Does Image Gallery Import have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Image Gallery Import compatible with WordPress 3.9.40?

According to WordPress.org data, Image Gallery Import 1.0 has been tested up to WordPress 3.9.40. Check the plugin's changelog for the latest compatibility information.

How often is Image Gallery Import updated?

Image Gallery Import was last updated on May 20, 2014. Frequent updates are generally a positive security signal.

What is Image Gallery Import's security score?

Image Gallery Import has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Image Gallery Import Security & Risk Analysis

wordpress.org/plugins/remote-image-gallery-import

This plugin takes remote page, examines its content and lists all found images for your choice.

10 active installs v1.0 PHP + WP 3.5.1+ Updated May 20, 2014

auto-download-imagesimageimport-remote-imagemedia-galleryremote-download

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Image Gallery Import Safe to Use in 2026?

Generally Safe

Score 85/100

Image Gallery Import has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The remote-image-gallery-import plugin v1.0 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices regarding SQL queries, exclusively using prepared statements, and the absence of known vulnerabilities or CVEs. The taint analysis revealed no critical or high severity flows, suggesting that unsanitized data is not being directly passed to sensitive functions within the analyzed flows.

However, several areas raise concern. The plugin has zero nonce checks and zero capability checks across all entry points. This is a significant weakness, as it means any user, regardless of their role or authentication status, could potentially interact with features that might have unintended consequences. The use of the `set_time_limit` function without clear justification or context could also be a point of abuse if triggered by an attacker. While the output escaping is not perfect (25% unescaped), the limited number of outputs makes this a less immediate threat than the missing authorization checks.

Given the complete lack of historical vulnerabilities, it's difficult to infer patterns from past security incidents. However, the static analysis reveals inherent architectural weaknesses, particularly the absence of proper authorization and nonce checks. While the plugin currently appears free of known exploits, the identified weaknesses in authorization and the presence of a dangerous function create potential attack vectors that should be addressed.

Key Concerns

Missing nonce checks on entry points
Missing capability checks on entry points
Presence of dangerous function (set_time_limit)
Some output not properly escaped

Vulnerabilities

None known

Image Gallery Import Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Image Gallery Import Release Timeline

No version history available.

Code Analysis

Analyzed Apr 16, 2026

Image Gallery Import Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

set_time_limitset_time_limit(180); // 3 mins is ok ?image-leech.php:20

SQL Query Safety

100% prepared2 total queries

Output Escaping

75% escaped8 total outputs

Attack Surface

Image Gallery Import Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 1

actionadmin_menuimage-leech.php:34

Maintenance & Trust

Image Gallery Import Maintenance & Trust

Maintenance Signals

WordPress version tested3.9.40

Last updatedMay 20, 2014

PHP min version

Downloads4K

Community Trust

Rating76/100

Number of ratings4

Active installs10

Alternatives

Image Gallery Import Alternatives

Social Media Feed Gallery

wp-instagram-feed-awplife

100

Formerly "WP Instagram Feed Gallery" Create a responsive social media gallery with access token. Grid layout, lightbox, shortcode support.

2K No CVEs

Media Item URL

media-item-url

Get the full attachment URL from the media row table without opening item.

100 No CVEs

Taghound Media Tagger

taghound-media-tagger

Automatically tag and search images in your media library using Clarifai's object recognition API.

70 No CVEs

WP Responsive Media Gallery

wp-responsive-media-gallery

Create a wonderful image gallery in couple of clicks with responsive media gallery plugin. A finest way to Promote your image and video online with di …

40 No CVEs

WP Media Size

wp-media-size

This adds a column in the WordPress Media Gallery list page with the filesize.

20 No CVEs

Developer Profile

Image Gallery Import Developer Profile

wptrack

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Image Gallery Import

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

il-titleicidlabllineimport-panel

HTML Comments

-=*=-

Data Attributes

id="imglist"id="imglistb"id="url-form"id="foundimages"id="imgactions"id="remoteurl"+34 more

JS Globals

imgleech_actionsimgleech_menuimgleech_frontli_modeli_mwli_mh+5 more

FAQ