WP-Safety

Photo Gallery by 10Web – Mobile-Friendly Image Gallery Security & Risk Analysis

wordpress.org/plugins/photo-gallery

Photo Gallery is a powerful image gallery plugin with a list of advanced options for creating responsive image galleries with beautiful lightbox.

200K active installs v1.8.39 PHP + WP 4.6+ Updated Mar 3, 2026
galleryimage-galleryphoto-galleryresponsive-gallerywordpress-gallery-plugin
39
D · High Risk
CVEs total61
Unpatched1
Last CVEJan 21, 2026
Plugin page Download
Safety Verdict

Is Photo Gallery by 10Web – Mobile-Friendly Image Gallery Safe to Use in 2026?

High Risk

Score 39/100

Photo Gallery by 10Web – Mobile-Friendly Image Gallery carries significant security risk with 61 known CVEs, 1 still unpatched. Consider switching to a maintained alternative.

61 known CVEs 1 unpatched Last CVE: Jan 21, 2026Updated 1mo ago
Risk Assessment

The "photo-gallery" plugin version 1.8.39 exhibits a concerning security posture. While it demonstrates some good practices, such as a relatively high percentage of SQL queries using prepared statements and a majority of outputs being properly escaped, several critical weaknesses are present. The significant number of unprotected AJAX handlers (11 out of 21) represents a substantial attack surface that could be exploited for unauthorized actions. The presence of "unserialize" calls and taint analysis revealing two high-severity flows with unsanitized paths indicate potential vulnerabilities like Remote Code Execution or sensitive data exposure.

The plugin's vulnerability history is particularly alarming. A total of 61 known CVEs, with one currently unpatched, and a substantial number of critical and high-severity past vulnerabilities across various types (Path Traversal, Missing Authorization, SQL Injection, PHP Remote File Inclusion, XSS, CSRF) suggest a recurring pattern of insecure coding practices. This history, combined with the static analysis findings, strongly indicates that the plugin is prone to multiple types of attacks and may not be consistently developed with security as a primary focus. The recent vulnerability in 2026 further highlights ongoing security issues.

In conclusion, despite some positive aspects in output escaping and SQL preparation, the "photo-gallery" plugin v1.8.39 poses a significant security risk. The large number of unprotected entry points, high-severity taint flows, and extensive history of critical vulnerabilities, including an unpatched one, necessitate immediate attention and mitigation. Users should consider alternatives or apply patches aggressively if available.

Key Concerns

  • Unpatched CVE found
  • High severity taint flows
  • Unprotected AJAX handlers
  • Dangerous function: unserialize
  • Significant number of SQL queries without prepared statements
  • Flows with unsanitized paths
  • Unprotected entry points (AJAX)
  • Output escaping is not fully proper
  • History of critical vulnerabilities
  • History of high vulnerabilities
Vulnerabilities
61

Photo Gallery by 10Web – Mobile-Friendly Image Gallery Security Vulnerabilities

CVEs by Year

2 CVEs in 2014
2014
5 CVEs in 2015
2015
4 CVEs in 2017
2017
6 CVEs in 2019
2019
2 CVEs in 2020
2020
9 CVEs in 2021
2021
11 CVEs in 2022
2022
3 CVEs in 2023
2023
14 CVEs in 2024
2024
4 CVEs in 2025 · unpatched
2025
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Critical
6
High
6
Medium
48
Low
1

61 total CVEs

CVE-2026-1036medium · 5.3Missing Authorization

Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.36 - Missing Authorization to Unauthenticated Arbitrary Comment Deletion

Jan 21, 2026 Patched in 1.8.37 (1d)
CVE-2026-27360medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.38 - Authenticated (Editor+) Stored Cross-Site Scripting

Dec 25, 2025Unpatched
CVE-2025-2269medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.34 Reflected Cross-Site Scripting via 'image_id' Parameter

Apr 11, 2025 Patched in 1.8.35 (1d)
CVE-2025-0613medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery by 10Web <= 1.8.33 - Unauthenticated Stored Cross-Site Scripting

Mar 10, 2025 Patched in 1.8.34 (31d)
CVE-2024-13124medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.32 - Authenticated (Admin+) Stored Cross-Site Scripting

Mar 2, 2025 Patched in 1.8.33 (26d)
CVE-2024-10704medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.30 - Authenticated (Admin+) Stored Cross-Site Scripting

