[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f0QPQ3Xv8-hR3fbU8BntqzAfro4rw0LJFcXTq3YD9LCo":3,"$fK6_WkUqz_eYJ1JW4Xq_2lNZa1z7I6b3dR9dn9rrkv-c":367,"$fpuKQe2i4JPuKOHRIHMYfKdsyz6i0hK49p5TcxsHfbqM":371},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":22,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":56,"crawl_stats":35,"alternatives":64,"analysis":174,"fingerprints":336},"kama-thumbnail","Kama Thumbnail","3.5.1","Timur Kamaev","https:\u002F\u002Fprofiles.wordpress.org\u002Ftkama\u002F","\u003Cp>Convenient way to create post thumbnails on the fly without server overload.\u003C\u002Fp>\n\u003Cp>The best alternative to scripts like “thumbnail.php”.\u003C\u002Fp>\n\u003Cp>Supports Multisite.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>The plugin for developers firstly, because it don’t do anything after install. In order to the plugin begin to work, you need use one of plugin function in your theme or plugin. Example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php echo kama_thumb_img( 'w=150 &h=150' ); ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Using the code in the loop you will get ready thumbnail IMG tag. Plugin takes post thumbnail image or find first image in post content, resize it and create cache. Also creates custom field for the post with URL to original image. In simple words it cache all routine and in next page loads just take cache result.\u003C\u002Fp>\n\u003Cp>You can make thumbs from custom URL, like this:\n    \u003C\u002Fp>\n\u003Cp>The \u003Ccode>URL_TO_IMG\u003C\u002Fcode> must be from local server: by default, plugin don’t work with external images, because of security. But you can set allowed hosts on settings page: \u003Ccode>Settings > Media\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>All plugin functions:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002F\u002F return thumb url URL\necho kama_thumb_src( $args, $src );\n\n\u002F\u002F return thumb IMG tag\necho kama_thumb_img( $args, $src );\n\n\u002F\u002F return thumb IMG tag wraped with \u003Ca>. A link of A will leads to original image.\necho kama_thumb_a_img( $args, $src );\n\n\u002F\u002F to get image width or height after thumb creation\necho kama_thumb( $optname );\n\u002F\u002F ex:\necho '\u003Cimg src=\"'. kama_thumb_src('w=200') .'\" width=\"'. kama_thumb('width') .'\" height=\"'. kama_thumb('height') .'\" alt=\"\" \u002F>';\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Parameters:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>$args\u003C\u002Fstrong> (array\u002Fstring)\u003Cbr \u002F>\nArguments to create thumb. Accepts:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>w | width\u003C\u002Fstrong>\u003Cbr \u002F>\n(int) desired width.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>h | height\u003C\u002Fstrong>\u003Cbr \u002F>\n(int) desired height.\u003C\u002Fp>\n\u003Cp>if parameters \u003Ccode>w\u003C\u002Fcode> and \u003Ccode>h\u003C\u002Fcode> not set, both of them became 100 – square thumb 100х100 px.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>notcrop\u003C\u002Fstrong>\u003Cbr \u002F>\n(isset) if set \u003Ccode>crop\u003C\u002Fcode> parameter become false – \u003Ccode>crop=false\u003C\u002Fcode>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>crop\u003C\u002Fstrong>\u003Cbr \u002F>\n(isset) Control image cropping. By default always \u003Ccode>true\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>To disable cropping set here \u003Ccode>false\u002F0\u002Fno\u002Fnone\u003C\u002Fcode> or set parameter \u003Ccode>'notcrop'\u003C\u002Fcode>. Then image will not be cropped and will be created as small copy of original image by sizes settings of one side: width or height – here plugin select the smallest suitable side. So one side will be as it set in \u003Ccode>w\u003C\u002Fcode> or \u003Ccode>h\u003C\u002Fcode> and another side will be smaller then \u003Ccode>w\u003C\u002Fcode> or \u003Ccode>h\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Cropping position\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Also, you can specify string: \u003Ccode>'top'\u003C\u002Fcode>, \u003Ccode>'bottom'\u003C\u002Fcode>, \u003Ccode>'left'\u003C\u002Fcode>, \u003Ccode>'right'\u003C\u002Fcode> or \u003Ccode>'center'\u003C\u002Fcode> and any other combinations of this strings glued with \u003Ccode>\u002F\u003C\u002Fcode>. Ex: \u003Ccode>'right\u002Fbottom'\u003C\u002Fcode>. All this will set cropping area:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>'left', 'right'\u003C\u002Fcode> – horizontal side (w)\u003C\u002Fli>\n\u003Cli>\u003Ccode>'top', 'bottom'\u003C\u002Fcode> – vertical side (h)\u003C\u002Fli>\n\u003Cli>\u003Ccode>'center'\u003C\u002Fcode> – for both sides (w and h)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>When only one value is set, the other will be by default. By default: \u003Ccode>'center\u002Fcenter'\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>Examples:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002F\u002F image will be reduced by height, and width will be cropped.