WP-Safety

Photo Gallery – Responsive Image Galleries by Supsystic Security & Risk Analysis

wordpress.org/plugins/gallery-by-supsystic

Photo Gallery helps you create clean, responsive image galleries and album galleries without wrestling with complex settings, layouts, or custom CSS.

20K active installs v1.15.33 PHP + WP + Updated Feb 4, 2026
album-gallerygallerygallery-pluginimage-galleryphoto-gallery
98
A · Safe
CVEs total3
Unpatched0
Last CVEMar 25, 2024
Download
Safety Verdict

Is Photo Gallery – Responsive Image Galleries by Supsystic Safe to Use in 2026?

Generally Safe

Score 98/100

Photo Gallery – Responsive Image Galleries by Supsystic has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Mar 25, 2024Updated 1mo ago
Risk Assessment

The "gallery-by-supsystic" plugin version 1.15.33 exhibits a mixed security posture. On the positive side, the vast majority of SQL queries utilize prepared statements, and almost all output is properly escaped, indicating good practices in handling data and preventing common web vulnerabilities like XSS. The plugin also demonstrates a reasonable number of capability checks and nonce checks overall.

However, significant concerns arise from the identified attack surface. With two unprotected AJAX handlers, there are clear opportunities for unauthenticated attackers to interact with sensitive plugin functionalities. This is a critical weakness, especially when combined with the presence of the `unserialize` function, which can be a gateway to remote code execution if not handled with extreme care and input validation. Taint analysis did not reveal any immediate issues, but the lack of thorough taint analysis (0 flows analyzed) means this is not a definitive sign of safety.

The plugin's vulnerability history is also a point of concern. With three known CVEs, including one high and two medium severity vulnerabilities, it suggests a pattern of past security weaknesses. While there are currently no unpatched vulnerabilities, the recurring nature of past issues, particularly Cross-Site Scripting and CSRF, warrants vigilance. The most recent vulnerability being in March 2024 indicates that this plugin has been a target for security researchers. The combination of unprotected entry points and a history of vulnerabilities leads to a moderate to high risk assessment.

Key Concerns

  • Two AJAX handlers without auth checks
  • Use of 'unserialize' function
  • 1 High severity CVE historically
  • 2 Medium severity CVEs historically
  • 1 nonce check for 3 entry points
Vulnerabilities
3

Photo Gallery – Responsive Image Galleries by Supsystic Security Vulnerabilities

CVEs by Year

1 CVE in 2016
2016
1 CVE in 2022
2022
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

High
1
Medium
2

3 total CVEs

CVE-2024-29921medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery by Supsystic <= 1.15.16 - Authenticated (Administrator+) Stored Cross-Site Scripting

Mar 25, 2024 Patched in 1.15.17 (8d)
CVE-2021-36891medium · 5.4Cross-Site Request Forgery (CSRF)

Photo Gallery by Supsystic <= 1.15.5 - Cross-Site Request Forgery to Plugin Settings Change

Jun 15, 2022 Patched in 1.15.6 (586d)
CVE-2016-10918high · 8.8Cross-Site Request Forgery (CSRF)

Photo Gallery by Supsystic <= 1.8.8 - Cross-Site Request Forgery

Aug 15, 2016 Patched in 1.8.6 (2717d)
Code Analysis
Analyzed Mar 16, 2026

Photo Gallery – Responsive Image Galleries by Supsystic Code Analysis

Dangerous Functions
10
Raw SQL Queries
4
94 prepared
Unescaped Output
1
94 escaped
Nonce Checks
1
Capability Checks
2
File Operations
17
External Requests
10
Bundled Libraries
2

Dangerous Functions Found

unserialize$gallery->settings = unserialize($gallery->settings);src\GridGallery\Galleries\Controller.php:84
unserialize$settings->data = unserialize($config->get('gallery_settings'));src\GridGallery\Galleries\Controller.php:152
unserialize$settings->data = unserialize($config->get('gallery_settings'));src\GridGallery\Galleries\Controller.php:229
unserialize$settings->data = unserialize($config->get('gallery_settings'));src\GridGallery\Galleries\Controller.php:733
unserialize$settings->save($id, unserialize($data));src\GridGallery\Galleries\Model\Galleries.php:855
unserialize$row->data = unserialize($row->data);src\GridGallery\Galleries\Model\Settings.php:198
unserialize$settArr[$key]->data = unserialize($settArr[$key]->data);src\GridGallery\Galleries\Model\Settings.php:221
unserialize$settings = unserialize($config->get('gallery_settings'));src\GridGallery\Galleries\Module.php:821
unserialize$imgCdnSett = @unserialize(get_option(self::getServiceOptionName(), null));src\GridGallery\Optimization\Model\Cdn.php:32
unserialize$imgOptSett = @unserialize(get_option(self::getServiceOptionName(), null));src\GridGallery\Optimization\Model\Optimization.php:15

Bundled Libraries

jQueryDataTables

SQL Query Safety

96% prepared98 total queries

Output Escaping

99% escaped95 total outputs
Attack Surface
2 unprotected

Photo Gallery – Responsive Image Galleries by Supsystic Attack Surface

Entry Points3
Unprotected2

AJAX Handlers 2

authwp_ajax_grid-gallerysrc\GridGallery\Ajax\Module.php:20
authwp_ajax_sgg-tutorial-closesrc\GridGallery\Promo\Module.php:20

