Does All Sources Images have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is All Sources Images compatible with WordPress 6.9.4?

According to WordPress.org data, All Sources Images 1.0.8 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is All Sources Images compatible with PHP 7.4+?

All Sources Images requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is All Sources Images updated?

All Sources Images was last updated on Mar 25, 2026. Frequent updates are generally a positive security signal.

What is All Sources Images's security score?

All Sources Images has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

All Sources Images Security & Risk Analysis

wordpress.org/plugins/all-sources-images

Generate stunning images for posts via AI (DALL·E, Stable Diffusion, etc) or image banks (Pexels, Unsplash, etc)

500 active installs v1.0.8 PHP 7.4+ WP 5.8+ Updated Mar 25, 2026

aiimagemcpopenversepixabay

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is All Sources Images Safe to Use in 2026?

Generally Safe

Score 100/100

All Sources Images has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The 'all-sources-images' v1.0.8 plugin exhibits a generally good security posture with several strengths. It exclusively uses prepared statements for all its SQL queries, which is an excellent practice for preventing SQL injection vulnerabilities. Furthermore, the vast majority of its output (97%) is properly escaped, significantly reducing the risk of cross-site scripting (XSS) attacks. The plugin also demonstrates a commitment to security by performing capability checks on most of its entry points and implementing nonce checks, which help protect against various unauthorized actions. The absence of any recorded CVEs and the lack of critical or high severity taint flows are also positive indicators of its security development practices.

However, there are notable areas of concern that warrant attention. A significant portion of the plugin's attack surface is exposed without proper authentication. Specifically, 8 out of 13 AJAX handlers lack authentication checks. This means any unauthenticated user could potentially interact with these handlers, which could lead to unintended consequences or exploit vulnerabilities if the handler's logic is flawed. While no critical taint flows were found, the presence of file operations and external HTTP requests, combined with the unprotected AJAX handlers, could present an attack vector if not meticulously secured within the handler's code.

In conclusion, while the plugin has strong foundations in secure coding practices like prepared statements and output escaping, the substantial number of unprotected AJAX handlers is a critical weakness that elevates the overall risk. The vulnerability history is clean, which is encouraging, but the static analysis reveals a potential for exploitation due to the exposed attack surface. Addressing the unauthenticated AJAX handlers should be the highest priority for improving the plugin's security.

Key Concerns

Unprotected AJAX handlers

Vulnerabilities

None known

All Sources Images Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

All Sources Images Release Timeline

v1.0.8Current

v1.0.7

v1.0.6

v1.0.5

v1.0.4

Code Analysis

Analyzed Apr 16, 2026

All Sources Images Code Analysis

Dangerous Functions

Raw SQL Queries

119 prepared

Unescaped Output

1540 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared119 total queries

Output Escaping

97% escaped1586 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

1 flows

<class-all-sources-images-admin> (admin/class-all-sources-images-admin.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

8 unprotected

All Sources Images Attack Surface

Entry Points13

Unprotected8

AJAX Handlers 13

authwp_ajax_allsi_test_apisadmin/class-all-sources-images-admin.php:118

authwp_ajax_allsi_translate_searchadmin/class-all-sources-images-admin.php:134

authwp_ajax_allsi_block_searching_imagesadmin/class-all-sources-images-admin.php:136

authwp_ajax_allsi_block_downloading_imageadmin/class-all-sources-images-admin.php:138

authwp_ajax_allsi_generate_imageadmin/class-all-sources-images-generation.php:72

authwp_ajax_allsi_bulk_load_itemsadmin/includes/class-allsi-bulk-generation-ajax.php:24

authwp_ajax_allsi_bulk_create_jobadmin/includes/class-allsi-bulk-generation-ajax.php:27

authwp_ajax_allsi_bulk_create_job_from_idsadmin/includes/class-allsi-bulk-generation-ajax.php:28

authwp_ajax_allsi_bulk_get_jobsadmin/includes/class-allsi-bulk-generation-ajax.php:29

authwp_ajax_allsi_bulk_get_job_detailsadmin/includes/class-allsi-bulk-generation-ajax.php:30

authwp_ajax_allsi_bulk_start_jobadmin/includes/class-allsi-bulk-generation-ajax.php:31

authwp_ajax_allsi_bulk_pause_jobadmin/includes/class-allsi-bulk-generation-ajax.php:32

authwp_ajax_allsi_bulk_delete_jobadmin/includes/class-allsi-bulk-generation-ajax.php:33

