WP-Safety

Voting for a Photo Security & Risk Analysis

wordpress.org/plugins/voting-for-a-photo

Adding a photo vote to the WordPress Gallery

90 active installs v1.2 PHP 5.6+ WP 4.9.8+ Updated Dec 11, 2018
contestgalleryphoto-contestvotevoting
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Voting for a Photo Safe to Use in 2026?

Generally Safe

Score 85/100

Voting for a Photo has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago
Risk Assessment

The "voting-for-a-photo" plugin v1.2 exhibits a concerning security posture primarily due to its unprotected AJAX endpoints. While the plugin demonstrates good practices in its use of prepared statements for SQL queries and avoids file operations and external HTTP requests, the absence of authentication checks on two AJAX handlers presents a significant attack surface. The taint analysis revealing five high-severity unsanitized flows further amplifies this risk, suggesting potential for these unprotected endpoints to be exploited to manipulate data or execute unintended actions. The complete lack of known vulnerabilities in its history is a positive indicator, suggesting a generally stable codebase. However, this does not negate the immediate risks identified in the static analysis. The plugin's strengths lie in its careful handling of database interactions and avoidance of common risky practices. Its primary weakness is the direct exposure of critical functionality via AJAX without proper authorization, making it susceptible to unauthorized access and potential exploitation.

Key Concerns

  • Unprotected AJAX handlers
  • High severity unsanitized taint flows
  • Missing nonce checks on AJAX
  • Insufficient output escaping
Vulnerabilities
None known

Voting for a Photo Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Voting for a Photo Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
13 prepared
Unescaped Output
6
12 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared13 total queries

Output Escaping

67% escaped18 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

5 flows5 with unsanitized paths
addVote (src\Admin\Admin.php:135)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Voting for a Photo Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_calculate_votessrc\Admin\Admin.php:35
noprivwp_ajax_calculate_votessrc\Admin\Admin.php:36
WordPress Hooks 11
actionadmin_enqueue_scriptssrc\Admin\Admin.php:32
actionprint_media_templatessrc\Admin\Admin.php:33
filterpost_gallerysrc\Admin\Admin.php:34
filterplugin_action_links_voting-for-a-photo/voting-for-a-photo.phpsrc\Admin\Admin.php:37
actioncustomize_registersrc\Admin\Customizer.php:24
actioncustomize_registersrc\Admin\Customizer.php:25
filterpost_gallerysrc\Frontend\Frontend.php:34
actionwp_headsrc\Frontend\Frontend.php:35
actionwp_enqueue_scriptssrc\Frontend\Frontend.php:36
actionwp_footersrc\Frontend\Frontend.php:37
actionplugins_loadedsrc\VotingPhotoPlugin.php:30
Maintenance & Trust

Voting for a Photo Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedDec 11, 2018
PHP min version5.6
Downloads4K

Community Trust

Rating100/100
Number of ratings1
Active installs90
Alternatives

Voting for a Photo Alternatives

Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe

Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe

contest-gallery

B
76

JPG, PNG, MP4, MP3, PDF, ZIP & more. Create voting & uploading galleries for photos & media. Social Share, User Registration & Sell via PayPal/Stripe.

1K 33 CVEs
WP Voting Contest Lite

WP Voting Contest Lite

wp-voting-contest

D
47

Let users cast votes on your images/photos.

500 2 unpatched
Tribulant Gallery Voting

Tribulant Gallery Voting

gallery-voting

A
99

Let users cast votes/likes on your WordPress gallery images/photos.

300 1 CVE
Photo Contest | Competition | Video Contest

Photo Contest | Competition | Video Contest

totalcontest-lite

A
99

If you're looking to host a contest or competition on your WordPress website, TotalContest is the perfect plugin for you.

300 1 CVE
Like Button Rating ♥ LikeBtn

Like Button Rating ♥ LikeBtn

likebtn-like-button

A
96

Add Like button to posts, pages, comments, WooCommerce, BuddyPress, bbPress, UM, custom posts! Sort content by likes! Get instant stats and insights!

4K 5 CVEs
Developer Profile

Voting for a Photo Developer Profile

Processby

8 plugins · 22K total installs

77
trust score
Avg Security Score
76/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Voting for a Photo

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/voting-for-a-photo/frontend/js/voting-for-photo.js/wp-content/plugins/voting-for-a-photo/frontend/css/gallery-adaptive.css
Script Paths
/wp-content/plugins/voting-for-a-photo/frontend/js/voting-for-photo.js
Version Parameters
voting-for-a-photo/frontend/js/voting-for-photo.js?ver=voting-for-a-photo/frontend/css/gallery-adaptive.css?ver=

HTML / DOM Fingerprints

CSS Classes
gallery-votingvoting-activenot-votingcontest-img
Data Attributes
voting_enable
JS Globals
photo_contest_options
Shortcode Output
<div class='gallery-voting'>
FAQ

Frequently Asked Questions about Voting for a Photo