Does Meow Gallery have any unpatched vulnerabilities?

No. All known vulnerabilities in Meow Gallery have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Meow Gallery compatible with WordPress 6.9.4?

According to WordPress.org data, Meow Gallery 5.4.5 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Meow Gallery compatible with PHP 7.4+?

Meow Gallery requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Meow Gallery updated?

Meow Gallery was last updated on Feb 25, 2026. Frequent updates are generally a positive security signal.

What is Meow Gallery's security score?

Meow Gallery has a WP-Safety security score of 93/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Meow Gallery Security & Risk Analysis

wordpress.org/plugins/meow-gallery

Tired of slow, bloated gallery plugins? You've earned a coffee ☺️ Polished, beautiful galleries that are blazing fast.

10K active installs v5.4.5 PHP 7.4+ WP 6.0+ Updated Feb 25, 2026

blockgalleryimagelightroommasonry

A · Safe

CVEs total4

Unpatched0

Last CVEMay 7, 2025

Plugin page Download

Safety Verdict

Is Meow Gallery Safe to Use in 2026?

Generally Safe

Score 93/100

Meow Gallery has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: May 7, 2025Updated 1mo ago

Risk Assessment

The 'meow-gallery' v5.4.5 plugin exhibits a mixed security posture. On the positive side, the static analysis reveals no unprotected entry points into the plugin's functionality, which is a strong indicator of good security practices concerning attack surface management. The plugin also demonstrates a high percentage of properly escaped outputs and uses prepared statements for a majority of its SQL queries, suggesting an effort to mitigate common web vulnerabilities.

However, several areas raise concerns. The presence of 10 dangerous function calls, specifically 'unserialize', is a significant red flag, as unserialization of untrusted data can lead to remote code execution vulnerabilities. The lack of nonce checks, although not directly linked to a specific entry point in the static analysis, is a common oversight that could be exploited if certain functionalities were to be exposed or misconfigured. Furthermore, the plugin's vulnerability history is a notable concern. With 4 known CVEs, including two high-severity vulnerabilities in the past, it indicates a pattern of security weaknesses. While no CVEs are currently unpatched, the nature of past vulnerabilities (XSS, SQL Injection, Missing Authorization) suggests that the plugin has been a target and has required significant patching efforts.

In conclusion, while 'meow-gallery' v5.4.5 has made progress in securing its entry points and handling output, the 'unserialize' function and its historical vulnerability record warrant caution. The lack of nonce checks is a potential area for future exploitation. Users should remain vigilant and ensure they are always using the latest patched versions of the plugin to mitigate the risks associated with its past vulnerabilities.

Key Concerns

Dangerous function calls (unserialize)
No nonce checks
Past high severity vulnerabilities
Past medium severity vulnerabilities

Vulnerabilities

Meow Gallery Security Vulnerabilities

CVEs by Year

2 CVEs in 2021

2021

1 CVE in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

4 total CVEs

CVE-2025-47449medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Meow Gallery <= 5.2.7 - Authenticated (Author+) Stored Cross-Site Scripting

May 7, 2025 Patched in 5.2.8 (7d)

CVE-2024-4386medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Gallery Block (Meow Gallery) <= 5.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

May 8, 2024 Patched in 5.1.4 (2d)

CVE-2021-24465high · 8.1Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Meow Gallery (+ Gallery Block) <= 4.1.8 - SQL Injection

Sep 2, 2021 Patched in 4.1.9 (873d)

WF-67ae29ee-ec3d-41d2-8691-ba1c615d243d-meow-galleryhigh · 8.8Missing Authorization

Meow Gallery (+ Gallery Block) <= 4.1.9 - Missing Authorization to Arbitrary Options Update

Sep 2, 2021 Patched in 4.2.0 (873d)

