Does Deviant Thumbs have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Deviant Thumbs compatible with WordPress 3.0.5?

According to WordPress.org data, Deviant Thumbs 1.8.6 has been tested up to WordPress 3.0.5. Check the plugin's changelog for the latest compatibility information.

How often is Deviant Thumbs updated?

Deviant Thumbs was last updated on Aug 29, 2010. Frequent updates are generally a positive security signal.

What is Deviant Thumbs's security score?

Deviant Thumbs has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Deviant Thumbs Security & Risk Analysis

wordpress.org/plugins/deviant-thumbs

Display deviantART thumbnails on your blog.

10 active installs v1.8.6 PHP + WP 2.8+ Updated Aug 29, 2010

deviantartimagesthumbs

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Deviant Thumbs Safe to Use in 2026?

Generally Safe

Score 85/100

Deviant Thumbs has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 15yr ago

Risk Assessment

The deviant-thumbs v1.8.6 plugin presents a mixed security profile. On the positive side, it boasts a zero attack surface in terms of AJAX handlers, REST API routes, shortcodes, and cron events, and all SQL queries are properly prepared. The vulnerability history is also clean, with no known CVEs, suggesting a generally stable development. However, significant concerns arise from the static analysis. The presence of the `unserialize` function without any apparent sanitization or security checks is a major red flag. Furthermore, a very low percentage of output is properly escaped, leaving the plugin vulnerable to cross-site scripting (XSS) attacks. The lack of nonce checks and capability checks on any potential entry points (though the attack surface is currently reported as zero) also indicates a potential weakness if the attack surface were to expand in future versions or through other means.

Key Concerns

Dangerous function unserialize found
Low output escaping percentage (27%)
No nonce checks
No capability checks

Vulnerabilities

None known

Deviant Thumbs Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Deviant Thumbs Release Timeline

v1.8.6Current

Code Analysis

Analyzed Apr 16, 2026

Deviant Thumbs Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$data = unserialize(wp_remote_retrieve_body(wp_remote_get($pipeurl)));deviant-thumbs.php:116

Output Escaping

27% escaped15 total outputs

Attack Surface

Deviant Thumbs Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actionwp_footercarousel.php:27

filterthe_contentinline.php:6

actionwidgets_initscb/Widget.php:30

Maintenance & Trust

Deviant Thumbs Maintenance & Trust

Maintenance Signals

WordPress version tested3.0.5

Last updatedAug 29, 2010

PHP min version

Downloads8K

Community Trust

Rating70/100

Number of ratings2

Active installs10

Alternatives

Deviant Thumbs Alternatives

Yet Another Simple Gallery

yet-another-simple-gallery

Yasg is short for Yet Another Simple Gallery. It cannot get any simpler than that - imho.

40 No CVEs

Tui's Author Intro For Archive

tuis-author-intro-for-archive

This plugin has been written to insert an Author introduction to each Archive, based on their User information, including their bio etc.

10 No CVEs

Tui's Category Intro For Archive

tuis-category-intro-for-archive

This plugin has been written to insert a category introduction to each archive, based on its category title and despription.

10 No CVEs

Webcam Gallery for WP

webcam-gallery-for-wp

Webcam Gallery for WP allows to create a gallery of pictures by reading the images directly from a directory of your web space.

10 No CVEs

Imagify Image Optimization – Optimize Images | Compress Images | Convert WebP | Convert AVIF

imagify

100

Optimize images in 1‑click: compress, resize & convert to WebP/AVIF - free up to 20MB/month. Enjoy the easiest WordPress image optimizer to set up.

1.0M No CVEs

Developer Profile

Deviant Thumbs Developer Profile

scribu

24 plugins · 28K total installs

trust score

Avg Security Score

86/100

Avg Patch Time

4851 days

View full developer profile

Detection Fingerprints

How We Detect Deviant Thumbs

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/deviant-thumbs/inc/carousel.js/wp-content/plugins/deviant-thumbs/inc/carousel.css

Script Paths

/wp-content/plugins/deviant-thumbs/scb/load.php

HTML / DOM Fingerprints

HTML Comments

JS Globals

simpleCarouselinclude_css

Shortcode Output

<div id=''><ul></ul></div>

FAQ

Deviant Thumbs Security & Risk Analysis

Is Deviant Thumbs Safe to Use in 2026?

Generally Safe

Key Concerns

Deviant Thumbs Security Vulnerabilities

Deviant Thumbs Release Timeline

Deviant Thumbs Code Analysis

Dangerous Functions Found

Output Escaping

Deviant Thumbs Attack Surface

Deviant Thumbs Maintenance & Trust

Maintenance Signals

Community Trust

Deviant Thumbs Alternatives

Yet Another Simple Gallery

Tui's Author Intro For Archive

Tui's Category Intro For Archive

Webcam Gallery for WP

Imagify Image Optimization – Optimize Images | Compress Images | Convert WebP | Convert AVIF

Deviant Thumbs Developer Profile

How We Detect Deviant Thumbs

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Deviant Thumbs