Does Auto Alt Text have any unpatched vulnerabilities?

No. All known vulnerabilities in Auto Alt Text have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Auto Alt Text compatible with WordPress 6.9.0?

According to WordPress.org data, Auto Alt Text 2.7.0 has been tested up to WordPress 6.9.0. Check the plugin's changelog for the latest compatibility information.

Is Auto Alt Text compatible with PHP 7.4+?

Auto Alt Text requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Auto Alt Text updated?

Auto Alt Text was last updated on Jan 31, 2026. Frequent updates are generally a positive security signal.

What is Auto Alt Text's security score?

Auto Alt Text has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Auto Alt Text Security & Risk Analysis

wordpress.org/plugins/auto-alt-text

This plugin allows you to automatically generate an Alt Text for images uploaded into the media library via AI.

3K active installs v2.7.0 PHP 7.4+ WP 6.0+ Updated Jan 31, 2026

accessibilityalt-tagalt-textopenaiseo

A · Safe

CVEs total1

Unpatched0

Last CVEDec 6, 2025

Download

Safety Verdict

Is Auto Alt Text Safe to Use in 2026?

Generally Safe

Score 99/100

Auto Alt Text has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 6, 2025Updated 2mo ago

Risk Assessment

The "auto-alt-text" v2.7.0 plugin exhibits a generally good security posture, with several positive indicators. The absence of critical or high-severity taint flows, the exclusive use of prepared statements for SQL queries, and the presence of nonce and capability checks on its single AJAX handler are all commendable practices. The plugin also demonstrates a reasonable effort in output escaping, with 74% of outputs being properly escaped. This suggests a developer conscious of common web application vulnerabilities.

However, there are a few areas that warrant attention. The presence of a past medium-severity CVE, even if currently patched, indicates that the plugin has had exploitable vulnerabilities in the past, specifically CSRF. While the current version shows no unpatched vulnerabilities, this history suggests a need for continued vigilance. The 74% output escaping rate, while not alarmingly low, means that a portion of the plugin's output could potentially be vulnerable to XSS if user-controlled data is involved and not sufficiently sanitized before rendering.

In conclusion, "auto-alt-text" v2.7.0 is relatively secure due to strong data handling practices and authentication checks on its entry points. The single past medium vulnerability, however, is a reminder that vigilance is necessary. The slightly imperfect output escaping rate is a minor concern that could be improved for a more robust security profile. Overall, the plugin presents a low to moderate risk, with the primary risk stemming from historical vulnerability patterns and the remaining unescaped outputs.

Key Concerns

Past medium severity CVE (CSRF)
Output escaping not fully implemented (74%)

Vulnerabilities

Auto Alt Text Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-62866medium · 4.3Cross-Site Request Forgery (CSRF)

Auto Alt Text <= 2.5.2 - Cross-Site Request Forgery

Dec 6, 2025 Patched in 2.5.3 (6d)

Code Analysis

Analyzed Mar 16, 2026

Auto Alt Text Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

100 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared8 total queries

Output Escaping

74% escaped135 total outputs

Attack Surface

Auto Alt Text Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_generate_alt_textsrc\App\Admin\MediaLibrary.php:48

WordPress Hooks 15

actionadmin_enqueue_scriptssrc\App\Admin\MediaLibrary.php:39

actionprint_media_templatessrc\App\Admin\MediaLibrary.php:42

filterattachment_fields_to_editsrc\App\Admin\MediaLibrary.php:45

actionadmin_noticessrc\App\Admin\PluginOptions.php:37

actionadmin_enqueue_scriptssrc\App\Admin\PluginOptions.php:39

actionadmin_menusrc\App\Admin\PluginOptions.php:40

actionadmin_initsrc\App\Admin\PluginOptions.php:41

actionadmin_initsrc\App\Admin\PluginOptions.php:42

actionadmin_noticessrc\App\Admin\PluginOptions.php:50

actionadd_attachmentsrc\App\Core\HooksRegistrar.php:92

actionplugins_loadedsrc\App\Core\HooksRegistrar.php:95

filterplugin_action_links_auto-alt-text/auto-alt-text.phpsrc\App\Core\HooksRegistrar.php:98

filterbulk_actions-uploadsrc\App\Core\HooksRegistrar.php:104

actionload-upload.phpsrc\App\Core\HooksRegistrar.php:105

actionadmin_noticessrc\App\Core\HooksRegistrar.php:106

Maintenance & Trust

Auto Alt Text Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.0

Last updatedJan 31, 2026

PHP min version7.4

Downloads22K

Community Trust

Rating100/100

Number of ratings6

Active installs3K

Alternatives

Auto Alt Text Alternatives

AI Image Alt Text Generator with OpenAI Vision Models

alt-text-generator-gpt-vision

100

A WordPress plugin that leverages OpenAI's vision models to automatically generate descriptive and contextually relevant alt text for images.

600 No CVEs

Ozi Image Alt Tag Fixer — Smart Image SEO & Alt Text Optimizer

ozi-image-alt-tag-fixer

100

Automatically detect and fix missing image ALT text to improve accessibility, image SEO, and search visibility.

10 No CVEs

Alt Text Go

alt-text-go

Automatically generate alt text for your images. Optimized for SEO.

0 No CVEs

Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO)

auto-image-attributes-from-filename-with-bulk-updater

100

Automatically add Image Alt Text, Title, Caption and Description from Filename. Bulk update existing images. Great for Image SEO and Accessibility.

100K No CVEs

Bulk Auto Image Alt Text (Alt tag, Alt attribute) optimizer (image SEO)

bulk-image-alt-text-with-yoast

Auto optimize all image alt text (+ Woocommerce ), per page & product, from Yoast SEO / Rank Math optimization settings (keywords).

10K 1 CVE

Developer Profile

Auto Alt Text Developer Profile

Valerio Monti

1 plugin · 3K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

6 days

View full developer profile

Detection Fingerprints

How We Detect Auto Alt Text

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/auto-alt-text/resources/css/media-library.css/wp-content/plugins/auto-alt-text/resources/js/media-library.js/wp-content/plugins/auto-alt-text/resources/css/settings-page.css/wp-content/plugins/auto-alt-text/resources/js/settings-page.js

Script Paths

/wp-content/plugins/auto-alt-text/resources/js/media-library.js/wp-content/plugins/auto-alt-text/resources/js/settings-page.js

Version Parameters

auto-alt-text/resources/css/media-library.css?ver=auto-alt-text/resources/js/media-library.js?ver=auto-alt-text/resources/css/settings-page.css?ver=auto-alt-text/resources/js/settings-page.js?ver=

HTML / DOM Fingerprints

CSS Classes

aatxt-generate-alt-textaatxt-settings-page

HTML Comments

+1 more

Data Attributes

data-post-id

JS Globals

AATXT

FAQ