WP-Safety

Masonry Gallery & Posts For Divi (WP Tools) Security & Risk Analysis

wordpress.org/plugins/wptools-masonry-gallery-posts-for-divi

Create masonry gallery for images & blogs using divi modules. 100% visual builder compatible. No programming experience needed.

700 active installs v4.0.0 PHP 7.4+ WP 4.5+ Updated Dec 16, 2025
divi-masonrydivi-masonry-blogsdivi-masonry-image-gallerymasonry-blogsmasonry-image-gallery
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Masonry Gallery & Posts For Divi (WP Tools) Safe to Use in 2026?

Generally Safe

Score 100/100

Masonry Gallery & Posts For Divi (WP Tools) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The "wptools-masonry-gallery-posts-for-divi" v4.0.0 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of any known vulnerabilities in its history is a significant positive indicator. Furthermore, the code analysis reveals no dangerous functions, file operations, or external HTTP requests, and all observed SQL queries utilize prepared statements, which are excellent security practices. The plugin also demonstrates a good approach to handling data with 80% of output escaping properly implemented.

However, there are a few areas for improvement and potential, albeit low, concerns. The complete lack of nonce checks across all entry points, including REST API routes, is a notable weakness. While there are no observed unsanitized taint flows or unescaped outputs that would immediately suggest a critical risk, the absence of nonce checks leaves the plugin susceptible to CSRF attacks if user interactions are involved in these entry points. The presence of a bundled library (Freemius v1.0) also represents a potential area of risk if it's outdated or has known vulnerabilities not flagged in the plugin's specific history. Despite these points, the overall security is robust, but the missing nonce checks warrant attention to prevent potential exploitation.

In conclusion, this plugin has a solid foundation with good coding practices and a clean vulnerability history. The main area of concern is the lack of nonce checks on its entry points, which is a common security measure for preventing cross-site request forgery. The presence of a bundled library should also be monitored for updates. While the current risk appears low due to the lack of other exploitable findings, addressing the nonce check deficiency would significantly strengthen its security posture.

Key Concerns

  • Missing nonce checks on entry points
  • Bundled library (Freemius v1.0) potentially outdated
Vulnerabilities
None known

Masonry Gallery & Posts For Divi (WP Tools) Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Masonry Gallery & Posts For Divi (WP Tools) Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
3 prepared
Unescaped Output
9
35 escaped
Nonce Checks
0
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

100% prepared3 total queries

Output Escaping

80% escaped44 total outputs
Attack Surface

Masonry Gallery & Posts For Divi (WP Tools) Attack Surface

Entry Points6
Unprotected0

REST API Routes 6

GET/wp-json/wpt-masonry-post-type-query-builder/v1/get_categories_by_rest_apiincludes\classes\Divi\PostTypeQueryBuilder.php:108
GET/wp-json/wpt-masonry-post-type-query-builder/v1/get_tags_by_rest_apiincludes\classes\Divi\PostTypeQueryBuilder.php:115
GET/wp-json/wpt-divi-masonry/v1/post-filter-meta/includes\classes\Loader.php:119
GET/wp-json/wpt-divi-masonry/v1/image-categories/includes\classes\Loader.php:133
GET/wp-json/wpt-divi-masonry/v1/post-categories/includes\classes\Loader.php:147
GET/wp-json/wpt-divi-masonry/v1/post-tags/includes\classes\Loader.php:161
WordPress Hooks 21
actiondivi_visual_builder_assets_before_enqueue_scriptsdivi-5\divi-5.php:66
actioninitdivi-5\divi-5.php:67
actioninitincludes\classes\Divi5\Modules\FullwidthMasonryImageGalleryModule\FullwidthMasonryImageGalleryModule.php:30
actioninitincludes\classes\Divi5\Modules\FullwidthMasonryPostTypeGalleryModule\FullwidthMasonryPostTypeGalleryModule.php:29
actioninitincludes\classes\Divi5\Modules\MasonryImageGalleryModule\MasonryImageGalleryModule.php:30
actioninitincludes\classes\Divi5\Modules\MasonryPostTypeGalleryModule\MasonryPostTypeGalleryModule.php:29
actiondivi_module_library_modules_dependency_treeincludes\classes\Divi5\Modules\Modules.php:14
actionet_builder_readyincludes\classes\Loader.php:79
actiondivi_extensions_initincludes\classes\Loader.php:80
filterregister_post_type_argsincludes\classes\Loader.php:84
actionwp_enqueue_scriptsincludes\classes\Loader.php:95
actionrest_api_initincludes\classes\Loader.php:104
actionwp_headincludes\classes\Loader.php:106
filterbody_classincludes\classes\Loader.php:114
actionrest_api_initincludes\classes\Loader.php:116
actioninitincludes\classes\Loader.php:180
filterdivi.conversion.moduleLibrary.conversionMapincludes\classes\Loader.php:197
actionafter_license_changeincludes\classes\Loader.php:203
actioninittaxonomies\wpt-attachment-cat.php:56
filterterm_updated_messagestaxonomies\wpt-attachment-cat.php:83
filtershow_first_trial_after_n_secwptools-masonry-gallery-posts-for-divi.php:18
Maintenance & Trust

Masonry Gallery & Posts For Divi (WP Tools) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 16, 2025
PHP min version7.4
Downloads14K

Community Trust

Rating56/100
Number of ratings5
Active installs700
Alternatives

Masonry Gallery & Posts For Divi (WP Tools) Alternatives

No alternatives data available yet.

Developer Profile

Masonry Gallery & Posts For Divi (WP Tools) Developer Profile

wptools

15 plugins · 6K total installs

93
trust score
Avg Security Score
99/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Masonry Gallery & Posts For Divi (WP Tools)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wptools-masonry-gallery-posts-for-divi/divi-5/visual-builder/styles/bundle.css/wp-content/plugins/wptools-masonry-gallery-posts-for-divi/js/masonry.pkgd.min.js/wp-content/plugins/wptools-masonry-gallery-posts-for-divi/js/imagesloaded.pkgd.min.js/wp-content/plugins/wptools-masonry-gallery-posts-for-divi/js/script-d5.js/wp-content/plugins/wptools-masonry-gallery-posts-for-divi/js/script.js/wp-content/plugins/wptools-masonry-gallery-posts-for-divi/styles/backend-style.min.css
Script Paths
/wp-content/plugins/wptools-masonry-gallery-posts-for-divi/divi-5/visual-builder/build/d5-wpt-divi-masonry.js
Version Parameters
/wp-content/plugins/wptools-masonry-gallery-posts-for-divi/js/masonry.pkgd.min.js?ver=/wp-content/plugins/wptools-masonry-gallery-posts-for-divi/js/imagesloaded.pkgd.min.js?ver=/wp-content/plugins/wptools-masonry-gallery-posts-for-divi/js/script-d5.js?ver=/wp-content/plugins/wptools-masonry-gallery-posts-for-divi/js/script.js?ver=/wp-content/plugins/wptools-masonry-gallery-posts-for-divi/styles/backend-style.min.css?ver=/wp-content/plugins/wptools-masonry-gallery-posts-for-divi/divi-5/visual-builder/styles/bundle.css?ver=

HTML / DOM Fingerprints

CSS Classes
d5-wpt-divi-masonry
JS Globals
h8p3k5y2b9
FAQ

Frequently Asked Questions about Masonry Gallery & Posts For Divi (WP Tools)