ReFlex Gallery » WordPress Photo Gallery Security & Risk Analysis
wordpress.org/plugins/reflex-galleryReFlex Gallery is an easy to use responsive WordPress Photo Gallery Plugin that is two gallery plugins in one.
Is ReFlex Gallery » WordPress Photo Gallery Safe to Use in 2026?
Mostly Safe
Score 81/100ReFlex Gallery » WordPress Photo Gallery is generally safe to use though it hasn't been updated recently. 3 past CVEs were resolved.
The Reflex Gallery plugin version 3.1.7 presents a mixed security posture. While the static analysis shows a relatively small attack surface with no unprotected entry points and a reasonable number of nonce checks, several significant concerns arise from the code signals and vulnerability history. The presence of raw SQL queries without prepared statements is a notable risk, potentially leading to SQL injection vulnerabilities if not handled with extreme care. Furthermore, the plugin has a history of critical vulnerabilities, specifically Cross-Site Scripting (XSS) and unrestricted file uploads, indicating a pattern of weaknesses in input sanitization and validation. Although there are currently no unpatched CVEs, the recurrence of severe vulnerability types suggests a need for ongoing vigilance and robust security practices from the developers.
Key Concerns
- SQL queries not using prepared statements
- Significant history of critical vulnerabilities (XSS, Unrestricted Upload)
- 53% of output escaping is concerningly low
ReFlex Gallery » WordPress Photo Gallery Security Vulnerabilities
CVEs by Year
Severity Breakdown
3 total CVEs
ReFlex Gallery < 1.4.3 - Cross-Site Scripting
ReFlex Gallery » WordPress Photo Gallery < 3.1.4 - Arbitrary File Upload
ReFlex Gallery » WordPress Photo Gallery < 3.1.4 - Arbitrary File Upload
ReFlex Gallery » WordPress Photo Gallery Release Timeline
ReFlex Gallery » WordPress Photo Gallery Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
ReFlex Gallery » WordPress Photo Gallery Attack Surface
Shortcodes 1
WordPress Hooks 8
Maintenance & Trust
ReFlex Gallery » WordPress Photo Gallery Maintenance & Trust
Maintenance Signals
Community Trust
ReFlex Gallery » WordPress Photo Gallery Alternatives
Instant Images – One-click Image Uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy
instant-images
One-click uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy directly to your WordPress media library.
WPJaipho Mobile Gallery
wpjaipho
WPJaipho extends native Wordpress image gallery, NextGEN 1.x and NextCellent Gallery with optimized support for mobile users
Name: Media Upload Meta Box
media-upload-meta-box
Adds a Meta Box for Drag and Drop Media Upload to the edit page/post screens.
Image Photoroll Creator For Photographers
image-photoroll-creator-for-photographers
Plugin adds aditional buttons to media upload module allowing of faster images edit and add to post.
Ponticlaro Media Settings
ponticlaro-media-settings
Keep your media insert code consistent site-wide.
ReFlex Gallery » WordPress Photo Gallery Developer Profile
2 plugins · 110 total installs
How We Detect ReFlex Gallery » WordPress Photo Gallery
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/reflex-gallery/scripts/jquery-migrate.js/wp-content/plugins/reflex-gallery/scripts/flexslider/jquery.flexslider-min.js/wp-content/plugins/reflex-gallery/scripts/prettyphoto/jquery.prettyPhoto.js/wp-content/plugins/reflex-gallery/scripts/galleryManagerNoOverlay.js/wp-content/plugins/reflex-gallery/scripts/galleryManagerNoSocial.js/wp-content/plugins/reflex-gallery/scripts/galleryManagerNoOverlayNoSocial.js/wp-content/plugins/reflex-gallery/scripts/galleryManager.js/wp-content/plugins/reflex-gallery/scripts/flexslider/flexslider.css+4 morereflex-gallery/scripts/jquery-migrate.jsreflex-gallery/scripts/flexslider/jquery.flexslider-min.jsreflex-gallery/scripts/prettyphoto/jquery.prettyPhoto.jsreflex-gallery/scripts/galleryManagerNoOverlay.jsreflex-gallery/scripts/galleryManagerNoSocial.jsreflex-gallery/scripts/galleryManagerNoOverlayNoSocial.js+2 morereflex-gallery/scripts/jquery-migrate.js?ver=reflex-gallery/scripts/flexslider/jquery.flexslider-min.js?ver=reflex-gallery/scripts/prettyphoto/jquery.prettyPhoto.js?ver=reflex-gallery/scripts/galleryManagerNoOverlay.js?ver=reflex-gallery/scripts/galleryManagerNoSocial.js?ver=reflex-gallery/scripts/galleryManagerNoOverlayNoSocial.js?ver=reflex-gallery/scripts/galleryManager.js?ver=reflex-gallery/styles/default.css?ver=reflex-gallery/admin/scripts/TablePagination/tablePager.css?ver=reflex-gallery/scripts/prettyphoto/prettyPhoto.css?ver=reflex-gallery/admin/scripts/MediaUpload/image-uploader.js?ver=HTML / DOM Fingerprints
reflex-gallerydata-reflex-gallery-idReflexDBgalleryManager[ReflexGallery