Does Image Alt Text have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Image Alt Text compatible with WordPress 6.9.4?

According to WordPress.org data, Image Alt Text 4.0.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Image Alt Text compatible with PHP 7.4+?

Image Alt Text requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Image Alt Text updated?

Image Alt Text was last updated on Apr 8, 2026. Frequent updates are generally a positive security signal.

What is Image Alt Text's security score?

Image Alt Text has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Image Alt Text Security & Risk Analysis

wordpress.org/plugins/image-alt-text

Image Alt Text plugin allows to edit image alternative text of uploaded media. It allows to update alternative text in existing media and image withou …

8K active installs v4.0.2 PHP 7.4+ WP 5.0+ Updated Apr 8, 2026

alt-textimage-altimage-alt-textimage-alternativeimage-alternative-text

A · Safe

CVEs total1

Unpatched0

Last CVENov 27, 2024

Plugin page Download

Safety Verdict

Is Image Alt Text Safe to Use in 2026?

Generally Safe

Score 99/100

Image Alt Text has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Nov 27, 2024Updated 1mo ago

Risk Assessment

The 'image-alt-text' plugin v4.0.0 demonstrates a generally good security posture with strong adherence to best practices like prepared statements for SQL queries and proper output escaping, both exceeding 90%. The absence of critical or high severity taint analysis findings is also a positive indicator. However, a significant concern arises from the presence of 7 unprotected AJAX handlers out of a total of 24 entry points. This large number of unprotected entry points presents a considerable attack surface, increasing the likelihood of unauthorized actions if not properly secured by external means. While there is a history of one medium severity CVE, it is currently patched, which mitigates immediate risk. The plugin also bundles DataTables and Select2 libraries, which, while common, could be a vector if they contain known, unpatched vulnerabilities not reflected in the plugin's CVE history. Overall, the plugin has strengths in its code hygiene, but the unprotected AJAX handlers require careful consideration and mitigation.

Key Concerns

Unprotected AJAX handlers
Medium severity CVE history

Vulnerabilities

1 published

Image Alt Text Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-11918medium · 4.3Missing Authorization

Image Alt Text <= 2.0.0 - Missing Authorization to Authenticated (Subscriber+) Image Alt Text Update

Nov 27, 2024 Patched in 3.0.0 (1d)

Version History

Image Alt Text Release Timeline

v4.0.2Current

v4.0.1

v4.0.0

v3.0.0

v2.0.01 CVE

CVE-2024-11918

v1.0.01 CVE

CVE-2024-11918

Code Analysis

Analyzed Mar 16, 2026

Image Alt Text Code Analysis

Dangerous Functions

Raw SQL Queries

20 prepared

Unescaped Output

260 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

DataTablesSelect2

SQL Query Safety

91% prepared22 total queries

Output Escaping

93% escaped281 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

3 flows

fn_iat_copy_all_name_to_alt_action (includes\class-iat-list-table.php:200)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

7 unprotected

Image Alt Text Attack Surface

Entry Points24

Unprotected7

AJAX Handlers 24

authwp_ajax_iat_bulk_process_actionincludes\admin\class-iat-bulk-action.php:14

authwp_ajax_iat_get_listincludes\admin\class-iat-list.php:11

authwp_ajax_iat_review_remind_laterincludes\admin\class-iat-review-notice.php:19

authwp_ajax_iat_review_dismissincludes\admin\class-iat-review-notice.php:20

authwp_ajax_iat_copy_title_to_alt_textincludes\admin\class-iat-row-action.php:10

authwp_ajax_iat_copy_filename_to_alt_textincludes\admin\class-iat-row-action.php:12

authwp_ajax_iat_save_alt_textincludes\admin\class-iat-row-action.php:14

authwp_ajax_iat_update_alt_textincludes\admin\class-iat-row-action.php:16

authwp_ajax_iat_get_missing_alt_media_listincludes\class-iat-list-table.php:20

authwp_ajax_iat_add_alt_txt_actionincludes\class-iat-list-table.php:22

authwp_ajax_iat_copy_name_to_alt_txt_actionincludes\class-iat-list-table.php:24

authwp_ajax_iat_copy_all_name_to_alt_actionincludes\class-iat-list-table.php:26

authwp_ajax_iat_get_existing_alt_media_listincludes\class-iat-list-table.php:28

authwp_ajax_iat_update_alt_txt_actionincludes\class-iat-list-table.php:30

authwp_ajax_iat_get_without_alt_text_listincludes\class-iat.php:20

authwp_ajax_iat_get_with_alt_text_listincludes\class-iat.php:22

authwp_ajax_iat_add_alt_textincludes\class-iat.php:24

authwp_ajax_iat_copy_post_title_to_alt_textincludes\class-iat.php:26

authwp_ajax_iat_copy_bulk_post_title_to_alt_textincludes\class-iat.php:28

authwp_ajax_iat_update_existing_alt_textincludes\class-iat.php:30

authwp_ajax_iat_copy_attached_post_title_to_alt_textincludes\class-iat.php:32

authwp_ajax_iat_copy_bulk_attached_post_title_to_alt_textincludes\class-iat.php:34

