Does Auto Featured Image (Auto Generated) have any unpatched vulnerabilities?

No. All known vulnerabilities in Auto Featured Image (Auto Generated) have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Auto Featured Image (Auto Generated) compatible with WordPress 6.9.0?

According to WordPress.org data, Auto Featured Image (Auto Generated) 2.2.7 has been tested up to WordPress 6.9.0. Check the plugin's changelog for the latest compatibility information.

Is Auto Featured Image (Auto Generated) compatible with PHP 7.4.0+?

Auto Featured Image (Auto Generated) requires PHP 7.4.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Auto Featured Image (Auto Generated) updated?

Auto Featured Image (Auto Generated) was last updated on Feb 1, 2026. Frequent updates are generally a positive security signal.

What is Auto Featured Image (Auto Generated)'s security score?

Auto Featured Image (Auto Generated) has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Auto Featured Image (Auto Generated) Security & Risk Analysis

wordpress.org/plugins/auto-featured-image-auto-generated

Automatically generate a featured image from the post title (Background with post title overlay) from media library. This plugins generate a featured …

300 active installs v2.2.7 PHP 7.4.0+ WP 5.1+ Updated Feb 1, 2026

auto-generated-featured-imageauto-generated-imageautomatic1111featured-imageimage-creation

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Auto Featured Image (Auto Generated) Safe to Use in 2026?

Generally Safe

Score 100/100

Auto Featured Image (Auto Generated) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The "auto-featured-image-auto-generated" v2.2.7 plugin exhibits a mixed security posture. While it demonstrates good practices by exclusively using prepared statements for SQL queries and having a clean vulnerability history with no recorded CVEs, several concerning areas warrant attention. The presence of the `exec` function, classified as dangerous, alongside a significant percentage of improperly escaped output (52%) suggests potential avenues for code injection or XSS vulnerabilities if data is not handled rigorously. Furthermore, the plugin exposes an unprotected AJAX handler, presenting a direct attack vector if malicious input is processed without proper authentication or authorization checks. The taint analysis, though limited in scope, shows flows with unsanitized paths, which, combined with the unprotected AJAX handler and dangerous function usage, could potentially be leveraged in an exploit chain.

Key Concerns

Unprotected AJAX handler
Dangerous function usage (exec)
Significant unescaped output
Flows with unsanitized paths
Bundled outdated library (Freemius v1.0)

Vulnerabilities

None known

Auto Featured Image (Auto Generated) Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Auto Featured Image (Auto Generated) Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

203

187 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

exec$system['ffmpeg'] = ( exec( 'ffmpeg -version' ) ? true : false );admin\Admin.class.php:452

exec$ffmpeg = ( exec( 'ffmpeg -version' ) ? true : false );admin\inc\Image.class.php:1149

execexec( $cmd );admin\inc\Image.class.php:1168

Bundled Libraries

Freemius1.0

Output Escaping

48% escaped390 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

restrict_manage_posts (admin\Admin.class.php:100)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Auto Featured Image (Auto Generated) Attack Surface

Entry Points2

Unprotected1

AJAX Handlers 2

authwp_ajax_atfit_get_imageadmin\Admin.class.php:46

authwp_ajax_atfit_bulk_imageadmin\Admin.class.php:47

WordPress Hooks 17

actionadmin_menuadmin\Admin.class.php:21

actionadmin_enqueue_scriptsadmin\Admin.class.php:23

actionadmin_enqueue_scriptsadmin\Admin.class.php:25

filterattachment_fields_to_editadmin\Admin.class.php:30

filtermanage_media_columnsadmin\Admin.class.php:37

actionmanage_media_custom_columnadmin\Admin.class.php:38

filtermanage_upload_sortable_columnsadmin\Admin.class.php:44

actionadmin_enqueue_scriptsadmin\Admin.class.php:49

filterupload_mimesadmin\Admin.class.php:51

filterwp_check_filetype_and_extadmin\Admin.class.php:52

filterpost_mime_typesadmin\Admin.class.php:59

filterwp_prepare_attachment_for_jsadmin\Admin.class.php:66

actionadd_meta_boxesadmin\Admin.class.php:73

actionedit_attachmentadmin\Admin.class.php:84

actionshutdownadmin\Trigger.class.php:66

actionplugins_loadedindex.php:32

actionafter_uninstallindex.php:43

Maintenance & Trust

Auto Featured Image (Auto Generated) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.0

