WP Beacon

Photo Gallery by 10Web – Mobile-Friendly Image Gallery

photo-gallery · by 10web · wordpress.org ↗ · SVN ↗
Active installs
200k+
Current version
1.8.40
Added
2014-01-30
Last updated
2026-04-28 (24d ago)
First seen by beacon
1mo ago
Total downloads
19,564,932

Alerts (0)

No open alerts.

Show 4 resolved alerts
Critical code_scan_match Resolved · code_scan_fp_class_vendor_cdn_enqueue 2026-05-05 11:32:21 (17d ago)
Slugphoto-gallery
Finding count6
Findings
PatternKindFileLineSnippetConfidenceDetails
remote_enqueuebuiltinfrontend/views/view.php17wp_register_script( 'instagram-embed', 'https://www.instagram.com/embed.js' );medium
Url
https://www.instagram.com/embed.js
Url host
www.instagram.com
Validate_Path(ioc:code_patternfilemanager/controller.php45$dir = str_replace(array('\\', '..'), '', WDWLibrary::validate_path($this->model->get_from_session('dir', '')));medium
Validate_Path(ioc:code_patternfilemanager/view.php77var dir = "<?php echo(isset($_REQUEST['dir']) ? str_replace(array('\\', '..'), '', WDWLibrary::validate_path(WDWLibrary::get('dir', '', 'sanitize_text_field', 'REQUEST'))) : ''); ?>";medium
Validate_Path(ioc:code_patternfilemanager/view.php78var dirUrl = "<?php echo $this->controller->get_uploads_url() . (isset($_REQUEST['dir']) ? str_replace(array('\\', '..'), '', WDWLibrary::validate_path(WDWLibrary::get('dir', '', 'sanitize_textmedium
Validate_Path(ioc:code_patternfilemanager/UploadHandler.php915$dir = isset($_REQUEST['dir']) ? WDWLibrary::validate_path(WDWLibrary::get('dir', '', 'sanitize_text_field', 'REQUEST')) : '';medium
Validate_Path(ioc:code_patternframework/WDWLibrary.php3,631public static function validate_path( $path = '' ) {medium
Resolved sha55a3552b93ee701a8f4d46d0a6d6060a2c0b4aaf
Serial offender noteSeverity bumped high→critical: author 10web has 6 prior security-issue closures on wp.org.
View raw JSON
{
    "slug": "photo-gallery",
    "finding_count": 6,
    "findings": [
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "frontend/views/view.php",
            "line": 17,
            "snippet": "wp_register_script( 'instagram-embed', 'https://www.instagram.com/embed.js' );",
            "confidence": "medium",
            "details": {
                "url": "https://www.instagram.com/embed.js",
                "url_host": "www.instagram.com"
            }
        },
        {
            "pattern": "Validate_Path(",
            "kind": "ioc:code_pattern",
            "file": "filemanager/controller.php",
            "line": 45,
            "snippet": "$dir = str_replace(array('\\\\', '..'), '', WDWLibrary::validate_path($this->model->get_from_session('dir', '')));",
            "confidence": "medium"
        },
        {
            "pattern": "Validate_Path(",
            "kind": "ioc:code_pattern",
            "file": "filemanager/view.php",
            "line": 77,
            "snippet": "var dir = \"<?php echo(isset($_REQUEST['dir']) ? str_replace(array('\\\\', '..'), '', WDWLibrary::validate_path(WDWLibrary::get('dir', '', 'sanitize_text_field', 'REQUEST'))) : ''); ?>\";",
            "confidence": "medium"
        },
        {
            "pattern": "Validate_Path(",
            "kind": "ioc:code_pattern",
            "file": "filemanager/view.php",
            "line": 78,
            "snippet": "var dirUrl = \"<?php echo $this->controller->get_uploads_url() . (isset($_REQUEST['dir']) ? str_replace(array('\\\\', '..'), '',  WDWLibrary::validate_path(WDWLibrary::get('dir', '', 'sanitize_text",
            "confidence": "medium"
        },
        {
            "pattern": "Validate_Path(",
            "kind": "ioc:code_pattern",
            "file": "filemanager/UploadHandler.php",
            "line": 915,
