Does Featured Image Pro Post Grid have any unpatched vulnerabilities?

No. All known vulnerabilities in Featured Image Pro Post Grid have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Featured Image Pro Post Grid compatible with WordPress 6.9.4?

According to WordPress.org data, Featured Image Pro Post Grid 5.15 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Featured Image Pro Post Grid updated?

Featured Image Pro Post Grid was last updated on Feb 22, 2026. Frequent updates are generally a positive security signal.

What is Featured Image Pro Post Grid's security score?

Featured Image Pro Post Grid has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Featured Image Pro Post Grid Security & Risk Analysis

wordpress.org/plugins/featured-image-pro

Display a Masonry Thumbnail Grid of Featured Images, including captions and excerpts.

100 active installs v5.15 PHP + WP 4.4+ Updated Feb 22, 2026

featured-imagethumbnail-grid

A · Safe

CVEs total1

Unpatched0

Last CVEMay 12, 2023

Download

Safety Verdict

Is Featured Image Pro Post Grid Safe to Use in 2026?

Generally Safe

Score 100/100

Featured Image Pro Post Grid has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: May 12, 2023Updated 1mo ago

Risk Assessment

The 'featured-image-pro' v5.15 plugin exhibits a mixed security posture, with some positive signs but also significant areas of concern. On the positive side, the plugin demonstrates good practices by using prepared statements for a high percentage of its SQL queries and avoids file operations and external HTTP requests. The presence of a single nonce check and two capability checks, while low, indicates some awareness of security mechanisms. The use of a bundled library (Select2) is noted but not inherently a security risk without further context on its version and vulnerabilities.

However, the static analysis reveals a considerable attack surface, with 14 out of 18 entry points (AJAX handlers and shortcodes) lacking authentication checks. This is a critical weakness, as it opens the door for unauthenticated users to interact with potentially sensitive functionalities. Furthermore, the taint analysis indicates 9 flows with unsanitized paths, with 5 of them being of high severity. This strongly suggests potential vulnerabilities where user-supplied input is not properly validated or sanitized before being used, which could lead to various attacks like cross-site scripting (XSS) or arbitrary code execution if the unsanitized paths lead to dangerous functions or sensitive operations.

The vulnerability history, while currently showing no unpatched CVEs, does list one past medium-severity CVE related to Cross-site Scripting. This pattern, coupled with the high number of unsanitized taint flows and unprotected AJAX handlers, suggests a recurring tendency for the plugin to be susceptible to input manipulation vulnerabilities. While the current version may not have known unpatched issues, the underlying code structure and past incidents highlight a persistent risk. In conclusion, the plugin has strengths in data handling but significant weaknesses in input validation and access control, making it a moderate to high-risk plugin that requires careful monitoring and potential patching if new vulnerabilities are discovered.

Key Concerns

14 unprotected AJAX handlers
5 high severity unsanitized taint flows
51% of outputs properly escaped
1 medium severity CVE in history
Only 2 capability checks present

Vulnerabilities

Featured Image Pro Post Grid Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-32598medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Featured Image Pro Post Grid <= 5.14 - Reflected Cross-Site Scripting via page

May 12, 2023 Patched in 5.15 (256d)

Code Analysis

Analyzed Mar 16, 2026

Featured Image Pro Post Grid Code Analysis

Dangerous Functions

Raw SQL Queries

20 prepared

Unescaped Output

242

247 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

91% prepared22 total queries

Output Escaping

51% escaped489 total outputs

Data Flows

9 unsanitized

Data Flow Analysis

11 flows9 with unsanitized paths

search_box (advanced\wp-list-local.php:347)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

