Spartan Gallery Security & Risk Analysis

wordpress.org/plugins/spartan-gallery

Spartan Gallery allows you to create gallery very very easily. Spartan Gallery is a responsive and multipurpose portfolio gallery plugin.

0 active installs v1.0.0 PHP 8.3+ WP 4.6+ Updated Dec 7, 2024
art-gallerygalleryphoto-galleryportfoliosimple-portfolio-gallery
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Spartan Gallery Safe to Use in 2026?

Generally Safe

Score 92/100

Spartan Gallery has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

Spartan-Gallery v1.0.0 exhibits a mixed security posture. While the plugin demonstrates some good security practices, such as 100% prepared statement usage for SQL queries and a reasonable number of nonce and capability checks, there are significant areas of concern. The presence of two AJAX handlers without authentication checks creates a direct attack vector. Furthermore, the taint analysis revealed one high-severity flow with an unsanitized path, indicating a potential for arbitrary file access or manipulation. The plugin's static analysis also flags the use of the `unserialize` function, which can be a source of remote code execution vulnerabilities if not handled with extreme care and validation of the serialized data's origin and structure. The absence of any recorded vulnerabilities in its history might suggest a lack of discovery rather than inherent security, especially given the identified code signals.

Overall, the plugin's security is compromised by its unprotected entry points and the high-severity taint flow. The potential for unauthorized actions through unauthenticated AJAX handlers and the risk associated with `unserialize` and unsanitized paths outweigh the positive indicators. While the plugin is free from known CVEs and has had no past vulnerabilities, the static analysis points to inherent risks that need immediate attention. This plugin should be used with caution until these issues are addressed.

Key Concerns

  • Unprotected AJAX handlers
  • High severity taint flow with unsanitized path
  • Use of dangerous function: unserialize
  • Low percentage of properly escaped output
Vulnerabilities
None known

Spartan Gallery Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Spartan Gallery Release Timeline

v1.3
v1.2.3
v1.2.2
v1.2
v1.0
v1.0.0Current
Code Analysis
Analyzed Mar 17, 2026

Spartan Gallery Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
0 prepared
Unescaped Output
190
118 escaped
Nonce Checks
10
Capability Checks
15
File Operations
2
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserialize$this->value = unserialize( $this->value );admin\exopite-simple-options\fields\group.php:240
unserialize$this->value = unserialize( $this->value );admin\exopite-simple-options\fields\group.php:283

Bundled Libraries

jQuery

Output Escaping

38% escaped308 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths
import_options (admin\exopite-simple-options\exopite-simple-options-framework-class.php:563)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Spartan Gallery Attack Surface

Entry Points6
Unprotected2

AJAX Handlers 5

authwp_ajax_exopite-sof-export-optionsadmin\exopite-simple-options\exopite-simple-options-framework-class.php:413
authwp_ajax_exopite-sof-import-optionsadmin\exopite-simple-options\exopite-simple-options-framework-class.php:414
authwp_ajax_exopite-sof-reset-optionsadmin\exopite-simple-options\exopite-simple-options-framework-class.php:415
authwp_ajax_exopite-sof-file_uploaderadmin\exopite-simple-options\upload-class.php:18
authwp_ajax_exopite-sof-file-batch-deleteadmin\exopite-simple-options\upload-class.php:22

