Does Photography Core have any unpatched vulnerabilities?

No. All known vulnerabilities in Photography Core have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Photography Core compatible with WordPress 5.2.24?

According to WordPress.org data, Photography Core 0.3.0 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

How often is Photography Core updated?

Photography Core was last updated on Jun 20, 2019. Frequent updates are generally a positive security signal.

What is Photography Core's security score?

Photography Core has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Photography Core Security & Risk Analysis

wordpress.org/plugins/photography-core

Photography Core is the heart of the themes made for image lovers. Features are the API, helpers, Gutenberg blocks, Lightroom, etc.

40 active installs v0.3.0 PHP + WP 4.8+ Updated Jun 20, 2019

gutenbergimagelightroomphotophotography

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Photography Core Safe to Use in 2026?

Generally Safe

Score 85/100

Photography Core has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The "photography-core" v0.3.0 plugin exhibits a concerning security posture, primarily due to a significant number of unprotected entry points and a lack of robust security checks. While the absence of known CVEs and dangerous functions is positive, the static analysis reveals critical weaknesses. Specifically, the presence of 4 AJAX handlers without authentication checks is a major red flag, creating direct avenues for unauthorized actions. Furthermore, the taint analysis indicates one high-severity flow with unsanitized paths, suggesting a potential for code injection or other serious vulnerabilities if this flow is triggered by user input.

The vulnerability history being empty is generally a good sign, suggesting the plugin hasn't had publicly disclosed critical flaws. However, in conjunction with the current static analysis findings, it might indicate that vulnerabilities exist but haven't been discovered or disclosed yet, or that the plugin's usage is low, thus less of a target. The plugin also shows weaknesses in output escaping, with only 28% of outputs being properly escaped, potentially leading to Cross-Site Scripting (XSS) vulnerabilities.

Overall, the plugin has significant areas for improvement in its security implementation. The lack of capability checks and nonce checks on AJAX handlers, combined with the high-severity taint flow and poor output escaping, create a substantial risk. While it doesn't have a history of public vulnerabilities, the current static analysis warrants caution. Addressing the unprotected AJAX handlers and the high-severity taint flow should be prioritized.

Key Concerns

AJAX handlers without auth checks
High severity taint flow
Output escaping is low
No nonce checks
No capability checks
SQL queries with low prepared statement usage

Vulnerabilities

None known

Photography Core Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Photography Core Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

5 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

40% prepared5 total queries

Output Escaping

28% escaped18 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths

ajax_collection (api.php:24)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

Photography Core Attack Surface

Entry Points10

Unprotected4

AJAX Handlers 4

authwp_ajax_pcore_collectionapi.php:12

authwp_ajax_pcore_collectionsapi.php:13

authwp_ajax_pcore_foldersapi.php:14

authwp_ajax_update_taxonomy_orderfolders-order.php:15

Shortcodes 6

[mwt-section-header] shortcodes.php:11

[mwt-container] shortcodes.php:12

[mwt-collections] shortcodes.php:13

[mwt-folders] shortcodes.php:14

[mwt-keywords] shortcodes.php:15

[mwt-search] shortcodes.php:16

WordPress Hooks 17

actionedit_termfeatured.php:12

actioncreate_termfeatured.php:13

actionadmin_headfeatured.php:17

actionquick_edit_custom_boxfeatured.php:18

filterattribute_escapefeatured.php:19

actionadmin_headfolders-order.php:13

actioninitfolders-order.php:14

actionload-edit-tags.phpfolders-order.php:16

filterterms_clausesfolders-order.php:27

filterterms_clausesfolders-order.php:44

filteriniti18n\polylang.php:11

filterpcore_get_collectionsi18n\polylang.php:12

filterpcore_get_foldersi18n\polylang.php:13

filterpcore_resolve_folder_idi18n\polylang.php:14

actioninitphotography-core.php:34

filtergutenberg_can_edit_post_typephotography-core.php:51

actionwp_headseo.php:8

Maintenance & Trust

Photography Core Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedJun 20, 2019

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs40

Alternatives

Photography Core Alternatives

Simple Lightbox

simple-lightbox

The highly customizable lightbox for WordPress

100K 1 CVE

Fullscreen Galleria

fullscreen-galleria

A simple fullscreen gallery to Wordpress

900 1 CVE

Dreamstime Stock Photos

dreamstime-stock-photos

Stock Photos by Dreamstime: Easily search and insert images into your posts and pages from Dreamstime's vast database of Free and Royalty-Free st …

200 1 CVE

Shutterstock

shutterstock

Insert Shutterstock's royalty-free content directly from the WordPress editor

200 No CVEs

FCP Lightest Lightbox

fcp-lightest-lightbox

100

Super lightweight Lighbox for WordPress

100 No CVEs

Developer Profile

Photography Core Developer Profile

Jordy Meow

27 plugins · 371K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

372 days

View full developer profile

Detection Fingerprints

How We Detect Photography Core

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/photography-core/css/blocks.css/wp-content/plugins/photography-core/css/colors.css/wp-content/plugins/photography-core/css/vendors.css/wp-content/plugins/photography-core/js/back-end.js/wp-content/plugins/photography-core/js/front-end.js/wp-content/plugins/photography-core/js/vendors.js

Script Paths

/wp-content/plugins/photography-core/api.php/wp-content/plugins/photography-core/seo.php/wp-content/plugins/photography-core/featured.php/wp-content/plugins/photography-core/plugins/wplr-sync.php/wp-content/plugins/photography-core/shortcodes.php/wp-content/plugins/photography-core/folders-order.php+1 more

Version Parameters

photography-core/css/blocks.css?ver=photography-core/css/colors.css?ver=photography-core/css/vendors.css?ver=photography-core/js/back-end.js?ver=photography-core/js/front-end.js?ver=photography-core/js/vendors.js?ver=

HTML / DOM Fingerprints

CSS Classes

photography-core-admin-notice

HTML Comments

Photography Core Core Photography Core: SEO Photography Core: Featured Photography Core: WPLR Sync+15 more

Data Attributes

data-photography-coredata-photography-core-id

JS Globals

PhotographyCorephotographyCore

REST Endpoints

/wp-json/photography-core/v1/collections/wp-json/photography-core/v1/folders/wp-json/photography-core/v1/keywords

Shortcode Output

[photography_gallery][photography_album][photography_breadcrumb]

FAQ