Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery Security & Risk Analysis

wordpress.org/plugins/pixel-gallery

Best Addon for Elementor WordPress Plugin with 60+ Most Popular Elements that need your everyday website page building.

5K active installs v2.1.4 PHP 7.4.0+ WP 5.0.0+ Updated Mar 10, 2026

gallerygallery-pluginimage-galleryresponsive-galleryvideo-gallery

A · Safe

CVEs total1

Unpatched0

Last CVEJul 21, 2025

Plugin page Download

Safety Verdict

Is Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery Safe to Use in 2026?

Generally Safe

Score 99/100

Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jul 21, 2025Updated 24d ago

Risk Assessment

The Pixel Gallery plugin v2.1.4 exhibits a mixed security posture. On the positive side, it demonstrates strong practices in output escaping, with 92% of outputs properly handled, and a robust presence of nonce and capability checks, indicating a general awareness of security principles. The absence of critical or high-severity taint flows and dangerous functions further bolsters its security. However, significant concerns arise from its attack surface. With 19 AJAX handlers, 3 of which lack authentication checks, and a total of 20 entry points, there's a substantial potential for unauthorized access or malicious manipulation.

The vulnerability history reveals a past medium-severity Cross-Site Scripting (XSS) vulnerability, even though it is currently unpatched. This pattern, combined with the presence of unprotected AJAX handlers, suggests a potential for similar vulnerabilities if input validation and sanitization are not consistently applied across all entry points, especially in the unprotected AJAX actions. While the plugin has a good track record of addressing vulnerabilities, the current lack of authorization on some AJAX endpoints remains a key risk.

In conclusion, Pixel Gallery v2.1.4 has strengths in output sanitization and general security checks, but the unprotected AJAX handlers present a notable weakness. The historical XSS vulnerability, while patched, serves as a reminder to maintain vigilance. The plugin's security is generally good, but the identified unprotected entry points require immediate attention to mitigate risks.

Key Concerns

Unprotected AJAX handlers found
All SQL queries use prepared statements
No critical or high severity taint flows
Past medium severity XSS vulnerability

Vulnerabilities

Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-7644medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery <= 1.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jul 21, 2025 Patched in 1.6.8 (1d)

Code Analysis

Analyzed Mar 16, 2026

Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

551 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared3 total queries

Output Escaping

92% escaped602 total outputs

Data Flows

All sanitized

Data Flow Analysis

6 flows

save_white_label_ajax (admin\admin-settings.php:167)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery Attack Surface

Entry Points20

Unprotected3

AJAX Handlers 19

authwp_ajax_pg_admin_api_biggopti_dismissadmin\admin-api-biggopti.php:20

authwp_ajax_pixel-gallery-biggoptiesadmin\admin-biggopti.php:24

authwp_ajax_pg_fetch_api_biggoptiesadmin\admin-biggopti.php:27

authwp_ajax_pg_save_white_labeladmin\admin-settings.php:59

authwp_ajax_pg_revoke_white_label_tokenadmin\admin-settings.php:60

authwp_ajax_pg_install_pluginadmin\admin-settings.php:64

authwp_ajax_pg_save_custom_codeadmin\admin-settings.php:93

authwp_ajax_pixel_gallery_settings_saveadmin\class-settings-api.php:24

authwp_ajax_pixel_gallery_dynamic_select_input_dataincludes\controls\select-input\dynamic-select-input-module.php:40

authwp_ajax_pg_get_pluginsincludes\setup-wizard\class-remote-data-handler.php:40

noprivwp_ajax_pg_get_pluginsincludes\setup-wizard\class-remote-data-handler.php:41

authwp_ajax_setup_wizard_install_pluginsincludes\setup-wizard\init.php:51

authwp_ajax_import_elementor_templateincludes\setup-wizard\init.php:429

authwp_ajax_import_pg_elementor_bundle_templateincludes\setup-wizard\init.php:525

authwp_ajax_import_pg_elementor_bundle_runner_templateincludes\setup-wizard\init.php:621

authwp_ajax_pg_get_pluginsincludes\setup-wizard\pixel-gallery-others-plugin.php:26

noprivwp_ajax_pg_get_pluginsincludes\setup-wizard\pixel-gallery-others-plugin.php:27

authwp_ajax_pg_install_pluginincludes\setup-wizard\pixel-gallery-others-plugin.php:28

noprivwp_ajax_pixel_gallery_ajax_loginloader.php:300

Shortcodes 1

[rooten_custom_template] loader.php:386

WordPress Hooks 51

actionwp_dashboard_setupadmin\admin-feeds.php:26

actionadmin_initadmin\admin-settings.php:44

actionadmin_menuadmin\admin-settings.php:45

actionadmin_noticesadmin\admin-settings.php:49

actionadmin_headadmin\admin-settings.php:61

actionadmin_initadmin\admin-settings.php:70

actionadmin_enqueue_scriptsadmin\admin-settings.php:97

actionadmin_initadmin\admin-settings.php:494

actionadmin_menuadmin\admin-settings.php:495

actionadmin_noticesadmin\admin-settings.php:498

actionadmin_enqueue_scriptsadmin\admin.php:25

actionadmin_initadmin\admin.php:28

actionupgrader_process_completeadmin\admin.php:30

actionafter_setup_themeadmin\admin.php:34

filtergettextadmin\admin.php:55

actionpre_current_active_pluginsadmin\admin.php:58

filterplugin_row_metaadmin\admin.php:61

actionadmin_enqueue_scriptsadmin\class-settings-api.php:22

actionelementor/widgets/registerbase\pixel-gallery-module-base.php:21

filterwpml_elementor_widgets_to_translateincludes\class-elements-wpml-compatibility.php:29

