WP-Safety

Instant Images – One-click Image Uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy Security & Risk Analysis

wordpress.org/plugins/instant-images

One-click uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy directly to your WordPress media library.

200K active installs v7.1.0.1 PHP + WP 6.0+ Updated Feb 13, 2026
free-imagesmedia-librarypixabaystock-photosunsplash
98
A · Safe
CVEs total3
Unpatched0
Last CVEJan 29, 2024
Plugin page Download
Safety Verdict

Is Instant Images – One-click Image Uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy Safe to Use in 2026?

Generally Safe

Score 98/100

Instant Images – One-click Image Uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Jan 29, 2024Updated 1mo ago
Risk Assessment

The plugin 'instant-images' v7.1.0.1 exhibits a mixed security posture. On the positive side, the static analysis reveals no apparent direct attack vectors through common entry points like AJAX handlers, REST API routes, or shortcodes without authentication. The code also demonstrates good practices by using prepared statements for all SQL queries and a relatively high percentage of output escaping. However, several concerning signals exist. The absence of nonce checks across the board is a significant oversight, especially when combined with two capability checks that might be insufficient on their own if not properly implemented. The plugin also makes three external HTTP requests, which, without further analysis, could potentially be exploited for SSRF or other network-related attacks. The vulnerability history is a major red flag. With three known CVEs, including one high and two medium severity vulnerabilities, and a recent one in January 2024, it suggests a pattern of security weaknesses. These past vulnerabilities, including Missing Authorization, SSRF, and XSS, indicate recurring issues that may not be fully addressed or might point to fundamental flaws in the development process.

Key Concerns

  • No nonce checks detected
  • External HTTP requests detected
  • History of high severity vulnerabilities (1)
  • History of medium severity vulnerabilities (2)
  • Output escaping is not 100%
Vulnerabilities
3

Instant Images – One-click Image Uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
1 CVE in 2023
2023
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

High
1
Medium
2

3 total CVEs

CVE-2024-0869high · 8.8Missing Authorization

Instant Images <= 6.1.0 - Authenticated (Author+) Arbitrary Options Update

Jan 29, 2024 Patched in 6.1.1 (94d)
CVE-2023-27451medium · 5.4Server-Side Request Forgery (SSRF)

Instant Images <= 5.1.0.1 - Authenticated (Author+) Server-Side Request Forgery via instant_images_download

Mar 2, 2023 Patched in 5.1.0.2 (327d)
CVE-2021-24334medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Instant Images – One Click Unsplash, Pixabay and Pexels Uploads <= 4.4.0 - Authenticated Stored Cross-Site Scripting

May 17, 2021 Patched in 4.4.0.1 (981d)
Code Analysis
Analyzed Mar 16, 2026

Instant Images – One-click Image Uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
18
84 escaped
Nonce Checks
0
Capability Checks
2
File Operations
0
External Requests
3
Bundled Libraries
0

Output Escaping

82% escaped102 total outputs
Attack Surface

Instant Images – One-click Image Uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 15
actionadmin_menuadmin\admin.php:41
actionadmin_enqueue_scriptsadmin\admin.php:73
actionadmin_enqueue_scriptsadmin\admin.php:83
filtermedia_upload_tabsadmin\admin.php:157
filtermedia_buttonsadmin\admin.php:173
actionmedia_upload_instant_img_tabadmin\admin.php:186
filteradmin_footer_textadmin\admin.php:225
actionadmin_initadmin\includes\settings.php:130
actionrest_api_initapi\download.php:10
actionrest_api_initapi\license.php:10
actionrest_api_initapi\settings.php:10
actionrest_api_initapi\test.php:10
actionenqueue_block_editor_assetsinstant-images.php:40
actionwp_enqueue_mediainstant-images.php:41
actioninitinstant-images.php:42
Maintenance & Trust

Instant Images – One-click Image Uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 13, 2026
PHP min version
Downloads2.9M

Community Trust

Rating96/100
Number of ratings59
Active installs200K
Alternatives

Instant Images – One-click Image Uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy Alternatives

Instant Image Generator (AI Image by Gemini, Dall-E and One Click Image from Unsplash, Openverse, Pixabay, Pexels, Giphy)

Instant Image Generator (AI Image by Gemini, Dall-E and One Click Image from Unsplash, Openverse, Pixabay, Pexels, Giphy)

ai-image

A
97

Search millions of stock photos, generate AI images with OpenAI & Gemini, browse GIFs, and import directly to your Media Library.

1K 1 CVE
Image Hub – Free Images from Unsplash, Pixabay, Pexels, Openverse & Giphy

Image Hub – Free Images from Unsplash, Pixabay, Pexels, Openverse & Giphy

image-hub

A
100

Access and manage royalty-free images from Unsplash, Pixabay, Pexels, Openverse & Giphy without leaving your WordPress dashboard.

10K No CVEs
Dreamstime Stock Photos

Dreamstime Stock Photos

dreamstime-stock-photos

A
91

Stock Photos by Dreamstime: Easily search and insert images into your posts and pages from Dreamstime's vast database of Free and Royalty-Free st &hellip;

200 1 CVE
Media Library Unsplash

Media Library Unsplash

media-library-unsplash

A
92

Easily add Unsplash photographs to your website instantly without ever leaving WordPress!

70 No CVEs
EB Openverse Block

EB Openverse Block

eb-openverse-block

A
92

Easily search & use royalty free images, stock photos, CC-licensed images from Openverse for your website.

20 No CVEs
Developer Profile

Instant Images – One-click Image Uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy Developer Profile

connekthq

3 plugins · 200K total installs

71
trust score
Avg Security Score
89/100
Avg Patch Time
467 days
View full developer profile
Detection Fingerprints

How We Detect Instant Images – One-click Image Uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/instant-images/css/instant-images.css/wp-content/plugins/instant-images/js/instant-images.js
Script Paths
/wp-content/plugins/instant-images/js/instant-images.js
Version Parameters
instant-images/css/instant-images.css?ver=instant-images/js/instant-images.js?ver=

HTML / DOM Fingerprints

CSS Classes
instant-images-downloadinstant-images-modalinstant-images-modal-contentinstant-images-modal-closeinstant-images-searchinstant-images-search-inputinstant-images-providerinstant-images-provider-logo+3 more
HTML Comments
<!-- Instant Images plugin --><!-- End Instant Images plugin -->
Data Attributes
data-instant-images-providerdata-instant-images-modal-triggerdata-instant-images-search-provider
JS Globals
InstantImagesinstantImages
REST Endpoints
/wp-json/instant-images/v1/search/wp-json/instant-images/v1/download/wp-json/instant-images/v1/settings/wp-json/instant-images/v1/license
FAQ

Frequently Asked Questions about Instant Images – One-click Image Uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy