Does Auto Image Field have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Auto Image Field compatible with WordPress 3.9.40?

According to WordPress.org data, Auto Image Field 2.0 has been tested up to WordPress 3.9.40. Check the plugin's changelog for the latest compatibility information.

How often is Auto Image Field updated?

Auto Image Field was last updated on Jun 23, 2014. Frequent updates are generally a positive security signal.

What is Auto Image Field's security score?

Auto Image Field has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Auto Image Field Security & Risk Analysis

wordpress.org/plugins/auto-image-field

This plugin allow you to administrate image custom fields easily using the wordpress media gallery

10 active installs v2.0 PHP + WP 2.8+ Updated Jun 23, 2014

custom-fieldcustom-image-fieldfieldimageimage-field

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Auto Image Field Safe to Use in 2026?

Generally Safe

Score 85/100

Auto Image Field has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The "auto-image-field" v2.0 plugin exhibits a mixed security posture. On the positive side, the plugin utilizes prepared statements for all SQL queries and avoids file operations and external HTTP requests, which are common vectors for vulnerabilities. Furthermore, there is no recorded vulnerability history, suggesting a good track record for past versions. However, the static analysis reveals significant concerns. A substantial portion of output (69%) is not properly escaped, posing a risk of cross-site scripting (XSS) vulnerabilities if user-supplied data is reflected in the output without sanitization. The taint analysis highlights three high-severity flows with unsanitized paths, which, despite the absence of direct code execution indicators, could still lead to unintended behavior or data exposure if these paths are reachable by attackers. The complete absence of nonce and capability checks across all identified entry points (though the entry point count is zero) is also a notable weakness, as it implies that even if new entry points were added or discovered, they might not be adequately protected against common web attacks.

Key Concerns

High severity unsanitized taint flows
Insufficient output escaping
No nonce checks
No capability checks

Vulnerabilities

None known

Auto Image Field Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Auto Image Field Release Timeline

No version history available.

Code Analysis

Analyzed Apr 16, 2026

Auto Image Field Code Analysis

Dangerous Functions

Raw SQL Queries

27 prepared

Unescaped Output

12 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared27 total queries

Output Escaping

31% escaped39 total outputs

Data Flows · Security

4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths

andmedia_insert_handler (auto-image-field.php:71)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Auto Image Field Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 9

actionadmin_menuauto-image-field.php:28

actionsave_postauto-image-field.php:29

actionpublish_postauto-image-field.php:30

actionprivate_to_publishedauto-image-field.php:31

actionsubmitpost_boxauto-image-field.php:32

actionmedia_upload_andimageauto-image-field.php:33

actionmedia_upload_andlibraryauto-image-field.php:34

filtermedia_upload_tabsauto-image-field.php:55

actionadmin_headauto-image-field.php:208

Maintenance & Trust

Auto Image Field Maintenance & Trust

Maintenance Signals

WordPress version tested3.9.40

Last updatedJun 23, 2014

PHP min version

Downloads5K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Auto Image Field Alternatives

Simple Image XML Sitemap

simple-image-xml-sitemap

The Simple Image XML Sitemap plugin will generate a XML Sitemap for specifically for all images including images uploaded as Advanced Custom Fields (P …

1K No CVEs

My Upload Images

my-upload-images

Create metabox with media uploader. It allows to upload and sort images in any post_type.

400 No CVEs

Advanced Custom Fields: Image Size Select Field

acf-image-size-select

100

Field to select registered image sizes within the WordPress dashboard.

300 No CVEs

BuddyPress XProfile Custom Image Field

buddypress-xprofile-image-field

With the BPXPIF plugin you can add XProfile fields of type Image without writing any custom code.

300 1 CVE

Default Image Addon for ACF

acf-default-image-addon

This plugin provides the feature to add an option for the default image in the field type image.

100 No CVEs

Developer Profile

Auto Image Field Developer Profile

andur

2 plugins · 20 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Auto Image Field

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/auto-image-field/images/media-button-image.gif

Script Paths

/wp-content/plugins/auto-image-field/custom-header.js.php

HTML / DOM Fingerprints

Data Attributes

data-update-linkdata-choosedata-update

JS Globals

wp.media

FAQ