Does GWPG3 have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is GWPG3 compatible with WordPress 3.1.4?

According to WordPress.org data, GWPG3 0.85 has been tested up to WordPress 3.1.4. Check the plugin's changelog for the latest compatibility information.

How often is GWPG3 updated?

GWPG3 was last updated on Dec 3, 2010. Frequent updates are generally a positive security signal.

What is GWPG3's security score?

GWPG3 has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

GWPG3 Security & Risk Analysis

wordpress.org/plugins/wpg3

Alpha State development Version of Wordpress Plugin connecting Gallery3 and Wordpress3+ maintaining compatibility to WPG2.

10 active installs v0.85 PHP + WP 3.1+ Updated Dec 3, 2010

gallerygallery3wpg2wpg3

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is GWPG3 Safe to Use in 2026?

Generally Safe

Score 85/100

GWPG3 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 15yr ago

Risk Assessment

The static analysis of the 'wpg3' plugin v0.85 reveals a generally positive security posture, with no identified AJAX handlers, REST API routes, shortcodes, or cron events, resulting in a zero-size attack surface and no unprotected entry points. The plugin also demonstrates good practices in handling SQL queries, utilizing prepared statements exclusively, and has no recorded vulnerabilities (CVEs) or bundled libraries that could introduce known risks. However, there are significant concerns regarding output escaping and file operations.

While the plugin has a clean vulnerability history, the static analysis flags that only 36% of the 42 identified output operations are properly escaped. This could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is not adequately sanitized before being displayed. Furthermore, the presence of one file operation, coupled with two taint flows identified as having unsanitized paths, raises concerns about potential arbitrary file read or write vulnerabilities, or path traversal issues, even though these are not classified as critical or high severity.

In conclusion, 'wpg3' v0.85 excels in its limited attack surface and secure SQL handling. The absence of known vulnerabilities is a significant strength. However, the insufficient output escaping and the identified unsanitized path flows represent crucial areas for improvement that could expose the plugin and its users to security risks.

Key Concerns

Insufficient output escaping
Taint flows with unsanitized paths
File operations without clear context
No nonce checks
No capability checks

Vulnerabilities

None known

GWPG3 Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

GWPG3 Release Timeline

v0.85Current

v0.83

Code Analysis

Analyzed Mar 17, 2026

GWPG3 Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

15 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

36% escaped42 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

testTags (wpg3.php:135)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

GWPG3 Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 11

actionadmin_noticeswpg3.php:68

actioninitwpg3.php:661

actionadmin_initwpg3.php:662

actionadmin_menuwpg3.php:664

filterthe_contentwpg3.php:666

actionmedia_upload_tabswpg3_class_WPG3_Imagechoser.php:45

actionmedia_upload_wpg3wpg3_class_WPG3_Imagechoser.php:48

filterattachment_fields_to_editwpg3_class_WPG3_Imagechoser.php:208

filterquery_varswpg3_class_WPG3_Rewrite.php:38

filterrewrite_rules_arraywpg3_class_WPG3_Rewrite.php:39

filterthe_contentwpg3_class_WPG3_Rewrite.php:40

Maintenance & Trust

GWPG3 Maintenance & Trust

Maintenance Signals

WordPress version tested3.1.4

Last updatedDec 3, 2010

PHP min version

Downloads5K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

GWPG3 Alternatives

heiv gallery 3

heiv-gallery-3

The Wordpress plugin "Heiv Gallery 3" embeds pictures and albums from an installation of Gallery3 in an article or a post.

30 No CVEs

G3Client

g3client

G3Client embedds Gallery3 resources into a Wordpress posting or page.

10 No CVEs

Smash Balloon Social Photo Feed – Easy Social Feeds Plugin

instagram-feed

Formerly "Instagram Feed". Display clean, customizable, and responsive Instagram feeds from multiple accounts. Supports Instagram oEmbeds.

1.0M 4 CVEs

Smart Slider 3

smart-slider-3

Responsive slider plugin to create sliders in visual editor easily. Build beautiful image slider, layer slider, video slider, post slider, and more.

800K 9 CVEs

Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider

ml-slider

Slider, gallery, carousel plugin for WordPress. Build your image slider, video slider, post slider, YouTube slider, or WooCommerce product slider.

500K 14 CVEs

Developer Profile

GWPG3 Developer Profile

digitaldonkey

3 plugins · 80 total installs

trust score

Avg Security Score

76/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect GWPG3

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

HTML Comments

WPG3 Main WPG3 post/page content Here goes everything that replaces the <WPG>-Tag in a Post. current REST request Uri+28 more

REST Endpoints

/rest/item/

Shortcode Output

<wpg3></wpg3>

FAQ