WP-Safety

Photonic Gallery & Lightbox for Flickr, SmugMug & Others Security & Risk Analysis

wordpress.org/plugins/photonic

Galleries on steroids! A stylish lightbox & gallery plugin for WP, Flickr, SmugMug and Zenfolio photos and videos.

10K active installs v3.31 PHP 7.3+ WP 6.2+ Updated Apr 13, 2026
flickrgallerylightboxsmugmugzenfolio
99
A · Safe
CVEs total1
Unpatched0
Last CVENov 17, 2025
Plugin page Download
Safety Verdict

Is Photonic Gallery & Lightbox for Flickr, SmugMug & Others Safe to Use in 2026?

Generally Safe

Score 99/100

Photonic Gallery & Lightbox for Flickr, SmugMug & Others has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Nov 17, 2025Updated 1mo ago
Risk Assessment

Photonic v3.24 exhibits a mixed security posture. While the plugin demonstrates strong practices in output escaping (95%) and has a low number of SQL queries (3 total, 67% prepared), significant concerns arise from its attack surface. A substantial portion of its AJAX handlers (13 out of 17) lack authentication checks, creating a large entry point for potential unauthorized actions. The taint analysis, although not revealing critical or high severity vulnerabilities, did identify four flows with unsanitized paths, indicating a potential for injection-like vulnerabilities that require further investigation.

The vulnerability history for Photonic is a point of both relief and caution. The presence of a single medium-severity CVE, although currently unpatched, suggests that the plugin has had past security weaknesses. The common vulnerability type being Cross-site Scripting further emphasizes the importance of diligent input sanitization and output escaping. The fact that this past vulnerability is not currently marked as unpatched is positive, but the recurrence of such issues warrants ongoing vigilance.

In conclusion, Photonic v3.24 has several strengths in its coding practices, particularly in output handling. However, the extensive unprotected AJAX endpoints and the past medium-severity XSS vulnerability represent notable weaknesses. While the static analysis did not uncover critical flaws in this specific version, the identified unsanitized paths and the historical context suggest that users should remain aware of potential risks and ensure the plugin is kept updated.

Key Concerns

  • Unprotected AJAX handlers
  • Flows with unsanitized paths
  • Medium severity CVE in history
Vulnerabilities
1 published

Photonic Gallery & Lightbox for Flickr, SmugMug & Others Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-12691medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photonic Gallery & Lightbox for Flickr, SmugMug & Others <= 3.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Caption Attribute

Nov 17, 2025 Patched in 3.22 (1d)
Version History

Photonic Gallery & Lightbox for Flickr, SmugMug & Others Release Timeline

v3.31Current
v3.30
v3.25
v3.24
v3.23
v3.22
v3.211 CVE
CVE-2025-12691
v3.201 CVE
CVE-2025-12691
v3.151 CVE
CVE-2025-12691
v3.141 CVE
CVE-2025-12691
v3.131 CVE
CVE-2025-12691
v3.121 CVE
CVE-2025-12691
v3.111 CVE
CVE-2025-12691
v3.101 CVE
CVE-2025-12691
v3.051 CVE
CVE-2025-12691
v3.041 CVE
CVE-2025-12691
v3.031 CVE
CVE-2025-12691
v3.021 CVE
CVE-2025-12691
v3.011 CVE
CVE-2025-12691
v3.001 CVE
CVE-2025-12691
Code Analysis
Analyzed Mar 16, 2026

Photonic Gallery & Lightbox for Flickr, SmugMug & Others Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
2 prepared
Unescaped Output
50
913 escaped
Nonce Checks
30
Capability Checks
20
File Operations
1
External Requests
24
Bundled Libraries
0

SQL Query Safety

67% prepared3 total queries

Output Escaping

95% escaped963 total outputs
Data Flows · Security
4 unsanitized

Data Flow Analysis

18 flows4 with unsanitized paths
display_deviantart (Admin\Authentication.php:108)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
13 unprotected