WordPress Hooks 39

actionALLSI_cron_image_generationadmin/class-all-sources-images-admin.php:112

actionALLSI_generate_scheduled_imageadmin/class-all-sources-images-admin.php:115

actioninitadmin/class-all-sources-images-admin.php:121

actionenqueue_block_editor_assetsadmin/class-all-sources-images-admin.php:122

actionadmin_menuadmin/class-all-sources-images-admin.php:126

actionadmin_enqueue_scriptsadmin/class-all-sources-images-admin.php:129

actionadmin_enqueue_scriptsadmin/class-all-sources-images-admin.php:130

actionenqueue_block_editor_assetsadmin/class-all-sources-images-admin.php:131

actionwp_enqueue_scriptsadmin/class-all-sources-images-admin.php:132

filterhttp_request_timeoutadmin/class-all-sources-images-admin.php:142

actioninitadmin/class-all-sources-images-admin.php:145

actionplugins_loadedadmin/class-all-sources-images-admin.php:146

actionelementor/initadmin/class-all-sources-images-admin.php:151

actionsave_postadmin/class-all-sources-images-admin.php:166

filtercategory_row_actionsadmin/class-all-sources-images-admin.php:968

filtermap_meta_capadmin/class-all-sources-images-admin.php:1025

actionadmin_enqueue_scriptsadmin/class-all-sources-images-admin.php:1995

filtercron_schedulesadmin/class-all-sources-images-admin.php:3489

actionsave_postadmin/class-all-sources-images-generation.php:76

actionsave_postadmin/class-all-sources-images-generation.php:1271

actionelementor/widgets/registeradmin/elementor/class-allsi-elementor-integration.php:40

actionelementor/controls/registeradmin/elementor/class-allsi-elementor-integration.php:41

actionelementor/editor/after_enqueue_scriptsadmin/elementor/class-allsi-elementor-integration.php:42

actionALLSI_bulk_process_jobadmin/includes/class-allsi-bulk-generation-cron.php:52

actionALLSI_bulk_process_batchadmin/includes/class-allsi-bulk-generation-cron.php:53

filteruser_has_capadmin/includes/class-allsi-bulk-generation-cron.php:450

actionadmin_enqueue_scriptsadmin/partials/new-ui/new-ui-assets.php:265

actionactivated_pluginall-sources-images.php:86

actioninitall-sources-images.php:194

actioninitall-sources-images.php:195

actioninitall-sources-images.php:197

actionadmin_enqueue_scriptsincludes/class-all-sources-images.php:152

actionadmin_enqueue_scriptsincludes/class-all-sources-images.php:153

actionadmin_menuincludes/class-all-sources-images.php:155

actioninitincludes/class-all-sources-images.php:157

actionwp_abilities_api_categories_initincludes/class-allsi-abilities.php:57

actionwp_abilities_api_initincludes/class-allsi-abilities.php:59

filteruser_has_capincludes/class-allsi-abilities.php:677

filteruser_has_capincludes/class-allsi-abilities.php:1428

Scheduled Events 7

ALLSI_generate_scheduled_image

ALLSI_cron_image_generation

ALLSI_bulk_process_job

ALLSI_bulk_process_batch

Maintenance & Trust

All Sources Images Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 25, 2026

PHP min version7.4

Downloads2K

Community Trust

Rating100/100

Number of ratings5

Active installs500

Alternatives

All Sources Images Alternatives

Free Assets Library – Openverse/Pixabay 600+ Million Images

free-images

Free Assets Library is the #1 WordPress plugin which provides 600 Million FREE Images with 90,000+ downloads 🚀

4K No CVEs

Instant Image Generator (AI Image by Gemini, Dall-E and One Click Image from Unsplash, Openverse, Pixabay, Pexels, Giphy)

ai-image

Search millions of stock photos, generate AI images with OpenAI & Gemini, browse GIFs, and import directly to your Media Library.

1K 1 CVE

FLS Stock Photo Importer

fls-stock-photo-importer

100

Search Pexels, Pixabay and Openverse images from the WordPress editor and import them directly into your Media Library.

0 No CVEs

Instant Images – One-click Image Uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy

instant-images

One-click uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy directly to your WordPress media library.

200K 3 CVEs

All Sources Images Developer Profile

Esteban

4 plugins · 4K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect All Sources Images

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/all-sources-images/admin/css/allsi-admin-settings.css/wp-content/plugins/all-sources-images/admin/js/allsi-admin-settings.js/wp-content/plugins/all-sources-images/public/css/allsi-public.css/wp-content/plugins/all-sources-images/public/js/allsi-public.js

Script Paths

/wp-content/plugins/all-sources-images/admin/js/allsi-admin-settings.js/wp-content/plugins/all-sources-images/public/js/allsi-public.js

Version Parameters

all-sources-images/admin/css/allsi-admin-settings.css?ver=all-sources-images/admin/js/allsi-admin-settings.js?ver=all-sources-images/public/css/allsi-public.css?ver=all-sources-images/public/js/allsi-public.js?ver=

HTML / DOM Fingerprints

CSS Classes

allsi-settings-pageallsi-source-settingsallsi-integration-settingsallsi-general-settingsallsi-image-source-card

HTML Comments

Data Attributes

data-allsi-source-iddata-allsi-image-id

JS Globals

allsi_admin_settings_params

FAQ