\n\u002F\u002F \"right\" means that right side of image will be shown and left side will be cut.\nkama_thumb_img('w=200 &h=400 &crop=right');\n\n\u002F\u002F image will be redused by width, and height will be cropped.\n\u002F\u002F \"top\" means that the top of the image will be shown and bottom side will be cut.\nkama_thumb_img('w=400 &h=200 &crop=top');\n\n\u002F\u002F you can specify two side position at once, order doesn't matter\nkama_thumb_img('w=400 &h=200 &crop=top\u002Fright');\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Reduce image by specified side\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>In order to get not cropped proportionally rediced image by specified side: by width or height. You need specify only width or only height, then other side will be reduced proportional. And no cropping will appear here.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>kama_thumb_img('w=200');\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>So, width of our image will be 200, and height will be as it will…\u003Cbr \u002F>\nТеперь ширина всегда будет 200, а высота какая получится… And the picture will be always full, without cropping.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>q | quality\u003C\u002Fstrong>\u003Cbr \u002F>\n(int) jpg compression quality (Default 85. max.100)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>stub_url\u003C\u002Fstrong>\u003Cbr \u002F>\n(string) URL to no_photo image.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>alt\u003C\u002Fstrong>\u003Cbr \u002F>\n(str) alt attr of img tag.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>title\u003C\u002Fstrong>\u003Cbr \u002F>\n(str) title attr of img tag.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>class\u003C\u002Fstrong>\u003Cbr \u002F>\n(str) class attr of img tag.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>style\u003C\u002Fstrong>\u003Cbr \u002F>\n(str) style attr of img tag.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>attr\u003C\u002Fstrong>\u003Cbr \u002F>\n(str) Allow to pass any attributes in IMG tag. String passes in IMG tag as it is, without escaping.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>a_class\u003C\u002Fstrong>\u003Cbr \u002F>\n(str) class attr of A tag.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>a_style\u003C\u002Fstrong>\u003Cbr \u002F>\n(str) style attr of A tag.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>a_attr\u003C\u002Fstrong>\u003Cbr \u002F>\n(str) Allow to pass any attributes in A tag. String passes in A tag as it is, without escaping.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>no_stub\u003C\u002Fstrong>\u003Cbr \u002F>\n(isset) don’t show picture stub if there is no picture. Return empty string.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>yes_stub\u003C\u002Fstrong>\u003Cbr \u002F>\n(isset) show picture stub if global option in option disable stub showing, but we need it…\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>post_id | post\u003C\u002Fstrong>\u003Cbr \u002F>\n(int|WP_Post) post ID. It needs when use function not from the loop. If pass the parameter plugin will exactly knows which post to process. Parametr ‘post’ added in ver 2.1.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>attach_id\u003C\u002Fstrong>\u003Cbr \u002F>\n(int) ID of wordpress attachment image. Also, you can set this parametr by pass attachment ID to ‘$src’ parament – second parametr of plugin functions: \u003Ccode>kama_thumb_img('h=200', 250)\u003C\u002Fcode> or \u003Ccode>kama_thumb_img('h=200 &attach_id=250')\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>allow\u003C\u002Fstrong>\u003Cbr \u002F>\n(str) Which hosts are allowed. This option sets globally in plugin setting, but if you need allow hosts only for the function call, specify allow hosts here. Set ‘any’ to allow to make thumbs from any site (host).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>$src\u003C\u002Fstrong>\u003Cbr \u002F>\n(string) URL to any image. In this case plugin will not parse URL from post thumbnail\u002Fcontent\u002Fattachments.\u003C\u002Fp>\n\u003Cp>If parameters passes as array second argument \u003Ccode>$src\u003C\u002Fcode> can be passed in this array, with key: \u003Ccode>src\u003C\u002Fcode> или \u003Ccode>url\u003C\u002Fcode> или \u003Ccode>link\u003C\u002Fcode> или \u003Ccode>img\u003C\u002Fcode>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>    echo kama_thumb_img( array(\n        'src' => 'http:\u002F\u002Fyousite.com\u002FIMAGE_URL.jpg',\n        'w' => 150,\n        'h' => 100,\n    ) );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Notes\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\n\u003Cp>You can pass \u003Ccode>$args\u003C\u002Fcode> as string or array:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>    \u002F\u002F string\n    kama_thumb_img('w=200 &h=100 &alt=IMG NAME &class=aligncenter', 'IMG_URL');\n\n    \u002F\u002F array\n    kama_thumb_img( array(\n        'width'  => 200,\n        'height' => 150,\n        'class'  => 'alignleft'\n        'src'    => ''\n    ) );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>You can set only one side: \u003Ccode>width\u003C\u002Fcode> | \u003Ccode>height\u003C\u002Fcode>, then other side became proportional.