Nov 14, 2024 Patched in 1.8.31 (29d)
CVE-2024-9878medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery by 10Web <= 1.8.30 - Authenticated (Administrator+) Stored Cross-Site Scripting

Nov 4, 2024 Patched in 1.8.31 (1d)
CVE-2024-8670medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery by 10Web <= 1.8.28 - Authenticated (Administrator+) Stored Cross-Site Scripting

Oct 3, 2024 Patched in 1.8.29 (30d)
CVE-2024-44043medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery by 10Web <= 1.8.27 - Authenticated (Administrator+) Stored Cross-Site Scripting

Sep 23, 2024 Patched in 1.8.28 (26d)
CVE-2024-5481medium · 6.8Path Traversal: '.../...//'

Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.23 - Authenticated (Contributor+) Path Traversal via esc_dir Function

Jun 6, 2024 Patched in 1.8.24 (1d)
CVE-2024-5426medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Zipped SVG

Jun 6, 2024 Patched in 1.8.24 (1d)
CVE-2024-35628medium · 4.3Missing Authorization

Photo Gallery by 10Web <= 1.8.25 - Missing Authorization to Notice Dismissal

May 27, 2024 Patched in 1.8.26 (32d)
CVE-2024-33586medium · 5.3Missing Authorization

Photo Gallery by 10Web <= 1.8.20 - Missing Authorization

Apr 25, 2024 Patched in 1.8.21 (7d)
CVE-2024-2296medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.21 - Authenticated (Admin+) Stored Cross-Site Scripting via SVG

Apr 5, 2024 Patched in 1.8.22 (20d)
CVE-2024-29809medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.21 - Reflected Cross-Site Scripting via 'image_url'

Mar 26, 2024 Patched in 1.8.22 (30d)
CVE-2024-29832medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.21 - Reflected Cross-Site Scripting via 'current_url'

Mar 26, 2024 Patched in 1.8.22 (30d)
CVE-2024-29808medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.21 - Reflected Cross-Site Scripting via 'image_id'

Mar 26, 2024 Patched in 1.8.22 (30d)
CVE-2024-29810medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.21 - Reflected Cross-Site Scripting via 'thumb_url'

Mar 26, 2024 Patched in 1.8.22 (30d)
CVE-2024-0221critical · 9.1Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Photo Gallery by 10Web - Mobile-Friendly Image Gallery <= 1.8.19 - Directory Traversal to Arbitrary File Rename

Jan 19, 2024 Patched in 1.8.20 (193d)
CVE-2023-6924medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery by 10Web <= 1.8.18 - Authenticated (Administrator+) Stored Cross-Site Scripting via Widget

Dec 21, 2023 Patched in 1.8.19 (33d)
CVE-2023-33995medium · 4.3Missing Authorization

Photo Gallery <= 1.8.15 - Missing Authorization

Jun 2, 2023 Patched in 1.8.16 (235d)
CVE-2023-1427medium · 4.9Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Photo Gallery by 10Web <= 1.8.14 - Authenticated (Administrator+) Directory Traversal

Mar 21, 2023 Patched in 1.8.15 (308d)
CVE-2022-4058medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery <= 1.8.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Nov 28, 2022 Patched in 1.8.3 (421d)
WF-5cc590fe-94c8-47cc-bd5b-eef70da138b1-photo-gallerymedium · 5.4URL Redirection to Untrusted Site ('Open Redirect')

Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.7 - Open Redirect

Nov 26, 2022 Patched in 1.8.8 (423d)
WF-892a1983-018b-480d-adab-29c32fd88be5-photo-gallerymedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery by 10Web <= 1.8.0 - Reflected Cross-Site Scripting

Nov 3, 2022 Patched in 1.8.1 (446d)
WF-8d65b779-717b-4efc-b13d-acdf83ca1e63-photo-gallerymedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery <= 1.7.0 - Reflected Cross-Site Scripting

Aug 10, 2022 Patched in 1.7.1 (531d)
WF-8b271f2f-d765-4d2d-bb0d-f8425ebc64ca-photo-gallerymedium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery by 10Web <= 1.6.8 - Authenticated (Admin+) Cross-Site Scripting

Jul 1, 2022 Patched in 1.6.9 (571d)
WF-63e167ef-9f03-45a8-b3dc-240ccf1ea6c3-photo-gallerymedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery by 10Web <= 1.6.7 - Authenticated (Admin+) Stored Cross-Site Scripting

