IS Photo Gallery Security & Risk Analysis
wordpress.org/plugins/is-photo-galleryPicture gallery with Lightbox popups. Uses images from either the Wordpress Media Library or an uploaded directory of images.
Is IS Photo Gallery Safe to Use in 2026?
Generally Safe
Score 85/100IS Photo Gallery has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "is-photo-gallery" v1.0 plugin exhibits a generally good security posture, adhering to several best practices. The absence of known CVEs and a clean vulnerability history suggest a history of responsible development or a lack of prior exploitation. The code analysis reveals no dangerous functions, no direct SQL queries (all prepared statements), no file operations, and no external HTTP requests, which are all positive indicators. The presence of nonce and capability checks, although minimal, is also encouraging.
However, there are significant concerns regarding output escaping. With 42 total outputs, only 5% are properly escaped. This indicates a high likelihood of cross-site scripting (XSS) vulnerabilities, as user-supplied data is likely being rendered without sufficient sanitization. While the attack surface is small and no unprotected entry points were found, the weak output escaping is a critical weakness that could be exploited to inject malicious scripts into the website.
In conclusion, while the plugin benefits from a clean vulnerability history and the avoidance of common risky patterns like raw SQL and external requests, the severe lack of output escaping presents a substantial security risk. This is the most prominent weakness that needs immediate attention. Future development should prioritize robust output sanitization.
Key Concerns
- High percentage of unescaped output
IS Photo Gallery Security Vulnerabilities
IS Photo Gallery Code Analysis
Output Escaping
Data Flow Analysis
IS Photo Gallery Attack Surface
Shortcodes 1
WordPress Hooks 5
Maintenance & Trust
IS Photo Gallery Maintenance & Trust
Maintenance Signals
Community Trust
IS Photo Gallery Alternatives
PiwigoPress
piwigopress
From any open API Piwigo gallery, swiftly include your photos in Posts/Pages and/or add randomized thumbnails and menus in your sidebar.
IS Circular Photo Gallery
is-circular-photo-gallery
Circle style picture gallery with Lightbox popups. Uses images from either the Wordpress Media Library or an uploaded directory of images.
WP-Polaroid Plus
polaroid-plus-gallery
Polaroid Plus style picture gallery with Lightbox popups. Uses images from either the Wordpress Media Library or an uploaded directory of images.
Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress
gallery-plugin
Add beautiful, fully responsive galleries, albums, images, and categories to your WordPress website quickly and easily. Showcase your portfolio, photo …
Social Photo Fetcher
facebook-photo-fetcher
Allows you to automatically create Wordpress photo galleries from Facebook albums. Simple to use and highly customizable.
IS Photo Gallery Developer Profile
3 plugins · 40 total installs
How We Detect IS Photo Gallery
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/is-photo-gallery/js/is3d-gallery.js/wp-content/plugins/is-photo-gallery/css/style.css/wp-content/plugins/is-photo-gallery/img/loading.gif/wp-content/plugins/is-photo-gallery/js/is3d-gallery.jsis-photo-gallery/js/is3d-gallery.js?ver=is-photo-gallery/css/style.css?ver=HTML / DOM Fingerprints
is3d_imageflowis3d_loadingis3d_imagesis3d_captionsis3d_slideris3d_scrollbaris3d_imageflow_noscriptis3d_largerimages<!-- WP-IS Photo gallery shortcode handler --><!-- Start output --><!-- Add images --><!-- What does the carousel image link to? -->+4 moredata-style="is3d_lightbox"data-descriptionis3dgallery[wp-is3dphoto]