Does Image Uploader Widget have any unpatched vulnerabilities?

No. All known vulnerabilities in Image Uploader Widget have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Image Uploader Widget compatible with WordPress 4.0.38?

According to WordPress.org data, Image Uploader Widget 1.0 has been tested up to WordPress 4.0.38. Check the plugin's changelog for the latest compatibility information.

How often is Image Uploader Widget updated?

Image Uploader Widget was last updated on Sep 18, 2014. Frequent updates are generally a positive security signal.

What is Image Uploader Widget's security score?

Image Uploader Widget has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Image Uploader Widget Security & Risk Analysis

wordpress.org/plugins/easy-image-uploader

This is a search results in slider view with image plugin.

20 active installs v1.0 PHP + WP 3.8+ Updated Sep 18, 2014

easy-image-uploaderimageimage-uploadimage-uploader-widget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Image Uploader Widget Safe to Use in 2026?

Generally Safe

Score 85/100

Image Uploader Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The static analysis of the 'easy-image-uploader' plugin v1.0 reveals a seemingly robust security posture. The absence of any identified attack surface points (AJAX handlers, REST API routes, shortcodes, cron events) is a strong indicator of good security practices, as it limits potential entry points for attackers. Furthermore, the complete lack of dangerous functions, file operations, and external HTTP requests is reassuring. The plugin also demonstrates good practices by using prepared statements for all its SQL queries.

However, the analysis also highlights a significant concern: only 15% of its 54 output operations are properly escaped. This means that a substantial portion of the plugin's output is vulnerable to Cross-Site Scripting (XSS) attacks, allowing an attacker to inject malicious scripts into the user's browser. The complete absence of nonce and capability checks across all entry points, while technically there are no direct entry points to check, still suggests a general lack of robust user authentication and authorization enforcement mechanisms within the plugin's code, which could be a weakness if new entry points were to be introduced or discovered. The vulnerability history is clean, with no recorded CVEs, which is positive but doesn't negate the identified XSS risk.

Key Concerns

Low percentage of properly escaped output
No nonce checks implemented
No capability checks implemented

Vulnerabilities

None known

Image Uploader Widget Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Image Uploader Widget Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

8 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

15% escaped54 total outputs

Attack Surface

Image Uploader Widget Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 1

actionwidgets_initeasy-imageupload-widget.php:87

Maintenance & Trust

Image Uploader Widget Maintenance & Trust

Maintenance Signals

WordPress version tested4.0.38

Last updatedSep 18, 2014

PHP min version

Downloads3K

Community Trust

Rating100/100

Number of ratings2

Active installs20

Alternatives

Image Uploader Widget Alternatives

Scale Large Image Threshold

scale-large-image-threshold

Control scaling of big images in Wordpress using big_image_size_threshold filter. Image will be scaled forcefully when it will reach this threshold.

300 No CVEs

Frontend Dashboard Extra

frontend-dashboard-extra

Frontend Dashboard Extra WordPress plugin is a supportive plugin for Frontend Dashboard with supportive additional features likes extra Calendar for s …

200 No CVEs

Auto Post After Image Upload

auto-post-after-image-upload

Upload image and create post automatically. Saves lots of time. This plugin will provide you the facility to create post after uploading each media fr …

100 1 unpatched

File Uploader for WooCommerce

file-uploader-for-woocommerce

Allows to attach files from different sources to WooCommerce customer orders.

100 1 unpatched

Iconic Navigation

iconic-navigation

Adds image/font responsive icons to menu items via upload or Media Library or over 1400 of Font Icons choice. Custom options for each location.

100 No CVEs

Developer Profile

Image Uploader Widget Developer Profile

pratyay

1 plugin · 20 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Image Uploader Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/easy-image-uploader/css/uploader.css/wp-content/plugins/easy-image-uploader/js/uploader.js

Script Paths

/wp-content/plugins/easy-image-uploader/js/uploader.js

Version Parameters

easy-image-uploader/css/uploader.css?ver=easy-image-uploader/js/uploader.js?ver=

HTML / DOM Fingerprints

CSS Classes

easy-image-uploader-widget

Data Attributes

data-uploader-id

JS Globals

easyImageUploader

FAQ