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Ccode>src\u003C\u002Fcode> parameter or second function argument is for cases when you need create thumb from any image not image of WordPress post.\u003C\u002Fli>\n\u003Cli>\n\u003Cp>For test is there image for post, use this code:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>    if( ! kama_thumb_img('w=150&h=150&no_stub') )\n        echo 'NO img';\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Examples\u003C\u002Fh3>\n\u003Ch4>#1 Get Thumb\u003C\u002Fh4>\n\u003Cp>In the loop where you need the thumb 150х100:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php echo kama_thumb_img('w=150 &h=100 &class=alignleft myimg'); ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Result:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003Cimg src='thumbnail_URL' alt='' class='alignleft myimg' width='150' height='100'>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>#2 Not show stub image\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>\u003C?php echo kama_thumb_img('w=150 &h=100 &no_stub'); ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>#3 Get just thumb URL\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>\u003C?php echo kama_thumb_src('w=100&h=80'); ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Result: \u003Ccode>\u002Fwp-content\u002Fcache\u002Fthumb\u002Fec799941f_100x80.png\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>This url you can use like:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003Cimg src='\u003C?php echo kama_thumb_src('w=100 &h=80 &q=75'); ?>' alt=''>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>#4 \u003Ccode>kama_thumb_a_img()\u003C\u002Fcode> function\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>\u003C?php echo kama_thumb_a_img('w=150 &h=100 &class=alignleft myimg &q=75'); ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Result:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003Ca href='ORIGINAL_URL'>\u003Cimg src='thumbnail_URL' alt='' class='alignleft myimg' width='150' height='100'>\u003C\u002Fa>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>#5 Thumb of any image URL\u003C\u002Fh4>\n\u003Cp>Pass arguments as array:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php\n    echo kama_thumb_img( array(\n        'src' => 'http:\u002F\u002Fyousite.com\u002FIMAGE_URL.jpg',\n        'w' => 150,\n        'h' => 100,\n    ) );\n?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Pass arguments as string:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php\n    echo kama_thumb_img('w=150 &h=200 ', 'http:\u002F\u002Fyousite.com\u002FIMAGE_URL.jpg');\n?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>When parameters passes as string and “src” parameter has additional query args (“src=$src &w=200” where $src = http:\u002F\u002Fsite.com\u002Fimg.jpg?foo&foo2=foo3) it might be confuse. That’s why “src” parameter must passes as second function argument, when parameters passes as string (not array).\u003C\u002Fp>\n\u003Ch4>#6 Parameter post_id\u003C\u002Fh4>\n\u003Cp>Get thumb of post ID=50:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php echo kama_thumb_img(\"w=150 &h=100 &post_id=50\"); ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>I don’t need plugin\u003C\u002Fh3>\n\u003Cp>This plugin can be easily used not as a plugin, but as a simple php file.\u003C\u002Fp>\n\u003Cp>If you are themes developer, and need all it functionality, but you need to install the plugin as the part of your theme, this short instruction for you:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Create folder in your theme, let it be ‘thumbmaker’ – it is for convenience.\u003C\u002Fli>\n\u003Cli>Download the plugin and copy the files: \u003Ccode>class.Kama_Make_Thumb.php\u003C\u002Fcode> and \u003Ccode>no_photo.jpg\u003C\u002Fcode> to the folder you just create.\u003C\u002Fli>\n\u003Cli>Include \u003Ccode>class.Kama_Make_Thumb.php\u003C\u002Fcode> file into theme \u003Ccode>functions.php\u003C\u002Fcode>, like this:\u003Cbr \u002F>\nrequire ‘thumbmaker\u002Fclass.Kama_Make_Thumb.php’;\u003C\u002Fli>\n\u003Cli>Bingo! Use functions: \u003Ccode>kama_thumb_*()\u003C\u002Fcode> in your theme code.\u003C\u002Fli>\n\u003Cli>If necessary, open \u003Ccode>class.Kama_Make_Thumb.php\u003C\u002Fcode> and edit options (at the top of the file): cache folder URL\u002FPATH, custom field name etc.