Does WP Custom Author Image have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Custom Author Image have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Custom Author Image compatible with WordPress 5.2.24?

According to WordPress.org data, WP Custom Author Image 1.0 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

How often is WP Custom Author Image updated?

WP Custom Author Image was last updated on Aug 27, 2019. Frequent updates are generally a positive security signal.

What is WP Custom Author Image's security score?

WP Custom Author Image has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Custom Author Image Security & Risk Analysis

wordpress.org/plugins/author-image

Lets you easily add WP Custom Author Images on your site.

100 active installs v1.0 PHP + WP 3.1+ Updated Aug 27, 2019

authoruser-gravataruser-photouser-profile-photowp-custom-author-image

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Custom Author Image Safe to Use in 2026?

Generally Safe

Score 85/100

WP Custom Author Image has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The author-image plugin v1.0 exhibits a mixed security posture. On the positive side, it has a very small attack surface, with only one shortcode identified as an entry point and no unprotected handlers for AJAX or REST API requests. The absence of known CVEs in its history is also a strong indicator of past security diligence. However, the code analysis reveals significant areas of concern. Notably, 100% of its SQL queries are not using prepared statements, which presents a high risk of SQL injection vulnerabilities. Furthermore, only 44% of output is properly escaped, leaving potential for cross-site scripting (XSS) vulnerabilities. The lack of nonce checks and only one capability check across the plugin's operations suggest that authentication and authorization might not be consistently enforced, especially if the shortcode interacts with sensitive data or functions.

Key Concerns

SQL queries not using prepared statements
Low percentage of properly escaped output
No nonce checks
Minimal capability checks

Vulnerabilities

None known

WP Custom Author Image Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Custom Author Image Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

17 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

44% escaped39 total outputs

Attack Surface

WP Custom Author Image Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[wp-custom-author-image] wp-custom-author-image.php:705

WordPress Hooks 7

actionshow_user_profilemultipart-user\multipart-user.php:40

actionedit_user_profilemultipart-user\multipart-user.php:41

actionedit_user_profilewp-custom-author-image-admin.php:66

actionshow_user_profilewp-custom-author-image-admin.php:67

actionprofile_updatewp-custom-author-image-admin.php:68

actionplugins_loadedwp-custom-author-image.php:98

actionwidgets_initwp-custom-author-image.php:129

Maintenance & Trust

WP Custom Author Image Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedAug 27, 2019

PHP min version

Downloads3K

Community Trust

Rating100/100

Number of ratings2

Active installs100

Alternatives

WP Custom Author Image Alternatives

Mindutopia User Thumbnails

mindutopia-user-thumbnails

This plugin gives you the ability to add user thumbnails to your WordPress users much like featured images on posts, the images replace the gravatars.

10 No CVEs

Edit Author Slug

edit-author-slug

100

Allows an admin (or capable user) to edit the author slug of a user, and change the author base.

100K No CVEs

Simple Local Avatars

simple-local-avatars

Adds an avatar upload field to user profiles. Generates requested sizes on demand just like Gravatar!

100K 6 CVEs

WP Meta and Date Remover

wp-meta-and-date-remover

Remove meta author and date information from posts and pages. Hide from Humans and Search engines.SEO friendly and most advance plugin.

90K 2 CVEs

Simple Author Box

simple-author-box

Add a responsive author box or guest author box with social icons to any post. Great author box for any site!

80K 2 CVEs

Developer Profile

WP Custom Author Image Developer Profile

p4wparamjeet

2 plugins · 110 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Custom Author Image

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-custom-author-image/css/style.css/wp-content/plugins/wp-custom-author-image/js/script.js

Script Paths

/wp-content/plugins/wp-custom-author-image/js/script.js

Version Parameters

wp-custom-author-image/css/style.css?ver=wp-custom-author-image/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

wp_custom_author_image

HTML Comments

Data Attributes

data-author-iddata-image-size

JS Globals

wp_custom_author_image_settings

Shortcode Output

[wp_custom_author_image][wp_custom_author_image title="" bio="" link="" always="" size="" author_id=""]

FAQ