Video Gallery – YouTube Gallery, Vimeo, Video Portfolio, Image Portfolio and Image Gallery Security & Risk Analysis

wordpress.org/plugins/gallery-videos

Gallery is a user-friendly plugin to display user or hashtag-based gallery feeds as a responsive customizable gallery.

10K active installs v2.5.1 PHP + WP 4.0+ Updated Mar 5, 2026

galleryimage-galleryportfolio-galleryvideo-gallerywordpress-gallery

A · Safe

CVEs total5

Unpatched0

Last CVEDec 5, 2024

Plugin page Download

Safety Verdict

Is Video Gallery – YouTube Gallery, Vimeo, Video Portfolio, Image Portfolio and Image Gallery Safe to Use in 2026?

Generally Safe

Score 95/100

Video Gallery – YouTube Gallery, Vimeo, Video Portfolio, Image Portfolio and Image Gallery has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Dec 5, 2024Updated 29d ago

Risk Assessment

The 'gallery-videos' plugin version 2.5.1 exhibits a mixed security posture. On the positive side, it demonstrates good practices with 100% of its SQL queries using prepared statements and a very high percentage of output being properly escaped, mitigating common web vulnerabilities like SQL injection and XSS. The absence of file operations and the limited external HTTP requests are also favorable. However, a concerning taint analysis result indicates one flow with an unsanitized path, which could potentially lead to vulnerabilities if exploited. Additionally, the plugin has a history of 5 known CVEs, with 3 high and 2 medium severity vulnerabilities in the past, suggesting a recurring pattern of security weaknesses despite current unpatched status. The plugin's total entry points are relatively low and all appear to have some form of protection, but the absence of capability checks on any entry points is a significant concern, leaving it open to privilege escalation or unauthorized access if other vulnerabilities are present. Overall, while the plugin has implemented some strong security measures, the presence of a taint flow and its past vulnerability history warrant careful consideration and ongoing vigilance.

Key Concerns

Taint flow with unsanitized path
History of 3 high severity CVEs
History of 2 medium severity CVEs
No capability checks on entry points

Vulnerabilities

Video Gallery – YouTube Gallery, Vimeo, Video Portfolio, Image Portfolio and Image Gallery Security Vulnerabilities

CVEs by Year

3 CVEs in 2023

2023

2 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

High

Medium

5 total CVEs

CVE-2024-10247high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

YouTube Gallery and Vimeo Gallery Plugin <= 2.4.2 - Authenticated (Administrator+) SQL Injection

Dec 5, 2024 Patched in 2.4.3 (1d)

CVE-2024-9769medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Video Gallery <= 2.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

Dec 5, 2024 Patched in 2.4.2 (1d)

CVE-2023-45069high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Video Gallery – YouTube Gallery <= 2.1.4 - Authenticated (Administrator+) SQL Injection

Oct 3, 2023 Patched in 2.1.5 (112d)

CVE-2023-25988high · 7.3Missing Authorization

Video Gallery – YouTube Gallery <= 1.7.6 - Missing Authorization

Feb 20, 2023 Patched in 1.7.7 (337d)

CVE-2023-25979medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Video Gallery – YouTube Gallery <= 1.7.6 - Authenticated (Admin+) Stored Cross Site Scripting

Feb 20, 2023 Patched in 1.7.7 (337d)

Code Analysis

Analyzed Mar 16, 2026

Video Gallery – YouTube Gallery, Vimeo, Video Portfolio, Image Portfolio and Image Gallery Code Analysis

Dangerous Functions

Raw SQL Queries

50 prepared

Unescaped Output

218

17899 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared50 total queries

Output Escaping

99% escaped18117 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

4 flows1 with unsanitized paths

tsvg_process_requests (admin\class-tsvg-admin.php:100)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Video Gallery – YouTube Gallery, Vimeo, Video Portfolio, Image Portfolio and Image Gallery Attack Surface