14 unprotected

Featured Image Pro Post Grid Attack Surface

Entry Points18

Unprotected14

AJAX Handlers 14

authwp_ajax_proto_get_post_masonryadvanced\featured-image-pro-grow.php:30

noprivwp_ajax_proto_get_post_masonryadvanced\featured-image-pro-grow.php:31

authwp_ajax_dnh_dismiss_noticecore\notices\handler.php:122

authwp_ajax_proto_taxonomyfeatured-image-pro-admin.php:45

authwp_ajax_proto_postsfeatured-image-pro-admin.php:46

authwp_ajax_proto_metaquerykeysfeatured-image-pro-admin.php:47

authwp_ajax_proto_metadatafeatured-image-pro-admin.php:48

authwp_ajax_proto_metakeysfeatured-image-pro-admin.php:49

authwp_ajax_proto_subcaptionmetadatafeatured-image-pro-admin.php:50

authwp_ajax_proto_subcaptiontaxonomyfeatured-image-pro-admin.php:51

authwp_ajax_proto_filteredtaxonomyfeatured-image-pro-admin.php:52

authwp_ajax_proto_isotopetermsfeatured-image-pro-admin.php:53

authwp_ajax_proto_savedatafeatured-image-pro-admin.php:54

authwp_ajax_proto_subcaptionfeatured-image-pro-admin.php:55

Shortcodes 4

[thumbnail_masonry] advanced\featured-image-pro-grow.php:117

[featured_image_pro] advanced\featured-image-pro-grow.php:118

[featured_image_pro] core\featured-image-pro-exec.php:10

[wp_enqueue_scripts] core\featured-image-pro-exec.php:11

WordPress Hooks 79

actionwp_enqueue_scriptsadvanced\featured-image-pro-grow.php:26

filterproto_masonry_optionsadvanced\featured-image-pro-grow.php:147

filterproto_masonry_before_gridadvanced\featured-image-pro-grow.php:148

filterproto_masonry_after_gridadvanced\featured-image-pro-grow.php:149

actionproto_masonry_enqueue_lateadvanced\featured-image-pro-grow.php:150

filterproto_masonry_before_itemsadvanced\featured-image-pro-grow.php:151

filterproto_masonry_itemstylesadvanced\featured-image-pro-grow.php:152

filterproto_inline_cssadvanced\featured-image-pro-grow.php:153

filterproto_masonry_attachmentsadvanced\featured-image-pro-grow.php:154

filterproto_masonry_image_outputadvanced\featured-image-pro-grow.php:155

filterproto_snap_post_objectadvanced\featured-image-pro-grow.php:156

filterproto_masonry_settingsadvanced\featured-image-pro-grow.php:157

filterproto_masonry_item_inline_styleadvanced\featured-image-pro-grow.php:158

filterproto_wordpress_post_attributesadvanced\featured-image-pro-grow.php:159

actionproto_masonry_after_queryadvanced\featured-image-pro-grow.php:160

filterproto_masonry_grid_classadvanced\featured-image-pro-grow.php:161

filterproto_masonry_item_classadvanced\featured-image-pro-grow.php:162

filterproto_masonry_caption_classadvanced\featured-image-pro-grow.php:163

filterproto_masonry_subcaption_classadvanced\featured-image-pro-grow.php:164

filterproto_masonry_excerpt_classadvanced\featured-image-pro-grow.php:165

filterproto_masonry_image_classadvanced\featured-image-pro-grow.php:166

filterproto_masonry_parent_classadvanced\featured-image-pro-grow.php:167

filterproto_grid_container_classadvanced\featured-image-pro-grow.php:168

filterproto_columnwidth_masonry_scriptadvanced\featured-image-pro-grow.php:169

filterfeatured_image_pro_excerpt_inline_styleadvanced\featured-image-pro-grow.php:170

filterfeatured_image_pro_caption_inline_styleadvanced\featured-image-pro-grow.php:171

filterfeatured_image_pro_image_inline_styleadvanced\featured-image-pro-grow.php:172

filterproto_masonry_item_inline_styleadvanced\featured-image-pro-grow.php:173

filterproto_masonry_gridstylesadvanced\featured-image-pro-grow.php:175

filterproto_masonry_grid_classadvanced\featured-image-pro-grow.php:182

filterproto_masonry_optionsadvanced\featured-image-pro-grow.php:186

filterproto_masonry_full_scriptadvanced\featured-image-pro-grow.php:187

filterproto_masonry_insert_masonry_scriptsadvanced\featured-image-pro-grow.php:188

