Does ImageX have any unpatched vulnerabilities?

No. All known vulnerabilities in ImageX have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is ImageX compatible with WordPress 6.9.4?

According to WordPress.org data, ImageX 1.1.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is ImageX compatible with PHP 7.0.0+?

ImageX requires PHP 7.0.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is ImageX updated?

ImageX was last updated on Unknown. Frequent updates are generally a positive security signal.

What is ImageX's security score?

ImageX has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ImageX Security & Risk Analysis

wordpress.org/plugins/imagex

使用火山引擎图片服务（ImageX）作为附件存储空间。（This is a plugin that uses VolcEngine ImageX for attachments remote saving.）

10 active installs v1.1.2 PHP 7.0.0+ WP 4.6+ Updated Unknown

byteoc%e7%81%ab%e5%b1%b1%e5%bc%95%e6%93%8eimagexvolcengine%e5%ad%97%e8%8a%82%e8%b7%b3%e5%8a%a8

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is ImageX Safe to Use in 2026?

Generally Safe

Score 100/100

ImageX has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The 'imagex' plugin v1.1.2 exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The absence of any recorded CVEs, along with a complete lack of critical or high-severity findings in taint analysis, is a significant positive indicator. The plugin also demonstrates good practices by not exposing a large attack surface with unprotected entry points and by incorporating capability checks in its code.

However, there are a few areas that warrant attention. The presence of SQL queries that are not using prepared statements presents a potential risk for SQL injection vulnerabilities. While the taint analysis did not identify unsanitized paths leading to these queries, the practice itself is considered insecure and can be exploited if malicious input bypasses other sanitization layers. Additionally, the 74% output escaping rate means that a quarter of the outputs are not properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is not handled carefully in those instances.

In conclusion, 'imagex' v1.1.2 appears to be a relatively secure plugin, especially given its clean vulnerability history. The lack of known exploits and the controlled attack surface are commendable. Nevertheless, the identified areas for improvement, specifically raw SQL queries and incomplete output escaping, should be addressed to further harden the plugin's security and mitigate potential risks.

Key Concerns

SQL queries not using prepared statements
Unescaped output present (26%)

Vulnerabilities

None known

ImageX Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

ImageX Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

28 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Guzzle

SQL Query Safety

0% prepared2 total queries

Output Escaping

74% escaped38 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

imagex_setting_page (imagex.php:422)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

ImageX Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 9

filterwp_handle_uploadimagex.php:186

filterwp_generate_attachment_metadataimagex.php:251

actiondelete_attachmentimagex.php:292

filterwp_get_attachment_urlimagex.php:303

filtersanitize_file_nameimagex.php:318

filterplugin_action_linksimagex.php:379

filterthe_contentimagex.php:381

filterpost_thumbnail_htmlimagex.php:398

actionadmin_menuimagex.php:420

Maintenance & Trust

ImageX Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedUnknown

PHP min version7.0.0

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

ImageX Alternatives

No alternatives data available yet.

Developer Profile

ImageX Developer Profile

沈唁

13 plugins · 4K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

143 days

View full developer profile

Detection Fingerprints

How We Detect ImageX

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/imagex/sdk/vendor/autoload.php

Version Parameters

imagex/style.css?ver=

HTML / DOM Fingerprints

FAQ