WP-Safety

Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery Security & Risk Analysis

wordpress.org/plugins/gt3-photo-video-gallery

GT3 Image Gallery - create photo gallery, video gallery, block gallery, slider and more with ease. All photo galleries are responsive and loading fast

10K active installs v2.7.7.29 PHP 8.0+ WP 6.0+ Updated Mar 31, 2026
gallerygallery-blockimage-galleryphoto-gallerywordpress-gallery-plugin
95
A · Safe
CVEs total4
Unpatched0
Last CVEDec 31, 2025
Plugin page Download
Safety Verdict

Is Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery Safe to Use in 2026?

Generally Safe

Score 95/100

Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

4 known CVEsLast CVE: Dec 31, 2025Updated 1mo ago
Risk Assessment

The gt3-photo-video-gallery plugin exhibits a mixed security posture. While it demonstrates good practices such as 100% of SQL queries using prepared statements and a significant portion of output being properly escaped, there are notable areas of concern. The presence of an unprotected REST API route is a direct entry point for potential attacks, and the high number of flows with unsanitized paths in taint analysis suggests that user-supplied data may not be adequately validated before being processed, even if no critical or high severity vulnerabilities were found in this specific analysis. The vulnerability history reveals a pattern of medium-severity Cross-Site Scripting (XSS) vulnerabilities, with four known CVEs, the last of which was documented in late 2025. This indicates a recurring issue with input sanitization and output encoding, and while no currently unpatched vulnerabilities are listed, the historical trend is a significant risk factor that requires careful monitoring and remediation.

Key Concerns

  • Unprotected REST API route
  • Flows with unsanitized paths found
  • History of medium severity XSS vulnerabilities
  • Significant portion of output not properly escaped
Vulnerabilities
4 published

Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
3 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
4

4 total CVEs

CVE-2025-69084medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery <= 2.7.7.26 - Reflected Cross-Site Scripting

Dec 31, 2025 Patched in 2.7.7.27 (21d)
CVE-2025-47677medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery <= 2.7.7.25 - Authenticated (Contributor+) Stored Cross-Site Scripting

May 7, 2025 Patched in 2.7.7.26 (23d)
CVE-2025-24707medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery <= 2.7.7.24 - Reflected Cross-Site Scripting

Jan 31, 2025 Patched in 2.7.7.25 (4d)
CVE-2024-4035medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery <= 2.7.7.21 - Authenticated (Author+) Cross-Site Scripting

Apr 24, 2024 Patched in 2.7.7.22 (1d)
Version History

Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery Release Timeline

v2.7.7.29Current
v2.7.7.28
v2.7.7.27
v2.7.7.261 CVE
CVE-2025-69084
v2.7.7.252 CVEs
CVE-2025-69084 CVE-2025-47677
v2.7.7.243 CVEs
CVE-2025-24707 CVE-2025-69084 CVE-2025-47677
v2.7.7.233 CVEs
CVE-2025-24707 CVE-2025-69084 CVE-2025-47677
Code Analysis
Analyzed Mar 16, 2026

Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
47
111 escaped
Nonce Checks
9
Capability Checks
26
File Operations
8
External Requests
9
Bundled Libraries
0

Output Escaping

70% escaped158 total outputs
Data Flows · Security
5 unsanitized

Data Flow Analysis

6 flows5 with unsanitized paths
admin_notices (core\deprecated\gt3pg_updater.php:117)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery Attack Surface

Entry Points8
Unprotected1

AJAX Handlers 5

authwp_ajax_cpt-gt3_gallery--save_settingscore\cpt\gallery\init.php:49
authwp_ajax_cpt-gt3_gallery--flush_rewritecore\cpt\gallery\init.php:50
authwp_ajax_gt3pg_disable_notice_pro_required_updatecore\deprecated\notice.php:4
authwp_ajax_gt3_lite_usage_controlcore\usage\index.php:37
authwp_ajax_gt3pg_disable_noticenotice.php:58

REST API Routes 1

GET/wp-json/gt3/v1/block-renderergt3pg-pro/shortcodecore\cpt\gallery\init.php:339

