WP-Safety

Ultimate Product Gallery for WooCommerce Security & Risk Analysis

wordpress.org/plugins/ultimate-product-gallery-for-woocommerce

Product Gallery Plugin for WooCommerce + Image Zoom

10 active installs v1.0.1 PHP + WP 4.3.10+ Updated Unknown
image-zoomproduct-galleryproduct-zoomwoocommerce-gallerywoocommerce-zoom
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Ultimate Product Gallery for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Ultimate Product Gallery for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The "ultimate-product-gallery-for-woocommerce" plugin version 1.0.1 exhibits significant security concerns despite having no recorded past vulnerabilities. The static analysis reveals a concerning lack of input validation and proper security checks. Specifically, the presence of an unprotected AJAX handler is a critical entry point that could be exploited if it handles user-supplied data without proper sanitization or authentication. Furthermore, the plugin utilizes the `create_function` which is deprecated and can lead to security vulnerabilities if used with user-controlled input. The high percentage of unescaped output (72%) indicates a strong potential for cross-site scripting (XSS) vulnerabilities. The taint analysis showing two flows with unsanitized paths further reinforces these concerns, suggesting that user input could be used in sensitive operations without adequate checks, potentially leading to high-severity issues like arbitrary code execution or SQL injection if not addressed. The complete absence of known vulnerabilities historically is a positive indicator, suggesting the developers may have been diligent, but the current code quality raises immediate red flags that need urgent attention.

Key Concerns

  • Unprotected AJAX handler detected
  • Use of deprecated and insecure create_function
  • High percentage of unescaped output (72%)
  • Taint analysis shows 2 unsanitized paths
  • SQL queries not using prepared statements
Vulnerabilities
None known

Ultimate Product Gallery for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Ultimate Product Gallery for WooCommerce Code Analysis

Dangerous Functions
1
Raw SQL Queries
1
0 prepared
Unescaped Output
207
80 escaped
Nonce Checks
4
Capability Checks
8
File Operations
5
External Requests
1
Bundled Libraries
1

Dangerous Functions Found

create_functionadd_filter( 'wp_default_editor', create_function('', 'return "tinymce";') );vafpress-framework\bootstrap.php:195

Bundled Libraries

Select2

SQL Query Safety

0% prepared1 total queries

Output Escaping

28% escaped287 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
vp_ajax_wrapper (vafpress-framework\bootstrap.php:75)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Ultimate Product Gallery for WooCommerce Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_vp_ajax_wrappervafpress-framework\bootstrap.php:71
WordPress Hooks 37
actionwp_headclasses\upgfw.php:60
actioninitclasses\upgfw.php:61
actionwp_enqueue_scriptsclasses\upgfw.php:62
actionwp_footerclasses\upgfw.php:63
actionwpclasses\upgfw.php:64
actionwpclasses\upgfw.php:65
actionwoocommerce_product_thumbnailsclasses\upgfw.php:66
actionwoocommerce_before_single_product_summaryclasses\upgfw.php:67
filterwp_calculate_image_srcsetclasses\upgfw.php:69
actionafter_setup_themevafpress-framework\bootstrap.php:41
actiontgmpa_registervafpress-framework\bootstrap.php:47
actioninitvafpress-framework\bootstrap.php:112
actioncurrent_screenvafpress-framework\bootstrap.php:113
actionadmin_enqueue_scriptsvafpress-framework\bootstrap.php:114
actioncurrent_screenvafpress-framework\bootstrap.php:115
filterclean_urlvafpress-framework\bootstrap.php:116
actionadmin_footervafpress-framework\bootstrap.php:161
filterwp_default_editorvafpress-framework\bootstrap.php:195
actioninitvafpress-framework\classes\metabox.php:43
actionvp_option_first_activationvafpress-framework\classes\option.php:81
actionadmin_menuvafpress-framework\classes\option.php:100
actionadmin_noticesvafpress-framework\classes\option.php:162
actioncurrent_screenvafpress-framework\classes\shortcodegenerator.php:47
actionadmin_footervafpress-framework\classes\shortcodegenerator.php:58
filtermce_external_pluginsvafpress-framework\classes\shortcodegenerator.php:288
filtermce_buttonsvafpress-framework\classes\shortcodegenerator.php:289
filterwp_fullscreen_buttonsvafpress-framework\classes\shortcodegenerator.php:290
filteradmin_print_stylesvafpress-framework\classes\shortcodegenerator.php:291
actionadmin_enqueue_scriptsvafpress-framework\classes\wp\enqueuer.php:27
actionadmin_headvafpress-framework\includes\wpalchemy\MetaBox.php:22
actionadmin_footervafpress-framework\includes\wpalchemy\MetaBox.php:24
actionadmin_initvafpress-framework\includes\wpalchemy\MetaBox.php:506
actionimport_post_metavafpress-framework\includes\wpalchemy\MetaBox.php:509
filteroutputvafpress-framework\includes\wpalchemy\MetaBox.php:569
actionsave_postvafpress-framework\includes\wpalchemy\MetaBox.php:579
actionadmin_headvafpress-framework\includes\wpalchemy\MetaBox.php:619
actionadmin_footervafpress-framework\includes\wpalchemy\MetaBox.php:621
Maintenance & Trust

