LightSync Pro – Connect & Sync Cloud Assets | Lightroom, Canva, Figma, Dropbox & Shutterstock Security Review

Safety Verdict

Is LightSync Pro – Connect & Sync Cloud Assets | Lightroom, Canva, Figma, Dropbox & Shutterstock Safe to Use in 2026?

Generally Safe

Score 100/100

LightSync Pro – Connect & Sync Cloud Assets | Lightroom, Canva, Figma, Dropbox & Shutterstock has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 28d ago

Risk Assessment

The lightsyncpro plugin v2.1.6 exhibits a generally good security posture based on the static analysis. A significant strength is the absence of critical or high-severity issues in the taint analysis and the complete lack of known historical vulnerabilities. The plugin also demonstrates strong adherence to security best practices by properly escaping all output and consistently using prepared statements for the majority of its SQL queries (72%). Furthermore, all AJAX handlers and REST API routes have appropriate permission callbacks, indicating a robust approach to access control. The presence of 20 nonce checks and 16 capability checks further reinforces this positive outlook.

Despite these strengths, there are a few areas that warrant attention. The analysis revealed 3 flows with unsanitized paths, although these did not reach a critical or high severity. While the percentage of prepared statements for SQL queries is good, 28% are not prepared, which could represent a potential risk if not handled with extreme care. Additionally, the plugin performs 36 file operations and makes 57 external HTTP requests, which, while not inherently insecure, represent potential vectors for attack if not implemented with strict validation and sanitization.

In conclusion, lightsyncpro v2.1.6 appears to be a well-developed plugin from a security perspective, with a strong emphasis on preventing common vulnerabilities. The historical lack of CVEs is a significant positive indicator. The identified issues, such as unsanitized paths and non-prepared SQL queries, are areas for minor improvement rather than immediate critical threats, especially given their current non-critical severity. Continued vigilance and adherence to secure coding practices are recommended.

Key Concerns

Unsanitized paths found
SQL queries without prepared statements (28%)

Vulnerabilities

None known

LightSync Pro – Connect & Sync Cloud Assets | Lightroom, Canva, Figma, Dropbox & Shutterstock Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

LightSync Pro – Connect & Sync Cloud Assets | Lightroom, Canva, Figma, Dropbox & Shutterstock Code Analysis

Dangerous Functions

0

Raw SQL Queries

10

26 prepared

Unescaped Output

0

103 escaped

Nonce Checks

20

Capability Checks

16

File Operations

36

External Requests

57

Bundled Libraries

0

SQL Query Safety

72% prepared36 total queries

Output Escaping

100% escaped103 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

17 flows3 with unsanitized paths

handle_connection_callback (includes\oauth\class-figma-oauth.php:214)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

LightSync Pro – Connect & Sync Cloud Assets | Lightroom, Canva, Figma, Dropbox & Shutterstock Attack Surface

