Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO) Security & Risk Analysis

wordpress.org/plugins/auto-image-attributes-from-filename-with-bulk-updater

Automatically add Image Alt Text, Title, Caption and Description from Filename. Bulk update existing images. Great for Image SEO and Accessibility.

100K active installs v4.9 PHP + WP 3.5.0+ Updated Dec 17, 2025
accessibilityalt-textbulk-edit-imagesimage-seoimage-title
99
A · Safe
CVEs total1
Unpatched0
Last CVEJun 1, 2026
Safety Verdict

Is Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO) Safe to Use in 2026?

Generally Safe

Score 99/100

Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO) has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Jun 1, 2026Updated 6mo ago
Risk Assessment

The plugin 'auto-image-attributes-from-filename-with-bulk-updater' version 4.9 exhibits a mixed security posture. On the positive side, it has no recorded vulnerabilities (CVEs), no dangerous function usage, no external HTTP requests, and no file operations, which are all good indicators. The absence of taint analysis findings and bundled libraries further suggests a relatively clean codebase in those areas.

However, significant concerns arise from the static analysis. The plugin exposes a total of 6 AJAX handlers, with one lacking any authentication checks. This is a critical oversight that could allow unauthorized users to trigger potentially sensitive actions. Additionally, all three SQL queries are executed without prepared statements, posing a risk of SQL injection. The output escaping is also a weakness, with only 45% of outputs being properly escaped, leaving room for cross-site scripting (XSS) vulnerabilities. The presence of nonces and capability checks on some entry points is a positive, but it does not mitigate the risks presented by the unprotected AJAX handler and the raw SQL queries.

Given the complete lack of historical vulnerabilities, it's possible the developers have been diligent. However, the current static analysis reveals significant potential attack vectors. The unprotected AJAX handler and the lack of prepared statements are the most pressing issues. While the plugin's lack of external interactions and file operations are strengths, the identified flaws in input handling and authentication present a notable risk that requires immediate attention.

Key Concerns

  • Unprotected AJAX handler found
  • SQL queries without prepared statements
  • Low percentage of properly escaped output
Vulnerabilities
1 published

Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO) Security Vulnerabilities

CVEs by Year

1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-3722medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO) <= 4.9 - Authenticated (Author+) Stored Cross-Site Scripting via Image Attribute

Jun 1, 2026 Patched in 4.9.1 (1d)
Version History

Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO) Release Timeline

v4.9Current1 CVE
v4.7.11 CVE
v4.71 CVE
v4.61 CVE
v4.41 CVE
v4.3.11 CVE
v4.31 CVE
v4.21 CVE
v4.11 CVE
v4.01 CVE
v3.31 CVE
v3.21 CVE
v3.11 CVE
v3.01 CVE
v2.11 CVE
v2.01 CVE
v1.61 CVE
v1.51 CVE
v1.41 CVE
v1.31 CVE
Code Analysis
Analyzed Mar 16, 2026

Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO) Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
0 prepared
Unescaped Output
34
28 escaped
Nonce Checks
6
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared3 total queries

