WP-Safety

Video Gallery – Vimeo and YouTube Gallery Security & Risk Analysis

wordpress.org/plugins/smart-grid-gallery

Build your utmost YouTube Gallery right away with Our Video Gallery plugin.

7K active installs v1.1.7 PHP + WP 4.9+ Updated Nov 11, 2021
video-galleryvideo-gallery-pluginwordpress-video-gallerywp-video-galleryyoutube-gallery
62
C · Use Caution
CVEs total2
Unpatched1
Last CVEAug 21, 2025
Plugin page Download
Safety Verdict

Is Video Gallery – Vimeo and YouTube Gallery Safe to Use in 2026?

Use With Caution

Score 62/100

Video Gallery – Vimeo and YouTube Gallery has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

2 known CVEs 1 unpatched Last CVE: Aug 21, 2025Updated 4yr ago
Risk Assessment

The "smart-grid-gallery" v1.1.7 plugin exhibits a mixed security posture. While it demonstrates good practices in SQL query preparation and output escaping, with 85% of queries prepared and 98% of outputs escaped, significant concerns remain. The presence of 8 AJAX handlers, with 2 lacking authentication checks, presents a notable attack surface. Furthermore, the `unserialize` function is used 12 times, which is a known risk if user-supplied data is passed to it without proper sanitization. Taint analysis reveals 4 high-severity flows with unsanitized paths, indicating potential for exploitation. The plugin's vulnerability history, including 2 known CVEs and 1 currently unpatched medium-severity vulnerability related to Cross-Site Scripting, reinforces the need for caution. The last vulnerability being in 2025 suggests ongoing issues or a lack of consistent security focus. Overall, the plugin has strengths in data handling but weaknesses in input validation and authentication, warranting careful consideration.

Key Concerns

  • Unprotected AJAX handlers
  • Use of unserialize function
  • High severity taint flows
  • Unpatched medium severity CVE
  • No capability checks on AJAX
Vulnerabilities
2 published

Video Gallery – Vimeo and YouTube Gallery Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-48349medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Video Gallery – Vimeo and YouTube Gallery <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Aug 21, 2025Unpatched
CVE-2021-24515medium · 4.8Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Video Gallery - Vimeo and YouTube Gallery < 1.1.5 - Stored Cross-Site Scripting

Sep 21, 2021 Patched in 1.1.5 (854d)
Version History

Video Gallery – Vimeo and YouTube Gallery Release Timeline

v1.1.7Current1 CVE
CVE-2025-48349
v1.1.61 CVE
CVE-2025-48349
v1.1.51 CVE
CVE-2025-48349
v1.1.42 CVEs
CVE-2021-24515 CVE-2025-48349
v1.1.32 CVEs
CVE-2021-24515 CVE-2025-48349
v1.1.22 CVEs
CVE-2021-24515 CVE-2025-48349
v1.1.12 CVEs
CVE-2021-24515 CVE-2025-48349
v1.1.02 CVEs
CVE-2021-24515 CVE-2025-48349
v1.0.92 CVEs
CVE-2021-24515 CVE-2025-48349
v1.0.82 CVEs
CVE-2021-24515 CVE-2025-48349
v1.0.72 CVEs
CVE-2021-24515 CVE-2025-48349
v1.0.62 CVEs
CVE-2021-24515 CVE-2025-48349
v1.0.52 CVEs
CVE-2021-24515 CVE-2025-48349
v1.0.42 CVEs
CVE-2021-24515 CVE-2025-48349
v1.0.32 CVEs
CVE-2021-24515 CVE-2025-48349
v1.0.22 CVEs
CVE-2021-24515 CVE-2025-48349
Code Analysis
Analyzed Mar 16, 2026

