Does Auto Upload Images have any unpatched vulnerabilities?

Yes — Auto Upload Images currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Auto Upload Images compatible with WordPress 6.1.10?

According to WordPress.org data, Auto Upload Images 3.3.2 has been tested up to WordPress 6.1.10. Check the plugin's changelog for the latest compatibility information.

How often is Auto Upload Images updated?

Auto Upload Images was last updated on Dec 16, 2022. Frequent updates are generally a positive security signal.

What is Auto Upload Images's security score?

Auto Upload Images has a WP-Safety security score of 58/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Auto Upload Images Security & Risk Analysis

wordpress.org/plugins/auto-upload-images

Automatically detect external images in the post content and import images to your site then adding to the media library and replace image urls.

30K active installs v3.3.2 PHP + WP 2.7+ Updated Dec 16, 2022

autoautomaticallyimageimagesupload

C · Use Caution

CVEs total3

Unpatched1

Last CVEJun 19, 2025

Plugin page Download

Safety Verdict

Is Auto Upload Images Safe to Use in 2026?

Use With Caution

Score 58/100

Auto Upload Images has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

3 known CVEs 1 unpatched Last CVE: Jun 19, 2025Updated 3yr ago

Risk Assessment

The static analysis of auto-upload-images v3.3.2 reveals a generally strong security posture in several key areas. The complete absence of unprotected entry points, coupled with the exclusive use of prepared statements for SQL queries, indicates good defensive coding practices. Furthermore, the high percentage of properly escaped output and the presence of nonce checks are positive signs. However, the plugin's history of known vulnerabilities, particularly one high-severity unpatched CVE and two medium-severity ones, raises significant concerns. The historical prevalence of SSRF, CSRF, and XSS vulnerabilities suggests recurring weaknesses that have not been fully addressed, even with the latest analysis showing no critical taint flows. The existence of unpatched vulnerabilities, especially the high-severity one, represents an immediate and serious risk. While the code itself shows improvements, the plugin's past indicates a pattern of introducing exploitable flaws. Therefore, despite some positive static analysis results, the unaddressed vulnerabilities in its history make this plugin a considerable risk.

Key Concerns

Unpatched high severity CVE
Known medium severity CVEs (2)
No capability checks on entry points
File operations (3) without specific context
External HTTP requests (1) without specific context

Vulnerabilities

Auto Upload Images Security Vulnerabilities

CVEs by Year

2 CVEs in 2022

2022

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

High

Medium

3 total CVEs

CVE-2025-49985medium · 6.4Server-Side Request Forgery (SSRF)

Auto Upload Images <= 3.3.2 - Authenticated (Contributor+) Server-Side Request Forgery

Jun 19, 2025Unpatched

CVE-2022-42880high · 8.8Cross-Site Request Forgery (CSRF)

Auto Upload Images <= 3.3 - Cross-Site Request Forgery

Oct 24, 2022 Patched in 3.3.1 (456d)

WF-69cf2f28-33ae-441e-95d2-01d187c7745a-auto-upload-imagesmedium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Auto Upload Images <= 3.3 - Authenticated (Admin+) Stored Cross-Site Scripting

Oct 24, 2022 Patched in 3.3.1 (456d)

Code Analysis

Analyzed Mar 16, 2026

Auto Upload Images Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

22 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

96% escaped23 total outputs

Attack Surface

Auto Upload Images Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actionplugins_loadedsrc\WpAutoUpload.php:24

actionadmin_menusrc\WpAutoUpload.php:25

filterwp_insert_post_datasrc\WpAutoUpload.php:27

Maintenance & Trust

Auto Upload Images Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10

Last updatedDec 16, 2022

PHP min version

Downloads324K

Community Trust

Rating86/100

Number of ratings104

Active installs30K

Alternatives

Auto Upload Images Alternatives

Simple Image Uploader

simple-image-uploader

100

Automatically upload external images To media Library and replaces in post

0 No CVEs

Smart Auto Upload Images – Import External Images

smart-auto-upload-images

Import external images automatically on save. Adds to media library and updates URLs. No manual downloads. Works with any post type.

2K 1 CVE

Delete product images for WooCommerce

wc-delete-product-images

Removes product assigned images (featured and gallery only) on product delete.

1K No CVEs

Image Photoroll Creator For Photographers

image-photoroll-creator-for-photographers

Plugin adds aditional buttons to media upload module allowing of faster images edit and add to post.

10 No CVEs

Enhanced Responsive Images

auto-sizes

100

Improvements for responsive images in WordPress.

50K No CVEs

Developer Profile

Auto Upload Images Developer Profile

Ali Irani

1 plugin · 30K total installs

trust score

Avg Security Score

58/100

Avg Patch Time

456 days

View full developer profile

Detection Fingerprints

How We Detect Auto Upload Images

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/auto-upload-images/css/style.css/wp-content/plugins/auto-upload-images/js/custom.js

Script Paths

/wp-content/plugins/auto-upload-images/js/custom.js

Version Parameters

auto-upload-images/css/style.css?ver=auto-upload-images/js/custom.js?ver=

HTML / DOM Fingerprints

FAQ