Does IMGspider – 图片采集抓取插件 have any unpatched vulnerabilities?

Yes — IMGspider – 图片采集抓取插件 currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is IMGspider – 图片采集抓取插件 compatible with WordPress 6.8.5?

According to WordPress.org data, IMGspider – 图片采集抓取插件 2.3.12 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is IMGspider – 图片采集抓取插件 updated?

IMGspider – 图片采集抓取插件 was last updated on Sep 15, 2025. Frequent updates are generally a positive security signal.

What is IMGspider – 图片采集抓取插件's security score?

IMGspider – 图片采集抓取插件 has a WP-Safety security score of 68/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

IMGspider – 图片采集抓取插件 Security & Risk Analysis

wordpress.org/plugins/imgspider

IMGspider（图片蜘蛛）是一款用于WordPress文章图片抓取的WordPress插件，支持JPG, JPEG, PNG, GIF, BMP, TIF等常见图片爬取下载，实现一键抓取文章内容所有引用图片到本地服务器。 Pro版本是在原有的IMGspider图片采集插件基础上，进行全新的功能扩 …

2K active installs v2.3.12 PHP + WP 6.0+ Updated Sep 15, 2025

%e5%9b%be%e7%89%87%e7%88%ac%e5%8f%96%e5%9b%be%e7%89%87%e8%9c%98%e8%9b%9b%e5%9b%be%e7%89%87%e8%bf%9c%e7%a8%8b%e4%b8%8b%e8%bd%bd%e5%9b%be%e7%89%87%e4%b8%8b%e8%bd%bd%e5%9b%be%e7%89%87%e4%bb%a3%e7%90%86%e4%b8%8b%e8%bd%bd

C · Use Caution

CVEs total3

Unpatched1

Last CVEJan 6, 2026

Plugin page Download

Safety Verdict

Is IMGspider – 图片采集抓取插件 Safe to Use in 2026?

Use With Caution

Score 68/100

IMGspider – 图片采集抓取插件 has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

3 known CVEs 1 unpatched Last CVE: Jan 6, 2026Updated 6mo ago

Risk Assessment

The imgspider plugin exhibits a mixed security posture. On the positive side, the static analysis reveals a minimal attack surface of unprotected entry points, robust use of prepared statements for SQL queries, and a high rate of proper output escaping. This suggests developers are generally aware of and implementing some good security practices. However, there are significant concerns highlighted by the vulnerability history and taint analysis. The plugin has a history of three known CVEs, with one currently unpatched and two classified as high severity. The common vulnerability types, Server-Side Request Forgery (SSRF) and Unrestricted Upload of File with Dangerous Type, are particularly serious and can lead to severe system compromise. The taint analysis also indicates a flow with unsanitized paths, which, while not classified as critical or high in this specific scan, is a strong indicator of potential vulnerabilities, especially in conjunction with the plugin's past issues.

The presence of an unpatched high-severity vulnerability is a critical red flag. Coupled with the recurring nature of dangerous vulnerability types, this suggests a pattern of insecure coding practices that have led to exploitable flaws. While the current static analysis doesn't reveal critical issues in the analyzed code paths, the historical context strongly implies that latent vulnerabilities or vulnerabilities in unanalyzed code could exist or reappear. Therefore, despite some positive aspects in the static analysis, the overall risk associated with imgspider v2.3.12 is substantial due to the unpatched critical vulnerability and the historical patterns of severe security flaws.