Jun 28, 2022 Patched in 1.6.8 (574d)
WF-93c1b6d2-a818-4ce5-96b7-524fac4081b2-photo-gallerymedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery by 10Web <= 1.6.6 - Reflected Cross-Site Scripting

Jun 16, 2022 Patched in 1.6.7 (586d)
CVE-2022-1394medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery by 10Web <= 1.6.3 - Authenticated (Admin+) Stored Cross-Site Scripting

May 16, 2022 Patched in 1.6.4 (617d)
CVE-2022-1281high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Photo Gallery by 10Web <= 1.6.2 - SQL Injection

Apr 11, 2022 Patched in 1.6.3 (652d)
CVE-2022-1282medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery by 10Web <= 1.6.2 - Cross-Site Scripting

Apr 11, 2022 Patched in 1.6.3 (652d)
CVE-2022-0169critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Photo Gallery by 10Web <= 1.5.87 - Unauthenticated SQL Injection via bwg_tag_id_bwg_thumbnails_0 Parameter

Feb 15, 2022 Patched in 1.6.0 (707d)
WF-b7d84cb9-175f-433c-ab5c-d89621847b4d-photo-gallerymedium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery by 10Web <= 1.5.78 - Stored Cross-Site Scripting via Uploaded SVG

Jul 19, 2021 Patched in 1.5.79 (918d)
CVE-2021-24363medium · 4.9Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Photo Gallery <= 1.5.74 - File Upload Path Traversal

Jul 18, 2021 Patched in 1.5.75 (919d)
CVE-2021-24362medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery <= 1.5.74 - Stored Cross-Site Scripting via Uploaded SVG

Jul 18, 2021 Patched in 1.5.75 (919d)
CVE-2021-24310medium · 4.8Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery <= 1.5.66 - Authenticated Stored Cross-Site Scripting via Gallery Title

May 12, 2021 Patched in 1.5.67 (986d)
CVE-2021-46889medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.5.68 - Reflected Cross-Site Scripting

Apr 19, 2021 Patched in 1.5.69 (1076d)
CVE-2021-24291medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery <= 1.5.68 - Multiple Reflected Cross-Site Scripting

Apr 19, 2021 Patched in 1.5.69 (1009d)
CVE-2021-31693medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.5.68 - Reflected Cross-Site Scripting <= 1.5.68 - Reflected Cross-Site Scripting

Apr 19, 2021 Patched in 1.5.69 (1076d)
WF-99c89e29-a21d-4c32-9459-18c7b08b9ff0-photo-gallerymedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery by 10Web <= 1.5.68 - Cross-Site Scripting

Feb 23, 2021 Patched in 1.5.69 (1064d)
CVE-2021-25041medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery <= 1.5.67 - Reflected Cross-Site Scripting

Feb 3, 2021 Patched in 1.5.68 (1084d)
CVE-2021-24139critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Photo Gallery by 10Web <= 1.5.54 - SQL Injection via bwg_search_x Parameter

May 15, 2020 Patched in 1.5.55 (1348d)
CVE-2020-9335medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery by 10Web <= 1.5.45 - Multiple Cross-Site Scripting Issues

Feb 25, 2020 Patched in 1.5.46 (1428d)
CVE-2019-16118medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery by 10Web <= 1.5.34 - Cross-Site Scripting

Sep 8, 2019 Patched in 1.5.35 (1598d)
CVE-2019-16119critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Photo Gallery by 10Web <= 1.5.34 - SQL Injection

Sep 8, 2019 Patched in 1.5.35 (1598d)
CVE-2019-16117medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery by 10Web <= 1.5.34 - Cross-Site Scripting

Sep 8, 2019 Patched in 1.5.35 (1598d)
CVE-2019-14313critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Photo Gallery by 10Web <= 1.5.30 - SQL Injection

Jul 26, 2019 Patched in 1.5.31 (1642d)
CVE-2019-14798medium · 4.9Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Photo Gallery by 10Web <= 1.5.24 - Authenticated Local File Inclusion

May 15, 2019 Patched in 1.5.25 (1714d)
CVE-2019-14797medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery by 10Web <= 1.5.22 - Authenticated Cross-Site Scripting

May 13, 2019 Patched in 1.5.23 (1716d)
WF-3c6fd92f-a541-42d1-8093-c3a4a61ab39b-photo-gallerymedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery by 10Web <= 1.3.66 - Cross-Site Scripting

