Does MaxGalleria have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is MaxGalleria compatible with WordPress 6.9.4?

According to WordPress.org data, MaxGalleria 6.5.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is MaxGalleria updated?

MaxGalleria was last updated on Dec 4, 2025. Frequent updates are generally a positive security signal.

What is MaxGalleria's security score?

MaxGalleria has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

MaxGalleria Security & Risk Analysis

wordpress.org/plugins/maxgalleria

Responsive WordPress Gallery plugin with built in Slider and Lightbox

2K active installs v6.5.1 PHP + WP 3.9+ Updated Dec 4, 2025

best-responsive-gallerygallery-pluginslick-slider

A · Safe

CVEs total3

Unpatched0

Last CVEJun 18, 2024

Plugin page Download

Safety Verdict

Is MaxGalleria Safe to Use in 2026?

Generally Safe

Score 98/100

MaxGalleria has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

3 known CVEsLast CVE: Jun 18, 2024Updated 5mo ago

Risk Assessment

The maxgalleria plugin version 6.5.1 presents a mixed security posture. While it demonstrates good practices like a high percentage of prepared SQL statements and properly escaped outputs, significant concerns remain. The presence of 6 AJAX handlers without authentication checks exposes a substantial attack surface, a key area of risk. Furthermore, taint analysis revealed 3 high-severity flows with unsanitized paths, indicating potential for injection vulnerabilities even if no critical severity issues were found. The plugin's vulnerability history shows 3 medium-severity CVEs, primarily related to Cross-Site Scripting and Missing Authorization. The fact that all historical vulnerabilities are currently patched is a positive sign, but the recurring nature of these vulnerability types suggests a need for more robust input validation and authorization checks within the codebase.

Key Concerns

Unprotected AJAX handlers
High severity unsanitized taint flows
Medium severity vulnerabilities in history

Vulnerabilities

3 published

MaxGalleria Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

2 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2024-5970medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MaxGalleria <= 6.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via maxgallery_thumb Shortcode

Jun 18, 2024 Patched in 6.4.5 (1d)

CVE-2024-3581medium · 4.3Missing Authorization

MaxGalleria <= 6.4.2 - Missing Authorization

Apr 19, 2024 Patched in 6.4.3 (14d)

CVE-2022-25603medium · 4.8Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MaxGalleria <= 6.2.5 - Stored Cross-Site Scripting

Feb 22, 2022 Patched in 6.2.7 (700d)

Version History

MaxGalleria Release Timeline

v6.5.1Current

v6.5.0

v6.4.9

v6.4.8

v6.4.7

v6.4.6

v6.4.5

v6.4.41 CVE

CVE-2024-5970

v6.4.31 CVE

CVE-2024-5970

v6.4.22 CVEs

CVE-2024-3581 CVE-2024-5970

v6.4.02 CVEs

CVE-2024-3581 CVE-2024-5970

v6.3.92 CVEs

CVE-2024-3581 CVE-2024-5970

v6.3.82 CVEs

CVE-2024-3581 CVE-2024-5970

v6.3.72 CVEs

CVE-2024-3581 CVE-2024-5970

v6.3.62 CVEs

CVE-2024-3581 CVE-2024-5970

v6.3.52 CVEs

CVE-2024-3581 CVE-2024-5970

v6.3.32 CVEs

CVE-2024-3581 CVE-2024-5970

v6.3.22 CVEs

CVE-2024-3581 CVE-2024-5970

v6.3.12 CVEs

CVE-2024-3581 CVE-2024-5970

v6.3.02 CVEs

CVE-2024-3581 CVE-2024-5970

Code Analysis

Analyzed Mar 16, 2026

MaxGalleria Code Analysis

Dangerous Functions

Raw SQL Queries

22 prepared

Unescaped Output

152

3414 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TinyMCE

SQL Query Safety

92% prepared24 total queries

Output Escaping

96% escaped3566 total outputs

Data Flows · Security

9 unsanitized

Data Flow Analysis

15 flows9 with unsanitized paths

set_admin_notice_true (maxgalleria-admin.php:93)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

