Does Dreamstime Stock Photos have any unpatched vulnerabilities?

No. All known vulnerabilities in Dreamstime Stock Photos have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Dreamstime Stock Photos compatible with WordPress 6.7.5?

According to WordPress.org data, Dreamstime Stock Photos 4.2 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

How often is Dreamstime Stock Photos updated?

Dreamstime Stock Photos was last updated on Mar 18, 2025. Frequent updates are generally a positive security signal.

What is Dreamstime Stock Photos's security score?

Dreamstime Stock Photos has a WP-Safety security score of 91/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Dreamstime Stock Photos Security & Risk Analysis

wordpress.org/plugins/dreamstime-stock-photos

Stock Photos by Dreamstime: Easily search and insert images into your posts and pages from Dreamstime's vast database of Free and Royalty-Free st …

200 active installs v4.2 PHP + WP 3.5+ Updated Mar 18, 2025

free-imagesfree-photosstock-imagesstock-photographystock-photos

A · Safe

CVEs total1

Unpatched0

Last CVEFeb 2, 2025

Plugin page Download

Safety Verdict

Is Dreamstime Stock Photos Safe to Use in 2026?

Generally Safe

Score 91/100

Dreamstime Stock Photos has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Feb 2, 2025Updated 1yr ago

Risk Assessment

The dreamstime-stock-photos plugin v4.2 exhibits a mixed security posture. While it demonstrates good practices in areas like SQL query sanitization and the absence of critical taint flows, significant concerns arise from its attack surface. A substantial portion of its AJAX handlers lack authentication checks, presenting a considerable risk for unauthorized access and execution of potentially sensitive operations. The presence of unescaped output also raises concerns about Cross-Site Scripting (XSS) vulnerabilities, although the specific severity of these is not detailed in the static analysis.

The vulnerability history indicates a past medium-severity XSS vulnerability, which, while currently patched, highlights a potential recurring weakness. The fact that there are no unpatched CVEs is a positive sign, but the past incident and the current unescaped output suggest that XSS mitigation needs to be a continued focus. The plugin's reliance on AJAX handlers without proper authorization is the most immediate and critical risk identified in the static analysis.

In conclusion, the plugin has strengths in its SQL handling and avoidance of critical taint flows. However, the large number of unprotected AJAX endpoints and the moderate rate of unescaped output represent significant security weaknesses that require immediate attention. The historical vulnerability, although resolved, serves as a reminder of the plugin's susceptibility to input validation issues.

Key Concerns

Unprotected AJAX handlers
Insufficient output escaping
Missing capability checks on AJAX
Past medium severity vulnerability

Vulnerabilities

Dreamstime Stock Photos Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-25090medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Dreamstime Stock Photos <= 4.1 - Reflected Cross-Site Scripting

Feb 2, 2025 Patched in 4.2 (55d)

Code Analysis

Analyzed Mar 16, 2026

Dreamstime Stock Photos Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

78 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

71% escaped110 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

<account> (account.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

7 unprotected

Dreamstime Stock Photos Attack Surface

Entry Points12

Unprotected7

AJAX Handlers 12

authwp_ajax_moredreamstime.php:75

authwp_ajax_getImagedreamstime.php:76

authwp_ajax_downloadImagedreamstime.php:77

authwp_ajax_ajxLogindreamstime.php:78

authwp_ajax_getLightboxdreamstime.php:79

authwp_ajax_checkUsernamedreamstime.php:80

authwp_ajax_refreshAccountInfodreamstime.php:81

authwp_ajax_toggleReferraldreamstime.php:82

authwp_ajax_ajxSearchdreamstime.php:83

authwp_ajax_ajxSaveActiveImagesTabdreamstime.php:84

authwp_ajax_ajxReviewdreamstime.php:85

authwp_ajax_ajxSetPostThumbnailAltdreamstime.php:86

WordPress Hooks 9

actionwp_logoutdreamstime.php:52

filtermedia_upload_tabsdreamstime.php:69

actionmedia_upload_dreamstimedreamstime.php:70

actionadmin_enqueue_scriptsdreamstime.php:71

actionmedia_buttonsdreamstime.php:73

actionadmin_headdreamstime.php:87

filterattachment_fields_to_editdreamstime.php:678

filterattachment_fields_to_editdreamstime.php:679

filterhttp_request_timeoutdreamstime.php:696

Maintenance & Trust

Dreamstime Stock Photos Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedMar 18, 2025

PHP min version

Downloads34K

Community Trust

Rating82/100

Number of ratings18

Active installs200

Alternatives

Dreamstime Stock Photos Alternatives

Instant Images – One-click Image Uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy

instant-images

One-click uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy directly to your WordPress media library.

200K 3 CVEs

EB Openverse Block

eb-openverse-block

Easily search & use royalty free images, stock photos, CC-licensed images from Openverse for your website.

20 No CVEs

Microstock Powersearch Plugin

microstock-photo-powersearch-plugin

The Microstock Powersearch Plugin makes it quick and easy to find awesome and affordable stock photographs from microstock photography agencies.

10 No CVEs

StockPack – Stock photos from Unsplash, Adobe Stock and more

stockpack

100

Integrated image search in WordPress for Unsplash, Adobe Stock, Getty Images, iStock, Pixabay, Pexels and Depositphotos. Seamless stock photos downloa …

7K No CVEs

Free Assets Library – Openverse/Pixabay 600+ Million Images

free-images

Free Assets Library is the #1 WordPress plugin which provides 600 Million FREE Images with 90,000+ downloads 🚀

4K No CVEs

Developer Profile

Dreamstime Stock Photos Developer Profile

dreamstime

1 plugin · 200 total installs

trust score

Avg Security Score

91/100

Avg Patch Time

55 days

View full developer profile

Detection Fingerprints

How We Detect Dreamstime Stock Photos

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/dreamstime-stock-photos/static/css/style.css/wp-content/plugins/dreamstime-stock-photos/static/js/dreamstime.js/wp-content/plugins/dreamstime-stock-photos/static/js/media-views.js

Script Paths

https://www.google.com/recaptcha/api.js

Version Parameters

dreamstime-stock-photos/static/css/style.css?ver=dreamstime-stock-photos/static/js/dreamstime.js?ver=dreamstime-stock-photos/static/js/media-views.js?ver=

HTML / DOM Fingerprints

CSS Classes

dreamstime-logo

Data Attributes

data-editor

JS Globals

dreamstimeIframeSrc

REST Endpoints

/wp-json/dreamstime/v1/api

FAQ