Async Image Credits – Lightweight automatic image credits Security & Risk Analysis
wordpress.org/plugins/async-image-creditsAdd visible credits to media images using JavaScript and configurable templates. Works automatically and includes a shortcode.
Is Async Image Credits – Lightweight automatic image credits Safe to Use in 2026?
Generally Safe
Score 100/100Async Image Credits – Lightweight automatic image credits has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The async-image-credits plugin v1.2.1 demonstrates a generally strong security posture based on the provided static analysis. The code incorporates several good security practices, including the exclusive use of prepared statements for its SQL queries, a high percentage of properly escaped output, and the presence of nonce and capability checks. The absence of dangerous functions, file operations, and external HTTP requests further mitigates potential risks. The total attack surface is relatively small and, crucially, appears to be protected by authentication checks, as indicated by the zero unprotected entry points.
Taint analysis reveals no critical or high severity flows with unsanitized paths, which is a very positive sign. The vulnerability history also shows no known CVEs, indicating a lack of publicly disclosed vulnerabilities. This historical data suggests a consistent commitment to security or a lack of historically exploitable flaws. Overall, the plugin appears to be well-developed from a security perspective, with few identifiable weaknesses based on this analysis. The primary strength lies in its secure handling of sensitive operations like database interaction and output rendering.
Key Concerns
- One capability check is present, but only one of three entry points is covered.
- One AJAX handler is not covered by a capability check.
- 14% of output is not properly escaped.
Async Image Credits – Lightweight automatic image credits Security Vulnerabilities
Async Image Credits – Lightweight automatic image credits Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
Async Image Credits – Lightweight automatic image credits Attack Surface
AJAX Handlers 2
Shortcodes 1
WordPress Hooks 4
Maintenance & Trust
Async Image Credits – Lightweight automatic image credits Maintenance & Trust
Maintenance Signals
Community Trust
Async Image Credits – Lightweight automatic image credits Alternatives
Popular Brand Icons – Simple Icons
simple-icons
An easy to use lightweight SVG icons plugin with over 1500+ brand icons. Use these icons in your menus, widgets, posts, or pages.
W4 Post List
w4-post-list
W4 Post List lets you create a list of posts, terms, users or a combined one. Decorate output using shortcodes. It's just easy and fun.
Webcomic
webcomic
Comic publishing power for the web. Turn your WordPress-powered site into a comic publishing platform with Webcomic.
Image Credits nofollow
image-credits-nofollow
Adds credits to the media uploads: Source and source URL. URLs are nofollow by default.
Social Media Shortcodes
social-media-shortcodes
Registers shortcodes for your posts, pages, or post types that display user profile links to various social media websites.
Async Image Credits – Lightweight automatic image credits Developer Profile
14 plugins · 850 total installs
How We Detect Async Image Credits – Lightweight automatic image credits
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/async-image-credits/assets/js/show-credits.js/wp-content/plugins/async-image-credits/assets/css/credits.csswp-content/plugins/async-image-credits/assets/js/show-credits.jsasyncimagecreditsjs?ver=1.3asyncimagecreditscss?ver=1.3HTML / DOM Fingerprints
asyncimagecreditscredits-listasyncimagecredits_ajax/wp-json/async-image-credits/v1/...<ul class="asyncimagecreditscredits-list">