Post Categories Gallery Security & Risk Analysis

wordpress.org/plugins/post-category-gallery

Post Category Gallery displays selectable categories of posts horizontally and below the featured images of selected posts are displayed.

20 active installs v1.0.0 PHP + WP 2.1+ Updated Feb 26, 2014
buttonscategoriesfeatured-imagefilteringposts
63
C · Use Caution
CVEs total1
Unpatched1
Last CVEMay 26, 2026
Safety Verdict

Is Post Categories Gallery Safe to Use in 2026?

Use With Caution

Score 63/100

Post Categories Gallery has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: May 26, 2026Updated 12yr ago
Risk Assessment

The post-category-gallery plugin v1.0.0 exhibits a strong security posture based on the provided static analysis. The absence of direct SQL queries, proper output escaping, and file operations, coupled with no recorded vulnerabilities, suggests that the developers have followed good security practices. The limited attack surface, consisting solely of one shortcode with no apparent direct interaction with external systems or sensitive data, further bolsters its security. However, a significant concern arises from the complete lack of nonce checks and capability checks. While the current analysis doesn't reveal exploitable flows, this omission represents a potential weakness that could be leveraged if the plugin's functionality were to evolve or interact with user-supplied data in the future. The absence of any recorded vulnerabilities in its history is a positive sign, indicating a potentially stable and well-maintained codebase up to this version.

Key Concerns

  • Missing nonce checks
  • Missing capability checks
Vulnerabilities
1 published

Post Categories Gallery Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-8867medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Post Categories Gallery <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

May 26, 2026Unpatched
Version History

Post Categories Gallery Release Timeline

No version history available.
Code Analysis
Analyzed Mar 16, 2026

Post Categories Gallery Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
6 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped6 total outputs
Attack Surface

Post Categories Gallery Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[postcategorygallery] horcatbar.php:123
WordPress Hooks 1
actionwp_enqueue_scriptshorcatbar.php:131
Maintenance & Trust

Post Categories Gallery Maintenance & Trust

Maintenance Signals

WordPress version tested3.5.2
Last updatedFeb 26, 2014
PHP min version
Downloads4K

Community Trust

Rating100/100
Number of ratings1
Active installs20
Developer Profile

Post Categories Gallery Developer Profile

Fides IT

2 plugins · 40 total installs

68
trust score
Avg Security Score
63/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Post Categories Gallery

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/post-category-gallery/horcatbar.css
Version Parameters
horcatbar_style?ver=post-category-gallery/horcatbar.css?ver=

HTML / DOM Fingerprints

CSS Classes
hcb_containerhcb_theme_greenhcb_theme_bluehcb_theme_redhcb_categories_tophcb_post_containercaptioncurrent-cat+1 more
Data Attributes
data-hcbcategory
Shortcode Output
<div class="hcb_container<ul class="hcb_categories_top"><div class="hcb_post_container"<img src="
FAQ

Frequently Asked Questions about Post Categories Gallery