Generate Dynamic Images – Bannerbear Security & Risk Analysis

wordpress.org/plugins/bannerbear

Add dynamically generated open graph images or pinterest pins to posts and pages automatically.

30 active installs v1.0.0 PHP 7.0+ WP 5.5+ Updated Nov 19, 2022
dynamic-imageimageogopen-graphwidget
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Generate Dynamic Images – Bannerbear Safe to Use in 2026?

Generally Safe

Score 85/100

Generate Dynamic Images – Bannerbear has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The Bannerbear plugin v1.0.0 exhibits a strong security posture based on the provided static analysis. The absence of any identified attack surface (AJAX handlers, REST API routes, shortcodes, cron events) with unprotected entry points is a significant positive. Code signals also indicate good practices, with a high percentage of properly escaped outputs and the presence of nonce and capability checks. No dangerous functions, file operations, or critical/high severity taint flows were detected, further reinforcing its secure design.

However, a notable concern arises from the SQL queries. While the plugin uses capability checks, the fact that 100% of the two identified SQL queries are not using prepared statements presents a potential risk. Although the vulnerability history is clean, this lack of prepared statements for SQL queries could be a point of exploitation if external data were to be incorporated into these queries in future versions or under specific circumstances. The two external HTTP requests are also worth monitoring, though without further context on their purpose and data handling, a definitive risk cannot be assigned.

In conclusion, the Bannerbear plugin v1.0.0 demonstrates a commendable commitment to security with a minimal attack surface and robust output escaping. The primary area for improvement lies in adopting prepared statements for all SQL queries to mitigate potential injection vulnerabilities. The clean vulnerability history is a positive indicator, suggesting developers have been proactive in addressing security, but the unmitigated SQL query practice is a weakness that should be addressed.

Key Concerns

  • SQL queries not using prepared statements
Vulnerabilities
None known

Generate Dynamic Images – Bannerbear Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Generate Dynamic Images – Bannerbear Release Timeline

v1.0.0Current
Code Analysis
Analyzed Mar 17, 2026

Generate Dynamic Images – Bannerbear Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
0 prepared
Unescaped Output
3
91 escaped
Nonce Checks
1
Capability Checks
2
File Operations
0
External Requests
2
Bundled Libraries
0

SQL Query Safety

0% prepared2 total queries

Output Escaping

97% escaped94 total outputs
Attack Surface

Generate Dynamic Images – Bannerbear Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 20
actionadmin_menusrc\Admin.php:21
actionadmin_enqueue_scriptssrc\Admin.php:24
actionadmin_footersrc\Admin.php:27
actionadd_meta_boxes_bannerbear_urlsrc\Admin.php:30
actionsave_postsrc\Admin.php:31
filterpost_updated_messagessrc\Admin.php:32
filtermanage_bannerbear_url_posts_columnssrc\Admin.php:35
actionmanage_bannerbear_url_posts_custom_columnsrc\Admin.php:36
actionrest_api_initsrc\API_Controller.php:24
filterbannerbear_dynamic_tags_textsrc\Dynamic_Tags.php:30
filterbannerbear_dynamic_tags_urlsrc\Dynamic_Tags.php:31
actioninitsrc\Dynamic_Tags.php:32
actioninitsrc\Output_Manager.php:29
filterthe_contentsrc\Output_Manager.php:30
actionwp_headsrc\Output_Manager.php:31
actionplugins_loadedsrc\Plugin.php:77
actioninitsrc\Plugin.php:103
actioninitsrc\Plugin.php:104
actionwidgets_initsrc\Plugin.php:105
actionenqueue_block_editor_assetssrc\Plugin.php:106
Maintenance & Trust

Generate Dynamic Images – Bannerbear Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10
Last updatedNov 19, 2022
PHP min version7.0
Downloads2K

Community Trust

Rating100/100
Number of ratings2
Active installs30
Developer Profile

Generate Dynamic Images – Bannerbear Developer Profile

yongfook

1 plugin · 30 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Generate Dynamic Images – Bannerbear

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bannerbear/assets/images/placeholder.png
Script Paths
/wp-content/plugins/bannerbear/assets/js/create-signed-url.js
Version Parameters
bannerbear/assets/js/create-signed-url.js?ver=

HTML / DOM Fingerprints

Data Attributes
data-post-type
JS Globals
bannerbearCreateSignedUrl
FAQ

Frequently Asked Questions about Generate Dynamic Images – Bannerbear