Does Picasso – WordPress Albums have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Picasso – WordPress Albums compatible with WordPress 3.4.2?

According to WordPress.org data, Picasso – WordPress Albums 1.1.4 has been tested up to WordPress 3.4.2. Check the plugin's changelog for the latest compatibility information.

How often is Picasso – WordPress Albums updated?

Picasso – WordPress Albums was last updated on Jul 12, 2012. Frequent updates are generally a positive security signal.

What is Picasso – WordPress Albums's security score?

Picasso – WordPress Albums has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Picasso – WordPress Albums Security & Risk Analysis

wordpress.org/plugins/picasso

This plugin allows users to create albums (gallery containers).

10 active installs v1.1.4 PHP + WP 2.9+ Updated Jul 12, 2012

albumgallery

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Picasso – WordPress Albums Safe to Use in 2026?

Generally Safe

Score 85/100

Picasso – WordPress Albums has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago

Risk Assessment

The 'picasso' plugin version 1.1.4 exhibits a generally good security posture based on the provided static analysis. It demonstrates strong adherence to secure coding practices by using prepared statements for all SQL queries and properly escaping all identified output. The absence of dangerous functions, file operations, and external HTTP requests further contributes to a low-risk profile. Furthermore, the plugin has no recorded vulnerability history, indicating a consistent track record of security. However, a significant concern arises from the complete lack of nonce checks and capability checks across all identified entry points. While the current static analysis did not uncover any exploitable vulnerabilities, this absence of authorization controls represents a potential weakness that could be exploited if new vulnerabilities are introduced or if a previously unknown one is discovered. The limited attack surface (one shortcode) currently mitigates this risk, but it remains a notable area for improvement.

Key Concerns

Missing nonce checks on entry points
Missing capability checks on entry points

Vulnerabilities

None known

Picasso – WordPress Albums Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Picasso – WordPress Albums Release Timeline

No version history available.

Code Analysis

Analyzed Apr 16, 2026

Picasso – WordPress Albums Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

5 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped5 total outputs

Attack Surface

Picasso – WordPress Albums Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[album] picasso.php:35

Maintenance & Trust

Picasso – WordPress Albums Maintenance & Trust

Maintenance Signals

WordPress version tested3.4.2

Last updatedJul 12, 2012

PHP min version

Downloads5K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Picasso – WordPress Albums Alternatives

Mixed Media Gallery Blocks

simply-gallery-block

Create mixed media galleries with images, HTML5 video, YouTube, Vimeo, and VideoPress — all in one gallery by Simply Gallery.

40K 8 CVEs

Photo Gallery – Responsive Image Galleries by Supsystic

gallery-by-supsystic

Photo Gallery helps you create clean, responsive image galleries and album galleries without wrestling with complex settings, layouts, or custom CSS.

20K 3 CVEs

Album and Image Gallery Plus Lightbox

album-and-image-gallery-plus-lightbox

A quick, easy way to display responsive image gallery and image album in a grid or slider with light box. Also work with Gutenberg shortcode block.

9K 4 CVEs

Photoswipe Masonry Gallery

photoswipe-masonry

100

PhotoSwipe Masonry takes advantage of the built in gallery features of WordPress. The gallery is built using PhotoSwipe from Dmitry Semenov.

6K 1 CVE

Album Gallery

new-album-gallery

Create stunning photo and video albums with responsive layouts, lightbox display, and customizable hover effects.

4K 3 CVEs

Developer Profile

Picasso – WordPress Albums Developer Profile

John

2 plugins · 20 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Picasso – WordPress Albums

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

gallerygallery-itemgallery-iconwp-caption-textgallery-caption

HTML Comments

see gallery_shortcode() in wp-includes/media.php

Shortcode Output

<div id='gallery-.*?' class='gallery galleryid-.* gallery-columns-.* gallery-size-.*?'>

FAQ