Output Escaping

45% escaped62 total outputs
Attack Surface
1 unprotected

Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO) Attack Surface

Entry Points6
Unprotected1

AJAX Handlers 6

authwp_ajax_iaff_rename_old_imageadmin\do.php:140
authwp_ajax_iaff_count_remaining_imagesadmin\do.php:195
authwp_ajax_iaff_reset_bulk_updater_counteradmin\do.php:216
authwp_ajax_iaff_before_bulk_updateradmin\do.php:237
authwp_ajax_iaff_after_bulk_updateradmin\do.php:258
authwp_ajax_iaff_bulk_updater_skip_imageadmin\do.php:302
WordPress Hooks 19
actionadmin_menuadmin\admin-setup.php:35
actionadmin_initadmin\admin-setup.php:257
actionadmin_enqueue_scriptsadmin\admin-setup.php:450
actionadmin_post_iaff_activate_image_attributes_pro_pluginadmin\admin-setup.php:519
actionplugins_loadedadmin\basic-setup.php:41
filterplugin_action_links_auto-image-attributes-from-filename-with-bulk-updater/iaff_image-attributes-from-filename.phpadmin\basic-setup.php:56
filterplugin_row_metaadmin\basic-setup.php:78
actionadmin_noticesadmin\basic-setup.php:117
filteradmin_footer_textadmin\basic-setup.php:146
filterupdate_footeradmin\basic-setup.php:163
filtermanage_media_columnsadmin\columns-media-library.php:11
actionmanage_media_custom_columnadmin\columns-media-library.php:12
actionadd_attachmentadmin\do.php:62
actionadmin_footeradmin\do.php:563
filtermedia_send_to_editoradmin\do.php:595
filterwp_get_attachment_linkadmin\do.php:611
filterwp_handle_upload_prefilteradmin\do.php:647
filterwp_read_image_metadataadmin\do.php:834
actionadmin_initiaff_image-attributes-from-filename.php:221
Maintenance & Trust

Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 17, 2025
PHP min version
Downloads917K

Community Trust

Rating96/100
Number of ratings92
Active installs100K
Developer Profile

Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO) Developer Profile

Arun Basil Lal

4 plugins · 110K total installs

96
trust score
Avg Security Score
94/100
Avg Patch Time
1 days
View full developer profile
Detection Fingerprints

How We Detect Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/auto-image-attributes-from-filename-with-bulk-updater/admin/css/bootstrap.min.css/wp-content/plugins/auto-image-attributes-from-filename-with-bulk-updater/admin/css/bootstrap-datetimepicker.min.css/wp-content/plugins/auto-image-attributes-from-filename-with-bulk-updater/admin/css/bootstrap-select.min.css/wp-content/plugins/auto-image-attributes-from-filename-with-bulk-updater/admin/css/jquery.dataTables.min.css/wp-content/plugins/auto-image-attributes-from-filename-with-bulk-updater/admin/css/select2.min.css/wp-content/plugins/auto-image-attributes-from-filename-with-bulk-updater/admin/css/sweetalert.css/wp-content/plugins/auto-image-attributes-from-filename-with-bulk-updater/admin/css/theme.css/wp-content/plugins/auto-image-attributes-from-filename-with-bulk-updater/admin/js/bootstrap.min.js+18 more
Script Paths
/wp-content/plugins/auto-image-attributes-from-filename-with-bulk-updater/admin/js/bootstrap.min.js/wp-content/plugins/auto-image-attributes-from-filename-with-bulk-updater/admin/js/bootstrap-datetimepicker.min.js/wp-content/plugins/auto-image-attributes-from-filename-with-bulk-updater/admin/js/bootstrap-select.min.js/wp-content/plugins/auto-image-attributes-from-filename-with-bulk-updater/admin/js/chart.bundle.min.js/wp-content/plugins/auto-image-attributes-from-filename-with-bulk-updater/admin/js/chart.min.js/wp-content/plugins/auto-image-attributes-from-filename-with-bulk-updater/admin/js/chartjs-plugin-datalabels.min.js+13 more
Version Parameters
/wp-content/plugins/auto-image-attributes-from-filename-with-bulk-updater/admin/css/theme.css?ver=/wp-content/plugins/auto-image-attributes-from-filename-with-bulk-updater/admin/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
iaff-bulk-upload-modaliaff-import-data-modaliaff-settings-formiaff-settings-field
HTML Comments
<!-- START AUTO IMAGE ATTRIBUTES FROM FILENAME WITH BULK UPDATER v4.9 --><!-- END AUTO IMAGE ATTRIBUTES FROM FILENAME WITH BULK UPDATER -->
Data Attributes
data-iaff-bulk-uploaddata-iaff-import-data
JS Globals
IAFF_Admin_Scriptiaff_settings_object
FAQ

Frequently Asked Questions about Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO)