WP-Safety

Electric Studio flickr Mosaic Security & Risk Analysis

wordpress.org/plugins/electric-studio-flickr-mosaic

Add a mosaic from a flickr feed on your blog

10 active installs v1.1.1 PHP + WP 3.0+ Updated Jun 10, 2011
flickrmosaicrss
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Electric Studio flickr Mosaic Safe to Use in 2026?

Generally Safe

Score 85/100

Electric Studio flickr Mosaic has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago
Risk Assessment

The plugin "electric-studio-flickr-mosaic" v1.1.1 exhibits a mixed security posture. On the positive side, it has no known past vulnerabilities and a limited attack surface with all identified entry points lacking explicit authentication checks. This suggests a developer who is aware of basic security principles or has had the benefit of thorough auditing. The plugin also exclusively uses prepared statements for SQL queries, which is an excellent practice. However, significant concerns arise from the static analysis. The presence of the `unserialize` function is a major red flag, as it can lead to remote code execution if used with untrusted input. Compounding this risk is the complete lack of output escaping, meaning any data processed by the plugin and then displayed to users could be vulnerable to cross-site scripting (XSS) attacks. Furthermore, the absence of nonce and capability checks on its single shortcode entry point leaves it open to unauthorized actions or information disclosure if the shortcode's functionality can be manipulated.

Key Concerns

  • Use of unserialize()
  • No output escaping
  • Missing capability checks on shortcode
  • Missing nonce checks on shortcode
Vulnerabilities
None known

Electric Studio flickr Mosaic Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Electric Studio flickr Mosaic Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
5
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
3
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$result = unserialize(join('', file($cache_file)));php\lastRSS.php:63

Output Escaping

0% escaped5 total outputs
Attack Surface

Electric Studio flickr Mosaic Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[es_flickr_mosaic] electric-studio-flickr-mosaic.php:17
WordPress Hooks 3
actionwp_enqueue_scriptselectric-studio-flickr-mosaic.php:15
actionwp_print_styleselectric-studio-flickr-mosaic.php:16
actionadmin_menuphp\options.php:6
Maintenance & Trust

Electric Studio flickr Mosaic Maintenance & Trust

Maintenance Signals

WordPress version tested3.0.5
Last updatedJun 10, 2011
PHP min version
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Electric Studio flickr Mosaic Alternatives

fdsPhotoFEED v1.0.0

fdsPhotoFEED v1.0.0

fdsphotofeed-v100

A
85

A WordPress plugin for grabbing images and image info from SmugMug, Flickr, Picasa etc RSS feeds.

10 No CVEs
My flickr tag

My flickr tag

my-flickr-tag

A
100

MyFlickrtag

0 No CVEs
RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging

RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging

wp-rss-aggregator

A
92

The #1 WordPress RSS aggregator to quickly import RSS feeds, build a news aggregator, and for easy autoblogging.

50K 13 CVEs
RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator

RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator

feedzy-rss-feeds

A
92

The most powerful WordPress RSS aggregator, helping you curate content, autoblog, import RSS & display unlimited RSS feeds within a few minutes.

40K 11 CVEs
Disable Feeds

Disable Feeds

disable-feeds

A
85

Disables all RSS/Atom/RDF feeds on your WordPress site.

30K No CVEs
Developer Profile

Electric Studio flickr Mosaic Developer Profile

James Irving-Swift

5 plugins · 290 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Electric Studio flickr Mosaic

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/electric-studio-flickr-mosaic/js/fancybox/jquery.easing-1.3.pack.js/wp-content/plugins/electric-studio-flickr-mosaic/js/fancybox/jquery.mousewheel-3.0.4.pack.js/wp-content/plugins/electric-studio-flickr-mosaic/js/fancybox/jquery.fancybox-1.3.4.pack.js/wp-content/plugins/electric-studio-flickr-mosaic/js/flickrAddOn.js/wp-content/plugins/electric-studio-flickr-mosaic/css/mosaic.php/wp-content/plugins/electric-studio-flickr-mosaic/js/fancybox/jquery.fancybox-1.3.4.css
Script Paths
/wp-content/plugins/electric-studio-flickr-mosaic/js/fancybox/jquery.easing-1.3.pack.js/wp-content/plugins/electric-studio-flickr-mosaic/js/fancybox/jquery.mousewheel-3.0.4.pack.js/wp-content/plugins/electric-studio-flickr-mosaic/js/fancybox/jquery.fancybox-1.3.4.pack.js/wp-content/plugins/electric-studio-flickr-mosaic/js/flickrAddOn.js
Version Parameters
electric-studio-flickr-mosaic/js/fancybox/jquery.easing-1.3.pack.js?ver=electric-studio-flickr-mosaic/js/fancybox/jquery.mousewheel-3.0.4.pack.js?ver=electric-studio-flickr-mosaic/js/fancybox/jquery.fancybox-1.3.4.pack.js?ver=electric-studio-flickr-mosaic/js/flickrAddOn.js?ver=electric-studio-flickr-mosaic/css/mosaic.php?ver=electric-studio-flickr-mosaic/js/fancybox/jquery.fancybox-1.3.4.css?ver=

HTML / DOM Fingerprints

CSS Classes
flickrMosaicImg
Data Attributes
rel="flickrfeed"
Shortcode Output
<ul id="flickrMosaic">
FAQ

Frequently Asked Questions about Electric Studio flickr Mosaic