Ultimate Product Gallery for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33
Last updatedUnknown
PHP min version
Downloads2K

Community Trust

Rating100/100
Number of ratings2
Active installs10
Alternatives

Ultimate Product Gallery for WooCommerce Alternatives

WC Disable Zoom / Lightbox features

WC Disable Zoom / Lightbox features

wc-disable-zoom-lightbox-features

A
100

This plugin lets you disable / enable the new product gallery zoom / lightbox features in 3.0.

800 No CVEs
Product Gallery Slider, Additional Variation Images, Product Video, Product Image Zoom and Lightbox for WooCommerce – WooGallery

Product Gallery Slider, Additional Variation Images, Product Video, Product Image Zoom and Lightbox for WooCommerce – WooGallery

gallery-slider-for-woocommerce

A
100

🔥 All-in-One WooCommerce Product Image and Video Gallery Solution to Enhance Your Customers' Shopping Experience and Boost Sales Instantly! 🚀

20K No CVEs
WP Image Zoom

WP Image Zoom

wp-image-zoooom

A
99

Awesome image zoom plugin for images in posts/pages and for WooCommerce products.

20K 2 CVEs
WooSwipe WooCommerce Gallery

WooSwipe WooCommerce Gallery

wooswipe

A
92

A WooCommerce gallery plugin built using PhotoSwipe from Dmitry Semenov and Slick carousel.

4K 1 CVE
Product Image Zoom & Gallery for WooCommerce by WPBean

Product Image Zoom & Gallery for WooCommerce by WPBean

woocommerce-image-zoom

A
100

Add responsive image zoom effects to WooCommerce product images for better visual engagement and a closer look at product details.

3K No CVEs
Developer Profile

Ultimate Product Gallery for WooCommerce Developer Profile

barfaraz

4 plugins · 210 total installs

86
trust score
Avg Security Score
89/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Ultimate Product Gallery for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ultimate-product-gallery-for-woocommerce/assets/css/common.min.css/wp-content/plugins/ultimate-product-gallery-for-woocommerce/assets/js/swiper.min.js/wp-content/plugins/ultimate-product-gallery-for-woocommerce/assets/js/scripts-mobile.min.js/wp-content/plugins/ultimate-product-gallery-for-woocommerce/assets/js/pinch-zoom.umd.min.js/wp-content/plugins/ultimate-product-gallery-for-woocommerce/assets/css/style-mobile.min.css/wp-content/plugins/ultimate-product-gallery-for-woocommerce/assets/css/lightbox-mobile.min.css/wp-content/plugins/ultimate-product-gallery-for-woocommerce/assets/css/swiper.min.css/wp-content/plugins/ultimate-product-gallery-for-woocommerce/assets/js/jquery.elevateZoom-3.0.8-custom.min.js+5 more
Script Paths
/wp-content/plugins/ultimate-product-gallery-for-woocommerce/assets/js/swiper.min.js/wp-content/plugins/ultimate-product-gallery-for-woocommerce/assets/js/scripts-mobile.min.js/wp-content/plugins/ultimate-product-gallery-for-woocommerce/assets/js/pinch-zoom.umd.min.js/wp-content/plugins/ultimate-product-gallery-for-woocommerce/assets/js/jquery.elevateZoom-3.0.8-custom.min.js/wp-content/plugins/ultimate-product-gallery-for-woocommerce/assets/js/scripts.min.js/wp-content/plugins/ultimate-product-gallery-for-woocommerce/assets/js/jquery.mCustomScrollbar.min.js

HTML / DOM Fingerprints

CSS Classes
upgfw-product-galleryupgfw-gallery-thumbnailsupgfw-gallery-imageupgfw-zoom-containerupgfw-zoom-windowupgfw-lightbox-overlayupgfw-lightbox-contentupgfw-lightbox-image+9 more
HTML Comments
UPG_Options_InitVafPress FrameworkUPG_PRO_Version
Data Attributes
data-zoom-image-urldata-zoom-enabledata-zoom-window-positiondata-zoom-window-widthdata-zoom-window-heightdata-zoom-window-border-size+6 more
JS Globals
upgfw_script_vars
FAQ

Frequently Asked Questions about Ultimate Product Gallery for WooCommerce