Does Image Puzzle have any unpatched vulnerabilities?

No. All known vulnerabilities in Image Puzzle have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Image Puzzle compatible with WordPress 6.9.4?

According to WordPress.org data, Image Puzzle 1.05 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Image Puzzle compatible with PHP 5.6+?

Image Puzzle requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Image Puzzle updated?

Image Puzzle was last updated on Dec 2, 2025. Frequent updates are generally a positive security signal.

What is Image Puzzle's security score?

Image Puzzle has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Image Puzzle Security & Risk Analysis

wordpress.org/plugins/image-puzzle

Create beautiful puzzle effect on your images!

30 active installs v1.05 PHP 5.6+ WP 3.5+ Updated Dec 2, 2025

animationcss3imagepicturepuzzle

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Image Puzzle Safe to Use in 2026?

Generally Safe

Score 100/100

Image Puzzle has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The image-puzzle plugin v1.05 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by avoiding dangerous functions, using prepared statements for all SQL queries, and properly escaping the vast majority of its output. It also has no recorded vulnerabilities in its history, which is a strong indicator of responsible development and testing. Furthermore, the absence of file operations, external HTTP requests, and bundled libraries contributes to a reduced attack surface in those areas.

However, significant security concerns arise from the static analysis. The plugin exposes one AJAX handler that lacks authentication checks, creating a potential entry point for attackers to interact with the plugin's functionality without proper authorization. While taint analysis shows no critical or high severity unsanitized paths, the presence of two flows with unsanitized paths, even if deemed lower severity, is a red flag that warrants investigation. The complete lack of nonce checks on AJAX actions is a critical oversight, as it leaves the plugin vulnerable to Cross-Site Request Forgery (CSRF) attacks.

In conclusion, while the plugin has a clean vulnerability history and good practices in SQL and output handling, the unprotected AJAX handler and the absence of nonce checks represent significant security weaknesses. The presence of unsanitized paths, even if not flagged as critical, should also not be ignored. These vulnerabilities, if exploited, could lead to unauthorized actions or data manipulation.

Key Concerns

Unprotected AJAX handler
Flows with unsanitized paths (x2)
Missing nonce checks on AJAX

Vulnerabilities

None known

Image Puzzle Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Image Puzzle Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

10 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

91% escaped11 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

image_puzzle_preview (image-puzzle.php:60)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Image Puzzle Attack Surface

Entry Points2

Unprotected1

AJAX Handlers 1

authwp_ajax_ip_previewimage-puzzle.php:58

Shortcodes 1

[image-puzzle] image-puzzle.php:84

WordPress Hooks 3

actionadmin_menuimage-puzzle.php:18

actionadmin_print_stylesimage-puzzle.php:30

actionadmin_enqueue_scriptsimage-puzzle.php:44

Maintenance & Trust

Image Puzzle Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 2, 2025

PHP min version5.6

Downloads4K

Community Trust

Rating0/100

Number of ratings0

Active installs30

Alternatives

Image Puzzle Alternatives

Image Hover Effects For WPBakery Page Builder

image-hover-effects-visual-composer-extension

100

Add stylish CSS3 hover effects with captions to images in WPBakery Page Builder. Create engaging animations that enhance your site’s visual appeal.

3K 1 CVE

Animated Featured Image

animated-featured-image

Responsive Featured Image for Sidebar Widgets with CSS3 Animations and Styles

10 No CVEs

Image Hover Effects for Visual Composer

image-hover-effect-for-visual-composer

Requires at least: 3.5 Tested up to: 4.9 Stable tag: 1.0 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.

10 No CVEs

All in All Image Hover Effect

all-in-all-image-hover-effect

All in All Image Hover Effect is pure CSS image hover effects wordpress plugin.

0 No CVEs

ImageMagick Engine

imagemagick-engine

Improve the quality of re-sized images by replacing standard GD library with ImageMagick.

60K 3 CVEs

Developer Profile

Image Puzzle Developer Profile

manu225

17 plugins · 27K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

29 days

View full developer profile

Detection Fingerprints

How We Detect Image Puzzle

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/image-puzzle/css/admin.css

Version Parameters

image-puzzle/css/admin.css?ver=

HTML / DOM Fingerprints

Shortcode Output

[image-puzzle src=[image-puzzle src=[image-puzzle src=[image-puzzle src=

FAQ