WP-Safety

Image Studio Security & Risk Analysis

wordpress.org/plugins/image-studio

WP Image Studio helps you create beautiful, sharable images for social media and images for ads.

0 active installs v1.3.1 PHP 5.2.4+ WP 3.0.1+ Updated Jun 19, 2019
advertisingimagessocial-media
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Image Studio Safe to Use in 2026?

Generally Safe

Score 85/100

Image Studio has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago
Risk Assessment

The "image-studio" plugin v1.3.1 exhibits a mixed security posture. While it demonstrates good practices in SQL query handling by exclusively using prepared statements and has no recorded vulnerability history, significant concerns arise from its attack surface. Two AJAX handlers are present, and critically, neither includes authentication checks, presenting a direct pathway for unauthorized execution. Furthermore, the presence of two "flows with unsanitized paths" in the taint analysis, although not classified as critical or high severity in this specific analysis, indicates a potential for path traversal or directory manipulation vulnerabilities if these flows interact with user-supplied input without proper sanitization. The use of the `ini_set` function, while not inherently insecure, warrants caution as it can be misused to alter PHP configurations, potentially leading to unintended consequences if not handled carefully. Overall, the lack of authorization on entry points is the most pressing issue, overshadowing the plugin's strengths in other areas.

Key Concerns

  • AJAX handlers without authentication checks
  • Flows with unsanitized paths
  • Use of dangerous function ini_set
  • Outputs not properly escaped
Vulnerabilities
None known

Image Studio Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Image Studio Release Timeline

No version history available.
Code Analysis
Analyzed Apr 16, 2026

Image Studio Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
0 prepared
Unescaped Output
6
9 escaped
Nonce Checks
1
Capability Checks
2
File Operations
3
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

ini_setini_set('memory_limit', '400M');modules/hooks.php:950
ini_setini_set('memory_limit', '400M');modules/hooks.php:975

Output Escaping

60% escaped15 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
test_image (modules/hooks.php:1069)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Image Studio Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_edit_post_fieldmodules/ajax.php:3
noprivwp_ajax_edit_post_fieldmodules/ajax.php:4
WordPress Hooks 8
actionplugins_loadedimage-studio.php:30
actioncheck_edited_imagesimage-studio.php:57
filterwpseo_opengraph_imagemodules/hooks.php:1123
filterwpseo_twitter_imagemodules/hooks.php:1182
actionadd_meta_boxesmodules/meta_box.php:15
actionsave_postmodules/meta_box.php:16
actionwp_print_scriptsmodules/scripts.php:15
actionadmin_menumodules/settings.php:33

Scheduled Events 1

check_edited_images
Maintenance & Trust

Image Studio Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24
Last updatedJun 19, 2019
PHP min version5.2.4
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Image Studio Alternatives

Image SEO – AI-Driven Image SEO Optimizer

Image SEO – AI-Driven Image SEO Optimizer

imageseo

A
99

Improve your images alt, title, captions and filenames for better SEO rankings.

1K 2 CVEs
AdRoll for WooCommerce Stores

AdRoll for WooCommerce Stores

adroll-for-woocommerce-stores-dev

A
92

Connect your WooCommerce store to AdRoll and run display, social media, and email campaigns — all on one platform.

600 No CVEs
MightyShare – Auto-Generated Social Media Images

MightyShare – Auto-Generated Social Media Images

mightyshare

A
92

Automatically generate social share preview images with MightyShare!

200 No CVEs
WP Image Importer

WP Image Importer

wp-image-importer

A
85

WP Image Importer plugin allows you to easily insert image into your wordpress post from facebook, flickr and pixabay

30 No CVEs
Dynamic Social Cards

Dynamic Social Cards

dynamic-social-cards

A
100

Generate beautiful social media cards for your WooCommerce products automatically. Improve social sharing with custom Open Graph images.

0 No CVEs
Developer Profile

Image Studio Developer Profile

insivia

2 plugins · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Image Studio

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/image-studio/inc/assets/css/tw-bs4.css/wp-content/plugins/image-studio/inc/fa/css/font-awesome.min.css/wp-content/plugins/image-studio/css/admin.css/wp-content/plugins/image-studio/css/ui.css/wp-content/plugins/image-studio/css/front.css
Script Paths
/wp-content/plugins/image-studio/inc/jscolor/jscolor.js/wp-content/plugins/image-studio/js/admin.js/wp-content/plugins/image-studio/js/front.js

HTML / DOM Fingerprints

Data Attributes
data-toggle="dropdown"data-target="#example-dropdown-5"
JS Globals
wig_local_data
FAQ

Frequently Asked Questions about Image Studio