WP-Safety

External url as post Featured Image (thumbnail) Security & Risk Analysis

wordpress.org/plugins/external-url-as-post-featured-image-thumbnail

[ โœ… ๐’๐„๐‚๐”๐‘๐„ ๐๐‹๐”๐†๐ˆ๐๐’ b๐“Ž ๐’ซ๐“Š๐“‹๐‘œ๐“] Set External-URL as post thumbnail url.

300 active installs v2.08 PHP + WP 6.0+ Updated Oct 30, 2024
externalfeaturepostthumbnailurl
92
A ยท Safe
CVEs total1
Unpatched0
Last CVEAug 1, 2022
Plugin page Download
Safety Verdict

Is External url as post Featured Image (thumbnail) Safe to Use in 2026?

Generally Safe

Score 92/100

External url as post Featured Image (thumbnail) has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Aug 1, 2022Updated 1yr ago
Risk Assessment

The plugin 'external-url-as-post-featured-image-thumbnail' v2.08 exhibits a mixed security posture. While it has no known unpatched vulnerabilities and a relatively low number of CVEs historically, the static analysis reveals concerning code signals. The presence of the `unserialize` function without apparent sanitization is a significant risk, as it can lead to object injection vulnerabilities if untrusted data is passed to it. Furthermore, the taint analysis indicates a high-severity flow with unsanitized paths, which is a critical concern that could be exploited. The plugin also has a concerning percentage of improperly escaped outputs (49%) and a number of file operations and external HTTP requests that could be vectors for attack if not handled with extreme care. While the plugin benefits from a zero attack surface in terms of entry points and the use of prepared statements for most SQL queries, the identified risks, particularly the `unserialize` function and the high-severity taint flow, elevate the overall security risk.

Key Concerns

  • Dangerous function 'unserialize' detected
  • High severity taint flow with unsanitized paths
  • Significant percentage of outputs not properly escaped
  • Medium severity vulnerability in history
Vulnerabilities
1

External url as post Featured Image (thumbnail) Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

WF-e012d7a0-46f9-4f3b-a178-2d06655fd441-external-url-as-post-featured-image-thumbnailmedium ยท 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

External url as post Featured Image <= 2.02 - Reflected Cross-Site Scripting

Aug 1, 2022 Patched in 2.03 (540d)
Code Analysis
Analyzed Mar 16, 2026

External url as post Featured Image (thumbnail) Code Analysis

Dangerous Functions
1
Raw SQL Queries
14
46 prepared
Unescaped Output
79
82 escaped
Nonce Checks
5
Capability Checks
3
File Operations
19
External Requests
4
Bundled Libraries
0

Dangerous Functions Found

unserializeif ( @unserialize($serialized_string) !== false ) return $serialized_string;library.php:3813

SQL Query Safety

77% prepared60 total queries

Output Escaping

51% escaped161 total outputs
Data Flows
6 unsanitized

Data Flow Analysis

8 flows6 with unsanitized paths
force_redirect_to_https (library.php:103)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

