Does WP Fancy Gallery have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Fancy Gallery have been patched as of the latest data update. Always keep the plugin updated to the latest version.

How often is WP Fancy Gallery updated?

WP Fancy Gallery was last updated on Jan 31, 2018. Frequent updates are generally a positive security signal.

What is WP Fancy Gallery's security score?

WP Fancy Gallery has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Fancy Gallery Security & Risk Analysis

wordpress.org/plugins/wp-fancy-gallery

Image Gallery + Photo Gallery + Portfolio Gallery + Title + Description + Tiled Gallery in 1 plugin.

20 active installs v1.0 PHP + WP 4.7+ Updated Jan 31, 2018

best-gallery-pluginfree-gallerygallerygallery-plugingrid-gallery

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is WP Fancy Gallery Safe to Use in 2026?

Generally Safe

Score 85/100

WP Fancy Gallery has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The wp-fancy-gallery plugin v1.0 exhibits significant security concerns primarily due to its unprotected entry points. With 6 out of 7 total entry points lacking authentication checks, the plugin exposes a large attack surface to unauthenticated users. This is a critical weakness that could allow for unauthorized actions or data manipulation if any of these unprotected handlers are vulnerable to injection or other attacks.

The code analysis reveals no dangerous functions or external requests, which is positive. However, the SQL query usage is concerning, with 33% of queries not using prepared statements, potentially opening the door to SQL injection vulnerabilities, especially when combined with the unprotected AJAX handlers. Furthermore, the extremely low rate of proper output escaping (4%) is a major red flag, strongly suggesting a high likelihood of Cross-Site Scripting (XSS) vulnerabilities across its various outputs.

The plugin's vulnerability history is clean, with no recorded CVEs. While this might suggest a relatively secure past, it does not mitigate the immediate risks identified in the static analysis. The lack of proper authentication, unescaped output, and the presence of raw SQL queries in conjunction with a large unprotected attack surface present substantial risks that must be addressed. The plugin has a good foundation in avoiding dangerous functions but fails severely in securing its interfaces and handling output safely.

Key Concerns

Unprotected AJAX handlers
High percentage of raw SQL queries
Very low output escaping rate
No nonce checks on AJAX handlers
No capability checks on AJAX handlers

Vulnerabilities

None known

WP Fancy Gallery Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Fancy Gallery Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

67% prepared6 total queries

Output Escaping

4% escaped26 total outputs

Attack Surface

6 unprotected

WP Fancy Gallery Attack Surface

Entry Points7

Unprotected6

AJAX Handlers 6

authwp_ajax_storeGalleryinc\WpFancyGalleryManagerGallery.php:47

noprivwp_ajax_storeGalleryinc\WpFancyGalleryManagerGallery.php:48

authwp_ajax_updateGalleryinc\WpFancyGalleryManagerGallery.php:50

noprivwp_ajax_updateGalleryinc\WpFancyGalleryManagerGallery.php:51

authwp_ajax_dropGalleryinc\WpFancyGalleryManagerGallery.php:53

noprivwp_ajax_dropGalleryinc\WpFancyGalleryManagerGallery.php:54

Shortcodes 1

[hireukraine_shortcode_gallery] inc\WpFancyGalleryManagerGallery.php:41

WordPress Hooks 6

actionadmin_menuinc\Init\WpFancyGalleryGalleryInitializer.php:12

actionadmin_enqueue_scriptsinc\Init\WpFancyGalleryGalleryInitializer.php:13

actionadmin_enqueue_scriptsinc\Init\WpFancyGalleryGalleryInitializer.php:14

actionadmin_enqueue_scriptsinc\Init\WpFancyGalleryGalleryInitializer.php:15

actionwp_enqueue_scriptsinc\Init\WpFancyGalleryGalleryInitializer.php:17

actionwp_enqueue_scriptsinc\Init\WpFancyGalleryGalleryInitializer.php:18

Maintenance & Trust

WP Fancy Gallery Maintenance & Trust

Maintenance Signals

WordPress version tested

Last updatedJan 31, 2018

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs20

Alternatives

WP Fancy Gallery Alternatives

Image Photo Gallery Final Tiles Grid

final-tiles-grid-gallery-lite

Image Gallery + Photo Gallery + Portfolio Gallery + Tiled Gallery in 1 plugin. Includes lightbox and hover effects. It supports Pinterest (masonry) ph …

20K 9 CVEs

Gallery PhotoBlocks

photoblocks-grid-gallery

Design your personal image gallery or photo gallery or even a portfolio using a handy builder. Add stunning effects to your grid and always justified …

3K 8 CVEs

Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More

envira-gallery-lite

Envira Gallery is a fast, easy and powerful gallery builder with lightbox, masonry and grid layouts, albums, videos, and responsive displays and more

100K 10 CVEs

Justified Gallery

justified-gallery

WordPress gallery plugin. Display WordPress galleries in a responsive justified image grid and a pretty lightbox.

9K 2 CVEs

Gmedia Photo Gallery

grand-media

Gmedia Gallery - photo gallery with comments, show EXIF & Metadata, gallery with map geolocation (GPS), private galleries.

8K 1 unpatched

Developer Profile

WP Fancy Gallery Developer Profile

hireukraineco

2 plugins · 20 total installs

trust score

Avg Security Score

93/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Fancy Gallery

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-fancy-gallery/assets/admin/css/bootstrap.min.css/wp-content/plugins/wp-fancy-gallery/assets/admin/css/main.min.css/wp-content/plugins/wp-fancy-gallery/assets/admin/js/bootstrap.min.js/wp-content/plugins/wp-fancy-gallery/assets/admin/js/scripts.min.js/wp-content/plugins/wp-fancy-gallery/assets/frontend/css/fancybox/jquery.fancybox.min.css/wp-content/plugins/wp-fancy-gallery/assets/frontend/css/style.frontend.min.css/wp-content/plugins/wp-fancy-gallery/assets/frontend/js/freewall.min.js/wp-content/plugins/wp-fancy-gallery/assets/frontend/js/jquery.fancybox-1.3.4.min.js+1 more

Script Paths

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

Version Parameters

wp-fancy-gallery/assets/admin/css/bootstrap.min.css?ver=wp-fancy-gallery/assets/admin/css/main.min.css?ver=wp-fancy-gallery/assets/admin/js/bootstrap.min.js?ver=wp-fancy-gallery/assets/admin/js/scripts.min.js?ver=wp-fancy-gallery/assets/frontend/css/fancybox/jquery.fancybox.min.css?ver=wp-fancy-gallery/assets/frontend/css/style.frontend.min.css?ver=wp-fancy-gallery/assets/frontend/js/freewall.min.js?ver=wp-fancy-gallery/assets/frontend/js/jquery.fancybox-1.3.4.min.js?ver=wp-fancy-gallery/assets/frontend/js/scripts.frontend.min.js?ver=

HTML / DOM Fingerprints

HTML Comments

This program is a free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA

Shortcode Output

[hireukraine_shortcode_gallery]

FAQ