WP-Safety

NextGEN Custom Fields Security & Risk Analysis

wordpress.org/plugins/nextgen-gallery-custom-fields

Creates the ability to quickly and easily add custom fields to NextGEN Galleries and Images.

1K active installs v1.2.5 PHP + WP 2.7.1+ Updated Jan 19, 2024
customfieldsnextgennextgen-galleryngg-custom-fields
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is NextGEN Custom Fields Safe to Use in 2026?

Generally Safe

Score 85/100

NextGEN Custom Fields has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The plugin 'nextgen-gallery-custom-fields' v1.2.5 exhibits a mixed security posture. On one hand, it has no recorded vulnerabilities (CVEs), no external HTTP requests, and no file operations, which are positive indicators. The attack surface is also reported as zero entry points, which, if accurate, is excellent. However, the static analysis reveals significant concerns within the code itself. A substantial percentage of SQL queries (77%) are not using prepared statements, indicating a high risk of SQL injection vulnerabilities. Furthermore, a worrying 76% of output is not properly escaped, pointing to a strong likelihood of Cross-Site Scripting (XSS) vulnerabilities. The taint analysis specifically flags two high-severity flows with unsanitized paths, directly corroborating the risks of injection attacks.

Key Concerns

  • High percentage of SQL queries without prepared statements
  • High percentage of unescaped output
  • Two high-severity unsanitized path flows
  • No nonce checks found
  • No capability checks found
Vulnerabilities
None known

NextGEN Custom Fields Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

NextGEN Custom Fields Release Timeline

v1.2.5Current
v1.2.4
v1.2.3
v1.2.2
v1.2.1
v1.2
v1.1.3
v1.1.2
v1.1.1
v1.1
v1.0.2
v1.0.1
v1.0
v0.7
v0.6
v0.5
v0.4
v0.3
v0.2
v0.1
Code Analysis
Analyzed Mar 16, 2026

NextGEN Custom Fields Code Analysis

Dangerous Functions
0
Raw SQL Queries
27
8 prepared
Unescaped Output
51
16 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

23% prepared35 total queries

Output Escaping

24% escaped67 total outputs
Data Flows · Security
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
nggcf_plugin_options (ngg-custom-fields.php:348)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

NextGEN Custom Fields Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 9
actionadmin_menungg-custom-fields.php:330
actionngg_manage_image_custom_columnngg-custom-fields.php:332
filterngg_manage_images_number_of_columnsngg-custom-fields.php:334
filterngg_manage_images_columnsngg-custom-fields.php:335
actionngg_update_galleryngg-custom-fields.php:336
filterngg_image_objectngg-custom-fields.php:337
actionngg_add_new_gallery_formngg-custom-fields.php:340
actionngg_created_new_galleryngg-custom-fields.php:341
filterngg_manage_gallery_fieldsngg-custom-fields.php:816
Maintenance & Trust

NextGEN Custom Fields Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8
Last updatedJan 19, 2024
PHP min version
Downloads99K

Community Trust

Rating100/100
Number of ratings8
Active installs1K
Alternatives

NextGEN Custom Fields Alternatives

Advanced Custom Fields: NextGen Gallery Custom Field

Advanced Custom Fields: NextGen Gallery Custom Field

advanced-custom-fields-nextgen-gallery-custom-field

A
85

This plugin provides an extra field for the Advanced Custom Fields plugin to support the NextGEN Gallery plugin.

200 No CVEs
Advanced Custom Fields: NextGEN Gallery Field add-on

Advanced Custom Fields: NextGEN Gallery Field add-on

advanced-custom-fields-nextgen-gallery-field-add-on

A
85

Adds a NextGEN Gallery Field to Advanced Custom Fields. Select one or more NextGEN Galleries and assign them to the post.

500 No CVEs
Simple History NGG Loggers

Simple History NGG Loggers

simple-history-ngg-loggers

A
85

This plugin adds custom loggers to the 'Simple History' plugin which protocoll user activities for the 'NextGEN Gallery' plugin.

10 No CVEs
Advanced Custom Fields (ACF®)

Advanced Custom Fields (ACF®)

advanced-custom-fields

A
92

ACF helps customize WordPress with powerful, professional and intuitive fields. Proudly powering over 2 million sites, WordPress developers love ACF.

2.0M 10 CVEs
Meta Box

Meta Box

meta-box

A
89

Meta Box plugin is a powerful, professional developer toolkit to create custom meta boxes and custom fields for your custom post types in WordPress.

500K 7 CVEs
Developer Profile

NextGEN Custom Fields Developer Profile

shauno

3 plugins · 1K total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect NextGEN Custom Fields

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/nextgen-gallery-custom-fields/css//wp-content/plugins/nextgen-gallery-custom-fields/js//wp-content/plugins/nextgen-gallery-custom-fields/css/ngg-custom-fields.css/wp-content/plugins/nextgen-gallery-custom-fields/js/ngg-custom-fields.js
Script Paths
/wp-content/plugins/nextgen-gallery-custom-fields/js/ngg-custom-fields.js
Version Parameters
nextgen-gallery-custom-fields/css/ngg-custom-fields.css?ver=nextgen-gallery-custom-fields/js/ngg-custom-fields.js?ver=

HTML / DOM Fingerprints

CSS Classes
nggcf_containernggcf_field_inputnggcf_field_textareanggcf_field_selectnggcf_field_date
HTML Comments
stop direct callinstall funcsapi stuffsave custom field values (checks if it needs to insert or update)+1 more
Data Attributes
nggcf_fieldsnggcf_gallery
JS Globals
NGGCF_IMAGESNGGCF_GALLERYNGGCF_FIELD_TYPE_INPUTNGGCF_FIELD_TYPE_TEXTAREANGGCF_FIELD_TYPE_SELECTNGGCF_FIELD_TYPE_DATE+5 more
FAQ

Frequently Asked Questions about NextGEN Custom Fields