Does Gallery Custom Links have any unpatched vulnerabilities?

No. All known vulnerabilities in Gallery Custom Links have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Gallery Custom Links compatible with WordPress 6.9.4?

According to WordPress.org data, Gallery Custom Links 2.2.9 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Gallery Custom Links compatible with PHP 7.4+?

Gallery Custom Links requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Gallery Custom Links updated?

Gallery Custom Links was last updated on Feb 25, 2026. Frequent updates are generally a positive security signal.

What is Gallery Custom Links's security score?

Gallery Custom Links has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Gallery Custom Links Security & Risk Analysis

wordpress.org/plugins/gallery-custom-links

Gallery Custom Links allows you to link images to a specified URL. Tested with WordPress Gallery, Gutenberg, the Meow Gallery and others.

30K active installs v2.2.9 PHP 7.4+ WP 6.0+ Updated Feb 25, 2026

customgallerygutenberglinks

A · Safe

CVEs total1

Unpatched0

Last CVESep 26, 2025

Plugin page Download

Safety Verdict

Is Gallery Custom Links Safe to Use in 2026?

Generally Safe

Score 99/100

Gallery Custom Links has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Sep 26, 2025Updated 1mo ago

Risk Assessment

The 'gallery-custom-links' plugin v2.2.9 exhibits a generally positive security posture, with a strong emphasis on secure coding practices. The static analysis reveals a commendable absence of dangerous functions, a high percentage of properly escaped output, and a significant number of capability checks, indicating a developer conscious of common security pitfalls. The complete lack of unprotected AJAX handlers, REST API routes, and shortcodes significantly limits the plugin's attack surface. Furthermore, the absence of any identified taint flows with unsanitized paths or critical/high severity vulnerabilities in the code analysis is a strong positive indicator. However, a previously documented medium severity Cross-Site Scripting (XSS) vulnerability, though now patched, suggests a past oversight in input sanitization or output escaping for web page generation. While no current unpatched vulnerabilities exist, this history warrants continued vigilance.

Key Concerns

Previous medium severity XSS vulnerability

Vulnerabilities

Gallery Custom Links Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-60104medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Gallery Custom Links <= 2.2.5 - Authenticated (Author+) Stored Cross-Site Scripting

Sep 26, 2025 Patched in 2.2.6 (41d)

Code Analysis

Analyzed Mar 16, 2026

Gallery Custom Links Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

70 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

80% prepared5 total queries

Output Escaping

93% escaped75 total outputs

Attack Surface

Gallery Custom Links Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 37

actionadmin_menuclasses\admin.php:9

filterattachment_fields_to_editclasses\admin.php:10

filterattachment_fields_to_saveclasses\admin.php:11

actionadmin_enqueue_scriptsclasses\admin.php:14

filtermgcl_linkersclasses\button\gutenberg.php:9

filtermgcl_button_linkerclasses\button\gutenberg.php:10

filtermgcl_linkersclasses\button\meow_gallery.php:9

filtermgcl_button_linkerclasses\button\meow_gallery.php:10

filtermgcl_linkersclasses\button\native_gallery.php:9

filtermgcl_button_linkerclasses\button\native_gallery.php:10

actionplugins_loadedclasses\core.php:29

actionwp_footerclasses\core.php:39

actiontemplate_redirectclasses\core.php:44

actionshutdownclasses\core.php:45

actionwp_footerclasses\core.php:46

filterthe_contentclasses\core.php:49

actionwp_footerclasses\core.php:50

filtermgl_link_attributesclasses\core.php:53

actionrest_api_initclasses\core.php:81

filtergallery_custom_links_classesclasses\extra.php:7

filtergallery_custom_links_classesclasses\extra.php:9

filtergallery_custom_links_classesclasses\extra.php:11

actionadmin_noticesclasses\init.php:7

actionrest_api_initclasses\rest.php:15

actionadmin_noticescommon\admin.php:72

filterplugin_row_metacommon\admin.php:77

filteredd_sl_api_request_verify_sslcommon\admin.php:78

actioninitcommon\admin.php:96

actionadmin_menucommon\admin.php:153

filteradmin_footer_textcommon\admin.php:158

actionadmin_footercommon\admin.php:218

actionadmin_headcommon\admin.php:456

actionadmin_noticescommon\news.php:43

filtersafe_style_csscommon\news.php:44

actionadmin_noticescommon\ratings.php:33

filtersafe_style_csscommon\ratings.php:34

actionrest_api_initcommon\rest.php:14

Maintenance & Trust

Gallery Custom Links Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 25, 2026

PHP min version7.4

Downloads946K

Community Trust

Rating94/100

Number of ratings204

Active installs30K

Alternatives

Gallery Custom Links Alternatives

EXMAGE – WordPress Image Links

exmage-wp-image-links

Add images using external links - Save your storage with EXMAGE effortlessly

7K 1 CVE

Steve's Attributes

steves-attributes

100

Extends Gutenberg blocks to easily add custom attributes to links in various blocks without resorting to custom HTML.

0 No CVEs

Permalink Manager Lite

permalink-manager

Permalink Manager enhances WordPress’s built-in URL system, allowing you to change the URLs of native and custom post types and taxonomies.

100K 11 CVEs

Advanced Import: One-Click Demo Import for WordPress

advanced-import

Advanced Import simplifies importing demo data for WordPress sites, enabling users to import posts, pages, media, widgets, customizer settings, and Gu …

90K 1 CVE

ACF Photo Gallery Field

navz-photo-gallery

A lightweight extension of Advanced Custom Field (ACF) that adds Photo Gallery field to any post/pages on your WordPress website.

60K 4 CVEs

Developer Profile

Gallery Custom Links Developer Profile

Jordy Meow

27 plugins · 371K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

372 days

View full developer profile

Detection Fingerprints

How We Detect Gallery Custom Links

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/gallery-custom-links/app/index.js/wp-content/plugins/gallery-custom-links/app/vendor.js

Script Paths

/wp-content/plugins/gallery-custom-links/app/vendor.js/wp-content/plugins/gallery-custom-links/app/index.js

Version Parameters

gallery-custom-links/app/index.js?ver=gallery-custom-links/app/vendor.js?ver=

HTML / DOM Fingerprints

HTML Comments

XXXX: Custom modification to add "noopener noreferrer" als REL-option, Christoph Letmaier, 14.01.2020XXXX: Custom code for new aria-label field, Christoph Letmaier, 14.01.2020XXXX: Custom code for saving _gallery_link_aria, Christoph Letmaier, 14.01.2020

Data Attributes

gallery_link_urlgallery_link_targetgallery_link_relgallery_link_aria

JS Globals

mgcl_gallery_custom_links

REST Endpoints

/gallery-custom-links/v1

FAQ