select2\select2.php:24

filtercmb2_render_own_slideradmin\src\cmb2-slider\slider-field.php:14

actioncmb2_render_switchadmin\src\cmb2-switch-button.php:18

actionadmin_headadmin\src\cmb2-switch-button.php:19

actioncmb2_before_formadmin\src\cmb2-tabs\cmb2-tabs.php:119

actioncmb2_after_formadmin\src\cmb2-tabs\cmb2-tabs.php:120

actioncmb2_before_formadmin\src\cmb2-tabs\cmb2-tabs.php:122

actioncmb2_after_formadmin\src\cmb2-tabs\cmb2-tabs.php:123

filtercmb2_wrap_classesadmin\src\cmb2-tabs\cmb2-tabs.php:125

filtercmb_output_html_rowadmin\src\cmb2-tabs\cmb2-tabs.php:126

actioncmb2_admin_initadmin\src\cmb2-tabs\example-functions.php:34

actionwp_enqueue_scriptsgallery-box.php:104

actionadmin_enqueue_scriptsgallery-box.php:126

actionplugins_loadedgallery-box.php:169

actionplugins_loadedgallery-box.php:185

actionelementor/widgets/registergallery-box.php:209

actiongbox_advance_img_scriptincludes\all-gallery\advance-image\advance-image-script.php:35

actiongbox_advance_masonry_loadmore_activeincludes\all-gallery\advance-image\advance-image-script.php:125

actiongbox_advance_img_styleincludes\all-gallery\advance-image\advance-image-style.php:129

actiongallery_box_imageincludes\all-gallery\advance-image\image-gallery.php:227

actiongbox_lightbox_activeincludes\all-gallery\gbox-global-hook.php:37

actiongallery_box_iframeincludes\all-gallery\iframe-gallery\iframe-gallery.php:103

actiongbox_iframe_scriptincludes\all-gallery\iframe-gallery\iframe-script.php:34

actiongbox_iframe_masonry_loadmore_activeincludes\all-gallery\iframe-gallery\iframe-script.php:125

actiongbox_iframe_styleincludes\all-gallery\iframe-gallery\iframe-style.php:137

actiongallery_box_portfolioincludes\all-gallery\portfolio-gallery\portfolio-gallery.php:160

actiongbox_portfoli_scriptincludes\all-gallery\portfolio-gallery\portfolio-script.php:36

actiongbox_portfolio_masonry_loadmore_activeincludes\all-gallery\portfolio-gallery\portfolio-script.php:126

actiongbox_portfolio_styleincludes\all-gallery\portfolio-gallery\portfolio-style.php:128

actiongbox_simple_img_scriptincludes\all-gallery\simple-image\simple-gallery-script.php:46

actiongbox_simple_img_carouselincludes\all-gallery\simple-image\simple-gallery-script.php:99

actiongbox_masonry_loadmore_activeincludes\all-gallery\simple-image\simple-gallery-script.php:187

actiongbox_simple_img_styleincludes\all-gallery\simple-image\simple-gallery-style.php:101

actiongallery_box_simple_imageincludes\all-gallery\simple-image\simple-img-gallery.php:139

actiongallery_box_vimeoincludes\all-gallery\vimeo-gallery\vimeo-gallery.php:138

actiongbox_vimeo_scriptincludes\all-gallery\vimeo-gallery\vimeo-script.php:34

actiongbox_vimeo_masonry_loadmore_activeincludes\all-gallery\vimeo-gallery\vimeo-script.php:123

actiongbox_vimeo_styleincludes\all-gallery\vimeo-gallery\vimeo-style.php:140

actiongallery_box_youtubeincludes\all-gallery\youtube-gallery\youtube-gallery.php:123

actiongbox_youtube_scriptincludes\all-gallery\youtube-gallery\youtube-script.php:40

actiongbox_youtube_masonry_loadmore_activeincludes\all-gallery\youtube-gallery\youtube-script.php:130

actiongbox_youtube_styleincludes\all-gallery\youtube-gallery\youtube-style.php:141

Maintenance & Trust

Gallery Box Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedApr 19, 2025

PHP min version7.4

Downloads137K

Community Trust

Rating82/100

Number of ratings18

Active installs1K

Alternatives

Gallery Box Alternatives

Video Gallery – YouTube Gallery, Vimeo, Video Portfolio, Image Portfolio and Image Gallery

gallery-videos

Gallery is a user-friendly plugin to display user or hashtag-based gallery feeds as a responsive customizable gallery.

10K 5 CVEs

Photo Gallery for Images

new-photo-gallery

Display photos in responsive grid and lightbox layouts. Build image galleries, portfolios, and video galleries.

2K 1 CVE

Portfolio Responsive Gallery

portfolio-responsive-gallery

Best portfolio and photo gallery plugin to create advanced projects. Showcase powerful catalogs with an unlimited number of images.

200 2 CVEs

Ultimate Portfolio

ultimate-portfolio

100

Build portfolio galleries with category filters, image sliders, and post grids using Gutenberg blocks.

100 No CVEs

DDevs Media Gallery

ddevs-media-gallery

This plugin will add Image, Video gallery items in your WordPress site using shortcodes and custom post.

10 No CVEs

Developer Profile

Gallery Box Developer Profile

Noor Alam

102 plugins · 29K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

233 days

View full developer profile

Detection Fingerprints

How We Detect Gallery Box

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/gallery-box/admin/gallerybox-options.css/wp-content/plugins/gallery-box/admin/gallerybox-visual-composer.css/wp-content/plugins/gallery-box/css/gallery-box-frontend.css/wp-content/plugins/gallery-box/js/gallery-box-frontend.js

Script Paths

/wp-content/plugins/gallery-box/js/gallery-box-frontend.js

Version Parameters

gallery-box/admin/gallerybox-options.css?ver=gallery-box/admin/gallerybox-visual-composer.css?ver=gallery-box/css/gallery-box-frontend.css?ver=gallery-box/js/gallery-box-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

gallery-box-frontendgallery-box-slider-wrapper

HTML Comments

Data Attributes

data-image-iddata-gallery-iddata-effectdata-navigationdata-paginationdata-items

JS Globals

gallery_box_params

Shortcode Output

[gallery_box]

FAQ

Gallery Box Security & Risk Analysis

Is Gallery Box Safe to Use in 2026?

Generally Safe

Key Concerns

Gallery Box Security Vulnerabilities

CVEs by Year

Severity Breakdown

Gallery Box Code Analysis

Dangerous Functions Found

Bundled Libraries

Output Escaping

Gallery Box Attack Surface

AJAX Handlers 2

Shortcodes 4

Gallery Box Maintenance & Trust

Maintenance Signals

Community Trust

Gallery Box Alternatives

Video Gallery – YouTube Gallery, Vimeo, Video Portfolio, Image Portfolio and Image Gallery

Photo Gallery for Images

Portfolio Responsive Gallery

Ultimate Portfolio

DDevs Media Gallery

Gallery Box Developer Profile

How We Detect Gallery Box

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Gallery Box