Shortcodes 2

[gallery] core\actions.php:25
[gt3-gallery] core\cpt\gallery\init.php:252
WordPress Hooks 108
actioninitconfig.php:7
filtergt3pg_before_render_thumb_typecore\actions\gt3pg_before_render_thumb_type.php:6
actionenqueue_block_editor_assetscore\actions\gt3pg_enqueue_scripts.php:9
actionwp_enqueue_scriptscore\actions\gt3pg_enqueue_scripts.php:83
actionwp_footercore\actions\gt3pg_gallery_shortcode.php:24
filtergt3_admin_mix_tabs_controlscore\actions\gt3_admin_mix_tabs_controls.php:6
filtergt3_before_admin_panel_tabs_controlscore\actions\gt3_before_admin_panel_tabs_controls.php:6
filterimage_size_names_choose1core\actions\image_size_names_choose.php:7
filtergt3pg_render_image_output_filecore\actions\render\file.php:5
filtergt3pg_before_render_linkcore\actions\render\file.php:17
filtergt3pg_render_image_output_lightboxcore\actions\render\lightbox.php:7
filtergt3pg_before_render_linkcore\actions\render\lightbox.php:23
filtergt3pg_after_render_gallery_lightboxcore\actions\render\lightbox.php:30
filtergt3pg_before_render_linkcore\actions\render\none.php:6
filtergt3pg_render_image_output_postcore\actions\render\post.php:6
filtergt3pg_before_render_linkcore\actions\render\post.php:16
actionwp_headcore\actions.php:22
filterthe_contentcore\actions.php:27
filterattachment_fields_to_savecore\actions.php:29
filterattachment_fields_to_editcore\actions.php:31
actionwp_footercore\actions.php:33
filterblock_categories_allcore\actions.php:51
filterblock_categoriescore\actions.php:52
actioninitcore\block\class-basic.php:63
actionrest_api_initcore\block\class-basic.php:105
filtermax_srcset_image_widthcore\block\traits\trait-get-attachment-image.php:21
filterupgrader_pre_downloadcore\class\fix_windows_edd.php:7
filterwp_unique_filenamecore\class\fix_windows_edd.php:11
actionafter_setup_themecore\class-assets.php:63
actionelementor/frontend/before_enqueue_scriptscore\class-assets.php:70
actionenqueue_block_assetscore\class-assets.php:71
actionwp_enqueue_scriptscore\class-assets.php:72
actionelementor/editor/before_enqueue_scriptscore\class-assets.php:75
actionenqueue_block_editor_assetscore\class-assets.php:76
actionelementor/preview/enqueue_stylescore\class-assets.php:77
actionwp_enqueue_scriptscore\class-assets.php:79
actionenqueue_block_assetscore\class-assets.php:80
actionelementor/frontend/before_enqueue_scriptscore\class-assets.php:81
actionadmin_print_stylescore\class-assets.php:94
filterwp_kses_allowed_htmlcore\class-lazy-images.php:24
actionwp_headcore\class-lazy-images.php:25
filterjetpack_lazy_images_skip_image_with_attributescore\class-lazy-images.php:29
filterwp_get_attachment_image_attributescore\class-lazy-images.php:30
actioninitcore\class-settings.php:28
actiondelete_attachmentcore\class-settings.php:261
filterwp_handle_uploadcore\class-settings.php:263
filterwp_generate_attachment_metadatacore\class-watermark.php:21
actioninitcore\cpt\gallery\init.php:254
filterparent_filecore\cpt\gallery\init.php:255
actionadmin_menucore\cpt\gallery\init.php:257
actionadd_meta_boxescore\cpt\gallery\init.php:261
actionsave_postcore\cpt\gallery\init.php:262
actionadmin_enqueue_scriptscore\cpt\gallery\init.php:263
filterpost_updated_messagescore\cpt\gallery\init.php:264
filterthe_contentcore\cpt\gallery\init.php:265
filtersingle_template_hierarchycore\cpt\gallery\init.php:266
actionrest_api_initcore\cpt\gallery\init.php:269
filteruse_block_editor_for_post_typecore\cpt\gallery\init.php:278
filtertemplate_includecore\cpt\gallery\init.php:289
actionpre_get_postscore\cpt\gallery\init.php:310
actionload-post.phpcore\cpt\gallery\init.php:531
actionload-post-new.phpcore\cpt\gallery\init.php:532
filtermce_external_pluginscore\cpt\gallery\init.php:1029
filtermce_buttons_4core\cpt\gallery\init.php:1030
actionadmin_noticescore\deprecated\gt3pg_updater.php:70
actionadmin_initcore\deprecated\gt3pg_updater.php:78
actionadmin_initcore\deprecated\gt3pg_updater.php:79
actionadmin_noticescore\deprecated\gt3pg_updater.php:81
actionadmin_initcore\deprecated\gt3pg_updater.php:87
filtergt3pg_admin_licencecore\deprecated\gt3pg_updater.php:91
filterpre_set_site_transient_update_pluginscore\deprecated\GT3_EDD_SL_Plugin_Updater.php:63
filterplugins_apicore\deprecated\GT3_EDD_SL_Plugin_Updater.php:64
actionadmin_initcore\deprecated\GT3_EDD_SL_Plugin_Updater.php:67
filterpre_set_site_transient_update_pluginscore\deprecated\GT3_EDD_SL_Plugin_Updater.php:190
actionadmin_noticescore\deprecated\notice.php:15
actionelementor/initcore\elementor\class-core.php:47
actionwp_enqueue_scriptscore\elementor\class-core.php:69
actionadmin_enqueue_scriptscore\elementor\class-core.php:70
actionelementor/elements/categories_registeredcore\elementor\class-core.php:72
actionelementor/controls/registercore\elementor\class-core.php:73
actionelementor/editor/after_enqueue_scriptscore\elementor\class-core.php:75
actionelementor/editor/after_enqueue_stylescore\elementor\class-core.php:76
actionelementor/frontend/after_enqueue_scriptscore\elementor\class-core.php:77
actionelementor/frontend/after_enqueue_stylescore\elementor\class-core.php:78
actionelementor/widgets/registercore\elementor\widgets\class-widget-base.php:54
actioninitcore\gutenberg_support.php:76
actionrest_api_initcore\rest_api.php:25
actionsave_postcore\usage\class-blocks.php:44
filterdo_shortcode_tagcore\usage\class-shortcode.php:24
actionwp_footercore\usage\class-shortcode.php:25
actioninitcore\usage\index.php:32
actionadmin_noticescore\usage\index.php:36
filtercron_schedulescore\usage\index.php:124
actiongt3pg_lite_single_event_usagecore\usage\index.php:126
actionadmin_noticesgt3-photo-video-gallery.php:20
actionplugins_loadedgt3-photo-video-gallery.php:43
actiongt3pg_activation_hookgt3-photo-video-gallery.php:68
actionadmin_initgt3-photo-video-gallery.php:69
actionadmin_print_scripts-toplevel_page_gt3_photo_gallery_optionsnotice.php:56
actionadmin_print_stylesnotice.php:57
actionadmin_noticesnotice.php:95
actionadmin_noticesnotice.php:97
filtermailpoet_conflict_resolver_whitelist_styleplugin.php:29
actionadmin_enqueue_scriptsplugin.php:37
actionadmin_menuplugin.php:75
filterplugin_row_metaplugin.php:142
filterplugin_action_linksplugin.php:167
actionadmin_noticesrate.php:12

