WP-Safety

PhotoBerry Studio for Photographers – Image Selection, Proofing, Watermarking & Client Management Security & Risk Analysis

wordpress.org/plugins/photoberry-studio

Create and showcase image galleries, manage sessions, protect images, streamline proofing with tools like watermarking, favorites, and image comments.

50 active installs v1.0.20 PHP 7.2+ WP + Updated Dec 12, 2025
gallery-organizationphoto-managementproofingsession-managementwatermarking
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is PhotoBerry Studio for Photographers – Image Selection, Proofing, Watermarking & Client Management Safe to Use in 2026?

Generally Safe

Score 100/100

PhotoBerry Studio for Photographers – Image Selection, Proofing, Watermarking & Client Management has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago
Risk Assessment

The photoberry-studio plugin version 1.0.20 exhibits a generally good security posture with several strengths. Notably, all SQL queries are properly prepared, a critical security best practice that mitigates SQL injection risks. Furthermore, there are no known vulnerabilities (CVEs) associated with this plugin, and it demonstrates a strong adherence to security by implementing nonce checks and capability checks for all identified entry points. The absence of external HTTP requests and bundled libraries also reduces the potential attack surface and reliance on external code.

However, the static analysis does reveal some areas for concern. The taint analysis identified two flows with unsanitized paths, indicating a potential for path traversal vulnerabilities. While these are not classified as critical, they still represent a significant risk that should be addressed. The output escaping, while largely good at 83%, still means that approximately 17% of outputs are not properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities. The presence of one cron event also represents a potential, albeit minor, entry point that, without further context, could be a vector if not handled securely.

In conclusion, photoberry-studio v1.0.20 is a relatively secure plugin, particularly due to its robust handling of SQL queries and the absence of known CVEs. The developer has implemented good security practices like nonce and capability checks. The primary weaknesses lie in the taint analysis showing unsanitized paths and a percentage of unescaped output, which, if exploited, could lead to vulnerabilities. Addressing these specific code signals would further harden the plugin's security.

Key Concerns

  • Taint flow with unsanitized path (High severity)
  • Taint flow with unsanitized path (High severity)
  • Output escaping is not 100% proper
Vulnerabilities
None known

PhotoBerry Studio for Photographers – Image Selection, Proofing, Watermarking & Client Management Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

PhotoBerry Studio for Photographers – Image Selection, Proofing, Watermarking & Client Management Release Timeline

v1.0.20Current
v1.0.19
v1.0.18
v1.0.17
v1.0.16
v1.0.15
v1.0.14
v1.0.13
v1.0.12
v1.0.11
v1.0.10
v1.0.9
v1.0.8
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
Code Analysis
Analyzed Mar 16, 2026

PhotoBerry Studio for Photographers – Image Selection, Proofing, Watermarking & Client Management Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
16 prepared
Unescaped Output
123
610 escaped
Nonce Checks
16
Capability Checks
16
File Operations
7
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared16 total queries

Output Escaping

83% escaped733 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths
render (includes\admin-pages\ClientEditAdminPage.php:96)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

