WP-Safety

Variation Images Gallery for WooCommerce Security & Risk Analysis

wordpress.org/plugins/woo-product-variation-gallery

Variation Images Gallery for WooCommerce plugin allows to add UNLIMITED additional images for each variation of product.

10K active installs v2.3.22 PHP 7.4+ WP 4.8+ Updated Dec 8, 2025
additional-variation-image-galleryproduct-variation-galleryproduct-variation-imageproduct-variation-image-gallerywoocommerce-variation-image-gallery
100
A · Safe
CVEs total1
Unpatched0
Last CVEJul 12, 2023
Plugin page Download
Safety Verdict

Is Variation Images Gallery for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Variation Images Gallery for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jul 12, 2023Updated 3mo ago
Risk Assessment

The 'woo-product-variation-gallery' plugin exhibits a mixed security posture. While it demonstrates good practices in areas like SQL query sanitization and a high percentage of properly escaped output, significant concerns arise from its attack surface. The presence of five AJAX handlers, all lacking authentication checks, creates a substantial entry point for potential abuse. This is compounded by the fact that the plugin has a history of Cross-Site Scripting (XSS) vulnerabilities, indicating a recurring issue with input sanitization or output escaping in certain contexts. Although there are no currently unpatched vulnerabilities and the taint analysis shows no critical or high-severity issues, the lack of authorization on multiple AJAX endpoints is a notable weakness.

Despite the absence of critical taint flows and the use of prepared statements for SQL, the open AJAX endpoints represent a tangible risk. The previous XSS vulnerability, even if patched, highlights a potential for similar flaws to reappear if code hygiene is not consistently maintained. The plugin's strengths lie in its SQL handling and output escaping efficiency. However, the security concerns stemming from the unprotected AJAX handlers and the past vulnerability history warrant careful consideration and monitoring. A balanced view suggests that while the plugin isn't overtly dangerous in its current state based on taint analysis, the exposed functionality demands attention.

Key Concerns

  • AJAX handlers without authentication checks
  • Previous XSS vulnerability history
  • High number of unprotected AJAX endpoints
Vulnerabilities
1

Variation Images Gallery for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2023-37894medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Variation Images Gallery for WooCommerce <= 2.3.3 - Reflected Cross-Site Scripting via style

Jul 12, 2023 Patched in 2.3.4 (195d)
Code Analysis
Analyzed Mar 16, 2026

Variation Images Gallery for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
29
251 escaped
Nonce Checks
6
Capability Checks
2
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

90% escaped280 total outputs
Data Flows
All sanitized

Data Flow Analysis

1 flows
<Review> (app\Controllers\Review.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
5 unprotected

