Featured Image Licence Security & Risk Analysis

wordpress.org/plugins/featured-image-licence

This plugin adds an option to override this behaviour, so that the theme will behave either as a single author blog (even where there are multiple aut …

0 active installs v1.1 PHP + WP + Updated Aug 2, 2021
authors
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Featured Image Licence Safe to Use in 2026?

Generally Safe

Score 85/100

Featured Image Licence has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The "featured-image-licence" plugin v1.1 exhibits a generally strong security posture based on the provided static analysis. The absence of any identified dangerous functions, SQL queries without prepared statements, unescaped output, file operations, external HTTP requests, or taint flows suggests diligent coding practices and a good understanding of secure development principles. The plugin also boasts a clean vulnerability history, with no recorded CVEs, which further reinforces its perceived safety.

However, the static analysis does highlight a significant area of concern: the complete lack of nonce checks and capability checks. While the plugin's attack surface is currently reported as zero, this absence of fundamental security mechanisms is a major weakness. If any entry points were to be introduced in future versions or through configuration, they would be immediately vulnerable to various attacks, including CSRF. This lack of robust access control on potential interaction points is the primary risk, despite the current clean slate.

In conclusion, "featured-image-licence" v1.1 appears to be a well-coded plugin in terms of data handling and execution, with no immediate exploitable vulnerabilities detected in the current code. Its clean vulnerability history is a positive indicator. The critical weakness lies in the fundamental absence of nonce and capability checks, which, if not addressed, could render future iterations of the plugin highly insecure even with a small attack surface.

Key Concerns

  • Missing nonce checks
  • Missing capability checks
Vulnerabilities
None known

Featured Image Licence Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Featured Image Licence Release Timeline

v1.1Current
Code Analysis
Analyzed Apr 16, 2026

Featured Image Licence Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
14 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped14 total outputs
Attack Surface

Featured Image Licence Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 6
actionadmin_menufeatured-image-licence.php:14
actionadmin_initfeatured-image-licence.php:15
filterpre_update_option_swfil_settingsfeatured-image-licence.php:16
filterattachment_fields_to_editfeatured-image-licence.php:21
filterattachment_fields_to_savefeatured-image-licence.php:22
filterthe_contentfeatured-image-licence.php:27
Maintenance & Trust

Featured Image Licence Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13
Last updatedAug 2, 2021
PHP min version
Downloads807

Community Trust

Rating0/100
Number of ratings0
Active installs0
Developer Profile

Featured Image Licence Developer Profile

simonwood

2 plugins · 0 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Featured Image Licence

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes
featured-image-licence
Data Attributes
attachments[.*][licence]attachments[.*][photograph-url]attachments[.*][photographer]licence
FAQ

Frequently Asked Questions about Featured Image Licence