External url as post Featured Image (thumbnail) Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 53
actionplugins_loadedindex.php:61
actioninitindex.php:81
filteradmin_post_thumbnail_htmlindex.php:84
filtersave_postindex.php:85
filterhas_post_thumbnailindex.php:106
filterhas_post_thumbnailindex.php:122
filterget_post_metadataindex.php:147
filterget_post_metadataindex.php:167
filterwp_get_attachment_image_srcindex.php:198
filterwp_get_attachment_image_srcindex.php:212
filterpost_thumbnail_htmlindex.php:224
filterpost_thumbnail_htmlindex.php:234
filterwp_get_attachment_imageindex.php:247
filterwp_get_attachment_imageindex.php:256
filterwp_get_attachment_urlindex.php:269
filterwp_get_attachment_urlindex.php:280
filterelementor/image_size/get_attachment_image_htmlindex.php:321
filterelementor/image_size/get_attachment_image_htmlindex.php:339
actionadmin_headindex.php:410
actionwp_headlibrary.php:4768
actionadmin_headlibrary.php:4769
actionwp_enqueue_scriptslibrary_wp.php:73
actionadmin_enqueue_scriptslibrary_wp.php:74
actionadmin_footerlibrary_wp.php:148
actioninitlibrary_wp.php:163
actionadmin_initlibrary_wp.php:210
filtermce_external_pluginslibrary_wp.php:212
filtermce_buttons_2library_wp.php:213
filtertiny_mce_versionlibrary_wp.php:215
actionwplibrary_wp.php:231
actionplugins_loadedlibrary_wp.php:540
actionwplibrary_wp.php:550
actionwp_footerlibrary_wp.php:700
actioninitlibrary_wp.php:711
actionwp_loadedlibrary_wp.php:854
actionshutdownlibrary_wp.php:859
actioninitlibrary_wp.php:1732
actionadmin_headlibrary_wp.php:1743
actioncurrent_screenlibrary_wp.php:1744
actionwplibrary_wp.php:1753
filterupload_mimeslibrary_wp.php:1759
filterwp_handle_uploadlibrary_wp.php:1760
actioninitlibrary_wp.php:1822
actionnetwork_admin_menulibrary_wp.php:1912
actionadmin_menulibrary_wp.php:1914
actionactivated_pluginlibrary_wp.php:1916
actionnetwork_admin_noticeslibrary_wp.php:2103
actionadmin_noticeslibrary_wp.php:2104
filterwp_php_error_messagelibrary_wp.php:2187
actionwp_footerlibrary_wp.php:2375
filterwidget_textlibrary_wp.php:2399
filtersite_transient_update_pluginslibrary_wp.php:3266
filterEUAPFIT_currenturlyoutube_images.php:58
Maintenance & Trust

External url as post Featured Image (thumbnail) Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8
Last updatedOct 30, 2024
PHP min version
Downloads6K

Community Trust

Rating100/100
Number of ratings2
Active installs300
Alternatives

External url as post Featured Image (thumbnail) Alternatives

External Thumbnail

External Thumbnail

external-thumbnail

A
85

Using external images from anywhere to make thumbnail

10K No CVEs
WP Remote Thumbnail

WP Remote Thumbnail

wp-remote-thumbnail

B
76

A small lightweight plugin to set external/remote images as post thumbnail/featured image.

90 1 unpatched
Auto Featured Image (Auto Post Thumbnail)

Auto Featured Image (Auto Post Thumbnail)

auto-post-thumbnail

A
92

Automatically generate, assign, and manage featured images in bulk so every post on your site has a featured image.

50K 6 CVEs
Featured Image Admin Thumb

Featured Image Admin Thumb

featured-image-admin-thumb-fiat

A
100

Adds inline thumbnail image to admin columns on Post/post types view (where supported). Click to easily set/change the featured image.

20K No CVEs
Multiple Featured Images

Multiple Featured Images

multiple-featured-images

A
85

Enables multiple featured images for all post types (including custom post types and WooCommerce products). Comes with a widget and a handy shortcode &hellip;

5K No CVEs
Developer Profile

External url as post Featured Image (thumbnail) Developer Profile

Puvox Software

16 plugins ยท 51K total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
540 days
View full developer profile
Detection Fingerprints

How We Detect External url as post Featured Image (thumbnail)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/external-url-as-post-featured-image-thumbnail/css/style.css/wp-content/plugins/external-url-as-post-featured-image-thumbnail/js/external-url-as-post-featured-image-thumbnail.js
Script Paths
/wp-content/plugins/external-url-as-post-featured-image-thumbnail/js/external-url-as-post-featured-image-thumbnail.js
Version Parameters
external-url-as-post-featured-image-thumbnail/css/style.css?ver=external-url-as-post-featured-image-thumbnail/js/external-url-as-post-featured-image-thumbnail.js?ver=

HTML / DOM Fingerprints

Data Attributes
data-external-url-as-post-featured-image-thumbnail
JS Globals
EUAPFIT_AJAX_URL
FAQ

Frequently Asked Questions about External url as post Featured Image (thumbnail)