Does Automatic Featured Images from Videos have any unpatched vulnerabilities?

No. All known vulnerabilities in Automatic Featured Images from Videos have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Automatic Featured Images from Videos compatible with WordPress 6.9.4?

According to WordPress.org data, Automatic Featured Images from Videos 1.2.8 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Automatic Featured Images from Videos compatible with PHP 7.4+?

Automatic Featured Images from Videos requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Automatic Featured Images from Videos updated?

Automatic Featured Images from Videos was last updated on Jan 19, 2026. Frequent updates are generally a positive security signal.

What is Automatic Featured Images from Videos's security score?

Automatic Featured Images from Videos has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Automatic Featured Images from Videos Security & Risk Analysis

wordpress.org/plugins/automatic-featured-images-from-videos

If a YouTube or Vimeo video embed exists near the start of a post, we'll automatically set the post's featured image to a thumbnail of the video.

8K active installs v1.2.8 PHP 7.4+ WP 5.0+ Updated Jan 19, 2026

automatic-featured-imagefeatured-imagesvideovimeoyoutube

A · Safe

CVEs total2

Unpatched0

Last CVEJan 25, 2026

Plugin page Download

Safety Verdict

Is Automatic Featured Images from Videos Safe to Use in 2026?

Generally Safe

Score 98/100

Automatic Featured Images from Videos has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jan 25, 2026Updated 2mo ago

Risk Assessment

The plugin "automatic-featured-images-from-videos" v1.2.8 exhibits a mixed security posture. While it demonstrates strengths in secure coding practices such as using prepared statements for all SQL queries and performing capability checks, several significant concerns remain. The presence of one unprotected AJAX handler represents a critical entry point that could be exploited by unauthenticated users, especially given the historical pattern of "Missing Authorization" vulnerabilities in this plugin. The limited scope of the static analysis, specifically the lack of taint flow analysis, means that the full extent of potential risks, particularly concerning how data from unprotected entry points is handled, is not fully understood.

The plugin's vulnerability history, though currently showing no unpatched vulnerabilities, indicates a past susceptibility to medium severity issues, specifically related to authorization. This historical pattern, combined with the identified unprotected AJAX handler, suggests a recurring weakness that requires ongoing vigilance. The plugin does implement some security measures like nonce checks and capability checks, which are positive indicators. However, the single unprotected AJAX handler overshadows these strengths, presenting a clear and immediate risk that needs to be addressed.

Key Concerns

Unprotected AJAX handler
50% of outputs not properly escaped
Medium severity vulnerabilities in history

Vulnerabilities

Automatic Featured Images from Videos Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2026-24535medium · 4.3Missing Authorization

Automatic Featured Images from Videos <= 1.2.7 - Missing Authorization

Jan 25, 2026 Patched in 1.2.8 (4d)

CVE-2025-31820medium · 4.3Missing Authorization

Automatic Featured Images from Videos <= 1.2.4 - Missing Authorization

Apr 1, 2025 Patched in 1.2.5 (8d)

Code Analysis

Analyzed Mar 16, 2026

Automatic Featured Images from Videos Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

50% escaped8 total outputs

Attack Surface

1 unprotected

Automatic Featured Images from Videos Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_wds_queue_bulk_processingautomatic-featured-images-from-videos.php:41

WordPress Hooks 5

actionplugins_loadedautomatic-featured-images-from-videos.php:32

actionsave_postautomatic-featured-images-from-videos.php:35

actionadd_meta_boxesautomatic-featured-images-from-videos.php:38

actionwds_bulk_process_video_query_initautomatic-featured-images-from-videos.php:44

actionadmin_enqueue_scriptsautomatic-featured-images-from-videos.php:47

Scheduled Events 2

wds_bulk_process_video_query_init

Maintenance & Trust

Automatic Featured Images from Videos Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 19, 2026

PHP min version7.4

Downloads137K

Community Trust

Rating92/100

Number of ratings36

Active installs8K

Alternatives

Automatic Featured Images from Videos Alternatives

The Ultimate Video Player For WordPress – by Presto Player

presto-player

The Ultimate WordPress Video Player.

100K 2 CVEs

All-in-One Video Gallery

all-in-one-video-gallery

The ultimate video player & video gallery plugin for YouTubers, Video Bloggers, Course Creators, Podcasters, and anyone embedding videos on websites.

20K 11 CVEs

WP Video Popup – WordPress Video Lightbox for YouTube, Rumble & Vimeo

responsive-youtube-vimeo-popup

100

WP Video Popup lets you add a responsive YouTube, Rumble or Vimeo video lightbox to any page, post or custom post type of your website.

9K No CVEs

WPC Product Videos for WooCommerce

wpc-product-videos

100

WPC Product Videos helps you add many videos for a product and linked to the feature image or product gallery images.

3K No CVEs

Meks Video Importer

meks-video-importer

Easily import YouTube and Vimeo videos in bulk to your posts, pages or any custom post type.

2K 2 CVEs

Developer Profile

Automatic Featured Images from Videos Developer Profile

webdevstudios

9 plugins · 1.0M total installs

trust score

Avg Security Score

93/100

Avg Patch Time

705 days

View full developer profile

Detection Fingerprints

How We Detect Automatic Featured Images from Videos

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/automatic-featured-images-from-videos/admin/js/wds-afi-admin.js/wp-content/plugins/automatic-featured-images-from-videos/css/wds-afi.css

Script Paths

/wp-content/plugins/automatic-featured-images-from-videos/admin/js/wds-afi-admin.js

Version Parameters

automatic-featured-images-from-videos/admin/js/wds-afi-admin.js?ver=automatic-featured-images-from-videos/css/wds-afi.css?ver=

HTML / DOM Fingerprints

CSS Classes

wds-afi-bulk-processing-button

HTML Comments

<!-- This program is free software; you can redistribute it and/or modify
	it under the terms of the GNU General Public License as published by
	the Free Software Foundation; either version 2 of the License, or
	(at your option) any later version.

	This program is distributed in the hope that it will be useful,
	but WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
	GNU General Public License for more details.

	You should have received a copy of the GNU General Public License
	along with this program; if not, write to the
	Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA -->

+12 more

Data Attributes

data-post-iddata-video-urldata-video-embed-urldata-video-title

JS Globals

wdsAfiAdmin

REST Endpoints

/wp-json/automatic-featured-images-from-videos/v1/settings

FAQ