Key Concerns

Unpatched CVE (High Severity)
Taint flow with unsanitized paths
Historical SSRF vulnerabilities
Historical Unrestricted Upload vulnerabilities

Vulnerabilities

IMGspider – 图片采集抓取插件 Security Vulnerabilities

CVEs by Year

2 CVEs in 2024

2024

1 CVE in 2026 · unpatched

2026

Patched Has unpatched

Severity Breakdown

High

Medium

3 total CVEs

CVE-2026-22482medium · 6.4Server-Side Request Forgery (SSRF)

IMGspider <= 2.3.12 - Authenticated (Contributor+) Server-Side Request Forgery

Jan 6, 2026Unpatched

CVE-2024-6318high · 8.8Unrestricted Upload of File with Dangerous Type

IMGspider <= 2.3.10 - Authenticated (Contributor+) Arbitrary File Upload via 'upload_img_file'

Jul 3, 2024 Patched in 2.3.11 (1d)

CVE-2024-6319high · 8.8Unrestricted Upload of File with Dangerous Type

IMGspider <= 2.3.10 - Authenticated (Contributor+) Arbitrary File Upload via 'upload'

Jul 3, 2024 Patched in 2.3.11 (1d)

Code Analysis

Analyzed Mar 16, 2026

IMGspider – 图片采集抓取插件 Code Analysis

Dangerous Functions

Raw SQL Queries

9 prepared

Unescaped Output

69 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

82% prepared11 total queries

Output Escaping

96% escaped72 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<post.class> (classes\post.class.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

IMGspider – 图片采集抓取插件 Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_wb_scrapy_imageclasses\ajax.class.php:9

authwp_ajax_wb_scrapy_imageclasses\ajax.class.php:10

WordPress Hooks 22

actionadmin_menuclasses\conf.class.php:44

actionadmin_enqueue_scriptsclasses\conf.class.php:45

filterplugin_action_linksclasses\conf.class.php:46

filterplugin_row_metaclasses\conf.class.php:47

actionadmin_noticesclasses\conf.class.php:48

filterstyle_loader_tagclasses\conf.class.php:224

filterscript_loader_tagclasses\conf.class.php:252

actionwb_imgspy_watermark_imageclasses\image.class.php:412

actioninitclasses\image.class.php:418

filterwp_get_attachment_metadataclasses\image.class.php:434

filterwp_generate_attachment_metadataclasses\image.class.php:455

filterwp_generate_attachment_metadataclasses\image.class.php:457

actioninitclasses\imgspy.admin.php:21

actionmedia_buttonsclasses\imgspy.admin.php:26

actionadmin_head-post.phpclasses\imgspy.admin.php:28

actionadmin_head-post-new.phpclasses\imgspy.admin.php:29

actionadmin_headclasses\imgspy.admin.php:31

actionsave_postclasses\imgspy.admin.php:32

actionwb_imgspy_auto_save_imageclasses\imgspy.admin.php:40

filterbig_image_size_thresholdclasses\imgspy.admin.php:187

filtermce_external_pluginsclasses\imgspy.admin.php:315

filterupload_mimesclasses\post.class.php:94

Scheduled Events 2

wb_imgspy_watermark_image

wb_imgspy_auto_save_image

Maintenance & Trust

IMGspider – 图片采集抓取插件 Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedSep 15, 2025

PHP min version

Downloads57K

Community Trust

Rating90/100

Number of ratings2

Active installs2K

Alternatives

IMGspider – 图片采集抓取插件 Alternatives

No alternatives data available yet.

Developer Profile

IMGspider – 图片采集抓取插件 Developer Profile

wbolt.com

11 plugins · 17K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

202 days

View full developer profile

Detection Fingerprints

How We Detect IMGspider – 图片采集抓取插件

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/imgspider/setting/assets/js/chunk-vendors.js/wp-content/plugins/imgspider/setting/assets/js/app.js/wp-content/plugins/imgspider/assets/wbp_setting.css/wp-content/plugins/imgspider/setting/assets/css/chunk-vendors.css

Script Paths

setting/assets/js/chunk-vendors.jssetting/assets/js/app.js

Version Parameters

imgspider/style.css?ver=setting/assets/js/chunk-vendors.js?ver=setting/assets/js/app.js?ver=assets/wbp_setting.css?ver=setting/assets/css/chunk-vendors.css?ver=

HTML / DOM Fingerprints

CSS Classes

wbp-img-scrapy

Data Attributes

data-vue-app

JS Globals

wb_ajaxurlwb_vue_pathimgspider_verwb_cnfpost_typespost_status+1 more

FAQ