Visual Composer Galleria Security & Risk Analysis
wordpress.org/plugins/vc-galleriaIt's a simple and elegant visual composer extension slider that works awesome on mobile.
Is Visual Composer Galleria Safe to Use in 2026?
Generally Safe
Score 85/100Visual Composer Galleria has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The plugin "vc-galleria" v1.1.1 exhibits a mixed security posture. On the positive side, the static analysis reveals no dangerous functions, no direct SQL queries (all are prepared), no file operations, and no external HTTP requests. The absence of known CVEs and any recorded vulnerability history is also a strong indicator of a well-maintained or less complex plugin.
However, significant concerns arise from the lack of output escaping. With 100% of outputs not properly escaped, this presents a high risk of Cross-Site Scripting (XSS) vulnerabilities. If any user-supplied data or dynamically generated content is outputted without sanitization, an attacker could inject malicious scripts. Furthermore, the complete absence of nonce and capability checks on the identified entry point (shortcode) is a critical oversight, potentially allowing unauthorized actions or information disclosure if the shortcode's functionality is sensitive or can be manipulated.
In conclusion, while the plugin avoids common pitfalls like raw SQL and external requests, the unescaped output and the lack of robust authorization checks on its shortcode represent substantial security weaknesses that need immediate attention. The clean vulnerability history is a positive sign, but it doesn't negate the risks identified in the current analysis.
Key Concerns
- Outputs not properly escaped
- Shortcode without nonce/capability checks
Visual Composer Galleria Security Vulnerabilities
Visual Composer Galleria Release Timeline
Visual Composer Galleria Code Analysis
Output Escaping
Visual Composer Galleria Attack Surface
Shortcodes 1
WordPress Hooks 3
Maintenance & Trust
Visual Composer Galleria Maintenance & Trust
Maintenance Signals
Community Trust
Visual Composer Galleria Alternatives
Animation Menus light
animation-menus-highlight
A quick, easy way to add an Responsive header Animation Menus Highlight OR Responsive Animation Menus Highlight inside wordpress page OR Template.
Article Gallery Slider
article-gallery-slider
A quick, easy way to add an Responsive header Image Gallery Vertical OR Responsive Article Gallery Slider inside wordpress page OR Template.
Banner Display Thumbnail
banner-display-thumbnail
A quick, easy way to add an Responsive header Banner Display Thumbnail OR Responsive Banner Display Thumbnail inside wordpress page OR Template.
Banner Hover List
banner-hover-list
A quick, easy way to add an Responsive header Banner Hover List OR Responsive Banner Hover List inside wordpress page OR Template.
Banner Info Effect
banner-info-effect
A quick, easy way to add an Responsive header Banner Info Effect OR Responsive Banner Info Effect inside wordpress page OR Template.
Visual Composer Galleria Developer Profile
2 plugins · 60 total installs
How We Detect Visual Composer Galleria
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/vc-galleria/assets/lightslider.css/wp-content/plugins/vc-galleria/assets/lightslider.js/wp-content/plugins/vc-galleria/assets/lightslider.jsHTML / DOM Fingerprints
lSSlideWrapperlsGrablsGrabPagdata-thumblightSlider<ul id=""><li data-thumb=""></li></ul><script>
jQuery(function () {
jQuery("#