Does Gallery PhotoBlocks have any unpatched vulnerabilities?

No. All known vulnerabilities in Gallery PhotoBlocks have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Gallery PhotoBlocks compatible with WordPress 6.9.4?

According to WordPress.org data, Gallery PhotoBlocks 1.3.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Gallery PhotoBlocks compatible with PHP 5.6+?

Gallery PhotoBlocks requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Gallery PhotoBlocks updated?

Gallery PhotoBlocks was last updated on Jan 16, 2026. Frequent updates are generally a positive security signal.

What is Gallery PhotoBlocks's security score?

Gallery PhotoBlocks has a WP-Safety security score of 89/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Gallery PhotoBlocks Security & Risk Analysis

wordpress.org/plugins/photoblocks-grid-gallery

Design your personal image gallery or photo gallery or even a portfolio using a handy builder. Add stunning effects to your grid and always justified …

3K active installs v1.3.3 PHP 5.6+ WP 5.2+ Updated Jan 16, 2026

best-gallery-pluginfree-gallerygallerygallery-plugingrid-gallery

A · Safe

CVEs total8

Unpatched0

Last CVEJan 26, 2026

Plugin page Download

Safety Verdict

Is Gallery PhotoBlocks Safe to Use in 2026?

Generally Safe

Score 89/100

Gallery PhotoBlocks has a strong security track record. Known vulnerabilities have been patched promptly.

8 known CVEsLast CVE: Jan 26, 2026Updated 2mo ago

Risk Assessment

The "photoblocks-grid-gallery" v1.3.3 plugin exhibits a mixed security posture. While it shows some positive security practices, such as a high percentage of properly escaped outputs and SQL queries using prepared statements, significant concerns remain. The presence of unprotected AJAX handlers presents a direct attack vector. The taint analysis revealed one high-severity flow with unsanitized paths, indicating a potential for code execution or sensitive data compromise. The plugin's history of 8 known CVEs, including two high-severity ones related to missing authorization, CSRF, and XSS, is a major red flag. This history suggests a recurring pattern of insecure coding practices. Although there are currently no unpatched CVEs and the last vulnerability was in the future (which is likely a data error but implies no *recent* known issues), the past vulnerabilities and the identified code analysis issues warrant caution. Overall, while efforts have been made in some areas, the plugin requires significant attention to address the identified risks, particularly concerning its attack surface and historical vulnerability patterns.

Key Concerns

Unprotected AJAX handlers
High severity taint flow with unsanitized path
History of 8 CVEs (2 high severity)
Bundled Freemius v1.0 (potentially outdated)

Vulnerabilities

Gallery PhotoBlocks Security Vulnerabilities

CVEs by Year

2 CVEs in 2019

2019

1 CVE in 2020

2020

3 CVEs in 2022

2022

1 CVE in 2025

2025

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

High

Medium

8 total CVEs

CVE-2026-24389medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Gallery PhotoBlocks <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 26, 2026 Patched in 1.3.3 (8d)

CVE-2025-58610medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Gallery PhotoBlocks <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 3, 2025 Patched in 1.3.2 (8d)

WF-08c957fb-05e8-489e-846e-1afb0ca6750f-photoblocks-grid-gallerymedium · 5.4Missing Authorization

Gallery PhotoBlocks <= 1.2.8 - Missing Authorization Checks

Aug 17, 2022 Patched in 1.2.9 (524d)

CVE-2022-36292high · 8.8Cross-Site Request Forgery (CSRF)

Gallery PhotoBlocks <= 1.2.8 - Cross-Site Request Forgery

Aug 10, 2022 Patched in 1.2.9 (531d)

CVE-2022-37407medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Gallery PhotoBlocks <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Aug 10, 2022 Patched in 1.2.7 (531d)

WF-22476135-8951-4012-845b-46a5dfbfc1f5-photoblocks-grid-galleryhigh · 7.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Gallery PhotoBlocks <= 1.1.5 - Cross-Site Scripting

Jul 29, 2020 Patched in 1.2.0 (1273d)

CVE-2019-15829medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Gallery PhotoBlocks <= 1.1.42 - Reflected Cross-Site Scripting

Jul 9, 2019 Patched in 1.1.43 (1659d)

WF-ede6c4d1-e4bd-44c0-a66a-fffc0e1b22f6-photoblocks-grid-gallerymedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Gallery Photoblocks <= 1.1.40 - Reflected Cross-Site Scripting

