Does ImageLinks – Interactive Image Builder have any unpatched vulnerabilities?

No. All known vulnerabilities in ImageLinks – Interactive Image Builder have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is ImageLinks – Interactive Image Builder compatible with WordPress 6.5.8?

According to WordPress.org data, ImageLinks – Interactive Image Builder 1.6.1 has been tested up to WordPress 6.5.8. Check the plugin's changelog for the latest compatibility information.

Is ImageLinks – Interactive Image Builder compatible with PHP 7.0+?

ImageLinks – Interactive Image Builder requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is ImageLinks – Interactive Image Builder updated?

ImageLinks – Interactive Image Builder was last updated on Aug 8, 2025. Frequent updates are generally a positive security signal.

What is ImageLinks – Interactive Image Builder's security score?

ImageLinks – Interactive Image Builder has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ImageLinks – Interactive Image Builder Security & Risk Analysis

wordpress.org/plugins/imagelinks-interactive-image-builder-lite

Create Interactive Images for Your Site That Empowers Publishers and Bloggers

2K active installs v1.6.1 PHP 7.0+ WP 4.6+ Updated Aug 8, 2025

floor-mapinfographicsinteractive-imageproduct-map

A · Safe

CVEs total3

Unpatched0

Last CVEOct 29, 2023

Plugin page Download

Safety Verdict

Is ImageLinks – Interactive Image Builder Safe to Use in 2026?

Generally Safe

Score 98/100

ImageLinks – Interactive Image Builder has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Oct 29, 2023Updated 7mo ago

Risk Assessment

The imagelinks-interactive-image-builder-lite plugin, version 1.6.1, exhibits a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries, a high percentage of properly escaped output, and a significant number of nonce and capability checks, several concerning signals are present. The presence of 10 instances of the `unserialize` function is a notable risk, as it can lead to Remote Code Execution if used with unsanitized input. Additionally, the taint analysis revealed one flow with an unsanitized path, indicating a potential weakness in input validation, although it was not classified as critical or high severity. The plugin's vulnerability history is a significant concern, with three known CVEs, including one high and two medium severity vulnerabilities. The common types of these past vulnerabilities, SQL Injection and Cross-site Scripting, suggest recurring issues with how user input is handled. The fact that the last vulnerability was recorded recently (October 2023) and is currently unpatched is particularly alarming. Although no unpatched vulnerabilities are currently listed, the historical pattern of exploitable flaws, coupled with the dangerous function `unserialize` and the taint flow, warrants caution. Overall, while some security fundamentals are in place, the plugin carries inherent risks due to its past vulnerability record and specific code signals like the extensive use of `unserialize` and the presence of unsanitized input flows.

Key Concerns

Known CVEs present
Dangerous function 'unserialize' used
Unsanitized path flow detected

Vulnerabilities

ImageLinks – Interactive Image Builder Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

1 CVE in 2022

2022

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

High

Medium

3 total CVEs

CVE-2023-46823high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ImageLinks <= 1.5.4 - Authenticated (Admin+) SQL Injection

Oct 29, 2023 Patched in 1.6.0 (86d)

CVE-2022-4393medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ImageLinks Interactive Image Builder for WordPress <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 16, 2022 Patched in 1.5.4 (403d)

WF-112564b7-bf3c-4c17-8113-e05ab75edf6a-imagelinks-interactive-image-builder-litemedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ImageLinks Interactive Image Builder <= 1.5.2 - Reflected Cross-Site Scripting

Oct 11, 2021 Patched in 1.5.3 (834d)

