Does Featured Image have any unpatched vulnerabilities?

No. All known vulnerabilities in Featured Image have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Featured Image compatible with WordPress 6.8.5?

According to WordPress.org data, Featured Image 2.2 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Featured Image updated?

Featured Image was last updated on Nov 8, 2025. Frequent updates are generally a positive security signal.

What is Featured Image's security score?

Featured Image has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Featured Image Security & Risk Analysis

wordpress.org/plugins/featured-image

Add featured image to any part of the website, on each individual post/page. Very Easy to Implement. Shortcode and widget available.

1K active installs v2.2 PHP + WP 3.0+ Updated Nov 8, 2025

featured-imageimageseoshortcodewidget

A · Safe

CVEs total1

Unpatched0

Last CVENov 10, 2025

Plugin page Download

Safety Verdict

Is Featured Image Safe to Use in 2026?

Generally Safe

Score 99/100

Featured Image has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 10, 2025Updated 4mo ago

Risk Assessment

The "featured-image" plugin version 2.2 exhibits a generally good security posture, with no critical or high-severity vulnerabilities identified in its current state and a strong adherence to secure coding practices such as prepared statements for SQL queries. The static analysis shows a relatively small attack surface consisting of only two shortcodes, and importantly, no unprotected entry points were found. The plugin also avoids dangerous functions, file operations, and external HTTP requests. However, a notable concern is the presence of a past medium-severity vulnerability related to Cross-Site Scripting (XSS). While this vulnerability is reported as patched, its existence suggests a potential for input sanitization weaknesses that could be re-introduced or missed in future updates. Additionally, the 60% proper output escaping rate, while not critically low, indicates that a minority of outputs are not being adequately sanitized, which could still pose a risk if those outputs are user-controllable and displayed without proper context.

Key Concerns

Past medium XSS vulnerability
Inconsistent output escaping (40% not properly escaped)
No nonce checks present

Vulnerabilities

Featured Image Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-12019medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Featured Image <= 2.1 - Authenticated (Admin+) Stored Cross-Site Scripting

Nov 10, 2025 Patched in 2.2 (3d)

Code Analysis

Analyzed Mar 16, 2026

Featured Image Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

60% escaped5 total outputs

Attack Surface

Featured Image Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[featured-img] featured-image.php:53

[featured-img-caption] featured-image.php:89

Maintenance & Trust

Featured Image Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedNov 8, 2025

PHP min version

Downloads67K

Community Trust

Rating88/100

Number of ratings8

Active installs1K

Alternatives

Featured Image Alternatives

Ultimate Posts Widget

ultimate-posts-widget

The ultimate widget for displaying posts, custom post types or sticky posts with an array of options.

10K 1 CVE

Widget Builder

widget-builder

Widget Builder uses native WordPress editing interface to provide a unique tool to build custom widgets for your site(s).

600 No CVEs

PAJ Featured Image Owl Carousel / Slider

paj-featured-image-owl-carousel

Responsive feature image Carousel slider for posts and pages, use with shortcode or SiteOrigin Widgets Bundle by SiteOrigin.

80 No CVEs

Latest Posts Widget

raw-latest-posts-widget

List the lastest posts from a category.

40 No CVEs

New Popular Posts Widget

new-popular-posts-widget

Popular Posts Widget with featured image will list blog posts based on views of the posts.

30 No CVEs

Developer Profile

Featured Image Developer Profile

Mervin Praison

7 plugins · 3K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

266 days

View full developer profile

Detection Fingerprints

How We Detect Featured Image

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Data Attributes

id="featured-img-id"

Shortcode Output

<div id="featured-img-id"><img src=<img src=alt=

FAQ