Entry Points16

Unprotected0

AJAX Handlers 16

authwp_ajax_lsp_send_test_digestincludes\admin\class-weekly-digest.php:35

authwp_ajax_lsp_ai_get_modelsincludes\ai\class-ai-generate.php:35

authwp_ajax_lsp_ai_generateincludes\ai\class-ai-generate.php:38

authwp_ajax_lsp_ai_commitincludes\ai\class-ai-generate.php:41

authwp_ajax_lsp_ai_regenerateincludes\ai\class-ai-generate.php:44

authwp_ajax_lsp_ai_versionsincludes\ai\class-ai-generate.php:47

authwp_ajax_lsp_ai_rollbackincludes\ai\class-ai-generate.php:48

authwp_ajax_lsp_ai_reoptimizeincludes\ai\class-ai-generate.php:51

authwp_ajax_lsp_ai_browseincludes\ai\class-ai-generate.php:54

authwp_ajax_lsp_ai_push_destinationsincludes\ai\class-ai-generate.php:57

authwp_ajax_lsp_ai_background_syncincludes\ai\class-ai-generate.php:60

authwp_ajax_lsp_ai_background_statusincludes\ai\class-ai-generate.php:61

authwp_ajax_lightsync_relink_attachmentincludes\sync\class-sync.php:26

authwp_ajax_lightsync_unlink_attachmentincludes\sync\class-sync.php:27

authwp_ajax_lightsync_relink_candidatesincludes\sync\class-sync.php:28

authwp_ajax_lightsync_switch_sourceincludes\sync\class-sync.php:29

WordPress Hooks 48

filtercron_schedulesincludes\admin\class-weekly-digest.php:22

actionlsp_ai_background_sync_tickincludes\ai\class-ai-generate.php:64

actioninitincludes\blocks\class-gallery-block.php:9

filterwp_editor_set_qualityincludes\compress\class-avif-php.php:52

actionadmin_initincludes\oauth\class-canva-oauth.php:19

actioninitincludes\oauth\class-canva-oauth.php:22

actionadmin_noticesincludes\oauth\class-canva-oauth.php:61

actionadmin_noticesincludes\oauth\class-canva-oauth.php:80

actionadmin_noticesincludes\oauth\class-canva-oauth.php:92

actionadmin_noticesincludes\oauth\class-canva-oauth.php:110

actionadmin_initincludes\oauth\class-dropbox-oauth.php:19

actioninitincludes\oauth\class-dropbox-oauth.php:22

actionadmin_noticesincludes\oauth\class-dropbox-oauth.php:60

actionadmin_noticesincludes\oauth\class-dropbox-oauth.php:79

actionadmin_noticesincludes\oauth\class-dropbox-oauth.php:91

actionadmin_noticesincludes\oauth\class-dropbox-oauth.php:108

actionadmin_initincludes\oauth\class-figma-oauth.php:28

actioninitincludes\oauth\class-figma-oauth.php:31

actionadmin_noticesincludes\oauth\class-figma-oauth.php:237

actionadmin_noticesincludes\oauth\class-figma-oauth.php:250

actionadmin_noticesincludes\oauth\class-figma-oauth.php:270

actionrest_api_initincludes\oauth\class-oauth.php:18

actioninitincludes\oauth\class-oauth.php:21

actionadmin_initincludes\oauth\class-openrouter-oauth.php:39

actionadmin_initincludes\oauth\class-shutterstock-oauth.php:21

actionadmin_noticesincludes\oauth\class-shutterstock-oauth.php:58

actionadmin_noticesincludes\oauth\class-shutterstock-oauth.php:77

actionadmin_noticesincludes\oauth\class-shutterstock-oauth.php:89

actionadmin_noticesincludes\oauth\class-shutterstock-oauth.php:106

actioninitincludes\sync\class-sync.php:23

actioninitincludes\sync\class-sync.php:24

actioninitincludes\sync\class-sync.php:25

actiondelete_attachmentincludes\sync\class-sync.php:30

filterget_terms_argsincludes\sync\class-sync.php:34

filtermanage_upload_columnsincludes\sync\class-sync.php:3600

filtermanage_upload_sortable_columnsincludes\sync\class-sync.php:3605

actionrestrict_manage_postsincludes\sync\class-sync.php:3611

actionpre_get_postsincludes\sync\class-sync.php:3629

actionmanage_media_custom_columnincludes\sync\class-sync.php:3680

filterattachment_fields_to_editincludes\sync\class-sync.php:3750

actionadmin_noticeslightsyncpro.php:41

actionadmin_initlightsyncpro.php:225

actionadmin_noticeslightsyncpro.php:228

filterwp_editor_set_qualitylightsyncpro.php:234

filterbig_image_size_thresholdlightsyncpro.php:235

actionplugins_loadedlightsyncpro.php:280

filterupload_mimeslightsyncpro.php:294

actiondelete_attachmentlightsyncpro.php:299

Scheduled Events 4

lsp_ai_background_sync_tick

Maintenance & Trust

LightSync Pro – Connect & Sync Cloud Assets | Lightroom, Canva, Figma, Dropbox & Shutterstock Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 6, 2026

PHP min version7.4

Downloads548

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

LightSync Pro – Connect & Sync Cloud Assets | Lightroom, Canva, Figma, Dropbox & Shutterstock Alternatives

Blank Slate

blank-slate

A

85

Provides a blank page template for use with WordPress page builders.

10K No CVEs

Meow Gallery

meow-gallery

A

93

Tired of slow, bloated gallery plugins? You've earned a coffee ☺️ Polished, beautiful galleries that are blazing fast.

10K 4 CVEs

ShiftNav – Responsive Mobile Menu

shiftnav-responsive-mobile-menu

A

98

Add a native-style, off-canvas, responsive mobile navigation menu to your site.

10K 2 CVEs

Photo Engine (Media Organizer & Lightroom)

wplr-sync

A

96

Organize your photos in folders and collections. Synchronize with Lightroom. Make your life easier! :)

2K 4 CVEs

Canvas Image Resize

canvas-image-resize

A

100

Re-sizes images right inside the browser BEFORE uploading them.

1K No CVEs

Developer Profile

LightSync Pro – Connect & Sync Cloud Assets | Lightroom, Canva, Figma, Dropbox & Shutterstock Developer Profile

lightsyncpro

1 plugin · 0 total installs

94

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect LightSync Pro – Connect & Sync Cloud Assets | Lightroom, Canva, Figma, Dropbox & Shutterstock

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/lightsyncpro/assets/css/admin.css/wp-content/plugins/lightsyncpro/assets/css/frontend.css/wp-content/plugins/lightsyncpro/assets/js/admin.js/wp-content/plugins/lightsyncpro/assets/js/frontend.js/wp-content/plugins/lightsyncpro/assets/js/blocks.js

Script Paths

/wp-content/plugins/lightsyncpro/assets/js/admin.js/wp-content/plugins/lightsyncpro/assets/js/frontend.js/wp-content/plugins/lightsyncpro/assets/js/blocks.js

Version Parameters

lightsyncpro/assets/css/admin.css?ver=lightsyncpro/assets/css/frontend.css?ver=lightsyncpro/assets/js/admin.js?ver=lightsyncpro/assets/js/frontend.js?ver=lightsyncpro/assets/js/blocks.js?ver=

HTML / DOM Fingerprints

CSS Classes

lsp-admin-notice

HTML Comments

Data Attributes

data-lsp-sync-enableddata-lsp-source-config

JS Globals

LightSyncAdminLightSyncFrontend

REST Endpoints

/wp-json/lsp-broker/v1/sync-gate

FAQ

LightSync Pro – Connect & Sync Cloud Assets | Lightroom, Canva, Figma, Dropbox & Shutterstock Security & Risk Analysis