The most popular gallery plugin that lets you create galleries and albums in seconds.
Prioritized issue groups from the latest Plugin Check scan
I18n
1,782
2 issue groups
Maintainability
1,054
15 issue groups
Security
232
7 issue groups
Performance
10
1 issue group
Sample message
Mismatched text domain. Expected 'nextgen-gallery' but got ' nggallery'.
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$HeightHtmlPrev".
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'ngg_ajax_' . $operation".
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
Sample message
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "A_Custom_Lightbox_Form".
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$components'.
Sample message
Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "DOING_AJAX".
Sample message
Unescaped parameter $exclude_clause used in $wpdb->get_col()\n$exclude_clause assigned unsafely at line 126.
Sample message
Use placeholders and $wpdb->prepare(); found $exclude
Sample message
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "createNewThumb".
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable $exclude_clause at "SELECT tt.pid FROM $wpdb->nggallery AS t INNER JOIN $wpdb->nggpictures AS tt ON t.gid = tt.galleryid WHERE t.gid = %d $exclude_clause ORDER BY tt.{$order_by} $order_dir"
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$args'.
Sample message
error_log() found. Debug code should not normally be used in production.
Sample message
Detected usage of a non-sanitized input variable: $_POST[$field]
Sample message
Writing files using ABSPATH may be problematic. Consider using wp_upload_dir() instead if storing user data or generated files.
Sample message
$_REQUEST[$key] not unslashed before sanitization. Use wp_unslash() or similar
Sample message
Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.
Sample message
unlink() is discouraged. Use wp_delete_file() to delete a file.
Sample message
Possible use of ASP style opening tags detected; found: <%- edit %>\n
Sample message
Detected usage of meta_key, possible slow query.
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$enqueue_action".
Sample message
The use of function ini_set() is discouraged
Sample message
print_r() found. Debug code should not normally be used in production.
Sample message
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
Sample message
File and folder names must not contain spaces or special characters.
Potential connections found in static code analysis.
Outbound calls
294
External assets
2
Incoming endpoints
4
No public endpoints detected.
wp_ajax
wp_ajax
wp_ajax
wp_ajax
2 score snapshots
v4.2.3
23
Latest
v4.2.2
23
Score
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 23 | 3,122 | 2,129 | 993 | v4.2.3 | 2.0.0 |
| 23 | 3,105 | 2,119 | 986 | v4.2.2 | 2.0.0 |
Author, categories, issues, domains, and nearby plugins.