WP-Safety

Google Photos Picker Security & Risk Analysis

wordpress.org/plugins/photos-picker

This is a plugin that enables you choose images in Google Photos and inserts them in img tags in text mode post editor.

20 active installs v1.0 PHP + WP 4.4+ Updated Apr 25, 2016
google-photosimagespost
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Google Photos Picker Safe to Use in 2026?

Generally Safe

Score 85/100

Google Photos Picker has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago
Risk Assessment

The 'photos-picker' v1.0 plugin exhibits a strong security posture based on the provided static analysis. The absence of any identified attack surface entries, dangerous functions, file operations, external HTTP requests, or nonce/capability checks suggests a minimalist design with limited exposure to common web vulnerabilities. The plugin also demonstrates good practices by exclusively using prepared statements for its SQL queries, eliminating the risk of SQL injection. However, the analysis also highlights a significant concern: 50% of the output escaping is not properly done. This means that user-supplied data or dynamic content being displayed could be vulnerable to cross-site scripting (XSS) attacks if not handled with extreme care elsewhere in the plugin's logic.

Key Concerns

  • Half of output escaping is not properly done
Vulnerabilities
None known

Google Photos Picker Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Google Photos Picker Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
2
2 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

50% escaped4 total outputs
Attack Surface

Google Photos Picker Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 3
actionadmin_print_footer_scriptsgooglephotospicker.php:59
actionadmin_enqueue_scriptsgooglephotospicker.php:76
actionadmin_initgooglephotospicker.php:134
Maintenance & Trust

Google Photos Picker Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34
Last updatedApr 25, 2016
PHP min version
Downloads6K

Community Trust

Rating66/100
Number of ratings3
Active installs20
Alternatives

Google Photos Picker Alternatives

Recent Posts Widget With Thumbnails

Recent Posts Widget With Thumbnails

recent-posts-widget-with-thumbnails

A
100

List the most recent posts with post titles, thumbnails, excerpts, authors, categories, dates and more!

100K No CVEs
Crop-Thumbnails

Crop-Thumbnails

crop-thumbnails

A
100

"Crop Thumbnails" made it easy to get exacly that specific image-detail you want to show in your featured image or gallery image.

40K No CVEs
SEO Friendly Images

SEO Friendly Images

seo-image

A
85

SEO Friendly Images automatically adds alt and title attributes to all your images improving traffic from search engines.

20K 1 CVE
Newpost Catch

Newpost Catch

newpost-catch

A
91

Thumbnails in new articles setting widget.

10K 1 CVE
Multi Image Metabox

Multi Image Metabox

multi-image-metabox

A
85

Add a multi-image metabox to your posts, pages and custom post types

7K No CVEs
Developer Profile

Google Photos Picker Developer Profile

iwongu

3 plugins · 40 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Google Photos Picker

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/photos-picker/googlephotospicker.js

HTML / DOM Fingerprints

JS Globals
googlePhotosPickerVarsQTagsgoogle
FAQ

Frequently Asked Questions about Google Photos Picker