WP-Safety

Getty Images Security & Risk Analysis

wordpress.org/plugins/getty-images

Search and use Getty Images photos in your posts without ever leaving WordPress.

2K active installs v4.1.0 PHP + WP 3.9+ Updated May 3, 2023
gettyimage-libraryimagesmedia
63
C · Use Caution
CVEs total1
Unpatched1
Last CVEFeb 13, 2026
Plugin page Download
Safety Verdict

Is Getty Images Safe to Use in 2026?

Use With Caution

Score 63/100

Getty Images has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Feb 13, 2026Updated 3yr ago
Risk Assessment

The Getty Images plugin v4.1.0 exhibits a generally good security posture with several strong practices. The complete absence of known CVEs and the use of prepared statements for all SQL queries are significant strengths. Additionally, the high percentage of properly escaped output and the presence of nonce and capability checks indicate a thoughtful approach to security.

However, there are areas of concern. The plugin exposes three AJAX handlers, with one lacking authentication checks, creating a potential entry point for unauthorized actions. The taint analysis revealed one flow with an unsanitized path, which, although not classified as critical or high severity in this analysis, warrants careful attention as it could be a precursor to more serious vulnerabilities if data is not handled properly downstream.

In conclusion, while the plugin benefits from a clean vulnerability history and robust SQL handling, the unprotected AJAX endpoint and the presence of an unsanitized path in the taint analysis represent notable risks. These points should be addressed to further strengthen the plugin's security.

Key Concerns

  • AJAX handler without authentication
  • Taint flow with unsanitized path
Vulnerabilities
1 published

Getty Images Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-39630medium · 6.4Server-Side Request Forgery (SSRF)

Getty Images <= 4.1.0 - Authenticated (Contributor+) Server-Side Request Forgery

Feb 13, 2026Unpatched
Version History

Getty Images Release Timeline

v4.1.0Current1 CVE
CVE-2026-39630
v4.0.141 CVE
CVE-2026-39630
v4.0.131 CVE
CVE-2026-39630
v4.0.111 CVE
CVE-2026-39630
v4.0.91 CVE
CVE-2026-39630
v4.0.81 CVE
CVE-2026-39630
v4.0.61 CVE
CVE-2026-39630
v4.0.51 CVE
CVE-2026-39630
v4.0.41 CVE
CVE-2026-39630
v4.0.31 CVE
CVE-2026-39630
v4.0.21 CVE
CVE-2026-39630
v4.0.11 CVE
CVE-2026-39630
v4.0.01 CVE
CVE-2026-39630
v3.0.91 CVE
CVE-2026-39630
v3.0.81 CVE
CVE-2026-39630
v3.0.71 CVE
CVE-2026-39630
v3.0.61 CVE
CVE-2026-39630
v3.0.51 CVE
CVE-2026-39630
v3.0.41 CVE
CVE-2026-39630
v3.0.31 CVE
CVE-2026-39630
Code Analysis
Analyzed Mar 16, 2026

Getty Images Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
12 escaped
Nonce Checks
1
Capability Checks
2
File Operations
3
External Requests
2
Bundled Libraries
0

Output Escaping

92% escaped13 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
ajax_get_facets (getty-images.php:768)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Getty Images Attack Surface

Entry Points3
Unprotected1

AJAX Handlers 3

authwp_ajax_getty_images_downloadgetty-images.php:85
authwp_ajax_getty_image_detailsgetty-images.php:86
authwp_ajax_getty_get_facetsgetty-images.php:87
WordPress Hooks 11
actionadmin_enqueue_scriptsgetty-images.php:72
actionmedia_buttonsgetty-images.php:75
filterwp_insert_post_datagetty-images.php:78
actionadmin_noticesgetty-images.php:79
actionprint_media_templatesgetty-images.php:82
filtercontains_getty_compgetty-images.php:90
actioninitgetty-images.php:93
filterembed_oembed_htmlgetty-images.php:96
filteroembed_fetch_urlgetty-images.php:99
actionwp_headgetty-images.php:102
actionadmin_footergetty-images.php:105
Maintenance & Trust

Getty Images Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9
Last updatedMay 3, 2023
PHP min version
Downloads148K

Community Trust

Rating60/100
Number of ratings24
Active installs2K
Alternatives

Getty Images Alternatives

DX oEmbed for Getty Images

DX oEmbed for Getty Images

dx-getty-images-oembed

A
85

Just paste a link from Getty Images and it will embed the image in your content.

10 No CVEs
Instant Images – One-click Image Uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy

Instant Images – One-click Image Uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy

instant-images

A
98

One-click uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy directly to your WordPress media library.

200K 3 CVEs
Media Cleaner: Clean your WordPress!

Media Cleaner: Clean your WordPress!

media-cleaner

A
100

Clean your WordPress! Eliminate unused and broken media files. For a faster, and better website.

90K 1 CVE
Media Library Assistant

Media Library Assistant

media-library-assistant

B
76

Enhances the Media Library; powerful gallery and list shortcodes, full taxonomy support, IPTC/EXIF/XMP/PDF processing, bulk/quick edit.

70K 29 CVEs
Quick Featured Images

Quick Featured Images

quick-featured-images

A
97

The time-saving solution for managing tons of featured images within minutes: Set, replace and delete in bulk and set default images for future posts.

50K 3 CVEs
Developer Profile

Getty Images Developer Profile

Getty Images

1 plugin · 2K total installs

68
trust score
Avg Security Score
63/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Getty Images

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/getty-images/js/getty-images.js/wp-content/plugins/getty-images/js/vendor/jquery.cookie.js/wp-content/plugins/getty-images/js/vendor/moment.min.js/wp-content/plugins/getty-images/css/getty-images-admin.css/wp-content/plugins/getty-images/css/getty-images-frontend.css
Script Paths
/wp-content/plugins/getty-images/js/getty-images.js/wp-content/plugins/getty-images/js/vendor/jquery.cookie.js/wp-content/plugins/getty-images/js/vendor/moment.min.js
Version Parameters
/wp-content/plugins/getty-images/js/getty-images.js?ver=/wp-content/plugins/getty-images/js/vendor/jquery.cookie.js?ver=/wp-content/plugins/getty-images/js/vendor/moment.min.js?ver=/wp-content/plugins/getty-images/css/getty-images-admin.css?ver=/wp-content/plugins/getty-images/css/getty-images-frontend.css?ver=

HTML / DOM Fingerprints

CSS Classes
gettygetty-images-container
HTML Comments
Getty Images: The WordPress plugin!
Data Attributes
data-getty-images-download-noncedata-getty-images-image-details-noncedata-getty-images-get-facets-nonce
JS Globals
GettyImagesGettyImagesDatajQuery(document).ready
REST Endpoints
/wp-json/getty-images/v1/download/wp-json/getty-images/v1/image-details/wp-json/getty-images/v1/facets
Shortcode Output
[getty src="[getty src="" align=
FAQ

Frequently Asked Questions about Getty Images