authwp_ajax_iat_remind_me_laterincludes\iat-general.php:23

authwp_ajax_iat_do_not_show_againincludes\iat-general.php:25

WordPress Hooks 13

actionplugins_loadedimage-alt-text.php:56

actioninitimage-alt-text.php:58

filterplugin_row_metaimage-alt-text.php:60

actionadmin_menuincludes\admin\class-iat-admin-menu.php:14

actionadmin_enqueue_scriptsincludes\admin\class-iat-admin-menu.php:15

actionadmin_headincludes\admin\class-iat-admin-menu.php:16

actionadmin_headincludes\admin\class-iat-admin-menu.php:50

actioniat_render_review_noticeincludes\admin\class-iat-review-notice.php:21

actioniat_refresh_reviews_cacheincludes\admin\class-iat-reviews.php:28

actionadmin_menuincludes\iat-general.php:19

actionadmin_headincludes\iat-general.php:21

actionadmin_noticesincludes\iat-general.php:27

actionadmin_enqueue_scriptsincludes\iat-general.php:29

Scheduled Events 1

iat_refresh_reviews_cache

Maintenance & Trust

Image Alt Text Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 8, 2026

PHP min version7.4

Downloads38K

Community Trust

Rating100/100

Number of ratings53

Active installs8K

Alternatives

Image Alt Text Alternatives

Image Alt Setter

image-alt-setter

100

Sets the alternative text for all images in WordPress if not available.

10 No CVEs

Alt Text AI – Automatically generate image alt text for SEO and accessibility

alttext-ai

Automatically sets the descriptive alt text of your images. Boosts your SEO and accessibility.

20K 4 CVEs

Image Alt Text Manager – Bulk & Dynamic Alt Tags For image SEO Optimization + AI

alt-manager

Automatically bulk change images alt text to dynamic alt tags values related to content or media and also generate empty values.

7K 2 CVEs

Ai Image Alt Text Generator for WP

ai-image-alt-text-generator-for-wp

Effortlessly generate descriptive alt text for images using AI within your WordPress website.

1K 2 unpatched

Alt Magic: AI Image Alt Text Generator for WP & Image Rename

alt-magic-ai-powered-alt-texts

100

AI alt text generator for WordPress with free monthly credits, fast bulk generation for existing and new images, and optional AI image renaming.

1K No CVEs

Developer Profile

Image Alt Text Developer Profile

RS WebStudios

1 plugin · 8K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

1 days

View full developer profile

Detection Fingerprints

How We Detect Image Alt Text

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/image-alt-text/assets/css/bootstrap.min.css/wp-content/plugins/image-alt-text/assets/css/datatables.min.css/wp-content/plugins/image-alt-text/assets/css/responsive.dataTables.min.css/wp-content/plugins/image-alt-text/assets/css/toastr.min.css/wp-content/plugins/image-alt-text/assets/css/fontawesome.min.css/wp-content/plugins/image-alt-text/assets/css/all.min.css/wp-content/plugins/image-alt-text/assets/js/jquery.min.js/wp-content/plugins/image-alt-text/assets/js/bootstrap.bundle.min.js+5 more

Script Paths

/wp-content/plugins/image-alt-text/assets/js/jquery.min.js/wp-content/plugins/image-alt-text/assets/js/bootstrap.bundle.min.js/wp-content/plugins/image-alt-text/assets/js/jquery.dataTables.min.js/wp-content/plugins/image-alt-text/assets/js/dataTables.responsive.min.js/wp-content/plugins/image-alt-text/assets/js/toastr.min.js/wp-content/plugins/image-alt-text/assets/js/custom.js+1 more

Version Parameters

IAT_FILE_VERSION

HTML / DOM Fingerprints

CSS Classes

toplevel_page_iat-with-alt-textwp-has-current-submenuwp-menu-opencurrent

HTML Comments

Data Attributes

aria-expanded

JS Globals

jQuery

FAQ