Does PhotoPress have any unpatched vulnerabilities?

No. All known vulnerabilities in PhotoPress have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is PhotoPress compatible with WordPress 5.8.13?

According to WordPress.org data, PhotoPress 1.5.0 has been tested up to WordPress 5.8.13. Check the plugin's changelog for the latest compatibility information.

How often is PhotoPress updated?

PhotoPress was last updated on Dec 14, 2021. Frequent updates are generally a positive security signal.

What is PhotoPress's security score?

PhotoPress has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

PhotoPress Security & Risk Analysis

wordpress.org/plugins/photopress

Making WordPress work for photographers with beautiful image galleries, slideshows, meta-data tools, and more.

100 active installs v1.5.0 PHP + WP 5.2.0+ Updated Dec 14, 2021

gallerygallery-blockimagesmasonryphotos

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is PhotoPress Safe to Use in 2026?

Generally Safe

Score 85/100

PhotoPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

The Photopress v1.5.0 plugin presents a mixed security posture. On one hand, the absence of known vulnerabilities and a relatively small attack surface, with no unprotected entry points, are positive indicators. The plugin also demonstrates good practices by exclusively using prepared statements for SQL queries.

However, significant concerns arise from the static analysis. The presence of dangerous functions like 'system', 'passthru', 'exec', and 'shell_exec' is a major red flag, as these can be exploited for remote code execution if input is not rigorously sanitized. Furthermore, a nearly 50% rate of improperly escaped output is alarming, potentially leading to cross-site scripting (XSS) vulnerabilities. The lack of nonce checks on any entry points is also a critical omission, leaving the plugin susceptible to cross-site request forgery (CSRF) attacks. The sole capability check is insufficient given the presence of dangerous functions.

Given the history of zero known CVEs, it's possible these dangerous functions are not currently exploitable due to other security measures or lack of specific triggers. However, the inherent risks within the code itself warrant caution. The plugin's strengths lie in its vulnerability history and SQL practices, but these are overshadowed by the critical code-level risks.

Key Concerns

Dangerous functions present (system, passthru, exec, shell_exec)
Significant portion of output not properly escaped
No nonce checks on entry points
Insufficient capability checks

Vulnerabilities

None known

PhotoPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

PhotoPress Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

46 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

systemsystem( $command , $return_var );framework\class-util.php:142

passthrupassthru( $command , $return_var );framework\class-util.php:150

execexec( $command , $output , $return_var );framework\class-util.php:158

shell_exec$output = shell_exec($command) ;framework\class-util.php:165

unserialize$md = unserialize($str);modules\metadata\XmpReader.php:439

Output Escaping

47% escaped97 total outputs

Attack Surface

PhotoPress Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 23

actioninitframework\class-module.php:48

actionadmin_initframework\class-module.php:218

actionrest_api_initframework\class-module.php:219

actionadmin_menuframework\class-module.php:221

actioninitframework\class-pp-framework.php:36

actionenqueue_block_assetsframework\class-pp-framework.php:142

actionadmin_noticesframework\class-settings.php:59

actionwp_enqueue_scriptsmodules\base\base.php:12

filterrest_page_querymodules\childpages\childpages.php:49

filtermax_srcset_image_widthmodules\metadata\metadata.php:19

filterwp_read_image_metadatamodules\metadata\metadata.php:22

filterrender_blockmodules\metadata\metadata.php:26

filterpre_move_uploaded_filemodules\metadata\metadata.php:31

filterframe/attachment/image_markupmodules\metadata\metadata.php:34

filterimage_strip_metamodules\metadata\metadata.php:37

actionwidgets_initmodules\metadata\metadata.php:44

actionadd_attachmentmodules\metadata\metadata.php:66

actionenable-media-replace-upload-donemodules\metadata\metadata.php:74

filterpre_get_postsmodules\metadata\metadata.php:77

filterphotopress_metadata_tag_valuemodules\metadata\XmpReader.php:48

filterthe_contentmodules\slideshow\slideshow.php:21

filterrender_blockmodules\slideshow\slideshow.php:24

actionplugins_loadedphotopress.php:34

Maintenance & Trust

PhotoPress Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13

Last updatedDec 14, 2021

PHP min version

Downloads16K

Community Trust

Rating74/100

Number of ratings3

Active installs100

Alternatives

PhotoPress Alternatives

PhotoPress – Masonry Gallery

photopress-masonry-gallery

Extends the [gallery] shortcode to add a masonry style display option.

50 No CVEs

Lightbox with PhotoSwipe

lightbox-photoswipe

100

Integration of PhotoSwipe (http://photoswipe.com) for WordPress.

20K No CVEs

Image Gallery Block – Create and display photo gallery/photo album.

3d-image-gallery

Image Gallery Block helps you create responsive photo galleries, masonry layouts, and 3D sliders. Offers professional layouts and lightbox effects.

2K 1 CVE

Social Photo Fetcher

facebook-photo-fetcher

Allows you to automatically create Wordpress photo galleries from Facebook albums. Simple to use and highly customizable.

1K 1 unpatched

Simple Block Gallery

simple-block-gallery

100

Add the effect of Masonry and Slider to images.

1K No CVEs

Developer Profile

PhotoPress Developer Profile

padams

7 plugins · 350 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect PhotoPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/photopress/dist/blocks.style.build.css/wp-content/plugins/photopress/dist/blocks.build.js/wp-content/plugins/photopress/dist/blocks.editor.build.css/wp-content/plugins/photopress/modules/gallery/assets/js/gallery-masonry.js

Script Paths

/wp-content/plugins/photopress/dist/blocks.build.js

Version Parameters

photopress-frontend?ver=photopress-editor?ver=photopress-masonry?ver=

HTML / DOM Fingerprints

CSS Classes

photopress-editor

Data Attributes

data-photopress-container

JS Globals

photpressGlobal

Shortcode Output

[photopress

FAQ