Critical Security Issues Audited

Photo Gallery by 10Web – Mobile-Friendly Image Gallery

by 10Web · 200,000 active installations · v1.8.40

2
critical
4
high
106159
medium
29794
low
0
info
135959 total findings · ai, phpcs, semgrep ·⚠ Contains security findings — details embargoed until disclosure deadline

⏱ Disclosure Timeline

Audited & Notified
May 5, 2026
Security Summary (Day 30)
Jun 4, 2026
Full Disclosure (Day 90)
Aug 3, 2026

🔒 Security Findings

9 issues
🔒

Security Findings — Restricted Access

Security details are shared with the plugin developer during the 90-day disclosure period.
If you received a notification email, use the magic link or enter your password below.

Embargoed until Aug 3, 2026

Are you the plugin developer? Request access →

Enter your name and email and we'll review your request.

PHP_CodeSniffer

135950 coding standard violations
What is PHP_CodeSniffer?

PHP_CodeSniffer (PHPCS) is a static analysis tool that checks your PHP code against a set of coding standards. The violations below were caught using the WordPress Coding Standards ruleset — the official style guide for WordPress plugins. These aren't security issues, but they affect code consistency, readability, and long-term maintainability.

Run it yourself & auto-fix

Install PHPCS and the WordPress ruleset via Composer:

composer require --dev squizlabs/php_codesniffer wp-coding-standards/wpcs
./vendor/bin/phpcs --config-set installed_paths vendor/wp-coding-standards/wpcs

Then check your plugin:

./vendor/bin/phpcs --standard=WordPress photo-gallery/

Many violations can be fixed automatically with phpcbf (PHP Code Beautifier, bundled with PHPCS):

./vendor/bin/phpcbf --standard=WordPress photo-gallery/

phpcbf will auto-fix whitespace, indentation, and many formatting issues. Review the diff before committing.

135950 violations found — run PHPCS locally (see above) to view the full list.