            "snippet": "$dir = isset($_REQUEST['dir']) ? WDWLibrary::validate_path(WDWLibrary::get('dir', '', 'sanitize_text_field', 'REQUEST')) : '';",
            "confidence": "medium"
        },
        {
            "pattern": "Validate_Path(",
            "kind": "ioc:code_pattern",
            "file": "framework/WDWLibrary.php",
            "line": 3631,
            "snippet": "public static function validate_path( $path = '' ) {",
            "confidence": "medium"
        }
    ],
    "resolved_sha": "55a3552b93ee701a8f4d46d0a6d6060a2c0b4aaf",
    "serial_offender_note": "Severity bumped high\u2192critical: author 10web has 6 prior security-issue closures on wp.org."
}
Critical code_scan_delta Resolved · false_positive_cdn_known_good 2026-04-29 03:22:08 (23d ago)
Slugphoto-gallery
Previous version1.8.39
Current version1.8.40
New findings
PatternKindFileLineSnippetConfidenceDetails
remote_enqueuebuiltinfrontend/views/view.php17wp_register_script( 'instagram-embed', 'https://www.instagram.com/embed.js' );medium
Url
https://www.instagram.com/embed.js
Url host
www.instagram.com
New finding count1
Serial offender noteSeverity bumped high→critical: author 10web has 6 prior security-issue closures on wp.org.
View raw JSON
{
    "slug": "photo-gallery",
    "previous_version": "1.8.39",
    "current_version": "1.8.40",
    "new_findings": [
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "frontend/views/view.php",
            "line": 17,
            "snippet": "wp_register_script( 'instagram-embed', 'https://www.instagram.com/embed.js' );",
            "confidence": "medium",
            "details": {
                "url": "https://www.instagram.com/embed.js",
                "url_host": "www.instagram.com"
            }
        }
    ],
    "new_finding_count": 1,
    "serial_offender_note": "Severity bumped high\u2192critical: author 10web has 6 prior security-issue closures on wp.org."
}
Critical code_pattern Resolved · no_longer_matches 2026-04-24 17:01:47 (28d ago)
Slugphoto-gallery
Patternunserialize_after_remote_call
Kindbuiltin
Version1.8.39
Hit count1
First hit
File
wd/includes/overview.php
Line
44
Snippet
L41: $request = wp_remote_get(" http://api.wordpress.org/plugins/info/1.0/" . $plugin_wp_sl → L44: $body = unserialize($request['body']);
Explanationa remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak.
View raw JSON
{
    "slug": "photo-gallery",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "1.8.39",
    "hit_count": 1,
    "first_hit": {
        "file": "wd/includes/overview.php",
        "line": 44,
        "snippet": "L41: $request = wp_remote_get(\" http://api.wordpress.org/plugins/info/1.0/\" . $plugin_wp_sl  \u2192  L44: $body = unserialize($request['body']);"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak."
}
Critical code_scan_delta Resolved · fp_wporg_official_api 2026-04-24 16:19:53 (28d ago)
Slugphoto-gallery
Previous version1.8.39
Current version1.8.39
New findings
PatternKindFileLineSnippetConfidence
unserialize_after_remote_callbuiltinwd/includes/overview.php44L41: $request = wp_remote_get(" http://api.wordpress.org/plugins/info/1.0/" . $plugin_wp_sl → L44: $body = unserialize($request['body']);high
New finding count1
View raw JSON
{
    "slug": "photo-gallery",
    "previous_version": "1.8.39",
    "current_version": "1.8.39",
    "new_findings": [
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "wd/includes/overview.php",
            "line": 44,
            "snippet": "L41: $request = wp_remote_get(\" http://api.wordpress.org/plugins/info/1.0/\" . $plugin_wp_sl  \u2192  L44: $body = unserialize($request['body']);",
            "confidence": "high"
        }
    ],
    "new_finding_count": 1
}