Scheduled Events 1

gt3pg_lite_single_event_usage
Maintenance & Trust

Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery Maintenance & Trust

Maintenance Signals

WordPress version tested7.0
Last updatedMar 31, 2026
PHP min version8.0
Downloads551K

Community Trust

Rating96/100
Number of ratings146
Active installs10K
Alternatives

Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery Alternatives

Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery

Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery

nextgen-gallery

B
76

The most popular gallery plugin that lets you create galleries and albums in seconds.

400K 38 CVEs
Photo Gallery by 10Web – Mobile-Friendly Image Gallery

Photo Gallery by 10Web – Mobile-Friendly Image Gallery

photo-gallery

B
75

Photo Gallery is a powerful image gallery plugin with a list of advanced options for creating responsive image galleries with beautiful lightbox.

200K 62 CVEs
Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More

Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More

envira-gallery-lite

A
95

Envira Gallery is a fast, easy and powerful gallery builder with lightbox, masonry and grid layouts, albums, videos, and responsive displays and more

100K 11 CVEs
Visual Portfolio, Photo Gallery & Post Grid

Visual Portfolio, Photo Gallery & Post Grid

visual-portfolio

A
93

Powerful WordPress gallery plugin for stunning photo, video & album galleries with advanced layouts and flexible block editing.

60K 4 CVEs
Robo Gallery – Photo & Image Slider

Robo Gallery – Photo & Image Slider

robo-gallery

B
83

Robo Gallery is a powerful image gallery and photo gallery plugin with advanced features to create responsive galleries with a beautiful lightbox

40K 19 CVEs
Developer Profile

Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery Developer Profile

gt3themes

1 plugin · 10K total installs

91
trust score
Avg Security Score
95/100
Avg Patch Time
12 days
View full developer profile
Detection Fingerprints

How We Detect Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gt3-photo-video-gallery/dist/js/deprecated/editor.js/wp-content/plugins/gt3-photo-video-gallery/dist/css/deprecated/editor.css/wp-content/plugins/gt3-photo-video-gallery/dist/js/deprecated/frontend.js/wp-content/plugins/gt3-photo-video-gallery/dist/css/deprecated/frontend.css/wp-content/plugins/gt3-photo-video-gallery/dist/js/isotope.pkgd.min.js
Script Paths
/wp-content/plugins/gt3-photo-video-gallery/dist/js/deprecated/editor.js/wp-content/plugins/gt3-photo-video-gallery/dist/js/deprecated/frontend.js/wp-content/plugins/gt3-photo-video-gallery/dist/js/isotope.pkgd.min.js
Version Parameters
gt3-photo-video-gallery/dist/js/deprecated/editor.js?ver=gt3-photo-video-gallery/dist/css/deprecated/editor.css?ver=gt3-photo-video-gallery/dist/js/deprecated/frontend.js?ver=gt3-photo-video-gallery/dist/css/deprecated/frontend.css?ver=gt3-photo-video-gallery/dist/js/isotope.pkgd.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
gt3-gallery-wrapgt3_gallery_itemgt3-gallery-content
HTML Comments
<!-- Exit if accessed directly --><!-- GT3 PG -->
Data Attributes
data-gt3-gallery-iddata-gallery-iddata-type
JS Globals
gt3pg_litegt3pg_ajax
REST Endpoints
/wp-json/gt3pg/v1/gallery
Shortcode Output
<div class='gt3-gallery-wrap'
FAQ

Frequently Asked Questions about Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery