Does WoowGallery have any unpatched vulnerabilities?

No. All known vulnerabilities in WoowGallery have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WoowGallery compatible with WordPress 6.9.4?

According to WordPress.org data, WoowGallery 1.2.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is WoowGallery compatible with PHP 7.4+?

WoowGallery requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WoowGallery updated?

WoowGallery was last updated on Jan 22, 2026. Frequent updates are generally a positive security signal.

What is WoowGallery's security score?

WoowGallery has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WoowGallery Security & Risk Analysis

wordpress.org/plugins/woowgallery

Fastest, easiest to use multifunctional image gallery plugin. Create Featured Posts Gallery, Dynamic Content Gallery, Albums!

1K active installs v1.2.4 PHP 7.4+ WP 5.4.0+ Updated Jan 22, 2026

albumelementorgalleryimagesphotos

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WoowGallery Safe to Use in 2026?

Generally Safe

Score 100/100

WoowGallery has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The "woowgallery" v1.2.4 plugin exhibits a mixed security posture. While it demonstrates good practices in handling SQL queries with prepared statements and a high percentage of properly escaped output, significant concerns arise from its attack surface. A substantial number of AJAX handlers (11 out of 12) lack authentication checks, creating potential entry points for unauthorized actions. The absence of taint analysis results is noted, but the presence of 15 capability checks, while positive, is overshadowed by the unauthenticated AJAX endpoints.

The vulnerability history is clean, with no recorded CVEs. This suggests a potentially well-maintained codebase or, alternatively, a lack of in-depth public security audits or discovered vulnerabilities to date. The lack of critical or high-severity findings in the static analysis, apart from the unauthenticated AJAX endpoints, is a positive sign. However, the presence of numerous unprotected AJAX handlers remains a prominent security weakness that requires immediate attention to mitigate risks of unauthorized operations or privilege escalation if other components are susceptible.

Key Concerns

Multiple unauthenticated AJAX handlers
Bundled outdated library (Freemius v1.0)

Vulnerabilities

None known

WoowGallery Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WoowGallery Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

321 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

Output Escaping

90% escaped358 total outputs

Attack Surface

11 unprotected

WoowGallery Attack Surface

Entry Points15

Unprotected11

AJAX Handlers 12

authwp_ajax_woowgallery_get_media_dataincludes\admin\class-ajax.php:27

authwp_ajax_woowgallery_set_media_copyrightincludes\admin\class-ajax.php:28

authwp_ajax_woowgallery_set_media_tagsincludes\admin\class-ajax.php:29

authwp_ajax_woowgallery_bulk_set_media_dataincludes\admin\class-ajax.php:30

authwp_ajax_woowgallery_dynamic_refresh_taxonomy_termsincludes\admin\class-ajax.php:32

authwp_ajax_woowgallery_dynamic_refresh_flagallery_sourceincludes\admin\class-ajax.php:33

authwp_ajax_woowgallery_dynamic_fetch_queryincludes\admin\class-ajax.php:34

authwp_ajax_woowgallery_cache_clearincludes\admin\class-ajax.php:35

noprivwp_ajax_woowgallery_skin_assetsincludes\admin\class-ajax.php:37

authwp_ajax_woowgallery_skin_assetsincludes\admin\class-ajax.php:38

authwp_ajax_woowgallery_save_skin_dataincludes\admin\class-ajax.php:39

authwp_ajax_woowgallery_delete_skin_presetincludes\admin\class-ajax.php:40

Shortcodes 3

[woowgallery] includes\class-shortcodes.php:59

[woowgallery-dynamic] includes\class-shortcodes.php:60

[woowgallery-album] includes\class-shortcodes.php:61

WordPress Hooks 104

actioninitclass-woowgallery.php:38

actionwidgets_initclass-woowgallery.php:41

actionadmin_initfunctions\setup.php:22

actionadmin_noticesincludes\admin\class-admin.php:25

actionadmin_initincludes\admin\class-admin.php:26

actionin_admin_headerincludes\admin\class-admin.php:27

actionadmin_enqueue_scriptsincludes\admin\class-admin.php:30

filterajax_query_attachments_argsincludes\admin\class-ajax.php:42

actionadmin_enqueue_scriptsincludes\admin\class-edit-album.php:30

filterwp_insert_post_dataincludes\admin\class-edit-album.php:32

actionwoowgallery_media_buttonsincludes\admin\class-edit-album.php:35

filterwoowgallery_editor_tabs_navincludes\admin\class-edit-album.php:36

filterwoowgallery_admin_scripts_l10nincludes\admin\class-edit-album.php:54

actioncurrent_screenincludes\admin\class-edit-dynamic-galleries.php:27

actionadmin_enqueue_scriptsincludes\admin\class-edit-dynamic-gallery.php:26

filterwoowgallery_editor_tabs_navincludes\admin\class-edit-dynamic-gallery.php:33

actionwoowgallery_tab_cacheincludes\admin\class-edit-dynamic-gallery.php:39

filterwoowgallery_admin_scripts_l10nincludes\admin\class-edit-dynamic-gallery.php:287

actionadmin_enqueue_scriptsincludes\admin\class-edit-gallery.php:31

filterwp_insert_post_dataincludes\admin\class-edit-gallery.php:33

actionpost_updatedincludes\admin\class-edit-gallery.php:34

actionwoowgallery_media_buttonsincludes\admin\class-edit-gallery.php:37

filterwoowgallery_admin_scripts_l10nincludes\admin\class-edit-gallery.php:55

actionadmin_menuincludes\admin\class-edit-modal.php:26

actionadmin_initincludes\admin\class-edit-modal.php:30

filterget_edit_post_linkincludes\admin\class-edit-modal.php:33

filterredirect_post_locationincludes\admin\class-edit-modal.php:34

actionposts_whereincludes\admin\class-edit-tablelist.php:37

actionedit_form_after_editorincludes\admin\class-edit-woowgallery.php:233

actionwoowgallery_tab_galleryincludes\admin\class-edit-woowgallery.php:235

actionwoowgallery_tab_configincludes\admin\class-edit-woowgallery.php:236

actionwoowgallery_tab_lightboxincludes\admin\class-edit-woowgallery.php:237

actionwoowgallery_tab_miscincludes\admin\class-edit-woowgallery.php:238

filteradmin_body_classincludes\admin\class-edit-woowgallery.php:251

filterteeny_mce_pluginsincludes\admin\class-edit-woowgallery.php:252

filtertiny_mce_pluginsincludes\admin\class-edit-woowgallery.php:253

filtermce_cssincludes\admin\class-edit-woowgallery.php:254

actionelementor/preview/enqueue_stylesincludes\admin\class-elementor.php:25

actionelementor/preview/enqueue_scriptsincludes\admin\class-elementor.php:26

actionelementor/widget/before_render_contentincludes\admin\class-elementor.php:28

