Does Lightbox slider – Responsive Lightbox Gallery have any unpatched vulnerabilities?

Yes — Lightbox slider – Responsive Lightbox Gallery currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Lightbox slider – Responsive Lightbox Gallery compatible with WordPress 6.9.4?

According to WordPress.org data, Lightbox slider – Responsive Lightbox Gallery 1.10.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

What is Lightbox slider – Responsive Lightbox Gallery's security score?

Lightbox slider – Responsive Lightbox Gallery has a WP-Safety security score of 78/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Lightbox slider – Responsive Lightbox Gallery Security & Risk Analysis

wordpress.org/plugins/simple-lightbox-gallery

Lightbox slider plugin is allow users to view larger versions of images, simple slide shows and Gallery view with Responsive grid layout.

4K active installs v1.10.6 PHP + WP + Updated Feb 23, 2026

galleryimage-gallerylightboxphoto-galleryresponsive-gallery

B · Generally Safe

CVEs total2

Unpatched1

Last CVEOct 15, 2024

Plugin page Download

Safety Verdict

Is Lightbox slider – Responsive Lightbox Gallery Safe to Use in 2026?

Mostly Safe

Score 78/100

Lightbox slider – Responsive Lightbox Gallery is generally safe to use. 2 past CVEs were resolved. Keep it updated.

2 known CVEs 1 unpatched Last CVE: Oct 15, 2024Updated 1mo ago

Risk Assessment

The plugin 'simple-lightbox-gallery' v1.10.6 demonstrates a mixed security posture. On the positive side, the static analysis reveals strong adherence to secure coding practices, with all SQL queries utilizing prepared statements and all identified outputs being properly escaped. Furthermore, the plugin includes nonce checks on its entry points, which is a crucial defense against common web attacks. However, there are significant concerns stemming from its vulnerability history and certain aspects of its attack surface.

The taint analysis indicates flows with unsanitized paths, which, while not reaching a critical or high severity in this specific analysis, represent a potential risk if the data involved is user-controllable. The presence of two known CVEs, with one remaining unpatched, is a substantial red flag. These vulnerabilities have historically included Cross-site Scripting and Deserialization of Untrusted Data, suggesting a pattern of past security weaknesses that warrant careful attention. The fact that a vulnerability was recently discovered (2024-10-15) and remains unpatched is particularly concerning.

In conclusion, while the plugin implements good practices like prepared statements and output escaping, the unpatched historical vulnerabilities and the identified unsanitized taint flows present a notable risk. The plugin's security is compromised by its past issues, and the presence of an unpatched CVE suggests a current, exploitable vulnerability that could be leveraged by attackers. Users should exercise caution and prioritize updating to a version that addresses all known CVEs.

Key Concerns

Unpatched CVE exists
Medium severity CVEs in history
Flows with unsanitized paths
Lack of capability checks

Vulnerabilities

Lightbox slider – Responsive Lightbox Gallery Security Vulnerabilities

CVEs by Year

2 CVEs in 2024 · unpatched

2024

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2024-49280medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Lightbox slider – Responsive Lightbox Gallery <= 1.10.2 - Authenticated (Author+) Stored Cross-Site Scripting

Oct 15, 2024Unpatched

CVE-2024-1858medium · 5.4Deserialization of Untrusted Data

Lightbox slider – Responsive Lightbox Gallery <= 1.9.9 - Authenticated (Contributor+) PHP Object Injection

Mar 28, 2024 Patched in 1.10.0 (63d)

Code Analysis

Analyzed Mar 16, 2026

Lightbox slider – Responsive Lightbox Gallery Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

270 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

100% escaped271 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

ajax_get_thumbnail_slgf (simple-lightbox-gallery.php:479)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Lightbox slider – Responsive Lightbox Gallery Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 1

authwp_ajax_slgf_get_thumbnailsimple-lightbox-gallery.php:151

Shortcodes 2

[lightboxslider] simple-lightbox-gallery.php:142

[SLGF] simple-lightbox-slider-shortcode.php:5

WordPress Hooks 14

filterimage_size_names_choosesimple-lightbox-gallery.php:24

actionadmin_menusimple-lightbox-gallery.php:40

filterthe_titlesimple-lightbox-gallery.php:115

actiondo_meta_boxessimple-lightbox-gallery.php:128

actionadmin_enqueue_scriptssimple-lightbox-gallery.php:139

actioninitsimple-lightbox-gallery.php:144

actionadd_meta_boxessimple-lightbox-gallery.php:147

actionadmin_initsimple-lightbox-gallery.php:148

actionsave_postsimple-lightbox-gallery.php:149

actionsave_postsimple-lightbox-gallery.php:150

filtermanage_edit-slgf_slider_columnssimple-lightbox-gallery.php:241

actionmanage_slgf_slider_posts_custom_columnsimple-lightbox-gallery.php:242

actionmedia_buttonssimple-lightbox-gallery.php:624

actionadmin_footersimple-lightbox-gallery.php:646

Maintenance & Trust

Lightbox slider – Responsive Lightbox Gallery Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 23, 2026