MaxGalleria Attack Surface

Entry Points72

Unprotected6

AJAX Handlers 70

authwp_ajax_save_youtube_settingsaddons\media-sources\youtube\youtube.php:42

noprivwp_ajax_save_youtube_settingsaddons\media-sources\youtube\youtube.php:43

authwp_ajax_save_image_tiles_defaultsaddons\templates\image-tiles\image-tiles.php:24

noprivwp_ajax_save_image_tiles_defaultsaddons\templates\image-tiles\image-tiles.php:25

authwp_ajax_save_video_tiles_defaultsaddons\templates\video-tiles\video-tiles.php:24

noprivwp_ajax_save_video_tiles_defaultsaddons\templates\video-tiles\video-tiles.php:25

authwp_ajax_add_media_library_images_to_gallerymaxgalleria-image-gallery.php:59

noprivwp_ajax_add_media_library_images_to_gallerymaxgalleria-image-gallery.php:60

authwp_ajax_include_single_image_in_gallerymaxgalleria-image-gallery.php:63

noprivwp_ajax_include_single_image_in_gallerymaxgalleria-image-gallery.php:64

authwp_ajax_include_bulk_images_in_gallerymaxgalleria-image-gallery.php:67

noprivwp_ajax_include_bulk_images_in_gallerymaxgalleria-image-gallery.php:68

authwp_ajax_exclude_single_image_from_gallerymaxgalleria-image-gallery.php:71

noprivwp_ajax_exclude_single_image_from_gallerymaxgalleria-image-gallery.php:72

authwp_ajax_exclude_bulk_images_from_gallerymaxgalleria-image-gallery.php:75

noprivwp_ajax_exclude_bulk_images_from_gallerymaxgalleria-image-gallery.php:76

authwp_ajax_remove_single_image_from_gallerymaxgalleria-image-gallery.php:79

noprivwp_ajax_remove_single_image_from_gallerymaxgalleria-image-gallery.php:80

authwp_ajax_remove_bulk_images_from_gallerymaxgalleria-image-gallery.php:83

noprivwp_ajax_remove_bulk_images_from_gallerymaxgalleria-image-gallery.php:84

authwp_ajax_reorder_imagesmaxgalleria-image-gallery.php:87

noprivwp_ajax_reorder_imagesmaxgalleria-image-gallery.php:88

authwp_ajax_crop_imagemaxgalleria-image-gallery.php:90

noprivwp_ajax_crop_imagemaxgalleria-image-gallery.php:91

noprivwp_ajax_mg_hide_template_admaxgalleria-meta.php:7

authwp_ajax_mg_hide_template_admaxgalleria-meta.php:8

noprivwp_ajax_mg_hide_gallery_admaxgalleria-meta.php:10

authwp_ajax_mg_hide_gallery_admaxgalleria-meta.php:11

authwp_ajax_save_new_gallery_typemaxgalleria-new-gallery.php:4

noprivwp_ajax_save_new_gallery_typemaxgalleria-new-gallery.php:5

authwp_ajax_import_nextgen_gallerymaxgalleria-nextgen.php:10

noprivwp_ajax_import_nextgen_gallerymaxgalleria-nextgen.php:11

authwp_ajax_get_nextgen_import_percentmaxgalleria-nextgen.php:14

noprivwp_ajax_get_nextgen_import_percentmaxgalleria-nextgen.php:15

authwp_ajax_reset_nextgen_importmaxgalleria-nextgen.php:18

noprivwp_ajax_reset_nextgen_importmaxgalleria-nextgen.php:19

authwp_ajax_save_general_settingsmaxgalleria-settings.php:11

noprivwp_ajax_save_general_settingsmaxgalleria-settings.php:12

authwp_ajax_include_single_video_in_gallerymaxgalleria-video-gallery.php:59

noprivwp_ajax_include_single_video_in_gallerymaxgalleria-video-gallery.php:60

authwp_ajax_include_bulk_videos_in_gallerymaxgalleria-video-gallery.php:63

noprivwp_ajax_include_bulk_videos_in_gallerymaxgalleria-video-gallery.php:64

authwp_ajax_exclude_single_video_from_gallerymaxgalleria-video-gallery.php:67

noprivwp_ajax_exclude_single_video_from_gallerymaxgalleria-video-gallery.php:68

authwp_ajax_exclude_bulk_videos_from_gallerymaxgalleria-video-gallery.php:71

noprivwp_ajax_exclude_bulk_videos_from_gallerymaxgalleria-video-gallery.php:72

authwp_ajax_remove_single_video_from_gallerymaxgalleria-video-gallery.php:75

noprivwp_ajax_remove_single_video_from_gallerymaxgalleria-video-gallery.php:76

authwp_ajax_remove_bulk_videos_from_gallerymaxgalleria-video-gallery.php:79

noprivwp_ajax_remove_bulk_videos_from_gallerymaxgalleria-video-gallery.php:80