PhotoBerry Studio for Photographers – Image Selection, Proofing, Watermarking & Client Management Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 72
filterplupload_initincludes\admin-components\AdminUploader.php:31
actionpre-html-upload-uiincludes\admin-components\AdminUploader.php:32
actionpost-html-upload-uiincludes\admin-components\AdminUploader.php:33
actionpost-plupload-upload-uiincludes\admin-components\AdminUploader.php:36
actionadmin_noticesincludes\admin-pages\abstracts\AdminPage.php:71
filteradmin_body_classincludes\admin-pages\abstracts\AdminPage.php:72
actioncurrent_screenincludes\admin-pages\abstracts\ExternalAdminPage.php:10
filterphotoberry_studio_admin_submenu_itemincludes\admin-pages\abstracts\ExternalAdminPage.php:11
actionadmin_menuincludes\admin-pages\abstracts\GeneralAdminPage.php:19
actionload-post.phpincludes\admin-pages\abstracts\PostEditAdminPage.php:18
actionload-post-new.phpincludes\admin-pages\abstracts\PostEditAdminPage.php:19
filterreplace_editorincludes\admin-pages\abstracts\PostEditAdminPage.php:21
filterquick_edit_enabled_for_post_typeincludes\admin-pages\abstracts\PostEditAdminPage.php:22
filterwp_list_table_class_nameincludes\admin-pages\abstracts\PostListAdminPage.php:17
filterdisable_months_dropdownincludes\admin-pages\abstracts\PostListAdminPage.php:19
actionadmin_initincludes\admin-pages\abstracts\TermEditAdminPage.php:19
actionload-term.phpincludes\admin-pages\abstracts\TermEditAdminPage.php:20
actionadmin_menuincludes\admin-pages\abstracts\TermEditAdminPage.php:21
actionadmin_action_photoberry_term_saveincludes\admin-pages\abstracts\TermEditAdminPage.php:22
filterwp_list_table_class_nameincludes\admin-pages\abstracts\TermListAdminPage.php:18
actionadmin_menuincludes\admin-pages\ClientEditAdminPage.php:17
actionpost_action_photoberry_client_saveincludes\admin-pages\ClientEditAdminPage.php:18
actionadmin_menuincludes\admin-pages\ClientListAdminPage.php:19
actionpost_action_photoberry_client_deleteincludes\admin-pages\ClientListAdminPage.php:20
filterposts_where_requestincludes\admin-pages\GalleryListAdminPage.php:21
filterwp_count_postsincludes\admin-pages\GalleryListAdminPage.php:22
actionpre_get_postsincludes\admin-pages\SessionListAdminPage.php:15
actioncurrent_screenincludes\admin-pages\SettingsAdminPage.php:8
filterphotoberry_studio_list_table_html_viewsincludes\admin-pages\traits\ListWithSidebar.php:9
filterphotoberry_studio_list_table_has_itemsincludes\admin-pages\traits\ListWithSidebar.php:14
filterphotoberry_studio_list_table_html_search_boxincludes\admin-pages\traits\SearchBoxBeforeBulkActions.php:9
filterphotoberry_studio_list_table_html_bulk_actionsincludes\admin-pages\traits\SearchBoxBeforeBulkActions.php:15
filteruser_row_actionsincludes\admin-tables\ClientListTable.php:96
filtermanage_users_custom_columnincludes\admin-tables\ClientListTable.php:97
actionedit_user_profileincludes\data\Client.php:8
actionshow_user_profileincludes\data\Client.php:9
actionwp_update_userincludes\data\Client.php:10
filterposts_searchincludes\data\Gallery.php:16
filtersingle_post_titleincludes\data\Gallery.php:17
filterphotoberry_studio_rest_api_route_permissionincludes\data\Photo.php:49
filterrest_pre_insert_commentincludes\data\Photo.php:50
filterrest_allow_anonymous_commentsincludes\data\Photo.php:51
actionwp_insert_commentincludes\data\Photo.php:52
filterthe_titleincludes\data\Session.php:108
filterpost_thumbnail_htmlincludes\data\Session.php:109
filterposts_resultsincludes\data\traits\AccessControlledObjectTrait.php:10
filterposts_whereincludes\data\traits\AccessControlledObjectTrait.php:11
filterposts_joinincludes\data\traits\AccessControlledObjectTrait.php:31
filterthe_postsincludes\data\traits\AccessControlledObjectTrait.php:53
filtertemplate_includeincludes\data\traits\AccessControlledObjectTrait.php:70
filterdocument_title_partsincludes\data\traits\AccessControlledObjectTrait.php:78
filterphotoberry_studio_should_enqueue_stylesincludes\data\traits\AccessControlledObjectTrait.php:85
filterphotoberry_studio_should_enqueue_scriptsincludes\data\traits\AccessControlledObjectTrait.php:86
filterbody_classincludes\data\traits\AccessControlledObjectTrait.php:88
filterphotoberry_studio_block_template_slugincludes\data\traits\AccessControlledObjectTrait.php:92
filterphotoberry_studio_single_post_idincludes\data\traits\AccessControlledObjectTrait.php:97
filterwp_mail_content_typeincludes\emails\abstracts\Email.php:16
actioninitphotoberry-studio.php:32
actioninitphotoberry-studio.php:33
actionadmin_menuphotoberry-studio.php:34
actionadmin_enqueue_scriptsphotoberry-studio.php:35
actionwp_enqueue_scriptsphotoberry-studio.php:36
actionphotoberry_scheduled_cleanupphotoberry-studio.php:37
actionrest_api_initphotoberry-studio.php:38
filtershow_admin_barphotoberry-studio.php:39
actioncurrent_screenphotoberry-studio.php:101
filtersingle_template_hierarchyphotoberry-studio.php:160
filtersingle_templatephotoberry-studio.php:161
filterarchive_template_hierarchyphotoberry-studio.php:162
filterarchive_templatephotoberry-studio.php:163
filterget_block_templatesphotoberry-studio.php:164
filternocache_headersphotoberry-studio.php:290

