Does Photo Gallery Slideshow & Masonry Tiled Gallery have any unpatched vulnerabilities?

No. All known vulnerabilities in Photo Gallery Slideshow & Masonry Tiled Gallery have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Photo Gallery Slideshow & Masonry Tiled Gallery compatible with WordPress 6.9.4?

According to WordPress.org data, Photo Gallery Slideshow & Masonry Tiled Gallery 1.0.17 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

What is Photo Gallery Slideshow & Masonry Tiled Gallery's security score?

Photo Gallery Slideshow & Masonry Tiled Gallery has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Photo Gallery Slideshow & Masonry Tiled Gallery Security & Risk Analysis

wordpress.org/plugins/wp-responsive-photo-gallery

This is a beautiful masonry tiled gallery and photo gallery slideshow plugin for WordPress blogs and sites. Admin can manage any number of images for …

1K active installs v1.0.17 PHP + WP 3.5+ Updated Dec 19, 2025

masonry-gallerywordpress-responsive-gallerywordpress-responsive-photo-gallerywordpress-responsive-photo-slideshowwp-responsive-photo-slideshow

A · Safe

CVEs total3

Unpatched0

Last CVEJan 3, 2025

Plugin page Download

Safety Verdict

Is Photo Gallery Slideshow & Masonry Tiled Gallery Safe to Use in 2026?

Generally Safe

Score 98/100

Photo Gallery Slideshow & Masonry Tiled Gallery has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Jan 3, 2025Updated 3mo ago

Risk Assessment

The "wp-responsive-photo-gallery" plugin v1.0.17 presents a mixed security posture. On one hand, it demonstrates several good security practices, including a significant percentage of SQL queries using prepared statements and a good number of nonce and capability checks. This indicates some awareness of security best practices during development.

However, there are notable concerns. The static analysis reveals a considerable attack surface with 7 AJAX handlers, one of which lacks authentication checks. This is a direct entry point for unauthenticated attackers. Furthermore, the taint analysis shows 5 flows with unsanitized paths, even though none are classified as critical or high severity. This suggests a potential for path traversal or similar vulnerabilities if not handled carefully. The vulnerability history is also a significant red flag, with 3 previously disclosed medium severity vulnerabilities including SSRF, SQL Injection, and XSS. While currently unpatched, this pattern indicates recurring weaknesses in input validation and sanitization.

In conclusion, while the plugin has some strengths in its implementation of prepared statements and checks, the presence of an unprotected AJAX handler, unsanitized path flows, and a history of medium severity vulnerabilities like SSRF, SQLi, and XSS means that users should exercise caution. The overall risk is elevated due to these factors, particularly the direct unprotected entry point.

Key Concerns

Unprotected AJAX handler
Flows with unsanitized paths
Medium severity CVEs in history (3)
Low percentage of properly escaped output

Vulnerabilities

Photo Gallery Slideshow & Masonry Tiled Gallery Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

1 CVE in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2024-12237medium · 4.3Server-Side Request Forgery (SSRF)

Photo Gallery Slideshow & Masonry Tiled Gallery <= 1.0.15 - Authenticated (Subscriber+) Limited Server-Side Request Forgery

Jan 3, 2025 Patched in 1.0.16 (1d)

CVE-2019-25218medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Photo Gallery Slideshow & Masonry Tiled Gallery <= 1.0.3 - Authenticated (Admin+) SQL Injection

Oct 18, 2024 Patched in 1.0.4 (1d)

CVE-2023-2402medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photo Gallery Slideshow & Masonry Tiled Gallery <= 1.0.13 - Reflected Cross-Site Scripting

Apr 28, 2023 Patched in 1.0.14 (270d)

Code Analysis

Analyzed Mar 16, 2026

Photo Gallery Slideshow & Masonry Tiled Gallery Code Analysis

Dangerous Functions

Raw SQL Queries

32 prepared

Unescaped Output

684

137 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

89% prepared36 total queries

Output Escaping

17% escaped821 total outputs

Data Flows

5 unsanitized

Data Flow Analysis

7 flows5 with unsanitized paths

responsive_photo_gallery_image_management (wp-responsive-photo-gallery.php:1040)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Photo Gallery Slideshow & Masonry Tiled Gallery Attack Surface

Entry Points9

Unprotected1

AJAX Handlers 7

authwp_ajax_rjg_check_file_exist_justified_gallerywp-responsive-photo-gallery.php:33

authwp_ajax_rjg_get_youtube_info_justified_gallerywp-responsive-photo-gallery.php:34

authwp_ajax_rjg_get_metacafe_info_justified_gallerywp-responsive-photo-gallery.php:35

authwp_ajax_rjg_get_grid_data_justified_gallerywp-responsive-photo-gallery.php:37

noprivwp_ajax_rjg_get_grid_data_justified_gallerywp-responsive-photo-gallery.php:38

authwp_ajax_mass_upload_wpresponsivephgallerywp-responsive-photo-gallery.php:41

authwp_ajax_mass_upload_wpresponsivephgallerymswp-responsive-photo-gallery.php:42

