PhotoShelter for Photographers Blog Feed Plugin Security & Risk Analysis
wordpress.org/plugins/photoshelter-official-pluginEmbed your PhotoShelter content (single images, gallery cover images, or slideshows) directly into your blog - without leaving WordPress!
Is PhotoShelter for Photographers Blog Feed Plugin Safe to Use in 2026?
Use With Caution
Score 64/100PhotoShelter for Photographers Blog Feed Plugin has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.
The Photoshelter Official Plugin, version 1.5.7, exhibits a mixed security posture. On the positive side, it demonstrates good practices by not using dangerous functions, all SQL queries are prepared, and there are no known critical or high severity vulnerabilities historically. The static analysis also shows a limited attack surface with no unprotected entry points, and a reasonable number of nonce checks are in place.
However, significant concerns arise from the code analysis. The plugin has a very low percentage of properly escaped output (12%), which is a major indicator of potential Cross-Site Scripting (XSS) vulnerabilities. This is further corroborated by the vulnerability history, which shows a past medium severity XSS vulnerability. The taint analysis indicates flows with unsanitized paths, although none reached critical or high severity in this analysis, the presence of unsanitized paths in conjunction with poor output escaping significantly elevates the risk.
Given the history of XSS and the current poor output escaping, the risk associated with this plugin is moderate to high. While the plugin has addressed some security aspects, the lack of robust output sanitization leaves it vulnerable to XSS attacks, especially considering the presence of unsanitized paths in the taint analysis. The unpatched medium severity CVE is also a direct risk.
Key Concerns
- Unpatched CVE
- Low percentage of properly escaped output
- Flows with unsanitized paths
- Past medium severity XSS vulnerability
PhotoShelter for Photographers Blog Feed Plugin Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
PhotoShelter for Photographers Blog Feed Plugin <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
PhotoShelter for Photographers Blog Feed Plugin Code Analysis
Output Escaping
Data Flow Analysis
PhotoShelter for Photographers Blog Feed Plugin Attack Surface
Shortcodes 2
WordPress Hooks 10
Maintenance & Trust
PhotoShelter for Photographers Blog Feed Plugin Maintenance & Trust
Maintenance Signals
Community Trust
PhotoShelter for Photographers Blog Feed Plugin Alternatives
Embed Google Photos album
embed-google-photos-album-easily
Embed Google Photos album using Player widget.
GPP Slideshow
gpp-slideshow
A minimalist slideshow plugin that creates a new gallery post type. Add slideshows to widgets, posts, pages and gallery posts.
Slideshow Captions for Jetpack
jetpack-slideshow-caption
Modifies Jetpack's default slideshow caption feature.
PhotoShelter Gallery Widget
photoshelter-gallery-widget
PhotoShelter Gallery Widget allows you to show your PhotoShelter galleries into your sidebar.
WPJaipho Mobile Gallery
wpjaipho
WPJaipho extends native Wordpress image gallery, NextGEN 1.x and NextCellent Gallery with optimized support for mobile users
PhotoShelter for Photographers Blog Feed Plugin Developer Profile
2 plugins · 290 total installs
How We Detect PhotoShelter for Photographers Blog Feed Plugin
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/photoshelter-official-plugin/img/ps_menu_icon.pngHTML / DOM Fingerprints
ps-ok-noticeps-error-noticenoticesps_meta_boxps_hideshowwidepagi_gal+1 moreid="ps_captionIns"class="wp-caption alignnone"id="ps_login_form"photoshelter_activate[photoshelter-gallery[photoshelter-img