Dec 14, 2017 Patched in 1.3.67 (2231d)
CVE-2017-12977high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Photo Gallery by 10Web <= 1.3.50 - Authenticated SQL Injection via tag_id Parameter

Aug 20, 2017 Patched in 1.3.51 (2347d)
WF-d2e040bd-df5f-4b40-bc7b-9521f224c297-photo-gallerymedium · 4.1Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Photo Gallery by 10Web < 1.3.43 - Authenticated Path Traversal

Jun 16, 2017 Patched in 1.3.43 (2412d)
WF-0e3034ae-957f-410d-80ef-4dc2b0e91ff5-photo-galleryhigh · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Photo Gallery by 10Web <= 1.3.37 - Authenticated SQL Injection

May 2, 2017 Patched in 1.3.38 (2457d)
CVE-2015-2324medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery by 10Web <= 1.2.12 - Authenticated Cross-Site Scripting

Mar 13, 2015 Patched in 1.2.13 (3238d)
CVE-2014-9312high · 8.8Unrestricted Upload of File with Dangerous Type

Photo Gallery by 10Web <= 1.2.5 - Unrestricted File Upload

Feb 12, 2015 Patched in 1.2.6 (3267d)
CVE-2015-1394medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery by 10Web <= 1.2.10 - Authenticated Cross-Site Scripting

Jan 28, 2015 Patched in 1.2.11 (3282d)
CVE-2015-1393high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Photo Gallery by 10Web <= 1.2.10 - Authenticated SQL Injection via asc_or_desc Parameter

Jan 23, 2015 Patched in 1.2.11 (3287d)
CVE-2015-1055critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Photo Gallery by 10Web <= 1.2.7 - Unauthenticated Blind SQL Injection via order_by Parameter

Jan 12, 2015 Patched in 1.2.8 (3298d)
CVE-2014-6315low · 3.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery by 10Web <= 1.1.30 - Reflected Cross-Site Scripting

Oct 1, 2014 Patched in 1.1.31 (3401d)
CVE-2015-9380high · 8.8Cross-Site Request Forgery (CSRF)

Photo Gallery by 10Web <= 1.2.41 - Cross-Site Request Forgery

May 7, 2014 Patched in 1.2.42 (3548d)
Code Analysis
Analyzed Mar 16, 2026

Photo Gallery by 10Web – Mobile-Friendly Image Gallery Code Analysis

Dangerous Functions
2
Raw SQL Queries
249
346 prepared
Unescaped Output
1832
6857 escaped
Nonce Checks
19
Capability Checks
20
File Operations
58
External Requests
13
Bundled Libraries
0

Dangerous Functions Found

unserialize$page_score = unserialize($post['meta_value']);booster\AdminBar.php:258
unserialize$body = unserialize($request['body']);wd\includes\overview.php:44

SQL Query Safety

58% prepared595 total queries

Output Escaping

79% escaped8689 total outputs
Data Flows
9 unsanitized

Data Flow Analysis

15 flows9 with unsanitized paths
get_google_page_speed (booster\controller.php:570)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
11 unprotected

Photo Gallery by 10Web – Mobile-Friendly Image Gallery Attack Surface

Entry Points23
Unprotected11

AJAX Handlers 21

authwp_ajax_twbbooster\main.php:62
authwp_ajax_twb_check_scorebooster\main.php:63
authwp_ajax_twb_notif_checkbooster\main.php:64
authwp_ajax_bwg_frontend_dataphoto-gallery.php:141
noprivwp_ajax_bwg_frontend_dataphoto-gallery.php:142
authwp_ajax_GalleryBoxphoto-gallery.php:143
noprivwp_ajax_GalleryBoxphoto-gallery.php:144
authwp_ajax_bwg_captchaphoto-gallery.php:145
noprivwp_ajax_bwg_captchaphoto-gallery.php:146
authwp_ajax_Sharephoto-gallery.php:147
noprivwp_ajax_Sharephoto-gallery.php:148
authwp_ajax_view_facebook_postphoto-gallery.php:149
noprivwp_ajax_view_facebook_postphoto-gallery.php:150
noprivwp_ajax_download_galleryphoto-gallery.php:151
authwp_ajax_download_galleryphoto-gallery.php:152
authwp_ajax_bwg_uplphoto-gallery.php:157
authwp_ajax_addImagesphoto-gallery.php:158
authwp_ajax_addMusicphoto-gallery.php:159
authwp_ajax_addEmbedphoto-gallery.php:160
authwp_ajax_bwg_editor_missing_dismissedphoto-gallery.php:169
authwp_ajax_bwg_recreate_dismissedphoto-gallery.php:170

