Plugin inspection:

Photo Book Gallery

Use with caution

Last revised:

Confidence: Medium
This plugin has been given a short, targeted code review.

Before using this plugin, you should carefully consider these findings. Read more about this recommendation.


  • Allows users with permission to add/edit photo books to insert unfiltered HTML into the admin area (the plugin does not appear to check for the unfiltered_html capability) – i.e. insert “><script>alert(1)</script> into the “book width” field (after changing the field’s type to text)

Reason for the 'Use with caution' result

The plugin contains or is likely to contain a vulnerability which could be exploited by a privileged user to affect the site’s confidentiality, integrity or availability in a manner exceeding their privileges:

  • Appears to allow admins to insert HTML when the permission has been disabled

Failure criteria

  • Lack of proper output escaping

Read more about our failure criteria.