WP-Safety

Woo Video Gallery Security & Risk Analysis

wordpress.org/plugins/woo-video-gallery

>Woo Video Gallery answers your question on how to embed an Youtube or Vimeo video gallery into a woocommerce product description page.

10 active installs v1.0.5 PHP + WP 4.0+ Updated Aug 11, 2016
mbed-videosonline-storewoocommercewoocommerce-add-onwoocommerce-video
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Woo Video Gallery Safe to Use in 2026?

Generally Safe

Score 85/100

Woo Video Gallery has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago
Risk Assessment

The "woo-video-gallery" plugin version 1.0.5 exhibits a mixed security posture. While it demonstrates strengths in database interaction by exclusively using prepared statements and avoiding dangerous functions or file operations, significant concerns arise from its handling of entry points. The presence of two AJAX handlers without authentication checks presents a direct avenue for unauthorized actions if these handlers can be triggered by unauthenticated users. Furthermore, the complete lack of proper output escaping for all 59 identified output points is a critical weakness, highly indicative of Cross-Site Scripting (XSS) vulnerabilities. The absence of any recorded CVEs or past vulnerabilities suggests a relatively clean history, but this does not negate the immediate risks identified in the static analysis.

Key Concerns

  • AJAX handlers without auth checks
  • Unescaped output for all outputs
  • Missing nonce checks on AJAX handlers
Vulnerabilities
None known

Woo Video Gallery Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Woo Video Gallery Release Timeline

v1.7.7
v1.7.6
v0.1
Code Analysis
Analyzed Apr 16, 2026

Woo Video Gallery Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
59
0 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped59 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<WooBackend> (WooBackend.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Woo Video Gallery Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_oembed_videoWooVideoGallery.php:33
authwp_ajax_save_reviewWooVideoGallery.php:48
WordPress Hooks 16
actionadmin_initWooVideoGallery.php:24
actionwp_headWooVideoGallery.php:25
actionwoocommerce_initWooVideoGallery.php:28
actionadmin_footer-post.phpWooVideoGallery.php:29
actionadmin_footer-post-new.phpWooVideoGallery.php:31
actionadmin_initWooVideoGallery.php:37
actionadmin_menuWooVideoGallery.php:39
actionadmin_enqueue_scriptsWooVideoGallery.php:44
actionplugins_loadedWooVideoGallery.php:45
actionadmin_noticesWooVideoGallery.php:47
actionwoocommerce_product_write_panel_tabsWooVideoGallery.php:61
actionwoocommerce_product_write_panelsWooVideoGallery.php:63
actionwoocommerce_process_product_metaWooVideoGallery.php:65
filterwoocommerce_product_tabsWooVideoGallery.php:69
actionwoocommerce_product_tab_panelsWooVideoGallery.php:71
actionadmin_noticesWooVideoGallery.php:82
Maintenance & Trust

Woo Video Gallery Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34
Last updatedAug 11, 2016
PHP min version
Downloads10K

Community Trust

Rating74/100
Number of ratings3
Active installs10
Alternatives

Woo Video Gallery Alternatives

Vootouch

Vootouch

vootouch

A
85

Woocommerce Mobile Application Plugin. It creat connection between the Vootouch Mobile Application and WooCommerce website.

10 No CVEs
ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution

ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution

shopengine

A
96

WooCommerce builder for Elementor and Gutenberg. It offers product templates, product sliders, shopping cart, quick view, Woo wishlist, product filter &hellip;

100K 4 CVEs
StoreCustomizer – A plugin to Customize all WooCommerce Pages

StoreCustomizer – A plugin to Customize all WooCommerce Pages

woocustomizer

A
99

A store editor plugin for editing all WooCommerce store and product pages, cart, checkout and user account pages, all within the WordPress Customizer

20K 1 CVE
Recently Viewed Product for WooCommerce

Recently Viewed Product for WooCommerce

recently-viewed-products-for-woocommerce

A
92

Recently Viewed Products for WooCommerce Listing page, you can easily add recently viewed product section by activate the plugin.

1K No CVEs
Video Tab For WooCommerce

Video Tab For WooCommerce

video-tab-for-woocommerce

A
85

Plugin to add the new tab for video or additional content like contact forms, shortcodes, important features and other useful information to WooCommer &hellip;

600 No CVEs
Developer Profile

Woo Video Gallery Developer Profile

jalilfulan

2 plugins · 20 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Woo Video Gallery

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woo-video-gallery/css/my_style.css/wp-content/plugins/woo-video-gallery/js/admin_notice.js/wp-content/plugins/woo-video-gallery/js/button_action.js/wp-content/plugins/woo-video-gallery/js/jquery.validates.min.js/wp-content/plugins/woo-video-gallery/js/js-scripts.js
Script Paths
/wp-content/plugins/woo-video-gallery/js/admin_notice.js/wp-content/plugins/woo-video-gallery/js/jquery.validates.min.js/wp-content/plugins/woo-video-gallery/js/js-scripts.js/wp-content/plugins/woo-video-gallery/js/button_action.js

HTML / DOM Fingerprints

CSS Classes
woohv-style
Data Attributes
data-iddata-titledata-type
JS Globals
ajaxurl
FAQ

Frequently Asked Questions about Woo Video Gallery