Video Gallery – Vimeo and YouTube Gallery Code Analysis

Dangerous Functions
12
Raw SQL Queries
13
76 prepared
Unescaped Output
49
2609 escaped
Nonce Checks
16
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$hash = unserialize(wp_remote_fopen($protocol . "vimeo.com/api/v2/video/" . $videourl[0] . ".php"));includes\view\class-ajax-call.php:193
unserialize$hash = unserialize(wp_remote_fopen($protocol . "vimeo.com/api/v2/video/" . $videourl[0] . ".php"));includes\view\class-ajax-call.php:325
unserialize$hash = unserialize(wp_remote_fopen($protocol . "vimeo.com/api/v2/video/" . $videourl[0] . ".php"));includes\view\class-ajax-call.php:394
unserialize$hash = unserialize(wp_remote_fopen($protocol . "vimeo.com/api/v2/video/" . $videourl[0] . ".php"));includes\view\class-ajax-call.php:445
unserialize$hash = @unserialize( wp_remote_fopen( $protocol . "vimeo.com/api/v2/video/" . $imgid . ".php" )templates\admin\videos-list-page.php:105
unserialize$hash = @unserialize(wp_remote_fopen($protocol."vimeo.com/api/v2/video/" . $videourl[0] . ".php"));templates\front-end\content-popup\content-popup-view.php:37
unserialize$hash = @unserialize( wp_remote_fopen( $protocol . "vimeo.com/api/v2/video/" . esc_attr($videourl[0]templates\front-end\content-slider\content-slider-view.php:36
unserialize$hash = @unserialize( wp_remote_fopen(esc_url( $protocol . "vimeo.com/api/v2/video/" . $videourl[0] templates\front-end\justified\justified-view.php:26
unserialize$hash = @unserialize(wp_remote_fopen(esc_url($protocol . "vimeo.com/api/v2/video/" . $videourl[0] . templates\front-end\lightbox-gallery\lightbox-gallery-view.php:43
unserialize$hash = @unserialize(wp_remote_fopen($protocol . "vimeo.com/api/v2/video/" . $videourl[0] . ".php"))templates\front-end\playlist\playlist-view.php:58
unserialize$hash = @unserialize(wp_remote_fopen($protocol . "vimeo.com/api/v2/video/" . $videourl[0] . ".php"))templates\front-end\playlist\playlist-view.php:148
unserialize$hash = @unserialize(wp_remote_fopen($protocol . "vimeo.com/api/v2/video/" . $videourl[0] . ".php"))templates\front-end\thumbnails\thumbnails-view.php:29

SQL Query Safety

85% prepared89 total queries

Output Escaping

98% escaped2658 total outputs
Data Flows · Security
9 unsanitized

Data Flow Analysis

19 flows9 with unsanitized paths
<galleries-list-page> (templates\admin\galleries-list-page.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Video Gallery – Vimeo and YouTube Gallery Attack Surface

Entry Points9
Unprotected2

AJAX Handlers 8

noprivwp_ajax_admin_origincode_gallery_video_shortecodeincludes\view\class-ajax-call.php:11
authwp_ajax_admin_origincode_gallery_video_shortecodeincludes\view\class-ajax-call.php:15
noprivwp_ajax_admin_origincode_gallery_videoincludes\view\class-ajax-call.php:20
authwp_ajax_admin_origincode_gallery_videoincludes\view\class-ajax-call.php:24
noprivwp_ajax_origincode_vdg_front_end_ajaxincludes\view\class-ajax-call.php:26
authwp_ajax_origincode_vdg_front_end_ajaxincludes\view\class-ajax-call.php:30
noprivwp_ajax_share_count_ajax_callbackincludes\view\class-ajax-call.php:35
authwp_ajax_share_count_ajax_callbackincludes\view\class-ajax-call.php:39