Scheduled Events 1

photoberry_scheduled_cleanup
Maintenance & Trust

PhotoBerry Studio for Photographers – Image Selection, Proofing, Watermarking & Client Management Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 12, 2025
PHP min version7.2
Downloads3K

Community Trust

Rating100/100
Number of ratings3
Active installs50
Alternatives

PhotoBerry Studio for Photographers – Image Selection, Proofing, Watermarking & Client Management Alternatives

Image Watermark

Image Watermark

image-watermark

A
100

Secure and brand your images with automatic watermarks. Apply image or text overlays to new uploads and bulk process existing Media Library images wit …

40K 1 CVE
Persistent Login

Persistent Login

wp-persistent-login

A
100

Persistent Login keeps users logged into your website, limits the number of active logins allowed at one time and alerts users of new devices logging …

6K No CVEs
picu – Online Photo Proofing Gallery

picu – Online Photo Proofing Gallery

picu

A
99

Photo proofing for professional photographers: Send a collection of photographs to your clients for approval.

2K 1 CVE
Sunshine Photo Cart – Client Photo Gallery & Photo Proofing for Photographers

Sunshine Photo Cart – Client Photo Gallery & Photo Proofing for Photographers

sunshine-photo-cart

B
77

Create professional client photo galleries and photo proofing galleries for your photography business. Sell photos directly to clients with zero commi …

1K 21 CVEs
Simple Session Support

Simple Session Support

simple-session-support

A
85

Provides support for the PHP session allowing data to be retained from one request to another.

300 No CVEs
Developer Profile

PhotoBerry Studio for Photographers – Image Selection, Proofing, Watermarking & Client Management Developer Profile

BerryPress

11 plugins · 11K total installs

93
trust score
Avg Security Score
99/100
Avg Patch Time
19 days
View full developer profile
Detection Fingerprints

How We Detect PhotoBerry Studio for Photographers – Image Selection, Proofing, Watermarking & Client Management

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/photoberry-studio/assets/css/photoberry-studio-admin.css/wp-content/plugins/photoberry-studio/assets/js/photoberry-studio-admin.js/wp-content/plugins/photoberry-studio/assets/css/photoberry-studio-frontend.css/wp-content/plugins/photoberry-studio/assets/js/photoberry-studio-frontend.js
Script Paths
/wp-content/plugins/photoberry-studio/assets/js/photoberry-studio-admin.js/wp-content/plugins/photoberry-studio/assets/js/photoberry-studio-frontend.js
Version Parameters
photoberry-studio/assets/css/photoberry-studio-admin.css?ver=photoberry-studio/assets/js/photoberry-studio-admin.js?ver=photoberry-studio/assets/css/photoberry-studio-frontend.css?ver=photoberry-studio/assets/js/photoberry-studio-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
photoberry-gallery-wrapperphotoberry-session-containerphotoberry-client-login
HTML Comments
PhotoBerry Studio: Admin FormPhotoBerry Studio: Uploader ComponentPhotoBerry Studio: Upload EndpointPhotoBerry Studio: Update Item Endpoint+14 more
Data Attributes
data-photoberry-gallery-iddata-photoberry-session-iddata-photoberry-client-iddata-photoberry-upload-nonce
JS Globals
PhotoBerryStudioAdminConfigPhotoBerryStudioFrontendConfig
REST Endpoints
/wp-json/photoberry-studio/v1/upload/wp-json/photoberry-studio/v1/update-item/wp-json/photoberry-studio/v1/delete-item/wp-json/photoberry-studio/v1/list-clients/wp-json/photoberry-studio/v1/select-items/wp-json/photoberry-studio/v1/favorite-item/wp-json/photoberry-studio/v1/regenerate-intermediates/wp-json/photoberry-studio/v1/admin-notifications/wp-json/photoberry-studio/v1/qr
Shortcode Output
[photoberry_gallery][photoberry_session_header][photoberry_client_login]
FAQ

Frequently Asked Questions about PhotoBerry Studio for Photographers – Image Selection, Proofing, Watermarking & Client Management