PHP min version

Downloads352K

Community Trust

Rating94/100

Number of ratings24

Active installs4K

Alternatives

Lightbox slider – Responsive Lightbox Gallery Alternatives

Gallery by FooGallery

foogallery

Photo Gallery, Image Gallery by FooGallery — fast, responsive, SEO-optimized, and packed with beautiful layouts.

100K 20 CVEs

Photo Gallery for Images

new-photo-gallery

Display photos in responsive grid and lightbox layouts. Build image galleries, portfolios, and video galleries.

2K 1 CVE

Photo gallery lightbox – 📱 mobile friendly gallery plugin –– Story Show Gallery

story-show-gallery

100

Full screen photo gallery lightbox for delightful display of your photos, with a lot of features, fully customizable, free.

200 No CVEs

Awesome Responsive Photo Gallery – Image & Video Lightbox Gallery

awesome-responsive-photo-gallery

Upgrade WordPress gallery shortcode to a modern, responsive, touch-friendly lightbox gallery with 3 stunning lightbox styles.

100 2 CVEs

Social Media Profile with Gallery

insta-type-gallery

100

Create beautiful profile galleries with lightbox preview. Display images in grid layouts with hover effects and animations.

100 No CVEs

Developer Profile

Lightbox slider – Responsive Lightbox Gallery Developer Profile

Weblizar - WordPress Themes & Plugin

26 plugins · 56K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

952 days

View full developer profile

Detection Fingerprints

How We Detect Lightbox slider – Responsive Lightbox Gallery

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/simple-lightbox-gallery/css/help_and_support.css/wp-content/plugins/simple-lightbox-gallery/css/all.min.css/wp-content/plugins/simple-lightbox-gallery/css/pricing-table.css/wp-content/plugins/simple-lightbox-gallery/css/bootstrap.min.css/wp-content/plugins/simple-lightbox-gallery/css/recom.css/wp-content/plugins/simple-lightbox-gallery/js/hover-pack.js/wp-content/plugins/simple-lightbox-gallery/js/reponsive_photo_gallery_script.js/wp-content/plugins/simple-lightbox-gallery/css/hover-pack.css+11 more

Script Paths

js/hover-pack.jsjs/reponsive_photo_gallery_script.jsjs/masonry.pkgd.min.jsjs/imagesloaded.pkgd.min.jsjs/slgf-multiple-media-uploader.jsjs/slgf-media-upload-script.js+3 more

Version Parameters

simple-lightbox-gallery/css/help_and_support.css?ver=simple-lightbox-gallery/css/all.min.css?ver=simple-lightbox-gallery/css/pricing-table.css?ver=simple-lightbox-gallery/css/bootstrap.min.css?ver=simple-lightbox-gallery/css/recom.css?ver=simple-lightbox-gallery/js/hover-pack.js?ver=simple-lightbox-gallery/js/reponsive_photo_gallery_script.js?ver=simple-lightbox-gallery/css/hover-pack.css?ver=simple-lightbox-gallery/css/img-gallery.css?ver=simple-lightbox-gallery/js/masonry.pkgd.min.js?ver=simple-lightbox-gallery/js/imagesloaded.pkgd.min.js?ver=simple-lightbox-gallery/js/slgf-multiple-media-uploader.js?ver=simple-lightbox-gallery/js/slgf-media-upload-script.js?ver=simple-lightbox-gallery/css/rpg-meta.css?ver=simple-lightbox-gallery/css/codemirror/codemirror.css?ver=simple-lightbox-gallery/css/codemirror/blackboard.css?ver=simple-lightbox-gallery/css/codemirror/show-hint.css?ver=simple-lightbox-gallery/css/codemirror/slgf-css.js?ver=simple-lightbox-gallery/css/codemirror/css-hint.js?ver=

HTML / DOM Fingerprints

CSS Classes

slgf_slider_sectionslgf-shortcode-wrapperslgf-gallery-itemslgf-slider-gallery-imageslgf-gallery-descriptionslgf_slider_titleslgf_slider_thumbslgf_slider_view+3 more

HTML Comments

+6 more

Data Attributes

data-slgf-iddata-slgf-titledata-slgf-descriptiondata-slgf-linkdata-slgf-thumbdata-slgf-type+1 more

JS Globals

slgf_vars

Shortcode Output

[lightboxslider

FAQ