authwp_ajax_reorder_videosmaxgalleria-video-gallery.php:83

noprivwp_ajax_reorder_videosmaxgalleria-video-gallery.php:84

noprivwp_ajax_mg_get_image_infomaxgalleria.php:733

authwp_ajax_mg_get_image_infomaxgalleria.php:734

noprivwp_ajax_mg_save_image_infomaxgalleria.php:736

authwp_ajax_mg_save_image_infomaxgalleria.php:737

noprivwp_ajax_mg_display_bulk_editmaxgalleria.php:739

authwp_ajax_mg_display_bulk_editmaxgalleria.php:740

noprivwp_ajax_mg_save_bulk_infomaxgalleria.php:742

authwp_ajax_mg_save_bulk_infomaxgalleria.php:743

noprivwp_ajax_mg_get_video_infomaxgalleria.php:745

authwp_ajax_mg_get_video_infomaxgalleria.php:746

noprivwp_ajax_mg_save_video_infomaxgalleria.php:748

authwp_ajax_mg_save_video_infomaxgalleria.php:749

noprivwp_ajax_mg_display_bulk_videomaxgalleria.php:751

authwp_ajax_mg_display_bulk_videomaxgalleria.php:752

noprivwp_ajax_mg_save_bulk_videomaxgalleria.php:754

authwp_ajax_mg_save_bulk_videomaxgalleria.php:755

noprivwp_ajax_mg_add_videosmaxgalleria.php:757

authwp_ajax_mg_add_videosmaxgalleria.php:758

Shortcodes 2

[maxgallery_thumb] maxgalleria-shortcode-thumb.php:4

[maxgallery] maxgalleria-shortcode.php:4

WordPress Hooks 44

filtermaxgalleria_video_api_urladdons\media-sources\youtube\youtube.php:36

filtermaxgalleria_video_thumb_urladdons\media-sources\youtube\youtube.php:37

filtermaxgalleria_video_embed_codeaddons\media-sources\youtube\youtube.php:38

filtermaxgalleria_video_attachmentaddons\media-sources\youtube\youtube.php:39

actionmaxgalleria_video_attachment_post_metaaddons\media-sources\youtube\youtube.php:40

actionsave_postaddons\templates\image-tiles\image-tiles.php:22

actionmaxgalleria_template_optionsaddons\templates\image-tiles\image-tiles.php:23

actionsave_postaddons\templates\video-tiles\video-tiles.php:22

actionmaxgalleria_template_optionsaddons\templates\video-tiles\video-tiles.php:23

actionadmin_menumaxgalleria-admin.php:4

actionadd_meta_boxesmaxgalleria-meta.php:4

actionsave_postmaxgalleria-meta.php:5

actionadmin_enqueue_scriptsmaxgalleria-meta.php:13

filterembed_oembed_htmlmaxgalleria-video-gallery.php:87

filternext_posts_link_attributesmaxgalleria-video-gallery.php:88

filterprevious_posts_link_attributesmaxgalleria-video-gallery.php:89

actioninitmaxgalleria.php:685

actioninitmaxgalleria.php:686

actioninitmaxgalleria.php:687

filterplugin_action_linksmaxgalleria.php:688

actionadmin_print_scriptsmaxgalleria.php:689

actionadmin_print_stylesmaxgalleria.php:690

actionadmin_headmaxgalleria.php:691

actionadmin_menumaxgalleria.php:692

actionmanage_posts_custom_columnmaxgalleria.php:695

filterrequestmaxgalleria.php:696

filtermedia_upload_tabsmaxgalleria.php:697

filtermedia_view_stringsmaxgalleria.php:698

filterpost_mime_typesmaxgalleria.php:699

filterupload_mimesmaxgalleria.php:700

actionmedia_buttonsmaxgalleria.php:701

actionadmin_footermaxgalleria.php:702

actionwidgets_initmaxgalleria.php:703

actionafter_switch_thememaxgalleria.php:704

actionpre_get_postsmaxgalleria.php:707

actionadmin_menumaxgalleria.php:711

actionadmin_headmaxgalleria.php:724

actionenqueue_block_editor_assetsmaxgalleria.php:729

filterquery_varsmaxgalleria.php:731

filtersafe_style_cssmaxgalleria.php:761

filterposts_groupbymaxgalleria.php:810

actionadmin_noticesmaxgalleria.php:914

actionadmin_noticesmaxgalleria.php:920

filteradmin_body_classmaxgalleria.php:1031

Maintenance & Trust

MaxGalleria Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 4, 2025

PHP min version

Downloads202K

Community Trust

Rating88/100

Number of ratings64

Active installs2K

Alternatives

MaxGalleria Alternatives

Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery

nextgen-gallery

The most popular gallery plugin that lets you create galleries and albums in seconds.