Shortcodes 2

[print_my_responsive_photo_gallery] wp-responsive-photo-gallery.php:28

[print_masonry_gallery_plus_lightbox] wp-responsive-photo-gallery.php:39

WordPress Hooks 12

actionadmin_menuwp-responsive-photo-gallery.php:23

actionwp_enqueue_scriptswp-responsive-photo-gallery.php:27

filterwidget_textwp-responsive-photo-gallery.php:29

actionadmin_noticeswp-responsive-photo-gallery.php:30

actionplugins_loadedwp-responsive-photo-gallery.php:31

filteruser_has_capwp-responsive-photo-gallery.php:40

filtermap_meta_capwp-responsive-photo-gallery.php:47

filterwidget_text_contentwp-responsive-photo-gallery.php:6001

filterthe_contentwp-responsive-photo-gallery.php:6002

filterwidget_text_contentwp-responsive-photo-gallery.php:6918

filterthe_contentwp-responsive-photo-gallery.php:6919

filterrender_blockwp-responsive-photo-gallery.php:6932

Maintenance & Trust

Photo Gallery Slideshow & Masonry Tiled Gallery Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 19, 2025

PHP min version

Downloads85K

Community Trust

Rating78/100

Number of ratings8

Active installs1K

Alternatives

Photo Gallery Slideshow & Masonry Tiled Gallery Alternatives

Simple Gallery with Filter

simple-gallery-with-filter

Create simple gallery with filter option by using this plugin. Very simple create isotope filter gallery you can use for gallery, portfolio, team, ser …

100 1 CVE

Image Gallery Block – Create and display photo gallery/photo album.

3d-image-gallery

Image Gallery Block helps you create responsive photo galleries, masonry layouts, and 3D sliders. Offers professional layouts and lightbox effects.

2K 1 CVE

Animated Live Wall Gallery

animated-live-wall

100

Create animated gallery walls with image-switching effects. Display photos from Instagram, Flickr, or media uploads.

2K No CVEs

BNE Gallery Extended

bne-gallery-extended

Simple add-on to the default WordPress gallery shortcode, [gallery], to include a 3D Carousel and Masonry display option.

1K 1 CVE

WP Masonry & Infinite Scroll

wp-masonry-infinite-scroll

Highly customizable shortcodes to create pages with beautiful masonry layout and infinite scrolling effect.

200 1 CVE

Developer Profile

Photo Gallery Slideshow & Masonry Tiled Gallery Developer Profile

Nks

19 plugins · 23K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

350 days

View full developer profile

Detection Fingerprints

How We Detect Photo Gallery Slideshow & Masonry Tiled Gallery

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-responsive-photo-gallery/css/owl.carousel.css/wp-content/plugins/wp-responsive-photo-gallery/css/owl.theme.css/wp-content/plugins/wp-responsive-photo-gallery/css/rs-gallery-responsive.css/wp-content/plugins/wp-responsive-photo-gallery/css/fancybox.css/wp-content/plugins/wp-responsive-photo-gallery/js/owl.carousel.js/wp-content/plugins/wp-responsive-photo-gallery/js/jquery.mousewheel-3.0.6.pack.js/wp-content/plugins/wp-responsive-photo-gallery/js/fancybox.js/wp-content/plugins/wp-responsive-photo-gallery/js/jquery.fancybox-media.js+2 more

Script Paths

/wp-content/plugins/wp-responsive-photo-gallery/js/gallery.js/wp-content/plugins/wp-responsive-photo-gallery/js/fancybox-gallery.js

Version Parameters

wp-responsive-photo-gallery/css/owl.carousel.css?ver=wp-responsive-photo-gallery/css/owl.theme.css?ver=wp-responsive-photo-gallery/css/rs-gallery-responsive.css?ver=wp-responsive-photo-gallery/css/fancybox.css?ver=wp-responsive-photo-gallery/js/owl.carousel.js?ver=wp-responsive-photo-gallery/js/jquery.mousewheel-3.0.6.pack.js?ver=wp-responsive-photo-gallery/js/fancybox.js?ver=wp-responsive-photo-gallery/js/jquery.fancybox-media.js?ver=wp-responsive-photo-gallery/js/gallery.js?ver=wp-responsive-photo-gallery/js/fancybox-gallery.js?ver=

HTML / DOM Fingerprints

CSS Classes

rsp-gallery-containerrsp-gallery-itemowl-carouselowl-themefancybox

Data Attributes

data-fancybox-group

JS Globals

responsive_photo_gallery

REST Endpoints

/wp-json/rjg_get_grid_data_justified_gallery/wp-json/rjg_check_file_exist_justified_gallery/wp-json/rjg_get_youtube_info_justified_gallery/wp-json/rjg_get_metacafe_info_justified_gallery

Shortcode Output

[print_my_responsive_photo_gallery][print_masonry_gallery_plus_lightbox]

FAQ