WP-Safety

Alt Text AI – Automatically generate image alt text for SEO and accessibility Security & Risk Analysis

wordpress.org/plugins/alttext-ai

Automatically sets the descriptive alt text of your images. Boosts your SEO and accessibility.

20K active installs v1.10.33 PHP 7.4+ WP 4.7+ Updated Mar 27, 2026
accessibilityaialternative-textimage-alt-textimage-to-text
93
A · Safe
CVEs total4
Unpatched0
Last CVEFeb 14, 2026
Plugin page Download
Safety Verdict

Is Alt Text AI – Automatically generate image alt text for SEO and accessibility Safe to Use in 2026?

Generally Safe

Score 93/100

Alt Text AI – Automatically generate image alt text for SEO and accessibility has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

4 known CVEsLast CVE: Feb 14, 2026Updated 1mo ago
Risk Assessment

The "alttext-ai" plugin v1.10.30 exhibits a mixed security posture. While a high percentage of SQL queries use prepared statements and output escaping is generally robust, significant concerns arise from the large attack surface exposed without proper authorization checks. All 11 identified AJAX handlers lack authentication, creating a broad entry point for potential exploitation. Furthermore, the taint analysis revealed one high-severity flow with unsanitized paths, which, combined with the lack of authentication on handlers, could lead to serious vulnerabilities.

The vulnerability history shows a pattern of past issues, including missing authorization, SQL injection, and XSS. While there are currently no unpatched CVEs, the recurring nature of these vulnerability types, particularly missing authorization, suggests a need for more rigorous security practices during development. The presence of dangerous functions like `unserialize` also warrants careful review to ensure it's not being used in a way that could be exploited with user-controlled data.

In conclusion, the plugin has strengths in its code sanitization and prepared statement usage. However, the critical weaknesses lie in its unprotected AJAX endpoints and past vulnerability trends. The high number of unprotected entry points and the identified high-severity taint flow are significant risks that need immediate attention. The plugin's history of missing authorization and injection flaws reinforces the need for comprehensive security auditing and secure coding practices.

Key Concerns

  • All 11 AJAX handlers lack authentication
  • High severity taint flow with unsanitized paths
  • Dangerous function 'unserialize' present
  • High number of unprotected entry points
  • Vulnerability history includes missing authorization
  • Vulnerability history includes SQL injection
  • Vulnerability history includes XSS
Vulnerabilities
4 published

Alt Text AI – Automatically generate image alt text for SEO and accessibility Security Vulnerabilities

CVEs by Year

2 CVEs in 2024
2024
1 CVE in 2025
2025
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

High
1
Medium
3

4 total CVEs

CVE-2026-25348medium · 5.3Missing Authorization

Download Alt Text AI <= 1.10.15 - Missing Authorization

Feb 14, 2026 Patched in 1.10.18 (11d)
CVE-2025-46232medium · 4.3Missing Authorization

Download Alt Text AI <= 1.9.93 - Missing Authorization

Apr 22, 2025 Patched in 1.9.94 (9d)
CVE-2024-4847high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Alt Text AI – Automatically generate image alt text for SEO and accessibility <= 1.4.9 - Authenticated (Subscriber+) SQL Injection

May 14, 2024 Patched in 1.5.0 (1d)
CVE-2024-34366medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Download Alt Text AI <= 1.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting

May 3, 2024 Patched in 1.3.5 (5d)
Version History

Alt Text AI – Automatically generate image alt text for SEO and accessibility Release Timeline

v1.10.33Current
v1.10.32
v1.10.31
v1.10.30
v1.10.29
v1.10.28
v1.10.27
v1.10.26
v1.10.25
v1.10.22
v1.10.21
v1.10.20
v1.10.18
v1.10.151 CVE
CVE-2026-25348
v1.10.141 CVE
CVE-2026-25348
v1.10.131 CVE
CVE-2026-25348
v1.10.121 CVE
CVE-2026-25348
v1.10.111 CVE
CVE-2026-25348
v1.10.101 CVE
CVE-2026-25348
v1.10.91 CVE
CVE-2026-25348
Code Analysis
Analyzed Mar 16, 2026

Alt Text AI – Automatically generate image alt text for SEO and accessibility Code Analysis

Dangerous Functions
4
Raw SQL Queries
6
54 prepared
Unescaped Output
3
200 escaped
Nonce Checks
15
Capability Checks
13
File Operations
6
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

unserialize$seo_data = unserialize($seo_data[0]->seo);includes\class-atai-attachment.php:965
unserialize$keyword_data = unserialize(unserialize($keyword_data));includes\class-atai-attachment.php:1035
unserialize$keyword_data = unserialize(unserialize($keyword_data));includes\class-atai-attachment.php:1035
unserialize$focus_keywords = unserialize($raw_focus_keywords);includes\class-atai-attachment.php:1083

SQL Query Safety

90% prepared60 total queries

Output Escaping

99% escaped203 total outputs
Data Flows · Security
4 unsanitized

Data Flow Analysis

10 flows4 with unsanitized paths
ajax_preview_csv (includes\class-atai-attachment.php:2182)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
11 unprotected

Alt Text AI – Automatically generate image alt text for SEO and accessibility Attack Surface