Photonic Gallery & Lightbox for Flickr, SmugMug & Others Attack Surface

Entry Points18
Unprotected13

AJAX Handlers 17

authwp_ajax_photonic_wizard_next_screenAdmin\Admin.php:29
authwp_ajax_photonic_wizard_moreAdmin\Admin.php:30
authwp_ajax_photonic_display_level_2_contentsCore\AJAX.php:19
noprivwp_ajax_photonic_display_level_2_contentsCore\AJAX.php:20
authwp_ajax_photonic_display_level_3_contentsCore\AJAX.php:22
noprivwp_ajax_photonic_display_level_3_contentsCore\AJAX.php:23
authwp_ajax_photonic_load_moreCore\AJAX.php:25
noprivwp_ajax_photonic_load_moreCore\AJAX.php:26
authwp_ajax_photonic_lazy_loadCore\AJAX.php:28
noprivwp_ajax_photonic_lazy_loadCore\AJAX.php:29
authwp_ajax_photonic_helper_shortcode_moreCore\AJAX.php:31
noprivwp_ajax_photonic_helper_shortcode_moreCore\AJAX.php:32
authwp_ajax_photonic_invoke_helperCore\AJAX.php:34
authwp_ajax_photonic_obtain_tokenCore\AJAX.php:35
authwp_ajax_photonic_save_tokenCore\AJAX.php:36
authwp_ajax_photonic_delete_tokenCore\AJAX.php:37
authwp_ajax_photonic_dismiss_warningCore\AJAX.php:39

Shortcodes 1

[photonic_helper] Core\Photonic.php:246
WordPress Hooks 29
actionadmin_headAdmin\Admin.php:14
actionadmin_enqueue_scriptsAdmin\Admin.php:15
filtermedia_upload_tabsAdmin\Admin.php:18
actionmedia_upload_photonicAdmin\Admin.php:19
actionprint_media_templatesAdmin\Admin.php:21
actionenqueue_block_editor_assetsAdmin\Admin.php:24
actionmedia_buttonsAdmin\Admin.php:27
actionadmin_action_photonic_wizardAdmin\Admin.php:28
filtermce_external_pluginsAdmin\Admin.php:47
filtermce_buttonsAdmin\Admin.php:48
actionadmin_enqueue_scriptsAdmin\Admin_Menu.php:18
filterremovable_query_argsAdmin\Shortcode_Usage.php:37
actionadmin_initCore\Photonic.php:179
actionadmin_menuCore\Photonic.php:192
actionadmin_initCore\Photonic.php:193
filterpost_galleryCore\Photonic.php:242
filtershortcode_atts_galleryCore\Photonic.php:243
actionwp_enqueue_scriptsCore\Photonic.php:248
actionwp_enqueue_scriptsCore\Photonic.php:250
actionhttp_api_curlCore\Photonic.php:271
actionplugins_loadedCore\Photonic.php:273
filterbody_classCore\Photonic.php:275
filtersafe_style_cssCore\Photonic.php:277
actionwidgets_initCore\Photonic.php:282
actionelementor/editor/before_enqueue_scriptsCore\Photonic.php:285
filterthe_contentCore\Template.php:12
filterthe_titleCore\Template.php:13
actionadmin_initphotonic.php:52
actioninitphotonic.php:53
Maintenance & Trust

Photonic Gallery & Lightbox for Flickr, SmugMug & Others Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 13, 2026
PHP min version7.3
Downloads815K

Community Trust

Rating96/100
Number of ratings192
Active installs10K
Alternatives

Photonic Gallery & Lightbox for Flickr, SmugMug & Others Alternatives

Album Gallery For Flickr

Album Gallery For Flickr

flickr-album-gallery

A
100

Display Flickr albums on WordPress with lightbox preview, SEO-friendly galleries, and easy shortcode integration.

4K No CVEs
Firelight Lightbox

Firelight Lightbox

easy-fancybox

A
96

Formerly Easy Fancybox. The most popular WordPress lightbox plugin. Simple, fast, and responsive. Opens images, videos, PDFs, and custom popups.

200K 5 CVEs
Lightbox & Modal Popup WordPress Plugin – FooBox

Lightbox & Modal Popup WordPress Plugin – FooBox

foobox-image-lightbox

A
94

A responsive image lightbox for WordPress galleries, WordPress attachments & FooGallery

100K 5 CVEs
Gallery by FooGallery

Gallery by FooGallery

foogallery

A
88

Photo Gallery, Image Gallery by FooGallery — fast, responsive, SEO-optimized, and packed with beautiful layouts.

100K 20 CVEs
Responsive Lightbox & Gallery

Responsive Lightbox & Gallery

responsive-lightbox

A
89

The most popular lightbox plugin and responsive gallery builder for WordPress.

