WP-Safety

Flickr Photo Post Security & Risk Analysis

wordpress.org/plugins/flickr-photo-post

The Flickr Wordpress Plugin allows you to add flickr images to your wordpress posts incl. a simple crop function.

50 active installs v1.2.3 PHP + WP 2.8+ Updated Sep 23, 2011
flickrimagejpgphotopng
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Flickr Photo Post Safe to Use in 2026?

Generally Safe

Score 85/100

Flickr Photo Post has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago
Risk Assessment

The flickr-photo-post v1.2.3 plugin exhibits a mixed security posture. On one hand, the plugin shows strengths in its handling of SQL queries, exclusively using prepared statements, and has no recorded vulnerability history, suggesting a generally stable codebase. The attack surface is also commendably small, with no AJAX handlers, REST API routes, shortcodes, or cron events exposed, indicating a limited entry point for potential attackers. However, several concerning aspects are revealed by the static analysis. The presence of two 'unserialize' calls is a significant red flag, as unserialization of untrusted data is a common vector for remote code execution. Furthermore, a very low percentage of output is properly escaped (4%), implying a high risk of Cross-Site Scripting (XSS) vulnerabilities. Taint analysis revealing two flows with unsanitized paths, although not classified as critical or high severity in this report, reinforces the concern around data handling. The lack of nonce and capability checks on any entry points, combined with the presence of dangerous functions and poor output escaping, creates a substantial risk profile despite the absence of known CVEs.

Key Concerns

  • Dangerous function 'unserialize' used
  • Low percentage of output properly escaped
  • Unsanitized paths in taint flows
  • No nonce checks
  • No capability checks
Vulnerabilities
None known

Flickr Photo Post Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Flickr Photo Post Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
0 prepared
Unescaped Output
22
1 escaped
Nonce Checks
0
Capability Checks
0
File Operations
5
External Requests
4
Bundled Libraries
1

Dangerous Functions Found

unserialize$this->parsed_response = $this->clean_text_nodes(unserialize($this->response));api\phpFlickr-3.1\phpFlickr.php:301
unserializereturn unserialize(file_get_contents('http://phpflickr.com/geodata/?format=php&lat=' . $lat . '&lon=api\phpFlickr-3.1\phpFlickr.php:387

Bundled Libraries

jQuery

Output Escaping

4% escaped23 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
<owner> (api\owner.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Flickr Photo Post Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 3
filtermedia_upload_tabsflickr-photo-post.php:22
actionmedia_upload_flickrflickr-photo-post.php:23
actioninitflickr-photo-post.php:24
Maintenance & Trust

Flickr Photo Post Maintenance & Trust

Maintenance Signals

WordPress version tested3.1.4
Last updatedSep 23, 2011
PHP min version
Downloads16K

Community Trust

Rating0/100
Number of ratings0
Active installs50
Alternatives

Flickr Photo Post Alternatives

Album Gallery For Flickr

Album Gallery For Flickr

flickr-album-gallery

A
100

Display Flickr albums on WordPress with lightbox preview, SEO-friendly galleries, and easy shortcode integration.

4K No CVEs
Upload Converter for WebP

Upload Converter for WebP

upload-converter-webp

A
100

Convert JPG, JPEG, and PNG images to WebP automatically or manually with bulk actions and Media Library buttons.

300 No CVEs
Image Format Converter

Image Format Converter

image-format-converter

A
100

Convert images between JPG, PNG, WebP, and AVIF in WordPress admin with a modern UI. Requires GD or Imagick.

100 No CVEs
Flickr Photo Album

Flickr Photo Album

tantan-flickr

A
85

This Flickr plugin for WordPress will allow you to pull in your Flickr photosets and display them as albums on your WordPress site.

100 No CVEs
Flickr Me

Flickr Me

flickr-me

A
85

Add Flickr feeds to your widget ready areas.

40 No CVEs
Developer Profile

Flickr Photo Post Developer Profile

maximum.software

24 plugins · 10K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
97 days
View full developer profile
Detection Fingerprints

How We Detect Flickr Photo Post

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/flickr-photo-post/css/jquery-ui.css/wp-content/plugins/flickr-photo-post/css/jquery.Jcrop.css/wp-content/plugins/flickr-photo-post/css/style.css/wp-content/plugins/flickr-photo-post/js/jquery.min.js/wp-content/plugins/flickr-photo-post/js/jquery-ui.min.js/wp-content/plugins/flickr-photo-post/js/jquery.form.js/wp-content/plugins/flickr-photo-post/js/jquery.flickr.js/wp-content/plugins/flickr-photo-post/js/jquery.simpleslider.js+3 more
Script Paths
/wp-content/plugins/flickr-photo-post/js/jquery.min.js/wp-content/plugins/flickr-photo-post/js/jquery-ui.min.js/wp-content/plugins/flickr-photo-post/js/jquery.form.js/wp-content/plugins/flickr-photo-post/js/jquery.flickr.js/wp-content/plugins/flickr-photo-post/js/jquery.simpleslider.js/wp-content/plugins/flickr-photo-post/js/jquery.Jcrop.min.js+2 more
Version Parameters
flickr-photo-post/style.css?ver=jquery.min.js?ver=jquery-ui.min.js?ver=jquery.form.js?ver=jquery.flickr.js?ver=jquery.simpleslider.js?ver=jquery.Jcrop.min.js?ver=jquery.cookie.js?ver=jquery.dump.js?ver=

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Flickr Photo Post