Does Kama Thumbnail have any unpatched vulnerabilities?

Yes — Kama Thumbnail currently has 1 published unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Kama Thumbnail compatible with WordPress 6.1.10?

According to WordPress.org data, Kama Thumbnail 3.5.1 has been tested up to WordPress 6.1.10. Check the plugin's changelog for the latest compatibility information.

Is Kama Thumbnail compatible with PHP 7.1+?

Kama Thumbnail requires PHP 7.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Kama Thumbnail updated?

Kama Thumbnail was last updated on Mar 22, 2023. Frequent updates are generally a positive security signal.

What is Kama Thumbnail's security score?

Kama Thumbnail has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Kama Thumbnail Security & Risk Analysis

wordpress.org/plugins/kama-thumbnail

Creates post thumbnails on fly and cache the result. Auto-create of post thumbnails based on: WP post thumbnail OR first img in post content OR attach …

9K active installs v3.5.1 PHP 7.1+ WP 4.7+ Updated Mar 22, 2023

imagethumbnail

C · Use Caution

CVEs total1

Unpatched1

Last CVEJan 26, 2026

Plugin page Download

Safety Verdict

Is Kama Thumbnail Safe to Use in 2026?

Use With Caution

Score 63/100

Kama Thumbnail has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Jan 26, 2026Updated 3yr ago

Risk Assessment

The kama-thumbnail v3.5.1 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and has a small attack surface, with all identified entry points seemingly protected by authentication checks. The absence of dangerous functions and the presence of nonce and capability checks are also encouraging signs.

However, there are notable concerns. The taint analysis reveals two flows with unsanitized paths, which, despite not being classified as critical or high severity in this analysis, represent potential vulnerabilities if user-controlled data is involved. Furthermore, a significant portion (42%) of output is not properly escaped, increasing the risk of Cross-Site Scripting (XSS) vulnerabilities. The plugin also performs file operations and external HTTP requests, which can be vectors for attack if not handled securely.

The vulnerability history is a significant concern, with one unpatched medium severity CVE. The fact that the last vulnerability was in the future (2026-01-26) suggests this data may be fabricated or has a temporal inconsistency. However, if we consider the existence of an unpatched CVE, it indicates a recurring issue with security patching. The common vulnerability type of Cross-Site Request Forgery (CSRF) in its history, although not directly evident in the static analysis, suggests a past weakness in input validation or state-changing operations.

Key Concerns

Unpatched CVE exists
Unsanitized paths in taint flows
Significant unescaped output

Vulnerabilities

1 published

Kama Thumbnail Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched

2026

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2026-24521medium · 4.3Cross-Site Request Forgery (CSRF)

Kama Thumbnail <= 3.5.1 - Cross-Site Request Forgery

Jan 26, 2026Unpatched

Version History

Kama Thumbnail Release Timeline

v3.5.1Current1 CVE

v3.5.01 CVE

v3.4.21 CVE

v3.4.11 CVE

v3.4.01 CVE

v3.3.81 CVE

v3.3.71 CVE

v2.7.61 CVE

v2.7.21 CVE

v2.6.31 CVE

v2.6.01 CVE

v2.5.81 CVE

v2.5.11 CVE

v2.51 CVE

Code Analysis

Analyzed Mar 16, 2026

Kama Thumbnail Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

26 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

58% escaped45 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

_network_options_update_handler (classes\Options_Page.php:75)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Kama Thumbnail Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_ktclearcacheclasses\Options_Page.php:22

WordPress Hooks 15

actionkama_thumbnail_show_messageclasses\Helpers.php:74

actionadmin_noticesclasses\Helpers.php:79

actionswitch_blogclasses\Options.php:229

filterplugin_action_linksclasses\Options_Page.php:29

actionnetwork_admin_edit_kt_opt_upclasses\Options_Page.php:33

actiondelete_expired_transientsclasses\Options_Page.php:279

filterthe_contentclasses\WP_Integration.php:13

filterthe_content_rssclasses\WP_Integration.php:14

filtersave_postclasses\WP_Integration.php:18

actiondelete_attachmentclasses\WP_Integration.php:23

filterkama_thumb_srcfunctions.php:20

filterkama_thumb_imgfunctions.php:21

filterkama_thumb_a_imgfunctions.php:22

actionadmin_noticesfunctions.php:157

actioninitkama_thumbnail.php:87

Maintenance & Trust

Kama Thumbnail Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10

Last updatedMar 22, 2023

PHP min version7.1

Downloads120K

Community Trust

Rating94/100

Number of ratings15

Active installs9K

Alternatives

Kama Thumbnail Alternatives

Simple Image Sizes

simple-image-sizes

This plugin lets you create custom image sizes for your site. Override your theme sizes directly on the Media settings page, regenerate thumbnails, an …

60K 1 CVE

Auto Featured Image (Auto Post Thumbnail)

auto-post-thumbnail

Automatically generate, assign, and manage featured images in bulk so every post on your site has a featured image.

50K 6 CVEs

Quick Featured Images

quick-featured-images

The time-saving solution for managing tons of featured images within minutes: Set, replace and delete in bulk and set default images for future posts.

50K 3 CVEs

Crop-Thumbnails

crop-thumbnails

100

"Crop Thumbnails" made it easy to get exacly that specific image-detail you want to show in your featured image or gallery image.

40K No CVEs

Developer Profile

Kama Thumbnail Developer Profile

Timur Kamaev

5 plugins · 22K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

1448 days

View full developer profile

Detection Fingerprints

How We Detect Kama Thumbnail

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/kama-thumbnail/public/css/main.css/wp-content/plugins/kama-thumbnail/public/js/script.js

Script Paths

/wp-content/plugins/kama-thumbnail/public/js/script.js

Version Parameters

kama-thumbnail/public/css/main.css?ver=kama-thumbnail/public/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

kama-thumbnail

HTML Comments

+2 more

Data Attributes

data-kama-thumbnail-iddata-kama-thumbnail-srcdata-kama-thumbnail-srcsetdata-kama-thumbnail-sizes

JS Globals

kama_thumbnail_vars

Shortcode Output

<img class="kama-thumbnail"<a href="<img src="

FAQ

Kama Thumbnail Security & Risk Analysis

Is Kama Thumbnail Safe to Use in 2026?

Use With Caution

Key Concerns

Kama Thumbnail Security Vulnerabilities

CVEs by Year

Severity Breakdown

Kama Thumbnail Release Timeline

Kama Thumbnail Code Analysis

SQL Query Safety

Output Escaping

Data Flow Analysis

Kama Thumbnail Attack Surface

AJAX Handlers 1

Kama Thumbnail Maintenance & Trust

Maintenance Signals

Community Trust

Kama Thumbnail Alternatives

Recent Posts Widget With Thumbnails

Simple Image Sizes

Auto Featured Image (Auto Post Thumbnail)

Quick Featured Images

Crop-Thumbnails

Kama Thumbnail Developer Profile

How We Detect Kama Thumbnail

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Kama Thumbnail