SVN committers (2)

Accounts with actual commit access to photo-gallery on plugins.svn.wordpress.org, reconstructed from svn log. This is the list that matters for ownership changes — not the readme contributors.

Committer Member since Commits First commit Latest commit
webdorado 2011-09-20 6 2017-01-26 · r1582394 2020-12-28 · r2446875
10Web 2018-01-25 2 2019-05-11 · r2085993 2026-04-28 · r3517737

Readme contributors (4)

Names the plugin's readme declares as contributors. A soft signal — anyone can be listed. The SVN access column is the ground-truth cross-reference: does this contributor actually commit code?

Contributor Member since SVN access Status
webdorado 2011-09-20 6 commits Active
10Web 2018-01-25 2 commits Active
Photo Gallery Support 2017-03-29 Active
WD Support 2017-01-26 Active

Versions (100 most recent)

Version Released Download
1.8.40 2026-04-28 · 24d ago zip
1.8.39 2026-03-03 · 2mo ago zip
1.8.38 2026-02-11 · 3mo ago zip
1.8.37 2026-01-20 · 4mo ago zip
1.8.35 2025-03-29 · 1y ago zip
1.8.34 2025-02-26 · 1y ago zip
1.8.33 2025-02-06 · 1y ago zip
1.8.31 2024-11-03 · 1y ago zip
1.8.30 2024-10-18 · 1y ago zip
1.8.29 2024-09-20 · 1y ago zip
1.8.28 2024-09-10 · 1y ago zip
Version1.8.27 2024-07-08 · 1y ago zip
1.8.26 2024-06-24 · 1y ago zip
1.8.25 2024-06-17 · 1y ago zip
1.8.24 2024-06-06 · 1y ago zip
1.8.23 2024-04-16 · 2y ago zip
1.8.22 2024-03-25 · 2y ago zip
1.8.21 2024-02-12 · 2y ago zip
1.8.20 2024-01-17 · 2y ago zip
1.8.19 2023-12-21 · 2y ago zip
1.8.18 2023-11-13 · 2y ago zip
1.8.17 2023-08-09 · 2y ago zip
1.8.16 2023-06-02 · 2y ago zip
1.8.15 2023-03-30 · 3y ago zip
1.8.14 2023-03-13 · 3y ago zip
1.8.13 2023-02-22 · 3y ago zip
1.8.12 2023-02-03 · 3y ago zip
1.8.11 2023-01-24 · 3y ago zip
1.8.10 2023-01-11 · 3y ago zip
1.8.9 2023-01-05 · 3y ago zip
1.8.8 2022-12-21 · 3y ago zip
1.8.7 2022-12-17 · 3y ago zip
1.8.6 2022-12-17 · 3y ago zip
1.8.5 2022-12-02 · 3y ago zip
1.8.4 2022-11-25 · 3y ago zip
1.8.3 2022-11-23 · 3y ago zip
2.8.2 2022-11-18 · 3y ago zip
1.8.1 2022-11-02 · 3y ago zip
1.8.0 2022-10-11 · 3y ago zip
1.7.6 2022-09-30 · 3y ago zip
1.7.5 2022-09-29 · 3y ago zip
1.7.4 2022-09-05 · 3y ago zip
1.7.3 2022-08-10 · 3y ago zip
1.7.2 2022-08-09 · 3y ago zip
1.7.1 2022-08-05 · 3y ago zip
1.7.0 2022-08-02 · 3y ago zip
1.6.10 2022-07-07 · 3y ago zip
1.6.9 2022-07-01 · 3y ago zip
1.6.8 2022-06-28 · 3y ago zip
1.6.7 2022-06-16 · 3y ago zip
1.6.6 2022-06-07 · 3y ago zip
1.6.5 2022-05-27 · 3y ago zip
1.6.4 2022-05-13 · 4y ago zip
1.6.3 2022-04-08 · 4y ago zip
1.6.2 2022-03-16 · 4y ago zip
1.6.1 2022-03-03 · 4y ago zip
1.6.0 2022-02-04 · 4y ago zip
1.5.87 2022-01-26 · 4y ago zip
1.5.86 2021-11-19 · 4y ago zip
1.5.85 2021-11-05 · 4y ago zip
1.5.84 2021-10-12 · 4y ago zip
1.5.83 2021-10-11 · 4y ago zip
1.5.82 2021-08-24 · 4y ago zip
1.5.81 2021-08-05 · 4y ago zip
1.5.80 2021-07-21 · 4y ago zip
1.5.79 2021-07-15 · 4y ago zip
1.5.78 2021-06-29 · 4y ago zip
1.5.77 2021-06-25 · 4y ago zip
1.5.76 2021-06-07 · 4y ago zip
1.5.75 2021-05-17 · 5y ago zip
1.5.74 2021-05-11 · 5y ago zip
1.5.73 2021-05-03 · 5y ago zip
1.5.72 2021-04-20 · 5y ago zip
1.5.71 2021-04-06 · 5y ago zip
1.5.70 2021-04-05 · 5y ago zip
1.5.69 2021-03-11 · 5y ago zip
1.5.68 2021-02-02 · 5y ago zip
1.5.67 2021-01-19 · 5y ago zip
1.5.66 2020-12-28 · 5y ago zip
1.5.65 2020-12-09 · 5y ago zip
1.5.64 2020-11-16 · 5y ago zip
1.5.63 2020-10-20 · 5y ago zip
1.5.62 2020-09-09 · 5y ago zip
1.5.61 2020-09-03 · 5y ago zip
1.5.60 2020-08-27 · 5y ago zip
1.5.59 2020-08-13 · 5y ago zip
1.5.58 2020-06-18 · 5y ago zip
1.5.54 2020-06-04 · 5y ago zip
1.5.56 2020-05-19 · 6y ago zip
1.5.55 2020-05-13 · 6y ago zip
1.5.53 2020-05-06 · 6y ago zip
1.5.52 2020-04-15 · 6y ago zip
1.5.51 2020-04-14 · 6y ago zip
1.5.50 2020-04-11 · 6y ago zip
1.5.49 2020-04-01 · 6y ago zip
1.5.48 2020-02-28 · 6y ago zip
1.5.47 2020-02-26 · 6y ago zip
1.5.46 2020-02-21 · 6y ago zip
1.5.45 2020-01-30 · 6y ago zip
1.5.44 2020-01-20 · 6y ago zip