Aura Thumb Site Security & Risk Analysis

wordpress.org/plugins/aura-thumb-site

Aura Thumb Site cria uma visualização automática de suas urls incluídas em uma página ou post. Visualização de miniatura em tempo real de um site a pa …

10 active installs v1.0.1 PHP 7.0+ WP 4.7+ Updated Nov 17, 2020
imageslivesitethumbnailurl
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Aura Thumb Site Safe to Use in 2026?

Generally Safe

Score 85/100

Aura Thumb Site has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The "aura-thumb-site" plugin, version 1.0.1, exhibits a mixed security posture. On the positive side, it demonstrates good practices by not utilizing dangerous functions, making all SQL queries using prepared statements, and having no recorded vulnerabilities in its history. The absence of file operations and external HTTP requests also reduces its attack surface in those areas.

However, significant concerns arise from the static analysis. The plugin has an unprotected AJAX handler, which is a critical entry point that lacks authentication. Furthermore, the taint analysis reveals two flows with unsanitized paths, although these are not flagged as critical or high severity. The lack of nonce checks and capability checks on its entry points, particularly the AJAX handler, creates an avenue for potential privilege escalation or unauthorized actions if an attacker can trigger the handler.

While the plugin's vulnerability history is clean, this does not negate the immediate risks identified in the code. The unprotected AJAX handler is the most pressing issue. The plugin's strengths lie in its secure database interactions and lack of known exploits, but the identified weaknesses in input validation and authorization on its exposed entry points necessitate careful consideration of its security.

Key Concerns

  • Unprotected AJAX handler
  • Flows with unsanitized paths (2)
  • Missing nonce checks
  • Missing capability checks
  • Output escaping below 100%
Vulnerabilities
None known

Aura Thumb Site Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Aura Thumb Site Release Timeline

v1.0.1Current
v1.0
Code Analysis
Analyzed Mar 17, 2026

Aura Thumb Site Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
15
38 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

72% escaped53 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
ATS_update_urls (aura-thumb-site.php:67)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Aura Thumb Site Attack Surface

Entry Points2
Unprotected1

AJAX Handlers 1

authwp_ajax_update_urlaura-thumb-site.php:66

Shortcodes 1

[aura_thumb] aura-thumb-site.php:36
WordPress Hooks 6
actionwp_headaura-thumb-site.php:25
actioninitaura-thumb-site.php:38
actionadmin_initaura-thumb-site.php:48
actionadmin_menuaura-thumb-site.php:50
actionadmin_enqueue_scriptsaura-thumb-site.php:169
actionwp_enqueue_scriptsaura-thumb-site.php:186
Maintenance & Trust

Aura Thumb Site Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.18
Last updatedNov 17, 2020
PHP min version7.0
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

Aura Thumb Site Developer Profile

Karra Max

2 plugins · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Aura Thumb Site

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/aura-thumb-site/css/style.css
Script Paths
/wp-content/plugins/aura-thumb-site/js/script.js
Version Parameters
aura-thumb-site/css/style.css?ver=aura-thumb-site/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
browsershotmshotimgcolorsliderremove
Data Attributes
id="border"id="val_border"id="width"id="val_width"id="space"id="val_space"+6 more
Shortcode Output
<div class="browsershot mshot"><a target="_new"<img src="http://s.wordpress.com/mshots/v1/</div>
FAQ

Frequently Asked Questions about Aura Thumb Site