Jul 5, 2019 Patched in 1.1.41 (1663d)

Code Analysis

Analyzed Mar 16, 2026

Gallery PhotoBlocks Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

277 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

jQueryFreemius1.0

SQL Query Safety

67% prepared9 total queries

Output Escaping

83% escaped333 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths

init (admin\class-photoblocks-admin.php:257)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Gallery PhotoBlocks Attack Surface

Entry Points4

Unprotected2

AJAX Handlers 3

authwp_ajax_pb_save_galleryadmin\class-photoblocks-admin.php:116

authwp_ajax_pb_load_galleryadmin\class-photoblocks-admin.php:117

authwp_ajax_photoblocks_dismiss_reviewadmin\class-photoblocks-admin.php:118

Shortcodes 1

[photoblocks] includes\class-photoblocks.php:195

WordPress Hooks 12

actionadmin_initincludes\class-photoblocks-settings.php:16

actionplugins_loadedincludes\class-photoblocks.php:161

actionadmin_enqueue_scriptsincludes\class-photoblocks.php:175

actionadmin_enqueue_scriptsincludes\class-photoblocks.php:176

actionadmin_initincludes\class-photoblocks.php:177

actionadmin_menuincludes\class-photoblocks.php:178

actionadmin_body_classincludes\class-photoblocks.php:179

actionadmin_noticesincludes\class-photoblocks.php:180

filteradmin_footer_textincludes\class-photoblocks.php:181

filterwidget_textincludes\class-photoblocks.php:194

actionwp_enqueue_scriptsincludes\class-photoblocks.php:197

actionwp_enqueue_scriptsincludes\class-photoblocks.php:198

Maintenance & Trust

Gallery PhotoBlocks Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 16, 2026

PHP min version5.6

Downloads126K

Community Trust

Rating100/100

Number of ratings76

Active installs3K

Alternatives

Gallery PhotoBlocks Alternatives

Image Photo Gallery Final Tiles Grid

final-tiles-grid-gallery-lite

Image Gallery + Photo Gallery + Portfolio Gallery + Tiled Gallery in 1 plugin. Includes lightbox and hover effects. It supports Pinterest (masonry) ph …

20K 9 CVEs

WP Fancy Gallery

wp-fancy-gallery

Image Gallery + Photo Gallery + Portfolio Gallery + Title + Description + Tiled Gallery in 1 plugin.

20 No CVEs

Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More

envira-gallery-lite

Envira Gallery is a fast, easy and powerful gallery builder with lightbox, masonry and grid layouts, albums, videos, and responsive displays and more

100K 10 CVEs

Justified Gallery

justified-gallery

WordPress gallery plugin. Display WordPress galleries in a responsive justified image grid and a pretty lightbox.

9K 2 CVEs

Gmedia Photo Gallery

grand-media

Gmedia Gallery - photo gallery with comments, show EXIF & Metadata, gallery with map geolocation (GPS), private galleries.

8K 1 unpatched

Developer Profile

Gallery PhotoBlocks Developer Profile

WP Chill

29 plugins · 440K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

608 days

View full developer profile

Detection Fingerprints

How We Detect Gallery PhotoBlocks

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/photoblocks-grid-gallery/public/css/photoblocks-frontend.css/wp-content/plugins/photoblocks-grid-gallery/public/js/photoblocks-frontend.js/wp-content/plugins/photoblocks-grid-gallery/public/js/imagesloaded.min.js/wp-content/plugins/photoblocks-grid-gallery/public/js/isotope.min.js

Script Paths

/wp-content/plugins/photoblocks-grid-gallery/public/js/photoblocks-frontend.js/wp-content/plugins/photoblocks-grid-gallery/public/js/imagesloaded.min.js/wp-content/plugins/photoblocks-grid-gallery/public/js/isotope.min.js

Version Parameters

/photoblocks-grid-gallery/public/css/photoblocks-frontend.css?ver=/photoblocks-grid-gallery/public/js/photoblocks-frontend.js?ver=/photoblocks-grid-gallery/public/js/imagesloaded.min.js?ver=/photoblocks-grid-gallery/public/js/isotope.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

photoblocks-galleryphotoblocks-grid

Data Attributes

data-photoblocks-id

JS Globals

photoblocks_frontend_params

Shortcode Output

[photoblocks id="[photoblocks]

FAQ