Shortcodes 1

[grid-gallery] src\GridGallery\Galleries\Module.php:862
WordPress Hooks 29
actioninitapp\SupsysticGallery.php:28
actioninitapp\SupsysticGallery.php:29
filtermce_external_pluginsapp\SupsysticGallery.php:109
filtermce_buttonsapp\SupsysticGallery.php:110
actionadmin_noticesindex.php:43
actionsg_after_ui_loadedsrc\GridGallery\Colorbox\Module.php:17
filtergg_hooks_prefixsrc\GridGallery\Core\Module.php:35
actioninitsrc\GridGallery\Core\Module.php:36
filterwp_image_editorssrc\GridGallery\Galleries\Attachment.php:34
filterimage_resize_dimensionssrc\GridGallery\Galleries\Attachment.php:311
actiondelete_attachmentsrc\GridGallery\Galleries\Module.php:32
actiongrid_gallery_delete_imagesrc\GridGallery\Galleries\Module.php:33
actiongg_delete_photo_idsrc\GridGallery\Galleries\Module.php:34
actionwidgets_initsrc\GridGallery\Galleries\Module.php:84
actioninitsrc\GridGallery\Galleries\Module.php:88
actionadmin_enqueue_scriptssrc\GridGallery\Photos\Module.php:22
actiondelete_attachmentsrc\GridGallery\Photos\Module.php:26
actiongrid_gallery_delete_foldersrc\GridGallery\Photos\Module.php:32
filterwp_prepare_attachment_for_jssrc\GridGallery\Photos\Module.php:42
filterjpeg_qualitysrc\GridGallery\Photos\Module.php:48
actionadmin_initsrc\GridGallery\Promo\Module.php:18
actionadmin_enqueue_scriptssrc\GridGallery\Promo\Module.php:38
actionadmin_enqueue_scriptssrc\GridGallery\Promo\Module.php:61
actionsgg_disable_social_sharingsrc\GridGallery\SocialSharing\Module.php:11
actionsgg_clean_cachesrc\GridGallery\SocialSharing\Module.php:12
actionparse_requestsrc\GridGallery\SocialSharing\Module.php:13
actionwp_enqueue_scriptssrc\GridGallery\Ui\Assets.php:16
actionadmin_enqueue_scriptssrc\GridGallery\Ui\Assets.php:17
actioninitsrc\GridGallery\Ui\Module.php:35
Maintenance & Trust

Photo Gallery – Responsive Image Galleries by Supsystic Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 4, 2026
PHP min version
Downloads2.3M

Community Trust

Rating92/100
Number of ratings496
Active installs20K
Alternatives

Photo Gallery – Responsive Image Galleries by Supsystic Alternatives

Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery

Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery

nextgen-gallery

B
76

The most popular gallery plugin that lets you create galleries and albums in seconds.

400K 37 CVEs
Photo Gallery by 10Web – Mobile-Friendly Image Gallery

Photo Gallery by 10Web – Mobile-Friendly Image Gallery

photo-gallery

D
39

Photo Gallery is a powerful image gallery plugin with a list of advanced options for creating responsive image galleries with beautiful lightbox.

200K 1 unpatched
Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More

Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More

envira-gallery-lite

A
95

Envira Gallery is a fast, easy and powerful gallery builder with lightbox, masonry and grid layouts, albums, videos, and responsive displays and more

100K 10 CVEs
Robo Gallery – Photo & Image Slider

Robo Gallery – Photo & Image Slider

robo-gallery

A
87

Robo Gallery is a powerful image gallery and photo gallery plugin with advanced features to create responsive galleries with a beautiful lightbox

40K 17 CVEs
Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery

Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery

gt3-photo-video-gallery

A
95

GT3 Image Gallery - create photo gallery, video gallery, block gallery, slider and more with ease. All photo galleries are responsive and loading fast

10K 4 CVEs
Developer Profile

Photo Gallery – Responsive Image Galleries by Supsystic Developer Profile

supsystic

7 plugins · 97K total installs

72
trust score
Avg Security Score
90/100
Avg Patch Time
610 days
View full developer profile
Detection Fingerprints

How We Detect Photo Gallery – Responsive Image Galleries by Supsystic

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gallery-by-supsystic/app/assets/css/editor-dialog.css/wp-content/plugins/gallery-by-supsystic/app/assets/js/jquery.bpopup.min.js/wp-content/plugins/gallery-by-supsystic/app/assets/js/buttons.js
Script Paths
/wp-content/plugins/gallery-by-supsystic/app/assets/js/jquery.bpopup.min.js/wp-content/plugins/gallery-by-supsystic/app/assets/js/buttons.js
Version Parameters
gallery-by-supsystic/app/assets/js/jquery.bpopup.min.js?ver=gallery-by-supsystic/app/assets/css/editor-dialog.css?ver=gallery-by-supsystic/app/assets/js/buttons.js?ver=

HTML / DOM Fingerprints

CSS Classes
supsystic-gallerysgg-gallery
HTML Comments
<!-- Grid Gallery Plugin -->
Data Attributes
data-sg-id
JS Globals
sgg_gallerysgg_params
REST Endpoints
/wp-json/sgg/v1
Shortcode Output
[supsystic-gallery
FAQ

Frequently Asked Questions about Photo Gallery – Responsive Image Galleries by Supsystic