400K 38 CVEs

Photo Gallery by 10Web – Mobile-Friendly Image Gallery

photo-gallery

Photo Gallery is a powerful image gallery plugin with a list of advanced options for creating responsive image galleries with beautiful lightbox.

200K 62 CVEs

Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More

envira-gallery-lite

Envira Gallery is a fast, easy and powerful gallery builder with lightbox, masonry and grid layouts, albums, videos, and responsive displays and more

100K 11 CVEs

Modula Image Gallery – Photo Grid & Video Gallery

modula-best-grid-gallery

Create responsive image galleries with drag-and-drop grid builder. Custom layouts, video support, AI optimization. Works with any theme.

100K 15 CVEs

Visual Portfolio, Photo Gallery & Post Grid

visual-portfolio

Powerful WordPress gallery plugin for stunning photo, video & album galleries with advanced layouts and flexible block editing.

60K 4 CVEs

Developer Profile

MaxGalleria Developer Profile

maxfoundry

5 plugins · 103K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

423 days

View full developer profile

Detection Fingerprints

How We Detect MaxGalleria

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/maxgalleria/css/jquery.bxslider.css/wp-content/plugins/maxgalleria/css/maxgalleria.css/wp-content/plugins/maxgalleria/css/styles.css/wp-content/plugins/maxgalleria/js/jquery.bxslider.js/wp-content/plugins/maxgalleria/js/jquery.isotope.min.js/wp-content/plugins/maxgalleria/js/masonry.pkgd.min.js/wp-content/plugins/maxgalleria/js/maxgalleria.js/wp-content/plugins/maxgalleria/js/maxgalleria-admin.js+2 more

Script Paths

/wp-content/plugins/maxgalleria/js/jquery.bxslider.js/wp-content/plugins/maxgalleria/js/jquery.isotope.min.js/wp-content/plugins/maxgalleria/js/masonry.pkgd.min.js/wp-content/plugins/maxgalleria/js/maxgalleria.js/wp-content/plugins/maxgalleria/js/maxgalleria-admin.js/wp-content/plugins/maxgalleria/js/swipebox/js/jquery.swipebox.min.js+1 more

Version Parameters

maxgalleria/css/jquery.bxslider.css?ver=maxgalleria/css/maxgalleria.css?ver=maxgalleria/css/styles.css?ver=maxgalleria/js/jquery.bxslider.js?ver=maxgalleria/js/jquery.isotope.min.js?ver=maxgalleria/js/masonry.pkgd.min.js?ver=maxgalleria/js/maxgalleria.js?ver=maxgalleria/js/maxgalleria-admin.js?ver=maxgalleria/js/swipebox/js/jquery.swipebox.min.js?ver=maxgalleria/js/fancybox/jquery.fancybox.pack.js?ver=

HTML / DOM Fingerprints

CSS Classes

maxgalleria-containermg-gallery-settingsmaxgalleria-gallery-optionsmaxgalleria-gallery-itemmg-gallery-display-optionsmaxgalleria-video-item

HTML Comments

+6 more

Data Attributes

data-maxgalleria-iddata-maxgalleria-templatedata-maxgalleria-typedata-maxgalleria-filterdata-maxgalleria-layout

JS Globals

maxgalleria_params

REST Endpoints

/wp-json/maxgalleria/v1/galleries

Shortcode Output

[maxgallery id="[maxgallery name="

FAQ

MaxGalleria Security & Risk Analysis

Is MaxGalleria Safe to Use in 2026?

Generally Safe

Key Concerns

MaxGalleria Security Vulnerabilities

CVEs by Year

Severity Breakdown

MaxGalleria Release Timeline

MaxGalleria Code Analysis

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

MaxGalleria Attack Surface

AJAX Handlers 70

Shortcodes 2

MaxGalleria Maintenance & Trust

Maintenance Signals

Community Trust

MaxGalleria Alternatives

Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery

Photo Gallery by 10Web – Mobile-Friendly Image Gallery

Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More

Modula Image Gallery – Photo Grid & Video Gallery

Visual Portfolio, Photo Gallery & Post Grid

MaxGalleria Developer Profile

How We Detect MaxGalleria

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about MaxGalleria