Shortcodes 1

[origincode_videogallery] includes\view\class-shortcode.php:13
WordPress Hooks 21
actionadmin_menuincludes\admin\admin-page.php:47
actionwp_loadedincludes\admin\admin-page.php:48
actionwp_loadedincludes\admin\admin-page.php:49
actionwp_loadedincludes\admin\admin-page.php:50
actionwp_loadedincludes\admin\admin-page.php:51
actionadmin_enqueue_scriptsincludes\admin\call-admin-assets.php:14
actionadmin_enqueue_scriptsincludes\admin\call-admin-assets.php:15
actionorigincode_gallery_video_save_lightbox_optionsincludes\admin\lightbox-settings.php:10
actionorigincode_gallery_video_shortcode_scriptsincludes\view\call-frontend-scripts.php:15
actionorigincode_gallery_video_shortcode_scriptsincludes\view\call-frontend-scripts.php:16
actionorigincode_gallery_video_localize_scriptsincludes\view\call-frontend-scripts.php:17
actionadmin_footerincludes\view\class-shortcode.php:14
actionmedia_buttons_contextincludes\view\class-shortcode.php:15
actioninitsmart-video-gallery.php:108
actionplugins_loadedsmart-video-gallery.php:109
actionwidgets_initsmart-video-gallery.php:110
filtercron_schedulessmart-video-gallery.php:111
actionorigincode_video_gallery_vimeo_scriptsmart-video-gallery.php:112
actionorigincode_video_gallery_youtube_scriptsmart-video-gallery.php:113
filterblock_categoriessmart-video-gallery.php:115
actioninitsmart-video-gallery.php:116
Maintenance & Trust

Video Gallery – Vimeo and YouTube Gallery Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13
Last updatedNov 11, 2021
PHP min version
Downloads114K

Community Trust

Rating78/100
Number of ratings35
Active installs7K
Alternatives

Video Gallery – Vimeo and YouTube Gallery Alternatives

WP Youtube Gallery

WP Youtube Gallery

wp-youtube-gallery

A
91

WP YouTube Gallery is a simple and lightweight WP plugin that allows you to add a YouTube video gallery to any page or post using a shortcode.

400 1 CVE
All-in-One Video Gallery

All-in-One Video Gallery

all-in-one-video-gallery

A
88

The ultimate video player & video gallery plugin for YouTubers, Video Bloggers, Course Creators, Podcasters, and anyone embedding videos on websites.

20K 11 CVEs
Video Gallery – YouTube Gallery & Responsive Video Playlist

Video Gallery – YouTube Gallery & Responsive Video Playlist

youtube-showcase

A
93

Responsive video gallery and YouTube gallery for WordPress. Create a video grid or YouTube playlist visually in the block editor. No shortcodes!

2K 4 CVEs
Video Gallery YouTube Vimeo

Video Gallery YouTube Vimeo

new-video-gallery

A
100

Create responsive YouTube and Vimeo video galleries with custom layouts, lightbox display, and easy shortcode embedding.

1K 1 CVE
FancyTube – Video Gallery, Video Slider, and Playlist Slider for YouTube

FancyTube – Video Gallery, Video Slider, and Playlist Slider for YouTube

video-gallery-playlist

A
100

Create stunning YouTube video galleries, sliders, and playlists. Perfect for bloggers, vloggers, and businesses.

1K No CVEs
Developer Profile

Video Gallery – Vimeo and YouTube Gallery Developer Profile

origincode

1 plugin · 7K total installs

52
trust score
Avg Security Score
62/100
Avg Patch Time
854 days
View full developer profile
Detection Fingerprints

How We Detect Video Gallery – Vimeo and YouTube Gallery

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/smart-grid-gallery/assets/css/smart-grid-gallery.css/wp-content/plugins/smart-grid-gallery/assets/js/smart-grid-gallery.js
Script Paths
/wp-content/plugins/smart-grid-gallery/assets/js/smart-grid-gallery.js
Version Parameters
/wp-content/plugins/smart-grid-gallery/assets/css/smart-grid-gallery.css?ver=/wp-content/plugins/smart-grid-gallery/assets/js/smart-grid-gallery.js?ver=

HTML / DOM Fingerprints

CSS Classes
smart-gallery-wrappersg-gallery-itemsg-gallery-item-innersg-gallery-imagesg-gallery-caption
Data Attributes
data-sg-iddata-sg-typedata-sg-group
JS Globals
smartGridGallery
Shortcode Output
[smart_grid_gallery]
FAQ

Frequently Asked Questions about Video Gallery – Vimeo and YouTube Gallery