Shortcodes 2

[Best_Wordpress_Gallery] framework\WDWSitemap.php:36
[Best_Wordpress_Gallery] photo-gallery.php:166
WordPress Hooks 74
filterupload_mimesadmin\controllers\Galleries.php:27
actionbwg_call_how_toadmin\views\Galleries.php:184
actionelementor/editor/after_enqueue_scriptsbooster\Elementor.php:14
actionelementor/documents/register_controlsbooster\Elementor.php:15
actionenqueue_block_editor_assetsbooster\Gutenberg.php:10
actioninitbooster\init.php:2
filtertenweb_booster_sdkbooster\init.php:3
actioninitbooster\init.php:18
filtermanage_post_posts_columnsbooster\List.php:16
filtermanage_page_posts_columnsbooster\List.php:17
actionmanage_post_posts_custom_columnbooster\List.php:18
actionmanage_page_posts_custom_columnbooster\List.php:19
actioninitbooster\main.php:56
actionadmin_enqueue_scriptsbooster\main.php:57
actionwp_enqueue_scriptsbooster\main.php:58
actionadmin_menubooster\main.php:60
actionadmin_bar_menubooster\main.php:69
actionbwg_tag_edit_form_fieldsframework\WDWLibrary.php:2452
actionparent_fileframework\WDWLibrary.php:2454
actionedited_bwg_tagframework\WDWLibrary.php:2456
actioncreate_bwg_tagframework\WDWLibrary.php:2457
actiondelete_bwg_tagframework\WDWLibrary.php:2459
filterjetpack_photon_skip_imagefrontend\controllers\controller.php:303
filterjetpack_photon_skip_imagefrontend\controllers\controller.php:361
actioninitphoto-gallery.php:136
actioninitphoto-gallery.php:137
actionadmin_menuphoto-gallery.php:138
actionmedia_buttonsphoto-gallery.php:174
filtermce_external_pluginsphoto-gallery.php:175
filtermce_buttonsphoto-gallery.php:176
actionadmin_headphoto-gallery.php:179
actionwidgets_initphoto-gallery.php:183
actionwpmu_new_blogphoto-gallery.php:188
actionadmin_initphoto-gallery.php:192
actionwp_enqueue_scriptsphoto-gallery.php:199
actionadmin_enqueue_scriptsphoto-gallery.php:200
filterset-screen-optionphoto-gallery.php:202
filterset-screen-optionphoto-gallery.php:203
filterset-screen-optionphoto-gallery.php:204
filterset-screen-optionphoto-gallery.php:205
filterset-screen-optionphoto-gallery.php:206
filtersingle_templatephoto-gallery.php:208
filterwidget_tag_cloud_argsphoto-gallery.php:210
actionadmin_noticesphoto-gallery.php:214
actionplugins_loadedphoto-gallery.php:216
filterplugin_row_metaphoto-gallery.php:219
filtertw_get_block_editor_assetsphoto-gallery.php:223
filtertw_get_plugin_blocksphoto-gallery.php:224
actionenqueue_block_editor_assetsphoto-gallery.php:225
actionadmin_noticesphoto-gallery.php:227
actionadmin_initphoto-gallery.php:230
actionelementor/widgets/widgets_registeredphoto-gallery.php:236
actionelementor/editor/after_enqueue_stylesphoto-gallery.php:239
actionelementor/editor/after_enqueue_scriptsphoto-gallery.php:241
actionelementor/elements/categories_registeredphoto-gallery.php:245
actionwp_headphoto-gallery.php:248
actionet_fb_enqueue_assetsphoto-gallery.php:251
actionet_fb_enqueue_assetsphoto-gallery.php:252
filterwd_seo_sitemap_imagesphoto-gallery.php:256
filterwpseo_sitemap_urlimagesphoto-gallery.php:257
filterwp_image_editorsphoto-gallery.php:264
actioninitphoto-gallery.php:395
actioninitphoto-gallery.php:396
filtertenweb_new_free_users_lib_pathphoto-gallery.php:1453
actionelementor/editor/footerphoto-gallery.php:1923
actionwp_enqueue_scriptsphoto-gallery.php:1926
actioninitphoto-gallery.php:1966
actionadmin_footerwd\includes\deactivate.php:37
actionadmin_initwd\includes\deactivate.php:38
actionadmin_initwd\includes\notices.php:16
actionadmin_initwd\includes\notices.php:18
actionadmin_noticeswd\includes\notices.php:19
actionadmin_initwd\includes\subscribe.php:11
actionadmin_menuwd\wd.php:15

