Feed Image Easy Security & Risk Analysis

wordpress.org/plugins/easy-feed-image

Plugin to insert an image on Wordpress XML feed. You need only install it and have fun.

0 active installs v1.0 PHP 5.6+ WP 4.6+ Updated Oct 15, 2020
featured-imagefeedimagewordpress-feedxml
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Feed Image Easy Safe to Use in 2026?

Generally Safe

Score 85/100

Feed Image Easy has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The 'easy-feed-image' plugin v1.0 exhibits a generally positive security posture based on the provided static analysis. The absence of any AJAX handlers, REST API routes, shortcodes, or cron events significantly limits the plugin's attack surface, and importantly, all identified entry points are noted as protected. Furthermore, the complete absence of dangerous functions, file operations, external HTTP requests, and vulnerability history suggests a mature and security-conscious development approach. The use of prepared statements for all SQL queries is a strong indicator of best practices, mitigating common SQL injection risks.

However, a significant concern arises from the output escaping analysis. With one total output and 0% properly escaped, this indicates a strong likelihood of cross-site scripting (XSS) vulnerabilities. Any data displayed by the plugin, especially if it originates from user input or external sources without proper sanitization, could be exploited to inject malicious scripts. The lack of nonce and capability checks, while not directly linked to a known attack vector in this analysis, represents a potential weakness if the plugin were to introduce any protected functionalities in future versions. The absence of taint analysis flows is good, but the lack of output escaping overshadows this positive indicator.

In conclusion, while the plugin demonstrates excellent practices in limiting its attack surface and securing database interactions, the complete lack of output escaping presents a critical security risk. This is the primary area requiring immediate attention. The plugin's clean vulnerability history is a strong positive, but it does not negate the identified code-level risks.

Key Concerns

  • 100% of outputs not properly escaped
  • No nonce checks found
  • No capability checks found
Vulnerabilities
None known

Feed Image Easy Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Feed Image Easy Release Timeline

No version history available.
Code Analysis
Analyzed Mar 17, 2026

Feed Image Easy Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped1 total outputs
Attack Surface

Feed Image Easy Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 1
filterrss2_itemeasy-feed-image.php:55
Maintenance & Trust

Feed Image Easy Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.18
Last updatedOct 15, 2020
PHP min version5.6
Downloads881

Community Trust

Rating0/100
Number of ratings0
Active installs0
Developer Profile

Feed Image Easy Developer Profile

Ademir Diniz

4 plugins · 140 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Feed Image Easy

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Shortcode Output
<image> <url><url><width><height>
FAQ

Frequently Asked Questions about Feed Image Easy