Does Mixed Media Gallery Blocks have any unpatched vulnerabilities?

No. All known vulnerabilities in Mixed Media Gallery Blocks have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Mixed Media Gallery Blocks compatible with WordPress 6.9.4?

According to WordPress.org data, Mixed Media Gallery Blocks 3.3.2.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Mixed Media Gallery Blocks compatible with PHP 5.3.8+?

Mixed Media Gallery Blocks requires PHP 5.3.8 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Mixed Media Gallery Blocks updated?

Mixed Media Gallery Blocks was last updated on Mar 9, 2026. Frequent updates are generally a positive security signal.

What is Mixed Media Gallery Blocks's security score?

Mixed Media Gallery Blocks has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Mixed Media Gallery Blocks Security & Risk Analysis

wordpress.org/plugins/simply-gallery-block

Create mixed media galleries with images, HTML5 video, YouTube, Vimeo, and VideoPress — all in one gallery by Simply Gallery.

40K active installs v3.3.2.3 PHP 5.3.8+ WP 6.6+ Updated Mar 9, 2026

albumaudio-gallerylightboxmedia-galleryvideo-gallery

A · Safe

CVEs total7

Unpatched0

Last CVEDec 12, 2025

Plugin page Download

Safety Verdict

Is Mixed Media Gallery Blocks Safe to Use in 2026?

Generally Safe

Score 92/100

Mixed Media Gallery Blocks has a strong security track record. Known vulnerabilities have been patched promptly.

7 known CVEsLast CVE: Dec 12, 2025Updated 25d ago

Risk Assessment

The "simply-gallery-block" plugin v3.3.2.3 presents a mixed security posture. On the positive side, the static analysis indicates a strong adherence to good security practices with all identified entry points (AJAX handlers, shortcodes) appearing to have proper authorization and nonce checks. The plugin also demonstrates excellent practices regarding SQL queries, exclusively using prepared statements, and a high percentage of output escaping. Furthermore, there are no critical or high severity issues identified in the taint analysis, and no unpatched vulnerabilities in its history.

However, several areas raise concern. The presence of a "Dangerous function" (preg_replace(/e)) warrants attention, as this can be a common vector for code injection if not handled with extreme care. While no unsanitized paths were found in the taint analysis, the historical vulnerability data reveals a significant pattern of medium severity issues, primarily related to Missing Authorization and Cross-site Scripting (XSS). The plugin has a history of 7 known CVEs, all of which are currently patched. The recurrence of these vulnerability types, even if patched, suggests potential areas in the codebase that require ongoing vigilance and rigorous code review.

In conclusion, while the current version shows good immediate security controls and no critical flaws, the historical trend of medium severity vulnerabilities, particularly XSS and authorization bypass, combined with the use of a potentially dangerous function, indicates that users should remain aware. The plugin's strengths lie in its SQL and output escaping practices, but past issues suggest a need for continued security auditing and development attention to prevent recurrence of past vulnerability types.

Key Concerns

Dangerous function: preg_replace(/e)
Bundled library: Freemius v1.0 (potentially outdated)
History of 7 CVEs (medium severity)
Common vulnerability types: Missing Auth, XSS

Vulnerabilities

Mixed Media Gallery Blocks Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

1 CVE in 2023

2023

2 CVEs in 2024

2024

3 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

7 total CVEs

CVE-2025-14288medium · 4.3Missing Authorization

Gallery Blocks with Lightbox <= 3.3.0 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Modification

Dec 12, 2025 Patched in 3.3.1 (1d)

CVE-2025-63052medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

SimpLy Gallery <= 3.3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Oct 26, 2025 Patched in 3.3.2.2 (132d)

CVE-2025-32176medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Gallery Blocks with Lightbox <= 3.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 4, 2025 Patched in 3.2.6 (20d)

CVE-2024-10034medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery <= 3.2.4.2 - Authenticated (Editor+) Stored Cross-Site Scripting

Nov 21, 2024 Patched in 3.2.4.3 (1d)

CVE-2024-5424medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via galleryID and className Parameters

Jun 27, 2024 Patched in 3.2.2 (1d)

CVE-2023-0441high · 8.1Missing Authorization

Gallery Blocks with Lightbox <= 3.0.7 - Missing Authorization in pgc_sgb_action_wizard

Mar 1, 2023 Patched in 3.0.8 (328d)

CVE-2021-24667medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Gallery Blocks with Lightbox <= 2.2.0 - Authenticated Stored Cross-Site Scripting

Aug 23, 2021 Patched in 2.2.1 (883d)

Code Analysis

Analyzed Mar 16, 2026

Mixed Media Gallery Blocks Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

122 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

preg_replace(/e)preg_replace( '/eblocks\init.php:148

Bundled Libraries

Freemius1.0

Output Escaping

93% escaped131 total outputs

Data Flows

All sanitized

Data Flow Analysis

4 flows

pgc_sgb_galleries_permalink_settings_save (blocks\simply_post.php:620)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Mixed Media Gallery Blocks Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 1

