WP-Safety

Grid Accordion Security & Risk Analysis

wordpress.org/plugins/grid-accordion

Grid Accordion is a responsive gallery plugin that includes Premium features for FREE, like animated layers, lightbox support, post content and more.

80 active installs v1.9.14 PHP + WP 4.0+ Updated Dec 23, 2025
grid-accordiongrid-pluginimage-gridpost-gridresponsive-grid
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Grid Accordion Safe to Use in 2026?

Generally Safe

Score 100/100

Grid Accordion has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The 'grid-accordion' plugin version 1.9.14 presents a mixed security posture. On one hand, it demonstrates good practices with a high percentage of SQL queries using prepared statements and properly escaped output, along with a clean vulnerability history indicating past stability. However, significant concerns arise from the substantial attack surface, particularly the 14 unprotected entry points across AJAX handlers and REST API routes. The presence of a `unserialize` function, coupled with 4 high-severity taint flows with unsanitized paths, raises a red flag for potential deserialization vulnerabilities. While no known CVEs exist, the high number of unsanitized flows in the taint analysis suggests a latent risk that could be exploited if an attacker finds a way to inject malicious data into these flows.

Key Concerns

  • Unprotected AJAX handlers
  • Unprotected REST API routes
  • High severity unsanitized taint flows
  • Dangerous function unserialize
Vulnerabilities
None known

Grid Accordion Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Grid Accordion Code Analysis

Dangerous Functions
1
Raw SQL Queries
9
20 prepared
Unescaped Output
57
447 escaped
Nonce Checks
15
Capability Checks
10
File Operations
0
External Requests
4
Bundled Libraries
0

Dangerous Functions Found

unserialize$parsed_response = unserialize( $response );includes\class-flickr.php:38

SQL Query Safety

69% prepared29 total queries

Output Escaping

89% escaped504 total outputs
Data Flows
7 unsanitized

Data Flow Analysis

11 flows7 with unsanitized paths
ajax_preview_accordion (admin\class-grid-accordion-admin.php:592)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
14 unprotected

Grid Accordion Attack Surface

Entry Points31
Unprotected14

AJAX Handlers 27

authwp_ajax_grid_accordion_load_add_on_more_detailsadmin\class-grid-accordion-add-ons.php:106
authwp_ajax_grid_accordion_load_install_add_onadmin\class-grid-accordion-add-ons.php:107
authwp_ajax_grid_accordion_load_edit_add_on_license_keyadmin\class-grid-accordion-add-ons.php:108
authwp_ajax_grid_accordion_verify_add_on_license_keyadmin\class-grid-accordion-add-ons.php:109
authwp_ajax_grid_accordion_install_add_onadmin\class-grid-accordion-add-ons.php:110
authwp_ajax_grid_accordion_activate_add_onadmin\class-grid-accordion-add-ons.php:111
authwp_ajax_grid_accordion_deactivate_add_onadmin\class-grid-accordion-add-ons.php:112
authwp_ajax_grid_accordion_get_accordion_dataadmin\class-grid-accordion-admin.php:60
authwp_ajax_grid_accordion_save_accordionadmin\class-grid-accordion-admin.php:61
authwp_ajax_grid_accordion_preview_accordionadmin\class-grid-accordion-admin.php:62
authwp_ajax_grid_accordion_delete_accordionadmin\class-grid-accordion-admin.php:63
authwp_ajax_grid_accordion_duplicate_accordionadmin\class-grid-accordion-admin.php:64
authwp_ajax_grid_accordion_export_accordionadmin\class-grid-accordion-admin.php:65
authwp_ajax_grid_accordion_import_accordionadmin\class-grid-accordion-admin.php:66
authwp_ajax_grid_accordion_add_panelsadmin\class-grid-accordion-admin.php:67
authwp_ajax_grid_accordion_load_background_image_editoradmin\class-grid-accordion-admin.php:68
authwp_ajax_grid_accordion_load_html_editoradmin\class-grid-accordion-admin.php:69
authwp_ajax_grid_accordion_load_layers_editoradmin\class-grid-accordion-admin.php:70
authwp_ajax_grid_accordion_add_layer_settingsadmin\class-grid-accordion-admin.php:71
authwp_ajax_grid_accordion_load_settings_editoradmin\class-grid-accordion-admin.php:72
authwp_ajax_grid_accordion_load_content_type_settingsadmin\class-grid-accordion-admin.php:73
authwp_ajax_grid_accordion_add_breakpointadmin\class-grid-accordion-admin.php:74
authwp_ajax_grid_accordion_add_breakpoint_settingadmin\class-grid-accordion-admin.php:75
authwp_ajax_grid_accordion_get_taxonomiesadmin\class-grid-accordion-admin.php:76
authwp_ajax_grid_accordion_clear_all_cacheadmin\class-grid-accordion-admin.php:77
authwp_ajax_grid_accordion_getting_started_closeadmin\class-grid-accordion-admin.php:78
authwp_ajax_grid_accordion_close_custom_css_js_warningadmin\class-grid-accordion-admin.php:79

REST API Routes 1

GET/wp-json/grid-accordion/v1/accordionsgutenberg\class-grid-accordion-block.php:56