Variation Images Gallery for WooCommerce Attack Surface

Entry Points5
Unprotected5

AJAX Handlers 5

authwp_ajax_ajax_woobundle_noticeapp\Controllers\BlackFridayV2.php:120
authwp_ajax_rtwpvg_get_default_gallery_imagesapp\Controllers\Hooks.php:27
noprivwp_ajax_rtwpvg_get_default_gallery_imagesapp\Controllers\Hooks.php:28
authwp_ajax_rtwpvg_dismiss_admin_noticeapp\Controllers\Offer.php:115
authwp_ajax_woobundle_dismiss_admin_black_friday_noticeapp\Controllers\Offer.php:191
WordPress Hooks 55
actionadmin_initapp\Controllers\BlackFridayV2.php:34
actionadmin_enqueue_scriptsapp\Controllers\BlackFridayV2.php:67
actionadmin_noticesapp\Controllers\BlackFridayV2.php:75
actionadmin_footerapp\Controllers\BlackFridayV2.php:95
actionadmin_initapp\Controllers\Hooks.php:13
filterbody_classapp\Controllers\Hooks.php:15
filterpost_classapp\Controllers\Hooks.php:16
actionafter_setup_themeapp\Controllers\Hooks.php:18
actionwoocommerce_save_product_variationapp\Controllers\Hooks.php:20
actionwoocommerce_product_after_variable_attributesapp\Controllers\Hooks.php:21
filterwoocommerce_available_variationapp\Controllers\Hooks.php:23
filterwc_get_templateapp\Controllers\Hooks.php:25
filterrtwpvg_inline_styleapp\Controllers\Hooks.php:30
actionwoocommerce_update_productapp\Controllers\Hooks.php:31
actionrtwpvg_product_badgeapp\Controllers\Hooks.php:32
filterrtwpvg_disable_enqueue_scriptsapp\Controllers\Hooks.php:34
filterrtwpvg_thumbnail_styleapp\Controllers\Hooks.php:37
filterwoocommerce_gallery_thumbnail_sizeapp\Controllers\Hooks.php:40
filterwoocommerce_product_export_meta_valueapp\Controllers\Hooks.php:43
filterwoocommerce_product_import_process_item_dataapp\Controllers\Hooks.php:44
actionadmin_noticesapp\Controllers\Notifications.php:9
actionadmin_noticesapp\Controllers\Notifications.php:10
actionadmin_noticesapp\Controllers\Notifications.php:11
filterplugin_row_metaapp\Controllers\Notifications.php:12
actionadmin_initapp\Controllers\Offer.php:7
actionadmin_enqueue_scriptsapp\Controllers\Offer.php:57
actionadmin_noticesapp\Controllers\Offer.php:64
actionadmin_footerapp\Controllers\Offer.php:90
actionadmin_enqueue_scriptsapp\Controllers\Offer.php:133
actionadmin_noticesapp\Controllers\Offer.php:140
actionadmin_footerapp\Controllers\Offer.php:166
actionadd_meta_boxesapp\Controllers\ProductMeta.php:17
actionsave_postapp\Controllers\ProductMeta.php:18
actionadmin_initapp\Controllers\Review.php:19
actionadmin_initapp\Controllers\Review.php:20
actionadmin_noticesapp\Controllers\Review.php:61
actionadmin_noticesapp\Controllers\Review.php:63
actionadmin_footerapp\Controllers\ScriptLoader.php:14
actionwp_footerapp\Controllers\ScriptLoader.php:15
actionadmin_enqueue_scriptsapp\Controllers\ScriptLoader.php:17
actionwp_enqueue_scriptsapp\Controllers\ScriptLoader.php:18
actioninitapp\Controllers\SettingsAPI.php:16
filterwoocommerce_settings_tabs_arrayapp\Controllers\SettingsAPI.php:24
actionadmin_footerapp\Controllers\SettingsAPI.php:30
actioninitapp\Controllers\ThemeSupport.php:14
filterwc_get_template_partapp\Controllers\ThemeSupport.php:16
actionafter_setup_themeapp\Controllers\ThemeSupport.php:17
actionrtwpvg_product_badgeapp\Controllers\ThemeSupport.php:18
actionwp_enqueue_scriptsapp\Controllers\ThemeSupport.php:19
actionwoocommerce_before_single_product_summaryapp\Controllers\ThemeSupport.php:57
filterwoocommerce_single_product_image_thumbnail_htmlapp\Controllers\ThemeSupport.php:62
filterastra_addon_override_single_product_layoutapp\Controllers\ThemeSupport.php:77
actioninitapp\WooProductVariationGallery.php:52
actionplugins_loadedapp\WooProductVariationGallery.php:217
actionbefore_woocommerce_initwoo-product-variation-gallery.php:38
Maintenance & Trust

Variation Images Gallery for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 8, 2025
PHP min version7.4
Downloads244K

Community Trust

Rating94/100
Number of ratings38
Active installs10K
Alternatives

Variation Images Gallery for WooCommerce Alternatives

Additional Variation Images Gallery for WooCommerce

Additional Variation Images Gallery for WooCommerce

woo-variation-gallery

A
92

Allows inserting multiple images per variation to let your store customers to see different sets of images when WooCommerce product variations are swi &hellip;

20K 1 CVE
Variation Images – Additional Variation Images for WooCommerce

Variation Images – Additional Variation Images for WooCommerce

wc-variation-images

A
100

Add multiple images per WooCommerce variation to enhance product visuals, build trust, and boost conversions with advanced galleries.

20 No CVEs
GWL Variation Gallery

GWL Variation Gallery

gwl-variation-gallery

A
100

The GWL Variation Gallery plugin allows you to add additional gallery images per variation on variable products within WooCommerce.

10 No CVEs
Duplicate Variations for WooCommerce

Duplicate Variations for WooCommerce

variation-duplicator-for-woocommerce

A
85

Duplicate WooCommerce product variations with its all available properties including Variation Price, Variation Image, and SKU in just a single click.

2K No CVEs
Developer Profile

Variation Images Gallery for WooCommerce Developer Profile

RadiusTheme

16 plugins · 213K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
104 days
View full developer profile
Detection Fingerprints

How We Detect Variation Images Gallery for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woo-product-variation-gallery/assets/css/admin.css/wp-content/plugins/woo-product-variation-gallery/assets/css/frontend.css/wp-content/plugins/woo-product-variation-gallery/assets/js/frontend.js/wp-content/plugins/woo-product-variation-gallery/assets/js/admin.js
Script Paths
/wp-content/plugins/woo-product-variation-gallery/assets/js/frontend.js/wp-content/plugins/woo-product-variation-gallery/assets/js/admin.js
Version Parameters
woo-product-variation-gallery/assets/css/admin.css?ver=woo-product-variation-gallery/assets/css/frontend.css?ver=woo-product-variation-gallery/assets/js/frontend.js?ver=woo-product-variation-gallery/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
rtwvg-gallery-wraprtwvg-gallery-thumbnailsrtwvg-gallery-image
HTML Comments
<!-- This script cannot be accessed directly -->
Data Attributes
data-rtsb-dismissabledata-rtwpvgdismissable
JS Globals
rtwvg_frontend_params
FAQ

Frequently Asked Questions about Variation Images Gallery for WooCommerce