Scheduled Events 1

bwg_schedule_event_hook
Maintenance & Trust

Photo Gallery by 10Web – Mobile-Friendly Image Gallery Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 3, 2026
PHP min version
Downloads19.5M

Community Trust

Rating90/100
Number of ratings1,580
Active installs200K
Alternatives

Photo Gallery by 10Web – Mobile-Friendly Image Gallery Alternatives

Robo Gallery – Photo & Image Slider

Robo Gallery – Photo & Image Slider

robo-gallery

A
87

Robo Gallery is a powerful image gallery and photo gallery plugin with advanced features to create responsive galleries with a beautiful lightbox

40K 17 CVEs
Photo Gallery by Ays – Responsive Image Gallery

Photo Gallery by Ays – Responsive Image Gallery

gallery-photo-gallery

A
86

Photo Gallery is a cool responsive image gallery plugin with beautiful views

2K 10 CVEs
Re Gallery – Responsive Image & Photo Gallery

Re Gallery – Responsive Image & Photo Gallery

regallery

B
78

Photo gallery plugin lets you create responsive, SEO-optimized image gallery with AI generated titles, descriptions & alt text.

500 1 unpatched
Photo gallery lightbox – 📱 mobile friendly gallery plugin –– Story Show Gallery

Photo gallery lightbox – 📱 mobile friendly gallery plugin –– Story Show Gallery

story-show-gallery

A
100

Full screen photo gallery lightbox for delightful display of your photos, with a lot of features, fully customizable, free.

200 No CVEs
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery

Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery

nextgen-gallery

B
76

The most popular gallery plugin that lets you create galleries and albums in seconds.

400K 37 CVEs
Developer Profile

Photo Gallery by 10Web – Mobile-Friendly Image Gallery Developer Profile

10Web

9 plugins · 365K total installs

66
trust score
Avg Security Score
82/100
Avg Patch Time
724 days
View full developer profile
Detection Fingerprints

How We Detect Photo Gallery by 10Web – Mobile-Friendly Image Gallery

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/photo-gallery/Frontend/Gallery/gallery.css/wp-content/plugins/photo-gallery/Frontend/Gallery/gallery.js/wp-content/plugins/photo-gallery/Frontend/Gallery/Tags/tags.css/wp-content/plugins/photo-gallery/Frontend/Gallery/Tags/tags.js/wp-content/plugins/photo-gallery/Frontend/Gallery/search/search.css/wp-content/plugins/photo-gallery/Frontend/Gallery/search/search.js/wp-content/plugins/photo-gallery/Frontend/Gallery/album.css/wp-content/plugins/photo-gallery/Frontend/Gallery/album.js+70 more
Script Paths
/wp-content/plugins/photo-gallery/Frontend/Gallery/gallery.js/wp-content/plugins/photo-gallery/Frontend/Gallery/Tags/tags.js/wp-content/plugins/photo-gallery/Frontend/Gallery/search/search.js/wp-content/plugins/photo-gallery/Frontend/Gallery/album.js/wp-content/plugins/photo-gallery/Frontend/Gallery/View/view.js/wp-content/plugins/photo-gallery/Frontend/Gallery/GalleryWidget/gallery_widget.js+24 more

HTML / DOM Fingerprints

CSS Classes
bwg_main_contentbwg_containerbwg_sectionbwg_main_content_tablebwg_main_content_rowbwg_main_content_cellbwg_main_content_titlebwg_main_content_description+211 more
HTML Comments
<!-- End Main Content --><!-- End Main Container --><!-- End Front Main Container --><!-- Begin Main Content -->+93 more
Data Attributes
data-bwg-container-iddata-bwg-gallery-iddata-bwg-album-iddata-bwg-theme-iddata-bwg-image-iddata-bwg-parent-id+55 more
JS Globals
bwg_frontend_databwg_album_frontend_databwg_gallery_frontend_databwg_search_frontend_databwg_tag_frontend_databwg_comment_frontend_data+24 more
Shortcode Output
[Best_Wordpress_Gallery]
FAQ

Frequently Asked Questions about Photo Gallery by 10Web – Mobile-Friendly Image Gallery