Code Analysis

Analyzed Mar 16, 2026

Meow Gallery Code Analysis

Dangerous Functions

Raw SQL Queries

34 prepared

Unescaped Output

106 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$this->data[$r->id] = array( 'caption' => $r->caption,'meta' => unserialize( $r->meta ) );classes\builders\core.php:68

unserialize'meta' => unserialize( $r->meta ),classes\core.php:779

unserialize$collection['galleries_ids'] = unserialize( $collection['galleries_ids'] );classes\core.php:1173

unserialize'medias' => unserialize( $gallery['medias'] ),classes\core.php:1189

unserialize'posts' => $gallery['posts'] ? unserialize( $gallery['posts'] ) : null,classes\core.php:1194

unserialize$galleries_ids = unserialize( $collection['galleries_ids'] );classes\core.php:1242

unserialize'medias' => unserialize( $gallery['medias'] ),classes\core.php:1258

unserialize'posts' => $gallery['posts'] ? unserialize( $gallery['posts'] ) : null,classes\core.php:1263

unserialize'medias' => unserialize( $gallery['medias'] ),classes\rest.php:414

unserialize'posts' => $gallery['posts'] ? unserialize( $gallery['posts'] ) : null,classes\rest.php:417

SQL Query Safety

72% prepared47 total queries

Output Escaping

91% escaped116 total outputs

Attack Surface

Meow Gallery Attack Surface

Entry Points3

Unprotected0

Shortcodes 3

[meow-collection] classes\core.php:49

[gallery] classes\run.php:12

[meow-gallery] classes\run.php:13

WordPress Hooks 25

actionadmin_menuclasses\admin.php:10

actionadmin_enqueue_scriptsclasses\admin.php:13

filterwp_get_attachment_image_attributesclasses\core.php:37

actioninitclasses\core.php:53

actionadmin_noticesclasses\init.php:7

actionplugins_loadedclasses\migrations.php:9

actionrest_api_initclasses\rest.php:20

actioninitclasses\run.php:16

actionadmin_enqueue_scriptsclasses\run.php:17

actionwp_enqueue_scriptsclasses\run.php:19

actionmgl_gallery_createdclasses\run.php:21

actionmgl_collection_createdclasses\run.php:22

actionadmin_noticescommon\admin.php:72

filterplugin_row_metacommon\admin.php:77

filteredd_sl_api_request_verify_sslcommon\admin.php:78

actioninitcommon\admin.php:96

actionadmin_menucommon\admin.php:153

filteradmin_footer_textcommon\admin.php:158

actionadmin_footercommon\admin.php:218

actionadmin_headcommon\admin.php:456

actionadmin_noticescommon\news.php:43

filtersafe_style_csscommon\news.php:44

actionadmin_noticescommon\ratings.php:33

filtersafe_style_csscommon\ratings.php:34

actionrest_api_initcommon\rest.php:14

Maintenance & Trust

Meow Gallery Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 25, 2026

PHP min version7.4

Downloads491K

Community Trust

Rating98/100

Number of ratings193

Active installs10K

Alternatives

Meow Gallery Alternatives

Image Gallery Block – Create and display photo gallery/photo album.

3d-image-gallery

Image Gallery Block helps you create responsive photo galleries, masonry layouts, and 3D sliders. Offers professional layouts and lightbox effects.

2K 1 CVE

CTC Masonry Gallery 🎨

block-for-masonry-gallery

100

CTC Gallery is a versatile WordPress plugin that lets you create stunning Masonry image galleries using the Gutenberg Block editor.

1K No CVEs

Simple Block Gallery

simple-block-gallery

100

Add the effect of Masonry and Slider to images.

1K No CVEs

PhotoPress

photopress

Making WordPress work for photographers with beautiful image galleries, slideshows, meta-data tools, and more.

100 No CVEs

Visual Portfolio, Photo Gallery & Post Grid

visual-portfolio

Modern photo gallery and portfolio plugin with advanced layouts editor. Clean gallery styles with powerful settings in the Gutenberg block.

60K 3 CVEs

Developer Profile

Meow Gallery Developer Profile

Jordy Meow

27 plugins · 371K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

372 days

View full developer profile

Detection Fingerprints

How We Detect Meow Gallery

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/meow-gallery/app/galleries.js/wp-content/plugins/meow-gallery/app/admin.js

Script Paths

//fonts.googleapis.com/css2?family=Lato:wght@100;300;400;700;900&display=swap

Version Parameters

meow-gallery/app/galleries.js?ver=meow-gallery/app/admin.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-meow-gallerydata-mgl-settings

JS Globals

mgl_meow_gallery

REST Endpoints

/meow-gallery/v1/

Shortcode Output

<b>Meow Collection</b>: This is only available in the Pro version. Please <a href='https://meowapps.com/products/meow-gallery-pro/'>upgrade to Meow Gallery Pro</a> to use this feature.

FAQ