Does Custom Image_Src have any unpatched vulnerabilities?

No. All known vulnerabilities in Custom Image_Src have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Custom Image_Src compatible with WordPress 3.2.1?

According to WordPress.org data, Custom Image_Src 0.31 has been tested up to WordPress 3.2.1. Check the plugin's changelog for the latest compatibility information.

How often is Custom Image_Src updated?

Custom Image_Src was last updated on Oct 25, 2011. Frequent updates are generally a positive security signal.

What is Custom Image_Src's security score?

Custom Image_Src has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Custom Image_Src Security & Risk Analysis

wordpress.org/plugins/custom-image-src

Specify a custom sharing image for Facebook. You can upload an image, use the first image in the post, or use the post thumbnail.

100 active installs v0.31 PHP + WP 3.0+ Updated Oct 25, 2011

facebookimage_srcsocial-sharing

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Custom Image_Src Safe to Use in 2026?

Generally Safe

Score 85/100

Custom Image_Src has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago

Risk Assessment

The "custom-image-src" plugin v0.31 exhibits a generally good security posture based on the provided static analysis. The absence of entry points like AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the attack surface. Furthermore, all detected SQL queries utilize prepared statements, and there are no file operations or external HTTP requests, which are common vectors for vulnerabilities. The presence of nonce and capability checks, though minimal in number, indicates some awareness of WordPress security best practices.

However, a significant concern arises from the complete lack of output escaping (0% properly escaped). This means that any data rendered by the plugin, even if it doesn't directly come from user input, could potentially be vulnerable to Cross-Site Scripting (XSS) attacks. If the plugin does process any user-controllable data that is then outputted, this represents a critical security flaw. The taint analysis showing zero flows is positive, but this could be a result of either no data flowing or insufficient analysis depth given the lack of output escaping.

With no recorded vulnerabilities in its history, the plugin appears to have been maintained without known serious issues. However, the complete lack of output escaping is a fundamental security oversight that overshadows the other positive findings. The plugin's strengths lie in its limited attack surface and secure data handling for SQL. Its primary weakness, the unescaped output, presents a substantial risk that requires immediate attention.

Key Concerns

No output escaping found
Minimal capability checks
Minimal nonce checks

Vulnerabilities

None known

Custom Image_Src Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Custom Image_Src Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped21 total outputs

Attack Surface

Custom Image_Src Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 11

actionadmin_enqueue_scriptscustom-image-src.php:42

actionwp_headcustom-image-src.php:62

actionadmin_footerincludes\MediaAccess.php:82

actionadmin_headincludes\MetaBox.php:16

actionadmin_footerincludes\MetaBox.php:18

actionadmin_initincludes\MetaBox.php:491

actionimport_post_metaincludes\MetaBox.php:494

filteroutputincludes\MetaBox.php:531

actionsave_postincludes\MetaBox.php:541

actionadmin_headincludes\MetaBox.php:581

actionadmin_footerincludes\MetaBox.php:583

Maintenance & Trust

Custom Image_Src Maintenance & Trust

Maintenance Signals

WordPress version tested3.2.1

Last updatedOct 25, 2011

PHP min version

Downloads12K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

Custom Image_Src Alternatives

Social Media Feather | social media sharing

social-media-feather

Lightweight, modern looking and effective social media sharing and profile buttons and icons. All your social media needs in 1 easy package!

20K 2 CVEs

Social Sharing (by Danny)

dvk-social-sharing

Adds social sharing buttons for Twitter, Facebook and LinkedIn to your blog posts or pages.

2K 1 CVE

Minimal Share Buttons

minimal-share-buttons

A social share plugin that doesn't spy on users and doesn't slow down your site.

100 1 CVE

FetenWeb image_src Metatag

fetenweb-image-src-metatag

This plugin helps ensure your content has a relevant thumbnail when shared on social sites.

20 No CVEs

SGS Social Sharing Buttons

sgs-social-sharing-buttons

SGS Social Sharing Buttons is a lightweight plugin that adds fixed social media sharing buttons to your WordPress site.

20 No CVEs

Developer Profile

Custom Image_Src Developer Profile

OverlappingElvis

1 plugin · 100 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Custom Image_Src

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