Entry Points4

Unprotected0

AJAX Handlers 2

authwp_ajax_tsvg_check_attachmentadmin\class-tsvg-admin.php:27

authwp_ajax_tsvg_get_attachment_idadmin\class-tsvg-admin.php:28

Shortcodes 2

[Total_Soft_Gallery_Video] includes\class-tsvg-gallery.php:16

[TS_Video_Gallery] includes\class-tsvg-gallery.php:17

WordPress Hooks 18

actioninitadmin\class-tsvg-admin.php:25

filterset-screen-optionadmin\class-tsvg-admin.php:30

actionadmin_noticesadmin\class-tsvg-admin.php:37

actionadmin_initadmin\class-tsvg-admin.php:38

actionenqueue_block_editor_assetsadmin\class-tsvg-block.php:6

actioninitadmin\class-tsvg-block.php:7

actionadmin_enqueue_scriptsincludes\class-tsvg-gallery.php:25

actionwp_enqueue_scriptsincludes\class-tsvg-gallery.php:28

actionadmin_enqueue_scriptsincludes\class-tsvg-gallery.php:445

actionadmin_enqueue_scriptsincludes\class-tsvg-gallery.php:446

actionadmin_menuincludes\class-tsvg-gallery.php:447

actionadmin_menuincludes\class-tsvg-gallery.php:448

actionadmin_menuincludes\class-tsvg-gallery.php:449

actionadmin_menuincludes\class-tsvg-gallery.php:450

actionadmin_menuincludes\class-tsvg-gallery.php:451

actionwp_enqueue_scriptsincludes\class-tsvg-gallery.php:459

actionwp_enqueue_scriptsincludes\class-tsvg-gallery.php:460

actionwidgets_initincludes\class-tsvg-gallery.php:461

Maintenance & Trust

Video Gallery – YouTube Gallery, Vimeo, Video Portfolio, Image Portfolio and Image Gallery Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 5, 2026

PHP min version

Downloads843K

Community Trust

Rating96/100

Number of ratings182

Active installs10K

Alternatives

Video Gallery – YouTube Gallery, Vimeo, Video Portfolio, Image Portfolio and Image Gallery Alternatives

Modula Image Gallery – Photo Grid & Video Gallery

modula-best-grid-gallery

Create responsive image galleries with drag-and-drop grid builder. Custom layouts, video support, AI optimization. Works with any theme.

100K 14 CVEs

Mosaic Gallery – Advanced Gallery

mosaic-gallery-advanced-gallery

100

Mosaic Gallery is an advanced plugin for creating stunning, responsive mosaic-style galleries with ease, offering customizable layouts and effects.

3K No CVEs

Flare Lightbox Gallery for Elementor

flare-lightbox-gallery-for-elementor

100

Flare gallery for your Elementor Page Builder!.

10 No CVEs

Shader Grid

shader-grid

100

Powerful and extremely customizable responsive infinite image/video grid with WebGL shaders and lightbox support.

0 No CVEs

Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery

nextgen-gallery

The most popular gallery plugin that lets you create galleries and albums in seconds.

400K 37 CVEs

Developer Profile

Video Gallery – YouTube Gallery, Vimeo, Video Portfolio, Image Portfolio and Image Gallery Developer Profile

totalsoft

4 plugins · 17K total installs

trust score

Avg Security Score

78/100

Avg Patch Time

338 days

View full developer profile

Detection Fingerprints

How We Detect Video Gallery – YouTube Gallery, Vimeo, Video Portfolio, Image Portfolio and Image Gallery

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/gallery-videos/img/ts-poll-logo.png

HTML / DOM Fingerprints

CSS Classes

tsvg-bannertsvg-banner-containertsvg-banner-circletsvg-banner-circle-atsvg-banner-circle-btsvg-banner-circle-ctsvg-banner-circle-dtsvg-banner-img+6 more

Data Attributes

tsvg-remind-metsvg-dismissed

FAQ