WP-Safety

Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes Security & Risk Analysis

wordpress.org/plugins/image-sizes-controller

Get more control over the image sizes being created on your WordPress website. You can create unlimited image sizes, choose the width, height and crop …

600 active installs v1.0.10 PHP 7.0+ WP 5.6+ Updated Jul 10, 2025
big-imagesimageimagessizessubsize
78
B · Generally Safe
CVEs total1
Unpatched1
Last CVEJun 19, 2025
Plugin page Download
Safety Verdict

Is Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes Safe to Use in 2026?

Mostly Safe

Score 78/100

Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Jun 19, 2025Updated 8mo ago
Risk Assessment

The "image-sizes-controller" plugin v1.0.10 exhibits a generally strong security posture based on the static analysis, with no critical or high-severity taint flows, a complete absence of dangerous functions, and a high percentage of properly escaped outputs. SQL queries are exclusively handled using prepared statements, and a robust use of nonce and capability checks is observed (9 and 7 respectively). The attack surface is notably clean, with zero identified entry points requiring further scrutiny. However, a significant concern arises from the vulnerability history, specifically one unpatched medium-severity CVE recorded with a common vulnerability type of "Missing Authorization". This indicates a historical weakness in how the plugin handles user permissions, which, despite the current static analysis showing good practices, warrants caution. The presence of an unpatched vulnerability, even of medium severity, significantly elevates the risk profile.

Key Concerns

  • Unpatched medium severity CVE
  • History of missing authorization vulnerabilities
Vulnerabilities
1

Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-49973medium · 4.3Missing Authorization

Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes <= 1.0.10 - Missing Authorization

Jun 19, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
12
313 escaped
Nonce Checks
9
Capability Checks
7
File Operations
1
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

Output Escaping

96% escaped325 total outputs
Data Flows
All sanitized

Data Flow Analysis

3 flows
ajax_disable_image_sizes (includes\ImageSizes.php:512)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 15
actionplugins_loadedgpls-issl-images-subsizes-list.php:221
actionadmin_enqueue_scriptsincludes\Core\Core.php:235
actionadmin_enqueue_scriptsincludes\ImageSizes.php:133
filterafter_setup_themeincludes\ImageSizes.php:151
filterimage_size_names_chooseincludes\ImageSizes.php:154
filterintermediate_image_sizes_advancedincludes\ImageSizes.php:157
filterintermediate_image_sizesincludes\ImageSizes.php:160
filterbig_image_size_thresholdincludes\ImageSizes.php:163
actionadd_meta_boxesincludes\ImageSubsizes.php:64
actionadmin_enqueue_scriptsincludes\ImageSubsizes.php:65
actionadmin_footerincludes\ImageSubsizes.php:74
actioninitpages\AdminPage.php:285
actionadmin_menupages\AdminPage.php:286
actionwp_loadedpages\AdminPage.php:287
actionadmin_enqueue_scriptspages\AdminPage.php:288
Maintenance & Trust

Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJul 10, 2025
PHP min version7.0
Downloads7K

Community Trust

Rating0/100
Number of ratings0
Active installs600
Alternatives

Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes Alternatives

Enhanced Responsive Images

Enhanced Responsive Images

auto-sizes

A
100

Improvements for responsive images in WordPress.

50K No CVEs
Disable "BIG Image" Threshold

Disable "BIG Image" Threshold

disable-big-image-threshold

A
85

Disables the "BIG image" threshold introduced in WordPress 5.3.

10K No CVEs
Disable Media Sizes

Disable Media Sizes

disable-media-sizes

A
100

Provides options to disable the extra images generated by WordPress.

10K No CVEs
Lazy Loader

Lazy Loader

lazy-loading-responsive-images

A
92

Lazy loading plugin that supports images, iFrames, video and audio elements and uses the lightweight lazysizes script. With manual modification of the &hellip;

10K No CVEs
Smart Image Resize – Make WooCommerce Images the Same Size

Smart Image Resize – Make WooCommerce Images the Same Size

smart-image-resize

A
100

Automatically make WooCommerce product images the same size. Perfect for messy grids, works with existing photos, no cropping.

8K No CVEs
Developer Profile

Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes Developer Profile

GrandPlugins

20 plugins · 9K total installs

74
trust score
Avg Security Score
93/100
Avg Patch Time
160 days
View full developer profile
Detection Fingerprints

How We Detect Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes