[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fFQyblS_zhJGRuk3buzaGHgVATBoii718x8hhypZCf_0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":37,"analysis":53,"fingerprints":147},"auto-smart-thumbnails","Auto Smart Thumbnails","1.1.4","longchaoliu","https:\u002F\u002Fprofiles.wordpress.org\u002Flongchaoliu\u002F","\u003Ch4>I. Face detection\u003C\u002Fh4>\n\u003Cp>WordPress (WP) plugin\u002Fthemes crop images per fixed position {top, center, bottom} x {left, center, right}. This often generates thumbnails with faces being cut out. This plugin (Auto Smart Thumbnails, AST) employs face detection to keep the face in the center of cropped images.\u003C\u002Fp>\n\u003Ch4>II. Downsize images\u003C\u002Fh4>\n\u003Cp>There are many ways to backup\u002Fstore your images. Your web server host is the last option for that though (too expensive). Essentially, your web server serves one purpose and one purpose only: a lean fast website. So making it small and agile is critical in both user experience and website maintenance.\u003C\u002Fp>\n\u003Cp>Media files (pdf, movie and images) are usually the biggest storage eaters. Here are some practice tips related to images:\u003Cbr \u002F>\n1. Use jpg to store images. No png except for the logo images.\u003Cbr \u002F>\n2. Downsize your images to about (1920×1080, full high definition, FHD).\u003Cbr \u002F>\n3. Get rid of those unused thumbnails.\u003C\u002Fp>\n\u003Cp>AST helps you with 2 and 3. It helped to trim my website from 24G to 9G.\u003C\u002Fp>\n\u003Cp>AST downsizes big images in a smart way. It does so by a factor of an integer, e.g. 2, 3, 4 etc, so that the result image looks as crisp as the original on a webpage, e.g. an image of (5184×3456) is downsized by 3 to (1728×1152) and its file size is down from 4.9M to 239K. Conventional tools may downsize it by 3.2 (=3456\u002F1080) to (1687×1080, short side exact FHD). Blurring happens because of the pixels fractioned.\u003C\u002Fp>\n\u003Cp>For images smaller than 3840×2160, which can’t even be downsized by a factor of 2, they will be compressed (at WP default quality of 82%. Though the document says the default quality is 90%, in code it’s 82%.)\u003C\u002Fp>\n\u003Ch4>III. Cleanup thumbnails\u003C\u002Fh4>\n\u003Cp>Some WP themes generate many, sometimes 10s of, custom sized thumbnails when an image is uploaded. These thumbnails may never be used yet take up your precious server storage space. AST helps remove these unused thumbnails and stop them from being generated when an image is uploaded. But a thumbnail will be generated and generated only when it is requested. The newly generated thumbnail is then stored for later use.\u003C\u002Fp>\n\u003Ch3>Notes\u003C\u002Fh3>\n\u003Cp>AST is based on \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Foptimize-images-resizing\u002F\" rel=\"ugc\">‘Optimize images Resizing’ by OriginalEXE\u003C\u002Fa>, which seems to be dormant for years.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmauricesvay\u002Fphp-facedetection\" rel=\"nofollow ugc\">Face detection algorithm is by Maurice Svay\u003C\u002Fa>. It returns only the first face candidate detected. For most of images it does the job well and and it’s a bit faster than another implementation \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffelixkoch\u002FPHP-FaceDetector\" rel=\"nofollow ugc\">PHP-FaceDetector by Felix Koch\u003C\u002Fa>. When it fails to detect face(s), the cropping will be done by the WordPress default.\u003C\u002Fp>\n\u003Cp>The module is designed to be \u003Cstrong>extendable\u003C\u002Fstrong>. Other plugins can do face detection, e.g. with faster algorithms or better accuracy, or can designate focal points manually, then store the face\u002Ffocal data to the meta data of an image. AST can pick up the data to do cropping. This is done by adding a new field ‘focal_area’ in the meta data, as below:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Array (\n [width] => 512\n [height] => 512\n [file] => 2019\u002F04\u002Fsample-image-file.jpg\n [sizes] => Array ()\n [focal_area] = (\n [x] => 100\n [y] => 123\n [w] => 58\n [h] => 58\n [faces] => Array (\n [tharavaad-svay] => Array (\n [0] => Array (\n [x] => 100\n [y] => 123\n [w] => 58\n )\n )\n [koch] => Array (\n [0] => Array (\n [x] => 100\n [y] => 123\n [w] => 58\n )\n [1] => Array (\n ...