Shortcodes 1

[spartan_gallery] public\class-spartan-gallery-public.php:247
WordPress Hooks 57
actionafter_setup_themeadmin\add-image-size.php:14
actioninitadmin\class-add-gallery-gutenberg-block.php:7
actionadmin_initadmin\class-spartan-gallery-admin.php:63
actionplugins_loadedadmin\class-spartan-gallery-admin.php:65
actionadd_meta_boxesadmin\class-spartan-gallery-metaboxes.php:20
actioninitadmin\class-spartan-gallery-post-type.php:91
actionadmin_initadmin\class-spartan-gallery-welcome-dashboard.php:48
actionadmin_menuadmin\class-spartan-gallery-welcome-dashboard.php:70
actionadmin_enqueue_scriptsadmin\class-spartan-gallery-welcome-dashboard.php:198
actionadmin_noticesadmin\exopite-simple-options\exopite-simple-options-framework-class.php:269
actionadmin_noticesadmin\exopite-simple-options\exopite-simple-options-framework-class.php:356
actionadmin_enqueue_scriptsadmin\exopite-simple-options\exopite-simple-options-framework-class.php:386
filtermce_external_pluginsadmin\exopite-simple-options\exopite-simple-options-framework-class.php:392
actionadmin_initadmin\exopite-simple-options\exopite-simple-options-framework-class.php:411
actionadmin_menuadmin\exopite-simple-options\exopite-simple-options-framework-class.php:412
actionadmin_initadmin\exopite-simple-options\exopite-simple-options-framework-class.php:440
actionsave_postadmin\exopite-simple-options\exopite-simple-options-framework-class.php:441
actionexopite_sof_display_page_headeradmin\exopite-simple-options\exopite-simple-options-framework-class.php:1908
actionexopite_sof_display_page_footeradmin\exopite-simple-options\exopite-simple-options-framework-class.php:2086
actionplugins_loadedincludes\class-spartan-gallery.php:236
actionadmin_enqueue_scriptsincludes\class-spartan-gallery.php:251
actionadmin_enqueue_scriptsincludes\class-spartan-gallery.php:252
actionwp_enqueue_scriptsincludes\class-spartan-gallery.php:267
actionwp_enqueue_scriptsincludes\class-spartan-gallery.php:268
actioninitincludes\class-spartan-gallery.php:269
actionspartan_galleryincludes\class-spartan-gallery.php:270
filtermanage_spartan_gallery_type_posts_columnspublic\custom-columns.php:100
actionmanage_spartan_gallery_type_posts_custom_columnpublic\custom-columns.php:101
filtermanage_post_posts_columnspublic\custom-columns.php:108
actionadd_meta_boxespublic\popup.php:56
actionsave_postpublic\popup.php:170
actioninitpublic\tgm\class-tgm-plugin-activation.php:268
filterload_textdomain_mofilepublic\tgm\class-tgm-plugin-activation.php:269
actioninitpublic\tgm\class-tgm-plugin-activation.php:272
actionadmin_menupublic\tgm\class-tgm-plugin-activation.php:421
actionadmin_headpublic\tgm\class-tgm-plugin-activation.php:422
filterinstall_plugin_complete_actionspublic\tgm\class-tgm-plugin-activation.php:425
filterupdate_plugin_complete_actionspublic\tgm\class-tgm-plugin-activation.php:426
actionadmin_noticespublic\tgm\class-tgm-plugin-activation.php:429
actionadmin_initpublic\tgm\class-tgm-plugin-activation.php:430
actionadmin_enqueue_scriptspublic\tgm\class-tgm-plugin-activation.php:431
actionload-plugins.phppublic\tgm\class-tgm-plugin-activation.php:436
actionswitch_themepublic\tgm\class-tgm-plugin-activation.php:439
actionswitch_themepublic\tgm\class-tgm-plugin-activation.php:442
actionadmin_initpublic\tgm\class-tgm-plugin-activation.php:447
actionswitch_themepublic\tgm\class-tgm-plugin-activation.php:452
actionload_textdomain_mofilepublic\tgm\class-tgm-plugin-activation.php:475
filterupgrader_source_selectionpublic\tgm\class-tgm-plugin-activation.php:889
actionplugins_loadedpublic\tgm\class-tgm-plugin-activation.php:2112
filtertgmpa_table_data_itemspublic\tgm\class-tgm-plugin-activation.php:2236
filterupgrader_source_selectionpublic\tgm\class-tgm-plugin-activation.php:2977
actionadmin_initpublic\tgm\class-tgm-plugin-activation.php:3147
actionupgrader_process_completepublic\tgm\class-tgm-plugin-activation.php:3242
filterupgrader_post_installpublic\tgm\class-tgm-plugin-activation.php:3301
filterupgrader_post_installpublic\tgm\class-tgm-plugin-activation.php:3446
actiontgmpa_registerpublic\tgm\example.php:36
actiontgmpa_registerpublic\tgm\tgm-init.php:106
Maintenance & Trust

Spartan Gallery Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedDec 7, 2024
PHP min version8.3
Downloads10K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Developer Profile

Spartan Gallery Developer Profile

freelancermartin

3 plugins · 10 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Spartan Gallery

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/spartan-gallery/admin/css/spartan-gallery-admin.css/wp-content/plugins/spartan-gallery/admin/js/spartan-gallery-admin.js/wp-content/plugins/spartan-gallery/admin/js/popup.js/wp-content/plugins/spartan-gallery/admin/js/block.js
Script Paths
admin/js/spartan-gallery-admin.jsadmin/js/popup.jsadmin/js/block.js
Version Parameters
spartan-gallery/admin/css/spartan-gallery-admin.css?ver=spartan-gallery/admin/js/spartan-gallery-admin.js?ver=spartan-gallery/admin/js/popup.js?ver=spartan-gallery/admin/js/block.js?ver=

HTML / DOM Fingerprints

CSS Classes
spartan-gallery-adminspartan-gallery-admin-stylesspartan-gallery-admin-popup
Data Attributes
data-spartan-gallery-id
JS Globals
Spartan_Gallery_Adminspartan_gallery_adminspartan_gallery_popupspartan_gallery_block
Shortcode Output
[spartan_gallery[/spartan_gallery]
FAQ

Frequently Asked Questions about Spartan Gallery