filterwoowgallery_shortcodeincludes\admin\class-elementor.php:35

filterelementor/document/configincludes\admin\class-elementor.php:41

actionwp_enqueue_mediaincludes\admin\class-media-library.php:37

actionrestrict_manage_postsincludes\admin\class-media-library.php:38

actionparse_tax_queryincludes\admin\class-media-library.php:39

filterwp_dropdown_catsincludes\admin\class-media-library.php:41

actionadmin_enqueue_scriptsincludes\admin\class-media-library.php:222

filterwp_prepare_attachment_for_jsincludes\admin\class-media.php:26

filterwp_handle_uploadincludes\admin\class-media.php:27

filterwp_generate_attachment_metadataincludes\admin\class-media.php:28

filterattachment_fields_to_editincludes\admin\class-media.php:30

filterattachment_fields_to_saveincludes\admin\class-media.php:31

actionadmin_enqueue_scriptsincludes\admin\class-post.php:39

actionmedia_buttonsincludes\admin\class-post.php:42

actionsave_postincludes\admin\class-post.php:45

actionupdated_postmetaincludes\admin\class-post.php:47

actionset_object_termsincludes\admin\class-post.php:48

actionpost_updatedincludes\admin\class-post.php:51

actionbefore_delete_postincludes\admin\class-post.php:54

actionbefore_delete_postincludes\admin\class-post.php:55

actiondelete_attachmentincludes\admin\class-post.php:56

actionwg_admin_footerincludes\admin\class-post.php:59

actionadmin_footerincludes\admin\class-post.php:60

filterwp_insert_post_dataincludes\admin\class-post.php:63

actionpost_updatedincludes\admin\class-post.php:64

actionwp_trash_postincludes\admin\class-post.php:65

actionuntrash_postincludes\admin\class-post.php:66

actiondelete_postincludes\admin\class-post.php:67

actionwg_admin_footerincludes\admin\class-post.php:69

actionadmin_footerincludes\admin\class-post.php:70

actionwoowgallery_media_buttonincludes\admin\class-post.php:119

actionadmin_menuincludes\admin\class-settings.php:51

actionadmin_enqueue_scriptsincludes\admin\class-settings.php:52

actionadmin_enqueue_scriptsincludes\admin\class-settings.php:173

filterwoowgallery_admin_scripts_l10nincludes\admin\class-settings.php:174

actionadmin_footerincludes\admin\templates\modal-edit-form-advanced.php:24

actionadmin_footerincludes\admin\templates\modal-edit-form-advanced.php:34

actionadmin_footerincludes\admin\templates\modal-edit-form-advanced.php:60

actionadmin_enqueue_scriptsincludes\class-assets.php:22

actionadmin_enqueue_scriptsincludes\class-assets.php:23

actiontemplate_redirectincludes\class-frontend.php:26

actionwp_enqueue_scriptsincludes\class-frontend.php:27

actionwp_headincludes\class-frontend.php:28

filterwoowgallery_pre_dataincludes\class-frontend.php:30

filterrest_woowgallery_full_post_contentincludes\class-frontend.php:31

filterthe_previewincludes\class-frontend.php:32

filterrender_block_core/post-contentincludes\class-frontend.php:34

filterthe_contentincludes\class-frontend.php:111

filterpost_updated_messagesincludes\class-posttypes.php:33

filtercustom_menu_orderincludes\class-posttypes.php:34

actionadmin_menuincludes\class-posttypes.php:192

actionadmin_menuincludes\class-posttypes.php:260

actionrest_api_initincludes\class-rest-routes.php:56

actionrest_api_initincludes\class-rest-routes.php:57

filterwidget_textincludes\class-shortcodes.php:63

filterstyle_loader_tagincludes\class-shortcodes.php:64

filterwpseo_sitemap_urlimagesincludes\class-shortcodes.php:66

filterwoowgallery_save_skin_configincludes\class-skins.php:46

filterwc_get_templateincludes\woocommerce\class-woocommerce.php:29

filterwoowgallery_skinsskins\amron\amron.php:37

filterwoowgallery_skinsskins\multigrid\multigrid.php:41

filterwoowgallery_skinsskins\parallax\parallax.php:41

actionafter_uninstallwoowgallery.php:85

filterplugin_iconwoowgallery.php:89

Maintenance & Trust

WoowGallery Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 22, 2026

PHP min version7.4

Downloads23K

Community Trust

Rating74/100

Number of ratings6

Active installs1K

Alternatives

WoowGallery Alternatives

Flickr Photo Album

tantan-flickr

This Flickr plugin for WordPress will allow you to pull in your Flickr photosets and display them as albums on your WordPress site.

100 No CVEs

Jalbum Badge

jalbum-badge

Adds a Jalbum blog badge widget to display your Jalbum photo albums in your sidebar.

30 No CVEs

SSP Director Tools

ssp-director-tools

SSP Director Tools give you means for integrating SlideShowPro Director content into a WordPress blog.

10 No CVEs

Lightbox with PhotoSwipe

lightbox-photoswipe

100

Integration of PhotoSwipe (http://photoswipe.com) for WordPress.

20K No CVEs

Photoswipe Masonry Gallery

photoswipe-masonry

100

PhotoSwipe Masonry takes advantage of the built in gallery features of WordPress. The gallery is built using PhotoSwipe from Dmitry Semenov.

7K 1 CVE

Developer Profile

WoowGallery Developer Profile

stepasyuk

3 plugins · 59K total installs

trust score

Avg Security Score

81/100

Avg Patch Time

2416 days

View full developer profile

Detection Fingerprints

How We Detect WoowGallery

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/woowgallery/assets/css/backend.css/wp-content/plugins/woowgallery/assets/css/frontend.css/wp-content/plugins/woowgallery/assets/js/backend.js/wp-content/plugins/woowgallery/assets/js/frontend.js/wp-content/plugins/woowgallery/vendor/freemius/assets/css/freemius-forms.css/wp-content/plugins/woowgallery/vendor/freemius/assets/js/freemius-forms.js

Version Parameters

woowgallery/assets/css/backend.css?ver=woowgallery/assets/css/frontend.css?ver=woowgallery/assets/js/backend.js?ver=woowgallery/assets/js/frontend.js?ver=woowgallery/vendor/freemius/assets/css/freemius-forms.css?ver=woowgallery/vendor/freemius/assets/js/freemius-forms.js?ver=

HTML / DOM Fingerprints

CSS Classes

woowgallery-frontend-gallerywoowgallery-backend-gallery

HTML Comments

<!-- WoowGallery is free software: you can redistribute it and/or modify<!-- WoowGallery is distributed in the hope that it will be useful,<!-- You should have received a copy of the GNU General Public License<!-- DO NOT REMOVE THIS IF, IT IS ESSENTIAL FOR THE `function_exists` CALL ABOVE TO PROPERLY WORK.+9 more

Data Attributes

data-woowgallery

JS Globals

window.woowgallery_frontend_params

REST Endpoints

/wp-json/woowgallery/v1/galleries/wp-json/woowgallery/v1/gallery//wp-json/woowgallery/v1/albums

Shortcode Output

[woowgallery[woowgallery_album

FAQ