WP-Safety

Image Source by Image ID Security & Risk Analysis

wordpress.org/plugins/image-source-by-id

Get Image URL with different size Options by Image ID.

10 active installs v1.0.4 PHP 5.6+ WP 4.0+ Updated Unknown
image-idimage-source-by-image-idimg-srcimg-src-by-idimg-src-by-image-id
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Image Source by Image ID Safe to Use in 2026?

Generally Safe

Score 100/100

Image Source by Image ID has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The "image-source-by-id" plugin, version 1.0.4, demonstrates a mixed security posture. On the positive side, it has no known historical vulnerabilities (CVEs), uses prepared statements exclusively for SQL queries, and generally implements good practices regarding file operations and external HTTP requests. The presence of nonce and capability checks for most AJAX handlers is also a strength.

However, concerns arise from the static analysis. The plugin has a notable attack surface with 8 AJAX handlers, 2 of which lack authentication checks. Furthermore, taint analysis reveals 3 flows with unsanitized paths, although these are not classified as critical or high severity. The output escaping is also a point of concern, with only 74% of outputs being properly escaped, leaving potential for XSS vulnerabilities if the unsanitized data reaches critical output points.

Given the absence of historical vulnerabilities and the use of prepared statements, the plugin's immediate risk appears moderate. The primary risks stem from the unprotected AJAX handlers and the unsanitized paths identified in the taint analysis, coupled with the incomplete output escaping. These areas require attention to further harden the plugin's security.

Key Concerns

  • Unprotected AJAX handlers
  • Flows with unsanitized paths
  • Incomplete output escaping
Vulnerabilities
None known

Image Source by Image ID Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Image Source by Image ID Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
54
153 escaped
Nonce Checks
6
Capability Checks
5
File Operations
0
External Requests
4
Bundled Libraries
0

Output Escaping

74% escaped207 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths
image_src_by_id (Inc\Classes\JLT_Image_Source.php:29)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Image Source by Image ID Attack Surface

Entry Points8
Unprotected2

AJAX Handlers 8

authwp_ajax_jlt_image_source_id_deactivation_surveyInc\Classes\Feedback.php:29
authwp_ajax_image_src_by_idInc\Classes\JLT_Image_Source.php:12
noprivwp_ajax_image_src_by_idInc\Classes\JLT_Image_Source.php:13
authwp_ajax_jlt_image_source_id_notification_actionInc\Classes\Notifications\Notifications.php:40
authwp_ajax_jlt_image_source_id_subscribeInc\Classes\Notifications\Subscribe.php:26
authwp_ajax_jlt_image_source_id_allow_collectInc\Classes\Notifications\What_We_Collect.php:27
authwp_ajax_jlt_image_source_id_recommended_upgrade_pluginLibs\Recommended.php:43
authwp_ajax_jlt_image_source_id_recommended_activate_pluginLibs\Recommended.php:44
WordPress Hooks 15
actionplugins_loadedclass-image-source-by-id.php:48
filteradmin_body_classclass-image-source-by-id.php:50
actionadmin_enqueue_scriptsInc\Classes\Feedback.php:27
actionadmin_footerInc\Classes\Feedback.php:28
actionadmin_menuInc\Classes\JLT_Image_Source.php:9
actionadmin_noticesInc\Classes\Notifications\Notifications.php:35
actionjlt_image_source_id_display_noticeInc\Classes\Notifications\Notifications.php:37
actionjlt_image_source_id_display_popupInc\Classes\Notifications\Notifications.php:38
actionjlt_image_source_id_sheet_promo_data_resetInc\Classes\Notifications\Upgrade_Notice.php:26
actionadmin_footerInc\Classes\Pro_Upgrade.php:47
actionwp_dashboard_setupInc\Classes\Pro_Upgrade.php:49
actionadmin_enqueue_scriptsLibs\Assets.php:25
filterinstall_plugins_table_api_args_featuredLibs\Featured.php:23
filterplugins_api_resultLibs\Featured.php:33
actionadmin_menuLibs\Recommended.php:42
Maintenance & Trust

Image Source by Image ID Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8
Last updatedUnknown
PHP min version5.6
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Image Source by Image ID Alternatives

No alternatives data available yet.

Developer Profile

Image Source by Image ID Developer Profile

Liton Arefin

45 plugins · 43K total installs

83
trust score
Avg Security Score
93/100
Avg Patch Time
63 days
View full developer profile
Detection Fingerprints

How We Detect Image Source by Image ID

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/image-source-by-id/assets/css/plugin-survey.css

HTML / DOM Fingerprints

CSS Classes
jltimgsrc-deactivate-survey-overlayjltimgsrc-deactivate-survey-modaljltimgsrc-deactivate-survey-headerjltimgsrc-deactivate-infojltimgsrc-deactivate-content-wrapperjltimgsrc-deactivate-form-wrapperjltimgsrc-deactivate-input-wrapperjltimgsrc-deactivate-feedback-dialog-input+2 more
JS Globals
jlt_image_source_id_deactivation_nonce
REST Endpoints
/wp-json/image-source-by-id/v1/deactivation-survey
FAQ

Frequently Asked Questions about Image Source by Image ID