WP-Safety

Gallery for Posts Security & Risk Analysis

wordpress.org/plugins/gallery-for-posts-basic

Allows your to create multiple galleries for custom post types and display them on the website using a shortcake.

10 active installs v1.1 PHP 5.4+ WP 4.9+ Updated Aug 16, 2021
custom-postgallery
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Gallery for Posts Safe to Use in 2026?

Generally Safe

Score 85/100

Gallery for Posts has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The 'gallery-for-posts-basic' plugin v1.1 exhibits a generally good security posture, particularly in its handling of SQL queries and the presence of nonce and capability checks. The absence of known CVEs and a clean vulnerability history is a strong positive indicator. However, the static analysis reveals a significant concern regarding output escaping, with only 17% of outputs being properly escaped. This indicates a potential risk of Cross-Site Scripting (XSS) vulnerabilities, especially if user-provided data or dynamic content is being displayed without adequate sanitization. Furthermore, the taint analysis shows two flows with unsanitized paths, which, although not classified as critical or high severity in this instance, are a clear warning sign that data is not being handled securely during its journey through the application. While the attack surface is small and appears to be protected by authentication checks, the identified output escaping and unsanitized path issues require attention to prevent potential security breaches.

Key Concerns

  • Low percentage of properly escaped output
  • Taint analysis shows unsanitized paths
Vulnerabilities
None known

Gallery for Posts Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Gallery for Posts Release Timeline

No version history available.
Code Analysis
Analyzed Mar 17, 2026

Gallery for Posts Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
20
4 escaped
Nonce Checks
1
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

Output Escaping

17% escaped24 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
update_post_types (includes\class.sn-gfp-post-type.php:53)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Gallery for Posts Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[sn_gfp_gallery_images] includes\class.sn-gfp-frontend.php:15
WordPress Hooks 13
actionadmin_enqueue_scriptsincludes\class.sn-gfp-admin.php:15
actionadd_meta_boxesincludes\class.sn-gfp-admin.php:19
actionsave_postincludes\class.sn-gfp-admin.php:23
actionadmin_enqueue_scriptsincludes\class.sn-gfp-init.php:26
actionadmin_enqueue_scriptsincludes\class.sn-gfp-init.php:27
actionadmin_headincludes\class.sn-gfp-init.php:28
actionadmin_menuincludes\class.sn-gfp-init.php:29
actionadmin_enqueue_scriptsincludes\class.sn-gfp-post-type.php:15
actionadmin_post_sn_gfp_update_post_typesincludes\class.sn-gfp-post-type.php:19
actionadmin_enqueue_scriptsincludes\class.sn-gfp-template.php:15
actionadmin_post_sn_gfp_update_templateincludes\class.sn-gfp-template.php:19
actionsn_gfp_initinit.php:92
actionplugins_loadedinit.php:101
Maintenance & Trust

Gallery for Posts Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13
Last updatedAug 16, 2021
PHP min version5.4
Downloads925

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Gallery for Posts Alternatives

WP Featured Content and Slider

WP Featured Content and Slider

wp-featured-content-and-slider

A
100

A quick, easy way to add and display what features your company, product or service offers, using our shortcode OR template code or Gutenberg block.

1K No CVEs
Easy Nivo Slider

Easy Nivo Slider

easy-nivo-slider

A
85

Adds Nivo Slider to a post/page with no coding. Builds sliders from a post images, featured images in posts, or from NextGen galleries.

200 No CVEs
Ruven Themes: Gallery

Ruven Themes: Gallery

ruven-themes-gallery

A
85

RT Gallery enables a "Gallery" post type and "Category" taxonomy.

10 No CVEs
Minimal Gallery Page – Simple Custom Post Type Gallery

Minimal Gallery Page – Simple Custom Post Type Gallery

minimal-gallery-page

A
100

A really simple and minimal WordPress gallery plugin with a custom post type and clean single page gallery layouts.

0 No CVEs
Duplicate Page

Duplicate Page

duplicate-page

A
98

Duplicate Posts, Pages and Custom Posts easily using single click

3.0M 3 CVEs
Developer Profile

Gallery for Posts Developer Profile

sidngr

6 plugins · 610 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Gallery for Posts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gallery-for-posts-basic/assets/images/icon.png/wp-content/plugins/gallery-for-posts-basic/assets/css/style.css/wp-content/plugins/gallery-for-posts-basic/assets/js/jquery.form.js/wp-content/plugins/gallery-for-posts-basic/assets/js/admin.js
Script Paths
/wp-content/plugins/gallery-for-posts-basic/assets/js/jquery.form.js/wp-content/plugins/gallery-for-posts-basic/assets/js/admin.js
Version Parameters
gallery-for-posts-basic/assets/css/style.css?ver=gallery-for-posts-basic/assets/js/jquery.form.js?ver=gallery-for-posts-basic/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
sn-gfp-message
Data Attributes
id="message"
JS Globals
var sn_gfp_admin_url
FAQ

Frequently Asked Questions about Gallery for Posts