Shortcodes 3

[grid_accordion] public\class-grid-accordion.php:98
[grid_accordion_panel] public\class-grid-accordion.php:99
[grid_accordion_panel_element] public\class-grid-accordion.php:100
WordPress Hooks 24
actionadmin_enqueue_scriptsadmin\class-grid-accordion-add-ons.php:100
actionadmin_enqueue_scriptsadmin\class-grid-accordion-add-ons.php:101
actiongrid_accordion_admin_menuadmin\class-grid-accordion-add-ons.php:104
actionadmin_enqueue_scriptsadmin\class-grid-accordion-admin.php:55
actionadmin_enqueue_scriptsadmin\class-grid-accordion-admin.php:56
actionadmin_menuadmin\class-grid-accordion-admin.php:58
actionplugins_loadedgrid-accordion.php:45
actionplugins_loadedgrid-accordion.php:46
actionplugins_loadedgrid-accordion.php:47
actionwidgets_initgrid-accordion.php:50
actionplugins_loadedgrid-accordion.php:54
actionplugins_loadedgrid-accordion.php:62
actionplugins_loadedgrid-accordion.php:63
actionadmin_initgrid-accordion.php:64
actioninitgutenberg\class-grid-accordion-block.php:24
actionrest_api_initgutenberg\class-grid-accordion-block.php:55
actionwpmu_new_blogincludes\class-grid-accordion-activation.php:26
filterpost_galleryincludes\class-hideable-gallery.php:21
actioninitpublic\class-grid-accordion.php:85
actionwp_enqueue_scriptspublic\class-grid-accordion.php:88
actionwp_enqueue_scriptspublic\class-grid-accordion.php:89
actionwp_enqueue_scriptspublic\class-grid-accordion.php:92
actionwp_footerpublic\class-grid-accordion.php:93
actionwp_print_footer_scriptspublic\class-grid-accordion.php:95
Maintenance & Trust

Grid Accordion Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 23, 2025
PHP min version
Downloads5K

Community Trust

Rating0/100
Number of ratings0
Active installs80
Alternatives

Grid Accordion Alternatives

Content Views – Post Grid & Filter, Recent Posts, Category Posts … (Shortcode, Gutenberg Blocks, and Widgets for Elementor)

Content Views – Post Grid & Filter, Recent Posts, Category Posts … (Shortcode, Gutenberg Blocks, and Widgets for Elementor)

content-views-query-and-display-post-page

A
96

Easy to show posts, pages, custom posts in customizable grid, list, slider, accordion... Available as Widgets (for Elementor), Shortcode, and Blocks.

100K 4 CVEs
The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid

the-post-grid

A
96

Display WordPress posts in beautiful grid, list, slider, and filter layouts. Works with Gutenberg, Elementor, Divi, and Shortcodes.

100K 11 CVEs
Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX

Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX

ultimate-post

A
88

A highly customizable plugin to create news, magazines, and any kind of blog site with post grid, post filter, post slider, and post blocks.

40K 23 CVEs
Blog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, News

Blog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, News

blog-designer-pack

A
94

News & Blog plugin for post grid, post slider, post carousel, post filter, masonry, ticker & list category posts using shortcode, Elementor & Divi.

30K 3 CVEs
Post Grid

Post Grid

post-grid

F
20

Post Grid is a powerful WordPress plugin for creating customizable post grid layouts with advanced query options, allowing users to display posts dyna …

30K 2 unpatched
Developer Profile

Grid Accordion Developer Profile

bqworks

3 plugins · 6K total installs

87
trust score
Avg Security Score
99/100
Avg Patch Time
78 days
View full developer profile
Detection Fingerprints

How We Detect Grid Accordion

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/grid-accordion/admin/assets/css/grid-accordion-add-ons.css/wp-content/plugins/grid-accordion/admin/assets/js/grid-accordion-add-ons.js/wp-content/plugins/grid-accordion/public/assets/css/grid-accordion.css/wp-content/plugins/grid-accordion/public/assets/js/grid-accordion.js
Script Paths
/wp-content/plugins/grid-accordion/admin/assets/js/grid-accordion-add-ons.js/wp-content/plugins/grid-accordion/public/assets/js/grid-accordion.js
Version Parameters
/wp-content/plugins/grid-accordion/admin/assets/css/grid-accordion-add-ons.css?ver=/wp-content/plugins/grid-accordion/admin/assets/js/grid-accordion-add-ons.js?ver=/wp-content/plugins/grid-accordion/public/assets/css/grid-accordion.css?ver=/wp-content/plugins/grid-accordion/public/assets/js/grid-accordion.js?ver=

HTML / DOM Fingerprints

CSS Classes
bqw-grid-accordiongrid-accordion-item
HTML Comments
<!-- .bqw-grid-accordion --><!-- .grid-accordion-item -->
Data Attributes
data-bqw-grid-accordion
JS Globals
BQW_Grid_AccordionBQW_Grid_Accordion_Add_OnsBQW_Grid_Accordion_AdminBQW_Grid_Accordion_ActivationBQW_Grid_Accordion_WidgetBQW_Grid_Accordion_Settings+26 more
Shortcode Output
[grid_accordion[/grid_accordion]
FAQ

Frequently Asked Questions about Grid Accordion