Last updatedFeb 1, 2026

PHP min version7.4.0

Downloads15K

Community Trust

Rating72/100

Number of ratings7

Active installs300

Alternatives

Auto Featured Image (Auto Generated) Alternatives

Auto Featured Image (Auto Post Thumbnail)

auto-post-thumbnail

Automatically generate, assign, and manage featured images in bulk so every post on your site has a featured image.

50K 6 CVEs

Quick Featured Images

quick-featured-images

The time-saving solution for managing tons of featured images within minutes: Set, replace and delete in bulk and set default images for future posts.

50K 3 CVEs

Conditionally display featured image on singular posts and pages

conditionally-display-featured-image-on-singular-pages

100

Easily control whether the featured image appears in the single post or page view (doesn't hide it in archive/list view).

30K No CVEs

XO Featured Image Tools

xo-featured-image-tools

100

Automatically generate the featured image from the image of the post.

30K No CVEs

Featured Images in RSS for Mailchimp & More

featured-images-for-rss-feeds

100

Send images to RSS instantly for free. Output blog or WooCommerce photos to Mailchimp RSS email campaigns, ActiveCampaign, Hubspot, Feedly and more.

20K No CVEs

Developer Profile

Auto Featured Image (Auto Generated) Developer Profile

Jose Canchila (Jodacame)

5 plugins · 330 total installs

trust score

Avg Security Score

91/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Auto Featured Image (Auto Generated)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/auto-featured-image-auto-generated/admin/assets/css/bootstrap-select.min.css/wp-content/plugins/auto-featured-image-auto-generated/admin/assets/css/bootstrap-toggle.min.css/wp-content/plugins/auto-featured-image-auto-generated/admin/assets/css/style.css/wp-content/plugins/auto-featured-image-auto-generated/admin/assets/js/bootstrap-select.min.js/wp-content/plugins/auto-featured-image-auto-generated/admin/assets/js/bootstrap-toggle.min.js/wp-content/plugins/auto-featured-image-auto-generated/admin/assets/js/main.js

Script Paths

/wp-content/plugins/auto-featured-image-auto-generated/admin/assets/js/bootstrap-select.min.js/wp-content/plugins/auto-featured-image-auto-generated/admin/assets/js/bootstrap-toggle.min.js/wp-content/plugins/auto-featured-image-auto-generated/admin/assets/js/main.js

Version Parameters

auto-featured-image-auto-generated/admin/assets/css/style.css?ver=auto-featured-image-auto-generated/admin/assets/js/main.js?ver=

HTML / DOM Fingerprints

CSS Classes

atfit_settingsatfit_advanced_settingsatfit_add_new_btnatfit_add_new_layer_btn

Data Attributes

data-toggle="toggle"data-on="Enabled"data-off="Disabled"

JS Globals

atfit_localize_vars

FAQ

Auto Featured Image (Auto Generated) Security & Risk Analysis

Is Auto Featured Image (Auto Generated) Safe to Use in 2026?

Generally Safe

Key Concerns

Auto Featured Image (Auto Generated) Security Vulnerabilities

Auto Featured Image (Auto Generated) Code Analysis

Dangerous Functions Found

Bundled Libraries

Output Escaping

Data Flow Analysis

Auto Featured Image (Auto Generated) Attack Surface

AJAX Handlers 2

Auto Featured Image (Auto Generated) Maintenance & Trust

Maintenance Signals

Community Trust

Auto Featured Image (Auto Generated) Alternatives

Auto Featured Image (Auto Post Thumbnail)

Quick Featured Images

Conditionally display featured image on singular posts and pages

XO Featured Image Tools

Featured Images in RSS for Mailchimp & More

Auto Featured Image (Auto Generated) Developer Profile

How We Detect Auto Featured Image (Auto Generated)

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Auto Featured Image (Auto Generated)