100K 13 CVEs
Developer Profile

Photonic Gallery & Lightbox for Flickr, SmugMug & Others Developer Profile

Sayontan Sinha

5 plugins · 10K total installs

92
trust score
Avg Security Score
88/100
Avg Patch Time
1 days
View full developer profile
Detection Fingerprints

How We Detect Photonic Gallery & Lightbox for Flickr, SmugMug & Others

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/photonic/include/css/admin/admin-flow.css/wp-content/plugins/photonic/include/js/admin/wizard.js/wp-content/plugins/photonic/include/css/frontend/core.css/wp-content/plugins/photonic/include/js/frontend/photonic-frontend.js/wp-content/plugins/photonic/include/js/frontend/justified-gallery.min.js/wp-content/plugins/photonic/include/js/frontend/photoswipe.min.js/wp-content/plugins/photonic/include/js/frontend/photoswipe-ui-default.min.js/wp-content/plugins/photonic/include/js/frontend/baguettebox.min.js+36 more
Script Paths
/wp-content/plugins/photonic/include/js/admin/wizard.js/wp-content/plugins/photonic/include/js/frontend/photonic-frontend.js/wp-content/plugins/photonic/include/js/frontend/justified-gallery.min.js/wp-content/plugins/photonic/include/js/frontend/photoswipe.min.js/wp-content/plugins/photonic/include/js/frontend/photoswipe-ui-default.min.js/wp-content/plugins/photonic/include/js/frontend/baguettebox.min.js+30 more
Version Parameters
photonic/include/css/admin/admin-flow.css?ver=photonic/include/js/admin/wizard.js?ver=photonic/include/css/frontend/core.css?ver=photonic/include/js/frontend/photonic-frontend.js?ver=photonic/include/js/frontend/justified-gallery.min.js?ver=photonic/include/js/frontend/photoswipe.min.js?ver=photonic/include/js/frontend/photoswipe-ui-default.min.js?ver=photonic/include/js/frontend/baguettebox.min.js?ver=photonic/include/js/frontend/lightgallery.min.js?ver=photonic/include/js/frontend/lg-thumbnail.min.js?ver=photonic/include/js/frontend/lg-video.min.js?ver=photonic/include/js/frontend/lg-pager.min.js?ver=photonic/include/js/frontend/lg-url.min.js?ver=photonic/include/js/frontend/lg-autoplay.min.js?ver=photonic/include/js/frontend/lg-fullscreen.min.js?ver=photonic/include/js/frontend/lg-zoom.min.js?ver=photonic/include/js/frontend/lg-hash.min.js?ver=photonic/include/js/frontend/lg-rotate.min.js?ver=photonic/include/js/frontend/lg-share.min.js?ver=photonic/include/js/frontend/lg-comments.min.js?ver=photonic/include/js/frontend/lg-zoom.min.js?ver=photonic/include/js/frontend/lightbox.min.js?ver=photonic/include/js/frontend/jquery.colorbox-min.js?ver=photonic/include/js/frontend/jquery.magnific-popup.min.js?ver=photonic/include/js/frontend/fancybox.umd.js?ver=photonic/include/js/frontend/jquery.fancybox.min.js?ver=photonic/include/js/frontend/prettyphoto.js?ver=photonic/include/js/frontend/jquery.prettyPhoto.js?ver=photonic/include/js/frontend/jquery.prettyPhoto.min.js?ver=photonic/include/js/frontend/featherlight.min.js?ver=photonic/include/js/frontend/featherlight.gallery.min.js?ver=photonic/include/js/frontend/swipebox.min.js?ver=photonic/include/js/frontend/jquery.swipebox.min.js?ver=photonic/include/js/frontend/spotlight.min.js?ver=photonic/include/js/frontend/bigpicture.min.js?ver=photonic/include/js/frontend/gie.min.js?ver=photonic/include/js/frontend/lightcase.min.js?ver=photonic/include/js/frontend/jquery.photonic.js?ver=

HTML / DOM Fingerprints

CSS Classes
photonic-flowphotonic-buttonphotonic-galleryphotonic-random-mosaicphotonic-masonryphotonic-justifiedphotonic-gridphotonic-slideshow+24 more
HTML Comments
<!-- Photonic Wizard --><!-- Photonic Gallery -->
Data Attributes
data-photonic-submissiondata-photonic-submission-pendingdata-photonic-option-conditiondata-photonic-gallery-iddata-photonic-content-filterdata-photonic-custom-links+223 more
JS Globals
Photonic_Wizard_JS
FAQ

Frequently Asked Questions about Photonic Gallery & Lightbox for Flickr, SmugMug & Others