\n )\n )\n )\n )\n)\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The focal_area is defined by the position (x, y) and width and height. External plugins can store the detection result with these 4 parameters. AST can pick them up for cropping.\u003C\u002Fp>\n\u003Cp>The ‘focal_area’ can be non-face objects that users want to focus on. Within it, the optional ‘faces’ array defines faces detected and the algorithm used.\u003C\u002Fp>\n\u003Cp>To make it simple, some assumptions and numbers are defined as below:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>To resave png images in jpg will save a lot space. But it needs to mess up with the WP database, which I stayed away for now. You may want to \u003Ca href=\"https:\u002F\u002Fwww.xnview.com\u002Fen\u002Fxnviewmp\u002F\" rel=\"nofollow ugc\">convert your png images to jpg\u003C\u002Fa> before uploading them to your server.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>An image is downsized only when its short side > 2×1080. Otherwise it’s re-compressed when its size >128k bytes. The new jpg file replaces the original only when it’s 25k bytes smaller.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>When a downsizing happens, the original is saved in uploads\u002Fast-backup. The year\u002Fmonth structure is preserved. To save the server storage space, it’s recommended to download it and delete it from the server.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>I didn’t get time to handle the localization language files yet.\u003C\u002Fp>\n\u003Cp>Please let me know how it works for you, or any improvement suggestions or feedback. Thanks!\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Flongchaoliu\u002Fauto-smart-thumbnails\" rel=\"nofollow ugc\">Source code\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fdiscord.gg\u002F8ekYwzv\" rel=\"nofollow ugc\">Discord forum\u003C\u002Fa>\u003C\u002Fp>\n","Plugin creates thumbnails on demand with face detection. Remove unused thumbnails and downsizes images. Free up server storage.",60,4759,86,6,"2022-03-02T22:24:00.000Z","5.9.13","3.8","7.0",[20,21,22,23,24],"cleanup-thumbnails","downsize-images","face-detection","free-up-server-storage","smart-thumbnails","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauto-smart-thumbnails.1.1.4.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},1,30,84,"2026-04-04T20:18:48.916Z",[38],{"slug":22,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":28,"num_ratings":28,"last_updated":47,"tested_up_to":48,"requires_at_least":25,"requires_php":25,"tags":49,"homepage":51,"download_link":52,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"Face Detection","1.0","mdifelice","https:\u002F\u002Fprofiles.wordpress.org\u002Fmdifelice\u002F","\u003Cp>This plugin allows to generate cropped thumbnails without cutting heads or faces. It detects whether uploaded images have faces in it thus when generating cropped thumbnails based on such image, they will be centered in the largest face found.\u003C\u002Fp>\n","This plugin allows to generate cropped thumbnails without cutting heads or faces. It detects whether uploaded images have faces in it thus when genera …",10,1283,"2019-10-28T22:23:00.000Z","5.3.21",[22,50],"thumbnails","https:\u002F\u002Fgithub.com\u002Fmdifelice\u002Fface-detection","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fface-detection.zip",{"attackSurface":54,"codeSignals":94,"taintFlows":110,"riskAssessment":137,"analyzedAt":146},{"hooks":55,"ajaxHandlers":80,"restRoutes":90,"shortcodes":91,"cronEvents":92,"entryPointCount":93,"unprotectedCount":33},[56,62,67,71,76],{"type":57,"name":58,"callback":59,"file":60,"line":61},"action","plugins_loaded","load_textdomain","auto-smart-thumbnails.php",34,{"type":57,"name":63,"callback":64,"file":65,"line":66},"admin_menu","add_tools_subpage","inc\\class-ast-remove-image-sizes.php",22,{"type":57,"name":68,"callback":69,"file":65,"line":70},"admin_enqueue_scripts","enqueue_assets",25,{"type":72,"name":73,"callback":74,"priority":45,"file":65,"line":75},"filter","intermediate_image_sizes_advanced","remove_intermediate_sizes",29,{"type":72,"name":77,"callback":77,"priority":45,"file":78,"line":79},"image_downsize","inc\\class-ast-resize-image.php",24,[81,87],{"action":82,"nopriv":83,"callback":84,"hasNonce":85,"hasCapCheck":83,"file":65,"line":86},"ast_Remove_Image_Sizes",false,"remove_image_sizes",true,23,{"action":88,"nopriv":83,"callback":89,"hasNonce":83,"hasCapCheck":83,"file":65,"line":79},"ast_Get_Debug_Log","get_debug_log",[],[],[],2,{"dangerousFunctions":95,"sqlUsage":101,"outputEscaping":103,"fileOperations":108,"externalRequests":28,"nonceChecks":33,"capabilityChecks":33,"bundledLibraries":109},[96],{"fn":97,"file":98,"line":99,"context":100},"unserialize","inc\\class-ast-face-detector.php",54,"$this->detection_data = unserialize(file_get_contents($detection_data));",{"prepared":28,"raw":28,"locations":102},[],{"escaped":45,"rawEcho":33,"locations":104},[105],{"file":65,"line":106,"context":107},143,"raw output",11,[],[111,129],{"entryPoint":112,"graph":113,"unsanitizedCount":28,"severity":128},"remove_image_sizes (inc\\class-ast-remove-image-sizes.php:201)",{"nodes":114,"edges":126},[115,120],{"id":116,"type":117,"label":118,"file":65,"line":119},"n0","source","$_POST",203,{"id":121,"type":122,"label":123,"file":65,"line":124,"wp_function":125},"n1","sink","update_option() [Settings Manipulation]",206,"update_option",[127],{"from":116,"to":121,"sanitized":85},"low",{"entryPoint":130,"graph":131,"unsanitizedCount":28,"severity":128},"\u003Cclass-ast-remove-image-sizes> (inc\\class-ast-remove-image-sizes.php:0)",{"nodes":132,"edges":135},[133,134],{"id":116,"type":117,"label":118,"file":65,"line":119},{"id":121,"type":122,"label":123,"file":65,"line":124,"wp_function":125},[136],{"from":116,"to":121,"sanitized":85},{"summary":138,"deductions":139},"The \"auto-smart-thumbnails\" plugin v1.1.4 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and properly escaping the vast majority of its output. The absence of known vulnerabilities in its history, including any critical or high-severity ones, is also a significant strength. Furthermore, the taint analysis reveals no critical or high-severity flows with unsanitized paths, indicating a generally robust handling of potentially malicious input concerning file paths. However, several areas raise concern. The presence of an AJAX handler that lacks authentication checks creates a direct attack vector that could be exploited by unauthenticated users. Additionally, the use of the `unserialize` function, even if not currently exploited in a detectable taint flow, represents a potential risk if the serialized data originates from an untrusted source and lacks proper validation. While the plugin has a clean vulnerability history, this does not negate the immediate risks identified in the code analysis.",[140,143],{"reason":141,"points":142},"Unprotected AJAX handler",8,{"reason":144,"points":145},"Use of 'unserialize' function",7,"2026-03-16T21:42:38.367Z",{"wat":148,"direct":157},{"assetPaths":149,"generatorPatterns":152,"scriptPaths":153,"versionParams":154},[150,151],"\u002Fwp-content\u002Fplugins\u002Fauto-smart-thumbnails\u002Fcss\u002Fast-admin-styles.css","\u002Fwp-content\u002Fplugins\u002Fauto-smart-thumbnails\u002Fjs\u002Fast-admin-scripts.js",[],[151],[155,156],"auto-smart-thumbnails\u002Fcss\u002Fast-admin-styles.css?ver=","auto-smart-thumbnails\u002Fjs\u002Fast-admin-scripts.js?ver=",{"cssClasses":158,"htmlComments":160,"htmlAttributes":161,"restEndpoints":163,"jsGlobals":164,"shortcodeOutput":165},[159],"ast-debug-setting",[],[162],"name=\"ast-debug-setting\"",[],[],[]]