CropRefine Security & Risk Analysis
wordpress.org/plugins/croprefineGiving you greater control over how each of your media item sizes are cropped.
Is CropRefine Safe to Use in 2026?
Use With Caution
Score 63/100CropRefine has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.
The "croprefine" v1.2.1 plugin exhibits a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and a reasonable rate of output escaping (74%), significant concerns arise from its attack surface and vulnerability history. The presence of two AJAX handlers, both entirely lacking authentication checks, represents a direct and easily exploitable entry point for attackers. This, combined with the absence of nonce checks, indicates a high risk of unauthorized actions being performed through these handlers.
The vulnerability history reveals a pattern of past security weaknesses, specifically a known medium-severity Cross-Site Scripting (XSS) vulnerability that remains unpatched. The fact that the last vulnerability was recorded as "2025-07-23 00:00:00" suggests a potential for ongoing or recurring security issues, especially given the unpatched status. While no critical taint flows or dangerous functions were detected in the static analysis, the combination of unprotected entry points and a history of exploitable vulnerabilities points to a moderate to high-risk plugin that requires immediate attention and patching.
Key Concerns
- Unprotected AJAX handlers
- Missing nonce checks on AJAX
- Unpatched medium vulnerability
- Lower than ideal output escaping
CropRefine Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
CropRefine <= 1.2.1 - Reflected Cross-Site Scripting
CropRefine Code Analysis
Output Escaping
Data Flow Analysis
CropRefine Attack Surface
AJAX Handlers 2
WordPress Hooks 6
Maintenance & Trust
CropRefine Maintenance & Trust
Maintenance Signals
Community Trust
CropRefine Alternatives
Sharpen Resized Images
sharpen-resized-images
Do you realize your resized images looks blur? This plugin fixing it. Sharpening resized jpg image uploads in your WordPress.
Crop-Thumbnails
crop-thumbnails
"Crop Thumbnails" made it easy to get exacly that specific image-detail you want to show in your featured image or gallery image.
Clean Image Filenames
clean-image-filenames
This plugin automatically converts language accent characters to non-accent characters in filenames when uploading to the media library.
Disable Media Sizes
disable-media-sizes
Provides options to disable the extra images generated by WordPress.
iOS images fixer
ios-images-fixer
Automatically fix iOS-taken images' orientation using ImageMagic/PHP GD upon upload.
CropRefine Developer Profile
5 plugins · 320 total installs
How We Detect CropRefine
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/croprefine/croprefine.css/wp-content/plugins/croprefine/cropper/cropper.css/wp-content/plugins/croprefine/croprefine.js/wp-content/plugins/croprefine/cropper/cropper.jscroprefine/croprefine.css?ver=croprefine/cropper/cropper.css?ver=croprefine/croprefine.js?ver=croprefine/cropper/cropper.js?ver=HTML / DOM Fingerprints
croprefine-administrationcroprefine-stylescroprefine-cropper-stylesmodal-croppermodal-cropper-hideedit-attachment-framemedia-frame-titlemedia-frame-content+15 morecustom wrappersuccessful uploadsrequesting an image be refineddoes this operation come from a post?+6 moredata-id='10'aria-label='Embedded Image'aria-checked='false'role='checkbox'tabindex='0'ajax_objectmediaitem