Does EXIF Columns have any unpatched vulnerabilities?

No. All known vulnerabilities in EXIF Columns have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is EXIF Columns compatible with WordPress 3.5.2?

According to WordPress.org data, EXIF Columns 1.0.3 has been tested up to WordPress 3.5.2. Check the plugin's changelog for the latest compatibility information.

How often is EXIF Columns updated?

EXIF Columns was last updated on Jan 18, 2013. Frequent updates are generally a positive security signal.

What is EXIF Columns's security score?

EXIF Columns has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

EXIF Columns Security & Risk Analysis

wordpress.org/plugins/exif-columns

This plugin adds columns to the WordPress built in Media Library for EXIF metadata.

10 active installs v1.0.3 PHP + WP 3.5+ Updated Jan 18, 2013

exifmedia-library

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is EXIF Columns Safe to Use in 2026?

Generally Safe

Score 85/100

EXIF Columns has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago

Risk Assessment

The exif-columns plugin, in version 1.0.3, presents a seemingly low-risk profile based on the provided static analysis and vulnerability history. The absence of any identified CVEs or known vulnerabilities suggests a mature and stable codebase, or potentially a lack of targeted security research. The static analysis also indicates a minimal attack surface with no discoverable AJAX handlers, REST API routes, shortcodes, or cron events, and crucially, no unprotected entry points. Furthermore, the code demonstrates good practice by utilizing prepared statements for all SQL queries, preventing a significant class of vulnerabilities.

However, the analysis does reveal critical weaknesses. A significant concern is the complete lack of output escaping, meaning that any data processed or displayed by the plugin is not properly sanitized before being presented to the user. This opens the door to potential cross-site scripting (XSS) attacks if the plugin handles any user-supplied or externally sourced data that is then rendered without escaping. Additionally, the complete absence of nonce checks and capability checks for any potential (though currently undiscovered) interaction points is a notable security gap. While the attack surface is zero, if any functionality were to be added in the future without these essential security measures, it would be immediately vulnerable.

In conclusion, while the plugin has a clean vulnerability history and a well-secured (though minimal) attack surface in terms of entry points and SQL injection, the pervasive lack of output escaping is a serious flaw. This, coupled with the absence of nonce and capability checks for any hypothetical future interactions, means that the plugin has significant potential for cross-site scripting vulnerabilities and future privilege escalation if its functionality expands without adequate security hardening. The plugin's strengths lie in its lack of known vulnerabilities and secure SQL handling, but its weaknesses in output sanitization and general input validation are substantial.

Key Concerns

0% output escaping
0% capability checks
0 nonce checks

Vulnerabilities

None known

EXIF Columns Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

EXIF Columns Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped20 total outputs

Attack Surface

EXIF Columns Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

filtermanage_media_columnsexif-columns.php:25

actionmanage_media_custom_columnexif-columns.php:26

filtermanage_upload_sortable_columnsexif-columns.php:123

Maintenance & Trust

EXIF Columns Maintenance & Trust

Maintenance Signals

WordPress version tested3.5.2

Last updatedJan 18, 2013

PHP min version

Downloads2K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

EXIF Columns Alternatives

Exif Caption

exif-caption

100

Insert the Exif data to the caption of the media. Also replaced caption of content.

700 No CVEs

Exif Details

exif-details

100

Get detailed Exif information about the media file.

300 No CVEs

VA Removing Exif

va-removing-exif

Automatically remove all Exif data from the new JPEG images when uploading.

300 No CVEs

Upload Media Exif Date

upload-media-exif-date

100

When registering images in the media library, register with the date of EXIF information.

200 No CVEs

FileBird – WordPress Media Library Folders & File Manager

filebird

Organize thousands of WordPress media files in folders / categories with ease.

200K 10 CVEs

Developer Profile

EXIF Columns Developer Profile

fergu5

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect EXIF Columns

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/exif-columns/exif-columns.php

HTML / DOM Fingerprints

FAQ