authwp_ajax_pgc_sgb_action_wizardplugin.php:969

Shortcodes 2

[pgc_simply_gallery] blocks\simply_post.php:522

[pgc_simply_album] blocks\simply_post.php:523

WordPress Hooks 32

actionelementor/widgets/widgets_registeredblocks\class-elementor.php:10

actionwp_headblocks\init.php:161

actioninitblocks\init.php:351

actioncustomize_preview_initblocks\init.php:352

actionadmin_enqueue_scriptsblocks\init.php:358

actionwp_dashboard_setupblocks\simply_dashboard_widget.php:52

actionadmin_enqueue_scriptsblocks\simply_dashboard_widget.php:53

filterthe_contentblocks\simply_post.php:43

filterallowed_block_typesblocks\simply_post.php:940

filterallowed_block_types_allblocks\simply_post.php:942

filteradmin_noticesblocks\simply_post.php:944

actionadmin_menublocks\simply_post.php:950

actionrest_api_initblocks\simply_post.php:951

actioninitblocks\simply_post.php:952

actionrestrict_manage_postsblocks\simply_post.php:953

actionadmin_enqueue_scriptsblocks\simply_post.php:954

actionadmin_initblocks\simply_post.php:955

actionadmin_initblocks\simply_post.php:956

actionwidgets_initblocks\simply_widget.php:92

actionafter_uninstallplugin.php:82

actionplugins_loadedplugin.php:88

actioninitplugin.php:165

actioninitplugin.php:304

actionwp_enqueue_scriptsplugin.php:339

actioninitplugin.php:465

actionadmin_menuplugins\init.php:166

actionadmin_menuplugins\init.php:221

actionadmin_menuplugins\init.php:273

actionadmin_menuplugins\init.php:323

actioninitplugins\init.php:324

actionenqueue_block_editor_assetsplugins\init.php:325

actionwp_enqueue_scriptsplugins\init.php:326

Maintenance & Trust

Mixed Media Gallery Blocks Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 9, 2026

PHP min version5.3.8

Downloads1.1M

Community Trust

Rating96/100

Number of ratings114

Active installs40K

Alternatives

Mixed Media Gallery Blocks Alternatives

Album Gallery

new-album-gallery

Create stunning photo and video albums with responsive layouts, lightbox display, and customizable hover effects.

4K 3 CVEs

Easy Photo Album

easy-photo-album

Easy Photo Album makes it easy for you to create and manage photo albums.

1K 1 CVE

Video Grid

video-grid

This is a beautiful responsive video grid with responsive lightbox for WordPress blogs and sites. Admin can manage any number of videos into the grid.

1K 2 CVEs

peLightbox Gallery Slider – Responsive Lightbox, Slideshow, Carousel, Image & Video Gallery

pelightbox-gallery-slider

100

peLightbox Gallery is a beautiful, responsive WordPress lightbox gallery and slider plugin

100 No CVEs

WP Media Gallery

wp-media-gallery

Requires at least: 3.2.1 Tested up to: 4.2 Stable tag: 1.0.3 A simple gallery plugin for wordpress.

40 No CVEs

Developer Profile

Mixed Media Gallery Blocks Developer Profile

GalleryCreator

1 plugin · 40K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

195 days

View full developer profile

Detection Fingerprints

How We Detect Mixed Media Gallery Blocks

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/simply-gallery-block/assets/css/frontend.css/wp-content/plugins/simply-gallery-block/assets/css/lightbox.css/wp-content/plugins/simply-gallery-block/assets/js/frontend.js/wp-content/plugins/simply-gallery-block/assets/js/lightbox.js/wp-content/plugins/simply-gallery-block/blocks/skins/default.js/wp-content/plugins/simply-gallery-block/blocks/skins/overlay.js/wp-content/plugins/simply-gallery-block/blocks/skins/slide.js/wp-content/plugins/simply-gallery-block/freemius/start.php

Script Paths

/wp-content/plugins/simply-gallery-block/assets/js/frontend.js/wp-content/plugins/simply-gallery-block/assets/js/lightbox.js

Version Parameters

simply-gallery-block/assets/css/frontend.css?ver=simply-gallery-block/assets/css/lightbox.css?ver=simply-gallery-block/assets/js/frontend.js?ver=simply-gallery-block/assets/js/lightbox.js?ver=simply-gallery-block/blocks/skins/default.js?ver=simply-gallery-block/blocks/skins/overlay.js?ver=simply-gallery-block/blocks/skins/slide.js?ver=

HTML / DOM Fingerprints

CSS Classes

pgc-simply-gallery-blockpgc-sgb-gallery-wrapperpgc-sgb-image-wrapperpgc-sgb-gallery-itempgc-sgb-lightboxpgc-sgb-lightbox-contentpgc-sgb-lightbox-closepgc-sgb-lightbox-prev+4 more

HTML Comments

Data Attributes

data-pgc-sgb-gallery-iddata-pgc-sgb-item-iddata-pgc-sgb-lightbox-contentdata-pgc-sgb-lightbox-closedata-pgc-sgb-lightbox-prevdata-pgc-sgb-lightbox-next

JS Globals

pgc_sgb_frontend_datapgc_sgb_lightbox_settingspgc_sgb_skins_listpgc_sgb_skins_presets

REST Endpoints

/wp-json/pgc-simply-gallery-block/v1/settings

FAQ

Mixed Media Gallery Blocks Security & Risk Analysis

Is Mixed Media Gallery Blocks Safe to Use in 2026?

Generally Safe

Key Concerns

Mixed Media Gallery Blocks Security Vulnerabilities

CVEs by Year

Severity Breakdown

Mixed Media Gallery Blocks Code Analysis

Dangerous Functions Found

Bundled Libraries

Output Escaping

Data Flow Analysis

Mixed Media Gallery Blocks Attack Surface

AJAX Handlers 1

Shortcodes 2

Mixed Media Gallery Blocks Maintenance & Trust

Maintenance Signals

Community Trust

Mixed Media Gallery Blocks Alternatives

Album Gallery

Easy Photo Album

Video Grid

peLightbox Gallery Slider – Responsive Lightbox, Slideshow, Carousel, Image & Video Gallery

WP Media Gallery

Mixed Media Gallery Blocks Developer Profile

How We Detect Mixed Media Gallery Blocks

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Mixed Media Gallery Blocks