filterproto_masonry_before_gridadvanced\featured-image-pro-grow.php:189

filterproto_masonry_item_post_classadvanced\featured-image-pro-grow.php:190

filterproto_snap_post_objectadvanced\featured-image-pro-grow.php:191

filterproto_masonry_attachmentsadvanced\featured-image-pro-grow.php:192

filterproto_masonry_after_gridadvanced\featured-image-pro-grow.php:193

filterproto_masonry_script_optionsadvanced\featured-image-pro-grow.php:195

filterproto_postadvanced\featured-image-pro-grow.php:199

filterproto_postadvanced\featured-image-pro-grow.php:200

filterproto_masonry_attributesadvanced\featured-image-pro-grow.php:509

filterproto_masonry_objectadvanced\featured-image-pro-grow.php:510

filterquery_varsadvanced\featured-image-pro-grow.php:1800

actionadmin_noticesadvanced\proto-client.php:32

actionadmin_initadvanced\proto-client.php:33

filterposts_requestadvanced\proto-media.php:32

actionadmin_footeradvanced\wp-list-local.php:158

actionwp_enqueue_scriptscore\featured-image-pro-exec.php:51

filterproto_masonry_optionscore\featured-image-pro-exec.php:101

filterproto_masonry_optionscore\featured-image-pro-exec.php:102

filterproto_masonry_attributescore\featured-image-pro-exec.php:103

actionproto_masonry_enqueue_latecore\featured-image-pro-exec.php:104

actionproto_masonry_enqueue_latecore\featured-image-pro-exec.php:105

filterpre_get_postscore\featured-image-pro-exec.php:108

actionproto_subcaptioncore\featured-image-pro-exec.php:113

filterproto_masonry_objectcore\featured-image-pro-exec.php:115

filterproto_masonry_footer_scriptscore\featured-image-pro-exec.php:116

filterproto_masonry_script_optionscore\featured-image-pro-exec.php:117

filterproto_masonry_full_scriptcore\featured-image-pro-exec.php:118

filterproto_inline_csscore\featured-image-pro-exec.php:119

actionwidgets_initcore\featured-image-pro-widget.php:17

actioncustomize_controls_enqueue_scriptscore\featured-image-pro-widget.php:53

actionadmin_enqueue_scriptscore\featured-image-pro-widget.php:54

filterproto_masonry_optionscore\featured-image-pro-widget.php:89

actionadmin_noticescore\functions\featured-image-pro-notices.php:2

actionadmin_initcore\functions\featured-image-pro-notices.php:3

actionwp_print_scriptscore\functions\proto-global.php:449

filterproto_masonry_widget_classescore\functions\proto-masonry.php:25

filterproto_masonry_item_classescore\functions\proto-masonry.php:26

filterexcerpt_lengthcore\functions\proto-snap-images_03.php:33

actionadmin_noticescore\notices\handler.php:120

actionadmin_print_scriptscore\notices\handler.php:121

actionadmin_menucore-menu.php:10

actionadmin_enqueue_scriptsfeatured-image-pro-admin.php:43

actionadmin_menufeatured-image-pro-admin.php:44

actionadmin_initfeatured-image-pro-admin.php:56

filterno_texturize_shortcodesfeatured-image-pro-admin.php:882

filterquery_varsfeatured-image-pro.php:98

Maintenance & Trust

Featured Image Pro Post Grid Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 22, 2026

PHP min version

Downloads9K

Community Trust

Rating100/100

Number of ratings3

Active installs100

Alternatives

Featured Image Pro Post Grid Alternatives

Featured Image Thumbnail Grid

thumbnail-grid

Display a post Thumbnail Grid using Featured Images

300 1 CVE

Auto Featured Image (Auto Post Thumbnail)

auto-post-thumbnail

Automatically generate, assign, and manage featured images in bulk so every post on your site has a featured image.

50K 6 CVEs

Quick Featured Images

quick-featured-images

The time-saving solution for managing tons of featured images within minutes: Set, replace and delete in bulk and set default images for future posts.

50K 3 CVEs

Conditionally display featured image on singular posts and pages

conditionally-display-featured-image-on-singular-pages

100

Easily control whether the featured image appears in the single post or page view (doesn't hide it in archive/list view).

30K No CVEs

XO Featured Image Tools

xo-featured-image-tools

100

Automatically generate the featured image from the image of the post.

30K No CVEs

Developer Profile

Featured Image Pro Post Grid Developer Profile

A. Jones

5 plugins · 4K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

121 days

View full developer profile

Detection Fingerprints

How We Detect Featured Image Pro Post Grid

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/featured-image-pro/advanced/assets/css/featured-image-pro-isotope.css/wp-content/plugins/featured-image-pro/advanced/assets/css/featured-image-pro-advanced.css/wp-content/plugins/featured-image-pro/advanced/assets/js/posts.js/wp-content/plugins/featured-image-pro/advanced/assets/third-party/isotope.pkgd.min.js

Script Paths

advanced/assets/js/posts.jsadvanced/assets/third-party/isotope.pkgd.min.js

Version Parameters

featured-image-pro-isotope_styles?ver=featured-image-pro-advanced-styles?ver=ajax_proto_posts?ver=proto_isotope?ver=

HTML / DOM Fingerprints

CSS Classes

fip-masonry-gridfip-masonry-item

HTML Comments

Data Attributes

data-fip-attsdata-fip-optionsdata-fip-pagedata-fip-directiondata-fip-nextpage

JS Globals

window.featured_image_pro_advanced_options

Shortcode Output

[featured_image_pro[featured_image_pro_widget

FAQ