Does Images to Posts have any unpatched vulnerabilities?

No. All known vulnerabilities in Images to Posts have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Images to Posts compatible with WordPress 5.0.25?

According to WordPress.org data, Images to Posts 3.7 has been tested up to WordPress 5.0.25. Check the plugin's changelog for the latest compatibility information.

How often is Images to Posts updated?

Images to Posts was last updated on Jan 5, 2019. Frequent updates are generally a positive security signal.

What is Images to Posts's security score?

Images to Posts has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Images to Posts Security & Risk Analysis

wordpress.org/plugins/images-to-posts

Bulk upload images to automatically create posts / custom posts with featured images. Updated from mezzaninegold's version

70 active installs v3.7 PHP + WP 3.0.0+ Updated Jan 5, 2019

artistsfeaturedimagesphotographersposts

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Images to Posts Safe to Use in 2026?

Generally Safe

Score 85/100

Images to Posts has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The "images-to-posts" plugin v3.7 exhibits a generally good security posture based on the provided static analysis and vulnerability history. The absence of known vulnerabilities, coupled with the zero count of critical and high severity taint flows, suggests a well-maintained codebase. The plugin also demonstrates positive security practices such as exclusively using prepared statements for SQL queries and implementing a nonce check, which helps protect against CSRF attacks. However, a significant concern arises from the low rate of output escaping (8%). This means that a substantial portion of data output by the plugin might not be properly sanitized, potentially leading to cross-site scripting (XSS) vulnerabilities if user-supplied data is not handled carefully before being displayed. While the attack surface appears limited with no apparent unprotected entry points, this low output escaping rate represents the most significant immediate risk.

Key Concerns

Low output escaping rate (8%)

Vulnerabilities

None known

Images to Posts Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Images to Posts Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

8% escaped13 total outputs

Attack Surface

Images to Posts Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

actionplugins_loadedbulk-images-to-posts.php:16

actionadmin_initbulk-images-to-posts.php:25

actionadmin_noticesbulk-images-to-posts.php:49

actionadmin_menubulk-images-to-posts.php:54

actionadmin_initbulk-images-to-posts.php:77

Maintenance & Trust

Images to Posts Maintenance & Trust

Maintenance Signals

WordPress version tested5.0.25

Last updatedJan 5, 2019

PHP min version

Downloads2K

Community Trust

Rating100/100

Number of ratings1

Active installs70

Alternatives

Images to Posts Alternatives

Bulk Images to Posts

bulk-images-to-posts

Bulk upload images to automatically create posts / custom posts with featured images.

1K No CVEs

Recent & Featured Posts Widget

recent-featured-posts-widget

Display recent posts or manually selected posts with thumbnail images. Show the excerpt directly on the page or as a dropdown.

600 No CVEs

Random Post with ajax

random-post-ajax

Combining beauty and efficiency to display random posts

30 No CVEs

Post Featured Image

post-featured-image

100

Enables Post Thumbnails support.

10 No CVEs

Sky Remove Attached Files And Featured Images Automatically

sky-remove-attached-files-and-featured-images-automatically

Automatically eliminate attached media from posts and featured images uploaded via Media button.

10 No CVEs

Developer Profile

Images to Posts Developer Profile

1 plugin · 70 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Images to Posts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/images-to-posts/css/style.css/wp-content/plugins/images-to-posts/js/script.js/wp-content/plugins/images-to-posts/js/dropzone.js

Script Paths

js/script.jsjs/dropzone.js

Version Parameters

images-to-posts/style.css?ver=images-to-posts/script.js?ver=images-to-posts/dropzone.js?ver=

HTML / DOM Fingerprints

CSS Classes

categorydivcategorychecklistbip-dropzonebip-upload-formbip-settings-form

Data Attributes

id="bip-upload-form"id="bip-settings-form"name="bip_post_status"id="bip-post-status"name="bip_post_type"name="bip_image_title"+4 more

FAQ