Code Analysis

Analyzed Mar 16, 2026

ImageLinks – Interactive Image Builder Code Analysis

Dangerous Functions

Raw SQL Queries

36 prepared

Unescaped Output

65 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$itemData = unserialize($item->data);includes\page-preview.php:13

unserialize$itemData = unserialize($item->data);includes\plugin.php:238

unserialize$itemData = unserialize($item->data);includes\plugin.php:452

unserialize$itemConfig = unserialize($item->config);includes\plugin.php:454

unserialize$globals['settings'] = json_encode(unserialize($settings_value));includes\plugin.php:570

unserialize$globals['config'] = json_encode(unserialize($item->data));includes\plugin.php:581

unserialize$globals['config'] = json_encode(unserialize($settings_value));includes\plugin.php:629

unserialize$itemData = unserialize($item->data);includes\plugin.php:658

unserialize$data['item'] = unserialize(get_post_meta( $id, 'imgl-meta-imagelinks-cfg', true));includes\plugin.php:1920

unserialize$json = unserialize(get_post_meta($item->ID, 'imgl-meta-imagelinks-cfg', true));includes\plugin.php:2027

SQL Query Safety

100% prepared36 total queries

Output Escaping

90% escaped72 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths

prepare_items (includes\list-table-items.php:208)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

ImageLinks – Interactive Image Builder Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 8

actionplugins_loadedimagelinks.php:51

actioninitimagelinks.php:67

actionadmin_menuincludes\plugin.php:44

actionadmin_noticesincludes\plugin.php:45

actionwp_loadedincludes\plugin.php:46

filterquery_varsincludes\plugin.php:65

actioninitincludes\plugin.php:66

actiontemplate_redirectincludes\plugin.php:67

Maintenance & Trust

ImageLinks – Interactive Image Builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8

Last updatedAug 8, 2025

PHP min version7.0

Downloads45K

Community Trust

Rating78/100

Number of ratings9

Active installs2K

Alternatives

ImageLinks – Interactive Image Builder Alternatives

Vision – Interactive Image Map Builder

vision

Empower your site with interactive visuals! Our plugin seamlessly transforms static images into engaging media, enabling publishers and bloggers.

2K 3 CVEs

Interactive Image Map Plugin – Draw Attention

draw-attention

Create interactive images with clickable hotspots, using modern image maps for WordPress. Perfect for floor plans, infographics, maps, and more.

20K 2 CVEs

Interactive Image Map Builder

interactive-image-map-builder

100

Clickable hotspots can be easily created with this plugin. A great way to display image maps, floor plans, and more.

1K 1 CVE

Image Map Connect – Display Posts as Image Hotspots

image-map-connect

Add any image to your WordPress posts, pages, or archives and make it interactive: display your existing and new posts as markers.

100 No CVEs

Venngage Infographics

venngage

Create and embed your Venngage infographics, charts and data visualizations into your WordPress site

100 No CVEs

Developer Profile

ImageLinks – Interactive Image Builder Developer Profile

Avirtum

6 plugins · 11K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

324 days

View full developer profile

Detection Fingerprints

How We Detect ImageLinks – Interactive Image Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/imagelinks-interactive-image-builder-lite/assets/css/preview.min.css/wp-content/plugins/imagelinks-interactive-image-builder-lite/assets/js/loader.min.js/wp-content/plugins/imagelinks-interactive-image-builder-lite/assets/css/font-awesome.min.css/wp-content/plugins/imagelinks-interactive-image-builder-lite/assets/js/lib/imagelinks/imagelinks-effects.min.css

Version Parameters

imagelinks-interactive-image-builder-lite/assets/css/preview.min.css?ver=imagelinks-interactive-image-builder-lite/assets/js/loader.min.js?ver=imagelinks-interactive-image-builder-lite/assets/css/font-awesome.min.css?ver=imagelinks-interactive-image-builder-lite/assets/js/lib/imagelinks/imagelinks-effects.min.css?ver=

HTML / DOM Fingerprints

CSS Classes

imgl-map-wrapimgl-mapimgl-map-imgl-pinimgl-pin-imgl-pin-pulseimgl-pin-dataimgl-ico-wrap+4 more

HTML Comments

+2 more

Data Attributes

data-json-srcdata-item-iddata-id

JS Globals

imagelinks_globalsIMAGELINKS_PLUGIN_PLANIMAGELINKS_PLUGIN_UPLOAD_URL

Shortcode Output

[imagelinks]

FAQ