Does AutoThumb have any unpatched vulnerabilities?

No. All known vulnerabilities in AutoThumb have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is AutoThumb compatible with WordPress 3.3.2?

According to WordPress.org data, AutoThumb 0.6.1 has been tested up to WordPress 3.3.2. Check the plugin's changelog for the latest compatibility information.

How often is AutoThumb updated?

AutoThumb was last updated on Feb 6, 2012. Frequent updates are generally a positive security signal.

What is AutoThumb's security score?

AutoThumb has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

AutoThumb Security & Risk Analysis

wordpress.org/plugins/autothumb

The plugin is actually just a port of a plugin/snippet I wrote for MODx a while ago (see here). It scans your content's source code for <img&g …

80 active installs v0.6.1 PHP + WP 2.7+ Updated Feb 6, 2012

imageslibraryphpthumbresizethumbnails

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is AutoThumb Safe to Use in 2026?

Generally Safe

Score 85/100

AutoThumb has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago

Risk Assessment

The 'autothumb' v0.6.1 plugin presents a mixed security posture. On one hand, the absence of known vulnerabilities and a clean vulnerability history are positive indicators. The static analysis reveals no direct attack vectors through AJAX, REST API, shortcodes, or cron events, and importantly, all SQL queries utilize prepared statements, which is a strong security practice. Furthermore, the majority of output is properly escaped, mitigating risks of cross-site scripting (XSS) vulnerabilities.

However, significant concerns arise from the presence of dangerous functions like `create_function` and `exec`. The `exec` function, in particular, can be a major security risk if used with user-supplied input, allowing for arbitrary command execution on the server. The taint analysis, while showing no critical or high severity flows, indicates that 100% of the analyzed flows involved unsanitized paths, which is a concerning pattern and suggests potential for vulnerabilities if these paths are ever exposed to user input or interaction.

While the plugin currently has no known CVEs, the findings from the static analysis, especially the use of `exec` and unsanitized paths, suggest a latent risk. The complete lack of nonce and capability checks on any potential entry points, although the analysis found zero such points, signifies a potential weakness if the attack surface were to expand in future versions or if an overlooked entry point exists. The plugin's strengths lie in its clean history and secure SQL usage, but the identified code signals and taint flow patterns demand caution.

Key Concerns

Dangerous function `exec` used
Dangerous function `create_function` used
All analyzed taint flows have unsanitized paths
No nonce checks found
No capability checks found
Some output not properly escaped (15%)

Vulnerabilities

None known

AutoThumb Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

AutoThumb Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

69 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_function'admin_notices', create_function('', "echo '<div class=\"{$type}\"><p>{$message}</p></div>';")autothumb.php:158

execexec('cjpeg '.$lpszFileName.'.bmp >'.$lpszFileName.' 2>/dev/null');phpthumb\phpthumb.gif.php:117

Output Escaping

85% escaped81 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

SendSaveAsFileHeaderIfNeeded (phpthumb\phpThumb.php:321)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

AutoThumb Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 6

actionadmin_initautothumb.php:98

actionadmin_initautothumb.php:99

actionadmin_initautothumb.php:100

actionadmin_menuautothumb.php:101

filterthe_contentautothumb.php:106

actionadmin_noticesautothumb.php:157

Maintenance & Trust

AutoThumb Maintenance & Trust

Maintenance Signals

WordPress version tested3.3.2

Last updatedFeb 6, 2012

PHP min version

Downloads15K

Community Trust

Rating100/100

Number of ratings1

Active installs80

Alternatives

AutoThumb Alternatives

Crop-Thumbnails

crop-thumbnails

100

"Crop Thumbnails" made it easy to get exacly that specific image-detail you want to show in your featured image or gallery image.

40K No CVEs

Webp Transformer

webp-transformer

Convert images from library to webp and resize them during upload

200 No CVEs

Delete Thumbnails

delete-thumbnails

Find and delete thumbnails & resized images from your Media Library

100 No CVEs

Thumbnail Updater

thumbnail-updater

A plugin for updating your thumbnails whenever a new thumbnail size is added with add_image_size()

10 No CVEs

ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF

shortpixel-image-optimiser

Optimize images & PDFs smartly. Create and compress next-gen WebP and AVIF formats. Smart crop and resize.

300K 6 CVEs

Developer Profile

AutoThumb Developer Profile

maff

8 plugins · 740 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect AutoThumb

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/autothumb/autothumb.php

Version Parameters

autothumb/autothumb.php?ver=

HTML / DOM Fingerprints

FAQ