Entry Points11
Unprotected11

AJAX Handlers 11

authwp_ajax_atai_expire_insufficient_credits_noticeincludes\class-atai.php:212
authwp_ajax_atai_update_public_settingincludes\class-atai.php:213
authwp_ajax_atai_network_get_statsincludes\class-atai.php:221
authwp_ajax_atai_network_bulk_generateincludes\class-atai.php:222
authwp_ajax_atai_single_generateincludes\class-atai.php:233
authwp_ajax_atai_bulk_generateincludes\class-atai.php:234
authwp_ajax_atai_edit_historyincludes\class-atai.php:235
authwp_ajax_atai_check_image_eligibilityincludes\class-atai.php:236
authwp_ajax_atai_preview_csvincludes\class-atai.php:237
authwp_ajax_atai_enrich_post_contentincludes\class-atai.php:248
authwp_ajax_atai_check_enrich_post_content_transientincludes\class-atai.php:249
WordPress Hooks 36
actionadmin_enqueue_scriptsadmin\class-atai-settings.php:176
actionadmin_enqueue_scriptsadmin\class-atai-settings.php:211
actionplugins_loadedincludes\class-atai.php:176
actionplugins_loadedincludes\class-atai.php:195
actionadmin_enqueue_scriptsincludes\class-atai.php:198
actionadmin_enqueue_scriptsincludes\class-atai.php:199
filterplugin_row_metaincludes\class-atai.php:200
actionadmin_noticesincludes\class-atai.php:201
actionadmin_menuincludes\class-atai.php:204
actionnetwork_admin_menuincludes\class-atai.php:205
actionadmin_initincludes\class-atai.php:206
actionadmin_initincludes\class-atai.php:207
actionadmin_initincludes\class-atai.php:208
actionnetwork_admin_edit_atai_update_network_settingsincludes\class-atai.php:209
actionadmin_noticesincludes\class-atai.php:210
actionadmin_noticesincludes\class-atai.php:211
filterpre_update_option_atai_api_keyincludes\class-atai.php:215
filteroption_page_capability_atai-settingsincludes\class-atai.php:216
actionnetwork_admin_menuincludes\class-atai.php:219
actionupdate_optionincludes\class-atai.php:227
actionadmin_initincludes\class-atai.php:231
actionadd_attachmentincludes\class-atai.php:232
actionadmin_noticesincludes\class-atai.php:238
actionrestrict_manage_postsincludes\class-atai.php:239
actionpre_get_postsincludes\class-atai.php:240
filterbulk_actions-uploadincludes\class-atai.php:242
filterhandle_bulk_actions-uploadincludes\class-atai.php:243
actiondeleted_postincludes\class-atai.php:246
actionadd_meta_boxesincludes\class-atai.php:247
actionadmin_noticesincludes\class-atai.php:250
actionadmin_initincludes\class-atai.php:251
filterthe_contentincludes\class-atai.php:254
actionadded_post_metaincludes\class-atai.php:258
actionupdated_post_metaincludes\class-atai.php:259
actionatai_post_enrichment_completeincludes\class-atai.php:263
actionpll_translate_mediaincludes\class-atai.php:266
Maintenance & Trust

Alt Text AI – Automatically generate image alt text for SEO and accessibility Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 27, 2026
PHP min version7.4
Downloads833K

Community Trust

Rating94/100
Number of ratings35
Active installs20K
Alternatives

Alt Text AI – Automatically generate image alt text for SEO and accessibility Alternatives

Alt Magic: AI Image Alt Text Generator for WP & Image Rename

Alt Magic: AI Image Alt Text Generator for WP & Image Rename

alt-magic-ai-powered-alt-texts

A
100

AI alt text generator for WordPress with free monthly credits, fast bulk generation for existing and new images, and optional AI image renaming.

1K No CVEs
AI Image Alt Text Generator – Imagerr AI

AI Image Alt Text Generator – Imagerr AI

alt-text-imagerr-ai

A
100

Generate alt text, titles, descriptions, and captions for your images automatically with AI. Improve your SEO and accessibility.

100 No CVEs
AI Alt Text Generator for Images – AltTextLab

AI Alt Text Generator for Images – AltTextLab

alttextlab

A
100

Automatically generate alt text for your images with AI, improve SEO and accessibility automatically.

70 No CVEs
Alt Text Generator- Automatically generate alt text for images using AI

Alt Text Generator- Automatically generate alt text for images using AI

alt-text-generator-ai

A
100

Automatically generate alt text for images using AI. Create descriptive alternative text to boost SEO and improve visibility.

0 No CVEs
Alt Text Go

Alt Text Go

alt-text-go

A
92

Automatically generate alt text for your images. Optimized for SEO.

0 No CVEs
Developer Profile

Alt Text AI – Automatically generate image alt text for SEO and accessibility Developer Profile

alttextai

1 plugin · 20K total installs

95
trust score
Avg Security Score
93/100
Avg Patch Time
7 days
View full developer profile
Detection Fingerprints

How We Detect Alt Text AI – Automatically generate image alt text for SEO and accessibility

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/alttext-ai/admin/css/atai-global.css/wp-content/plugins/alttext-ai/admin/js/admin.js
Script Paths
/wp-content/plugins/alttext-ai/admin/js/admin.js
Version Parameters
alttext-ai/admin/css/atai-global.css?ver=alttext-ai/admin/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
notice--atai
Data Attributes
data-nonce
JS Globals
wp_atai
FAQ

Frequently Asked Questions about Alt Text AI – Automatically generate image alt text for SEO and accessibility