Does Ultimate WP Multimedia Gallery have any unpatched vulnerabilities?

No. All known vulnerabilities in Ultimate WP Multimedia Gallery have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Ultimate WP Multimedia Gallery compatible with WordPress 5.7.15?

According to WordPress.org data, Ultimate WP Multimedia Gallery 1.0 has been tested up to WordPress 5.7.15. Check the plugin's changelog for the latest compatibility information.

Is Ultimate WP Multimedia Gallery compatible with PHP 7.2+?

Ultimate WP Multimedia Gallery requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Ultimate WP Multimedia Gallery updated?

Ultimate WP Multimedia Gallery was last updated on Unknown. Frequent updates are generally a positive security signal.

What is Ultimate WP Multimedia Gallery's security score?

Ultimate WP Multimedia Gallery has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Ultimate WP Multimedia Gallery Security & Risk Analysis

wordpress.org/plugins/ultimate-wp-multimedia-gallery

Free responsive multimedia gallery displaying images and embedded video from YouTube and Vimeo while integrating social sharing and SEO elements.

0 active installs v1.0 PHP 7.2+ WP 4.7+ Updated Unknown

galleryvideosvimeoyoutube

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Ultimate WP Multimedia Gallery Safe to Use in 2026?

Generally Safe

Score 100/100

Ultimate WP Multimedia Gallery has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The 'ultimate-wp-multimedia-gallery' v1.0 plugin exhibits a concerning security posture, primarily due to its large unprotected attack surface. With 15 out of 16 entry points lacking authentication checks, the plugin is highly susceptible to unauthorized access and manipulation. The absence of nonce checks on AJAX handlers further exacerbates this risk, making it vulnerable to Cross-Site Request Forgery (CSRF) attacks. While the static analysis did not reveal specific critical or high severity taint flows or dangerous functions, the sheer volume of unprotected entry points and the low percentage of properly escaped output (14%) indicate a significant potential for various vulnerabilities, including Cross-Site Scripting (XSS) and information disclosure.

The vulnerability history for this plugin is a blank slate, with no recorded CVEs. This could indicate either a well-developed and secure plugin or, more likely given the static analysis findings, a lack of thorough security auditing or reporting. It is not a reliable indicator of current security. The plugin's strengths lie in its absence of dangerous functions, file operations, and bundled libraries, suggesting a lean codebase in those areas. However, these strengths are overshadowed by the critical weaknesses in its authentication and output handling mechanisms.

Key Concerns

Unprotected AJAX handlers
Missing nonce checks on AJAX
Low output escaping rate
SQL queries not fully prepared
Unprotected shortcodes
External HTTP request without auth

Vulnerabilities

None known

Ultimate WP Multimedia Gallery Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Ultimate WP Multimedia Gallery Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

127

21 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

29% prepared14 total queries

Output Escaping

14% escaped148 total outputs

Data Flows

6 unsanitized

Data Flow Analysis

6 flows6 with unsanitized paths

wpmg_filter_settings_action (admin\admin.php:403)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

15 unprotected

Ultimate WP Multimedia Gallery Attack Surface

Entry Points16

Unprotected15

AJAX Handlers 15

authwp_ajax_wpmg_save_gallery_itemsadmin\admin.php:25

authwp_ajax_wpmg_update_item_ajaxadmin\admin.php:26

authwp_ajax_wpmg_delete_itemadmin\admin.php:27

authwp_ajax_wpmg_add_tagsadmin\admin.php:28

authwp_ajax_wpmg_delete_tagsadmin\admin.php:29

authwp_ajax_wpmg_create_gallery_ajaxadmin\admin.php:30

authwp_ajax_wpmg_delete_galleryadmin\admin.php:31

authwp_ajax_wpmg_update_tags_ajaxadmin\admin.php:32

authwp_ajax_wpmg_update_default_tags_ajaxadmin\admin.php:33

authwp_ajax_wpmg_filter_settings_ajaxadmin\admin.php:34

authwp_ajax_wpmg_paginate_settings_ajaxadmin\admin.php:35

authwp_ajax_wpmg_general_settings_ajaxadmin\admin.php:36

authwp_ajax_wpmg_filter_alignment_ajaxadmin\admin.php:37

authwp_ajax_wpmg_update_filter_orderadmin\admin.php:38

authwp_ajax_searchGalleryItemsadmin\admin.php:40

Shortcodes 1

[wpm-gallery] front\front.php:18

WordPress Hooks 4

actionadmin_enqueue_scriptsadmin\admin.php:23

actionadmin_menuadmin\admin.php:24

actionwp_enqueue_scriptsfront\front.php:17

actioninituwmg.php:96

Maintenance & Trust

Ultimate WP Multimedia Gallery Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15

Last updatedUnknown

PHP min version7.2

Downloads971

Community Trust

Rating100/100

Number of ratings1

Active installs0

Alternatives

Ultimate WP Multimedia Gallery Alternatives

Laboreal Video Gallery

laboreal-video-gallery

This is a simple but powerful video gallery plugin. Just create your galleries and add videos by copying and pasting the URLs.

10 No CVEs

Snap Video Gallery

snap-video-gallery

Easy-to-use video gallery that enables you to insert a gallery of videos into a page or post.

0 No CVEs

All-in-One Video Gallery

all-in-one-video-gallery

The ultimate video player & video gallery plugin for YouTubers, Video Bloggers, Course Creators, Podcasters, and anyone embedding videos on websites.

20K 11 CVEs

Video Gallery – YouTube Playlist, Channel Gallery by YotuWP

yotuwp-easy-youtube-embed

Modern responsive YouTube video gallery helps your website getting noticed from visitors, increase the reach and stand out from the competitors.

20K 5 CVEs

Video Gallery Block – Display your videos as a gallery in a professional way

video-gallery-block

Video Gallery Block lets you create responsive YouTube, Vimeo, and HTML5 video galleries with grid layouts, filters, and lightbox in Gutenberg.

2K 1 CVE

Developer Profile

Ultimate WP Multimedia Gallery Developer Profile

Masud Rana

2 plugins · 20 total installs

trust score

Avg Security Score

93/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Ultimate WP Multimedia Gallery

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ultimate-wp-multimedia-gallery/admin/css/admin-style.css/wp-content/plugins/ultimate-wp-multimedia-gallery/admin/js/admin-script.js/wp-content/plugins/ultimate-wp-multimedia-gallery/front/css/style.css/wp-content/plugins/ultimate-wp-multimedia-gallery/front/js/front-script.js/wp-content/plugins/ultimate-wp-multimedia-gallery/front/js/jquery.mixitup.min.js

Script Paths

/wp-content/plugins/ultimate-wp-multimedia-gallery/admin/js/admin-script.js/wp-content/plugins/ultimate-wp-multimedia-gallery/front/js/front-script.js/wp-content/plugins/ultimate-wp-multimedia-gallery/front/js/jquery.mixitup.min.js

Version Parameters

ultimate-wp-multimedia-gallery/admin/css/admin-style.css?ver=ultimate-wp-multimedia-gallery/admin/js/admin-script.js?ver=ultimate-wp-multimedia-gallery/front/css/style.css?ver=ultimate-wp-multimedia-gallery/front/js/front-script.js?ver=ultimate-wp-multimedia-gallery/front/js/jquery.mixitup.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

wpmg-admin-pagewpmg-gallery-container

Data Attributes

data-wpmg-id

JS Globals

wpmg_data

Shortcode Output

[wpmg_gallery

FAQ