actionpre_get_postsincludes\controls\group-query\group-control-query.php:704

actionpre_get_postsincludes\controls\group-query\group-control-query.php:709

filterfound_postsincludes\controls\group-query\group-control-query.php:710

actionelementor/controls/registerincludes\controls\select-input\dynamic-select.php:123

actioninitincludes\setup-wizard\class-remote-data-handler.php:38

actioninitincludes\setup-wizard\class-remote-data-handler.php:557

actionadmin_enqueue_scriptsincludes\setup-wizard\init.php:52

actionadmin_initincludes\setup-wizard\init.php:53

actionadmin_initincludes\setup-wizard\init.php:54

actionadmin_initincludes\setup-wizard\init.php:55

filterauto_update_translationincludes\setup-wizard\init.php:58

actionadmin_headincludes\setup-wizard\init.php:68

actionadmin_footerincludes\setup-wizard\init.php:120

actionadmin_headincludes\setup-wizard\init.php:160

actionelementor/elements/categories_registeredloader.php:369

actionelementor/initloader.php:370

actionelementor/editor/after_enqueue_stylesloader.php:373

actionelementor/frontend/before_register_scriptsloader.php:375

actionelementor/editor/after_enqueue_scriptsloader.php:377

actionelementor/frontend/after_register_stylesloader.php:379

actionelementor/frontend/after_enqueue_stylesloader.php:382

actionelementor/frontend/after_enqueue_scriptsloader.php:383

actionelementor/initloader.php:391

actioninitloader.php:420

actionelementor/frontend/widget/before_rendermodules\animations\module.php:523

actioninitpixel-gallery.php:93

actionadmin_noticespixel-gallery.php:103

actionwp_headpixel-gallery.php:118

actionwp_footerpixel-gallery.php:119

actionplugins_loadedpixel-gallery.php:122

actionactivated_pluginpixel-gallery.php:185

Maintenance & Trust

Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 10, 2026

PHP min version7.4.0

Downloads91K

Community Trust

Rating96/100

Number of ratings5

Active installs5K

Alternatives

Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery Alternatives

Modula Image Gallery – Photo Grid & Video Gallery

modula-best-grid-gallery

Create responsive image galleries with drag-and-drop grid builder. Custom layouts, video support, AI optimization. Works with any theme.

100K 14 CVEs

Shader Grid

shader-grid

100

Powerful and extremely customizable responsive infinite image/video grid with WebGL shaders and lightbox support.

0 No CVEs

Photo Gallery by 10Web – Mobile-Friendly Image Gallery

photo-gallery

Photo Gallery is a powerful image gallery plugin with a list of advanced options for creating responsive image galleries with beautiful lightbox.

200K 1 unpatched

Robo Gallery – Photo & Image Slider

robo-gallery

Robo Gallery is a powerful image gallery and photo gallery plugin with advanced features to create responsive galleries with a beautiful lightbox

40K 17 CVEs

Mosaic Gallery – Advanced Gallery

mosaic-gallery-advanced-gallery

100

Mosaic Gallery is an advanced plugin for creating stunning, responsive mosaic-style galleries with ease, offering customizable layouts and effects.

3K No CVEs

Developer Profile

Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery Developer Profile

bdthemes

24 plugins · 251K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

21 days

View full developer profile

Detection Fingerprints

How We Detect Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/pixel-gallery/assets/css/frontend.css/wp-content/plugins/pixel-gallery/assets/js/frontend.js/wp-content/plugins/pixel-gallery/assets/css/animate.min.css/wp-content/plugins/pixel-gallery/assets/css/gallery-frontend.css/wp-content/plugins/pixel-gallery/assets/js/jquery.fancybox.min.js/wp-content/plugins/pixel-gallery/assets/js/pixl-gallery-frontend.js

Script Paths

/wp-content/plugins/pixel-gallery/assets/js/frontend.js/wp-content/plugins/pixel-gallery/assets/js/jquery.fancybox.min.js/wp-content/plugins/pixel-gallery/assets/js/pixl-gallery-frontend.js

Version Parameters

pixel-gallery/assets/css/frontend.css?ver=pixel-gallery/assets/js/frontend.js?ver=pixel-gallery/assets/css/animate.min.css?ver=pixel-gallery/assets/css/gallery-frontend.css?ver=pixel-gallery/assets/js/jquery.fancybox.min.js?ver=pixel-gallery/assets/js/pixl-gallery-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

pxl-gallery-elementpxl-gallery-wrapperpg-gallery-itempg-gallery-captionpxl-elementor-gallerybdpg-gallery-filter-wrap

HTML Comments

+5 more

Data Attributes

data-pg-iddata-pxl-gallery-iddata-pg-filter-iddata-elementor-id

JS Globals

PixelGalleryFrontendpgGlobal

REST Endpoints

/wp-json/pixel-gallery/v1/settings/wp-json/pixel-gallery/v1/data

Shortcode Output

[pixel-gallery][bdp-gallery][pixel_gallery][bdpg_gallery]

FAQ

Frequently Asked Questions about Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery