Does PhotoSwipe have any unpatched vulnerabilities?

No. All known vulnerabilities in PhotoSwipe have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is PhotoSwipe compatible with WordPress 4.4.0?

According to WordPress.org data, PhotoSwipe 4.1.1.1 has been tested up to WordPress 4.4.0. Check the plugin's changelog for the latest compatibility information.

How often is PhotoSwipe updated?

PhotoSwipe was last updated on Mar 17, 2016. Frequent updates are generally a positive security signal.

What is PhotoSwipe's security score?

PhotoSwipe has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

PhotoSwipe Security & Risk Analysis

wordpress.org/plugins/photo-swipe

A very light implementation of PhotoSwipe javascript plugin for WordPress

1K active installs v4.1.1.1 PHP + WP 4.0+ Updated Mar 17, 2016

attachmentsfancyboxgalleryimageslightbox

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is PhotoSwipe Safe to Use in 2026?

Generally Safe

Score 85/100

PhotoSwipe has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The photo-swipe plugin v4.1.1.1 exhibits a strong security posture based on the provided static analysis. The absence of any AJAX handlers, REST API routes, shortcodes, or cron events, particularly those lacking authorization checks, indicates a minimal attack surface. Furthermore, the code signals reveal that all SQL queries are properly prepared, and there are no identified dangerous functions, file operations, or external HTTP requests. This suggests a development approach that prioritizes secure coding practices and avoids common vulnerability vectors.

However, a significant concern arises from the output escaping signals, where 100% of identified outputs are not properly escaped. This leaves the plugin vulnerable to Cross-Site Scripting (XSS) attacks, as any user-supplied data displayed to other users without proper sanitization could contain malicious script. The lack of reported vulnerabilities in its history is a positive sign, but the current output escaping issue represents a concrete and exploitable risk that requires immediate attention. Despite the otherwise clean analysis, this unescaped output significantly elevates the risk profile.

Key Concerns

All identified outputs are not properly escaped

Vulnerabilities

None known

PhotoSwipe Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

PhotoSwipe Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

0% escaped1 total outputs

Attack Surface

PhotoSwipe Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 6

actionwp_footerphoto-swipe.php:45

actionwp_enqueue_scriptsphoto-swipe.php:48

filterwp_get_attachment_linkphoto-swipe.php:101

actionsave_postphoto-swipe.php:113

actionsave_postphoto-swipe.php:116

actioninitphoto-swipe.php:139

Maintenance & Trust

PhotoSwipe Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.0

Last updatedMar 17, 2016

PHP min version

Downloads31K

Community Trust

Rating90/100

Number of ratings11

Active installs1K

Alternatives

PhotoSwipe Alternatives

Lightbox with PhotoSwipe

lightbox-photoswipe

100

Integration of PhotoSwipe (http://photoswipe.com) for WordPress.

20K No CVEs

hiWeb Lightbox

hiweb-lightbox

An easy way to install on your website lightbox for images and galleries. Without setting.

20 No CVEs

Annytab PhotoSwipe

annytab-photoswipe

A plugin that implements PhotoSwipe to display an image gallery in a lightbox.

0 No CVEs

Lightbox & Modal Popup WordPress Plugin – FooBox

foobox-image-lightbox

A responsive image lightbox for WordPress galleries, WordPress attachments & FooGallery

100K 5 CVEs

Responsive Lightbox & Gallery

responsive-lightbox

The most popular lightbox plugin and responsive gallery builder for WordPress.

100K 13 CVEs

Developer Profile

PhotoSwipe Developer Profile

Louy Alakkad

7 plugins · 8K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect PhotoSwipe

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/photo-swipe/lib/photoswipe.min.js/wp-content/plugins/photo-swipe/lib/photoswipe-ui-default.min.js/wp-content/plugins/photo-swipe/js/photoswipe.js/wp-content/plugins/photo-swipe/lib/photoswipe.css/wp-content/plugins/photo-swipe/lib/default-skin/default-skin.css

Script Paths

/wp-content/plugins/photo-swipe/lib/photoswipe.min.js/wp-content/plugins/photo-swipe/lib/photoswipe-ui-default.min.js/wp-content/plugins/photo-swipe/js/photoswipe.js

Version Parameters

photo-swipe/lib/photoswipe.min.js?ver=photo-swipe/lib/photoswipe-ui-default.min.js?ver=photo-swipe/js/photoswipe.js?ver=photo-swipe/lib/photoswipe.css?ver=photo-swipe/lib/default-skin/default-skin.css?ver=

HTML / DOM Fingerprints

CSS Classes

pswppswp__bgpswp__scroll-wrappswp__containerpswp__itempswp__uipswp__ui--hiddenpswp__top-bar+13 more

Data Attributes

data-size

FAQ