Image Gallery Security & Risk Analysis

The "new-image-gallery" plugin version 1.6.1 presents a mixed security posture. On the positive side, it demonstrates good practices such as exclusively using prepared statements for SQL queries, a high percentage of properly escaped output, and a good number of nonce and capability checks. The attack surface is relatively small with no identified unprotected entry points, and there are no external HTTP requests or file operations, which limits potential attack vectors. However, the presence of two instances of the `unserialize` function is a significant concern, as this function can be vulnerable to deserialization attacks if not handled with extreme care, especially with untrusted data. The taint analysis reveals two flows with unsanitized paths, which, while not classified as critical or high severity in this analysis, warrants attention given the use of `unserialize`.

The plugin's vulnerability history is a critical red flag. It has a total of two known CVEs, with one high and one medium severity vulnerability previously identified. Although currently no vulnerabilities are marked as unpatched, the recurring themes of "Deserialization of Untrusted Data" and "Missing Authorization" in past vulnerabilities are directly aligned with the static analysis findings, particularly the `unserialize` calls and the potential for authorization bypasses. The last vulnerability reported in 2026, while seemingly in the future, strongly suggests a pattern of past issues related to these categories. The plugin's strengths in other areas are overshadowed by these historical and statically identified risks, particularly the `unserialize` function, which requires rigorous validation of any data passed to it. While no active unpatched vulnerabilities are reported, the historical pattern and the presence of the `unserialize` function create a considerable risk.