Does Gallery Lightbox have any unpatched vulnerabilities?

Yes — Gallery Lightbox currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Gallery Lightbox compatible with WordPress 6.9.4?

According to WordPress.org data, Gallery Lightbox 1.0.0.43 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Gallery Lightbox updated?

Gallery Lightbox was last updated on Jan 24, 2026. Frequent updates are generally a positive security signal.

What is Gallery Lightbox's security score?

Gallery Lightbox has a WP-Safety security score of 77/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Gallery Lightbox Security & Risk Analysis

wordpress.org/plugins/gallery-lightbox-slider

Gallery - Display your Wordpress galleries in a lightbox easily

10K active installs v1.0.0.43 PHP + WP 3.3+ Updated Jan 24, 2026

gallerygallery-lightboximage-lightboximage-sliderslider

B · Generally Safe

CVEs total2

Unpatched1

Last CVESep 22, 2025

Plugin page Download

Safety Verdict

Is Gallery Lightbox Safe to Use in 2026?

Mostly Safe

Score 77/100

Gallery Lightbox is generally safe to use. 2 past CVEs were resolved. Keep it updated.

2 known CVEs 1 unpatched Last CVE: Sep 22, 2025Updated 2mo ago

Risk Assessment

The gallery-lightbox-slider plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and generally good output escaping. The absence of dangerous functions, file operations, and critical/high severity taint flows is also encouraging. However, the presence of a single unprotected AJAX handler significantly elevates the risk profile, as it represents a direct entry point for potential attacks without proper authentication or authorization.

The vulnerability history is a significant concern. With two known CVEs, both of medium severity, and one still unpatched, it indicates a pattern of security weaknesses. The common vulnerability type being Cross-site Scripting suggests that user-supplied input is not always handled securely, despite generally good output escaping in the current version. The fact that the last vulnerability was in the future is likely a data entry error, but the existence of unpatched vulnerabilities is a serious red flag.

In conclusion, while the plugin has some strong security foundations, the unprotected AJAX handler and the history of unpatched vulnerabilities, particularly XSS, present substantial risks. The plugin is not recommended for use in its current state without addressing these critical issues.

Key Concerns

Unprotected AJAX handler
Currently unpatched CVEs (1 medium)
Total known CVEs (2 medium)
Less than ideal output escaping (76%)

Vulnerabilities

Gallery Lightbox Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-57966medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Gallery Lightbox <= 1.0.0.41 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 22, 2025Unpatched

CVE-2024-47623medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Gallery Lightbox <= 1.0.0.39 - Authenticated (Author+) Stored Cross-Site Scripting

Sep 30, 2024 Patched in 1.0.0.41 (11d)

Code Analysis

Analyzed Mar 16, 2026

Gallery Lightbox Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

69 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

76% escaped91 total outputs

Attack Surface

1 unprotected

Gallery Lightbox Attack Surface

Entry Points5

Unprotected1

AJAX Handlers 4

authwp_ajax_glg_ajax_save_settingsinc\functions\ajax\glg-admin-ajax.php:32

authwp_ajax_glg_free_plugins_pageinc\functions\ajax\glg-admin-ajax.php:280

authwp_ajax_glg_pro_plugins_pageinc\functions\ajax\glg-admin-ajax.php:309

authwp_ajax_glg_hide_notifyinc\functions\glg-functions.php:248

Shortcodes 1

[gallery] inc\functions\glg-functions.php:20

WordPress Hooks 12

actioninitgallery-lightbox-lite.php:40

actionadmin_menugallery-lightbox-lite.php:57

actionadmin_enqueue_scriptsgallery-lightbox-lite.php:58

filterplugin_action_linksgallery-lightbox-lite.php:59

actionwp_enqueue_scriptsgallery-lightbox-lite.php:72

filterthe_contentgallery-lightbox-lite.php:73

actionadmin_headgallery-lightbox-lite.php:103

actioncurrent_screengallery-lightbox-lite.php:106

actionadmin_initgallery-lightbox-lite.php:137

actionprint_footer_scriptsinc\functions\glg-functions.php:21

actionadd_meta_boxesinc\gfg-metabox.php:26

actionsave_postinc\gfg-metabox.php:106

Maintenance & Trust

Gallery Lightbox Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 24, 2026

PHP min version

Downloads210K

Community Trust

Rating94/100

Number of ratings105

Active installs10K

Alternatives

Gallery Lightbox Alternatives

Smart Slider 3

smart-slider-3

Responsive slider plugin to create sliders in visual editor easily. Build beautiful image slider, layer slider, video slider, post slider, and more.

800K 7 CVEs

Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider

ml-slider

Slider, gallery, carousel plugin for WordPress. Build your image slider, video slider, post slider, YouTube slider, or WooCommerce product slider.

500K 12 CVEs

Ultimate Responsive Image Slider

ultimate-responsive-image-slider

100

Create stunning responsive sliders in minutes. Drag-and-drop builder, unlimited sliders, mobile-friendly & SEO optimized!

30K 1 CVE

Product Gallery Slider, Additional Variation Images for WooCommerce

woo-product-gallery-slider

Enhance your customers' shopping experience and boost sales instantly with this WooCommerce Product Gallery Slider! 🚀

20K 2 CVEs

MetaSlider Lightbox – Modals & Lightboxes – Image, Gallery, Video, Slideshow Lightbox

ml-slider-lightbox

100

MetaSlider Lightbox is the lightbox and modal plugin for WordPress. Build a lightbox for images, galleries, video, slideshows and more.

10K No CVEs

Developer Profile

Gallery Lightbox Developer Profile

GhozyLab

10 plugins · 21K total installs

trust score

Avg Security Score

93/100

Avg Patch Time

872 days

View full developer profile

Detection Fingerprints

How We Detect Gallery Lightbox

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/gallery-lightbox-slider/css/glg-settings.css/wp-content/plugins/gallery-lightbox-slider/css/glg-settings-rtl.css/wp-content/plugins/gallery-lightbox-slider/js/settings/option-tab.js/wp-content/plugins/gallery-lightbox-slider/css/iosCheckbox.css/wp-content/plugins/gallery-lightbox-slider/js/settings/iosCheckbox.js/wp-content/plugins/gallery-lightbox-slider/js/jquery/photobox/jquery.photobox.min.js/wp-content/plugins/gallery-lightbox-slider/css/photobox/photobox.min.css/wp-content/plugins/gallery-lightbox-slider/css/photobox/photobox.ie.css

Script Paths

/wp-content/plugins/gallery-lightbox-slider/js/jquery/photobox/jquery.photobox.min.js/wp-content/plugins/gallery-lightbox-slider/js/settings/option-tab.js/wp-content/plugins/gallery-lightbox-slider/js/settings/iosCheckbox.js

Version Parameters

gallery-lightbox-slider/css/glg-settings.css?ver=gallery-lightbox-slider/js/settings/option-tab.js?ver=gallery-lightbox-slider/css/iosCheckbox.css?ver=gallery-lightbox-slider/js/settings/iosCheckbox.js?ver=gallery-lightbox-slider/js/jquery/photobox/jquery.photobox.min.js?ver=gallery-lightbox-slider/css/photobox/photobox.min.css?ver=gallery-lightbox-slider/css/photobox/photobox.ie.css

HTML / DOM Fingerprints

CSS Classes

glg_settings_icon

HTML Comments

<!--[if lt IE 9]>

JS Globals

GLG_URLGLG_VERSIONglg_hex2rgbglg_general_initglg_settings_linkglg_current_screen+8 more

FAQ