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cul>\n\u003Cli>Conditions of Use – mention of this plugin in describing of your theme.\u003C\u002Fli>\n\u003C\u002Ful>\n","Creates post thumbnails on fly and cache the result. Auto-create of post thumbnails based on: WP post thumbnail OR first img in post content OR attach …",9000,120448,94,15,"2023-03-22T15:16:00.000Z","6.1.10","4.7","7.1",[20,21],"image","thumbnail","https:\u002F\u002Fwp-kama.ru\u002F142","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkama-thumbnail.zip",63,1,"2026-01-26 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[30],{"id":31,"url_slug":32,"title":33,"description":34,"plugin_slug":4,"theme_slug":35,"affected_versions":36,"patched_in_version":35,"severity":37,"cvss_score":38,"cvss_vector":39,"vuln_type":40,"published_date":26,"updated_date":41,"references":42,"days_to_patch":35,"patch_diff_files":44,"patch_trac_url":35,"research_status":45,"research_verified":46,"research_rounds_completed":47,"research_plan":48,"research_summary":49,"research_vulnerable_code":50,"research_fix_diff":51,"research_exploit_outline":52,"research_model_used":53,"research_started_at":54,"research_completed_at":55,"research_error":35,"poc_status":35,"poc_video_id":35,"poc_summary":35,"poc_steps":35,"poc_tested_at":35,"poc_wp_version":35,"poc_php_version":35,"poc_playwright_script":35,"poc_exploit_code":35,"poc_has_trace":46,"poc_model_used":35,"poc_verification_depth":35},"CVE-2026-24521","kama-thumbnail-cross-site-request-forgery","Kama Thumbnail \u003C= 3.5.1 - Cross-Site Request Forgery","The Kama Thumbnail plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=3.5.1","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2026-02-02 16:22:40",[43],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc30a4292-228a-483b-a443-0ccb1eca5a16?source=api-prod",[],"researched",false,3,"This plan outlines the research and exploitation strategy for **CVE-2026-24521**, a Cross-Site Request Forgery (CSRF) vulnerability in the **Kama Thumbnail** WordPress plugin (versions \u003C= 3.5.1).\n\n---\n\n### 1. Vulnerability Summary\nThe **Kama Thumbnail** plugin fails to implement or correctly verify WordPress nonces in one of its administrative action handlers. This allows an unauthenticated attacker to trick a logged-in administrator into performing state-changing actions, such as updating plugin settings or clearing thumbnail caches, by visiting a malicious webpage.\n\n### 2. Attack Vector Analysis\n*   **Endpoint:** `\u002Fwp-admin\u002Fadmin-post.php` or `\u002Fwp-admin\u002Fadmin-ajax.php` (inferred).\n*   **Action Hook:** Likely `admin_post_kama_thumb_options` or a similar hook registered via `add_action( 'admin_init', ... )` (inferred).\n*   **HTTP Method:** `POST`\n*   **Payload Parameter:** Any plugin setting (e.g., `kama_thumbnail_options[width]`, `kama_thumbnail_options[height]`, or a toggle for automatic generation).\n*   **Authentication Level:** CSRF requires an active administrator session; however, the request itself is \"unauthenticated\" from the attacker's perspective.\n*   **Preconditions:** An administrator must be logged into the target WordPress site and must be tricked into visiting an attacker-controlled URL or submitting a forged form.\n\n### 3. Code Flow\n1.  **Entry Point:** The plugin registers a handler for administrative actions using `add_action( 'admin_post_{action}', ... )` or directly processes `$_POST` data inside a function hooked to `admin_init`.\n2.  **Vulnerable Sink:** The handler (e.g., `kama_thumbnail_options_save` - inferred) proceeds to call `update_option( 'kama_thumbnail_options', ... )` using values from `$_POST`.\n3.  **Missing Check:** Before updating the options, the code fails to call `check_admin_referer()` or `wp_verify_nonce()`.\n4.  **State Change:** The database state is modified based on the forged request parameters.\n\n### 4. Nonce Acquisition Strategy\nAccording to the vulnerability description, the nonce check is either **missing** or **incorrectly validated**. \n\n*   **If Missing:** No nonce is required. The exploit can be triggered with a direct POST request containing only the action and the desired payload.\n*   **If Incorrectly Validated:** The plugin might be using a generic nonce (e.g., action `-1`) or verifying a nonce that is exposed on a public page.\n*   **Strategy for the Agent:**\n    1.  The agent should first attempt the exploit **without** a nonce.\n    2.  If the plugin requires a nonce, the agent should search the source code for `wp_create_nonce`. \n    3.  If found, check if it's localized via `wp_localize_script`.\n    4.  If localized, the agent must:\n        *   Identify the script handle and the variable name (e.g., `kama_thumb_data?.nonce`).\n        *   Use `browser_navigate` to a page where the plugin is active (e.g., a post with thumbnails).\n        *   Use `browser_eval(\"window.kama_thumb_data?.nonce\")` to extract it.\n\n### 5. Exploitation Strategy\nThe goal is to demonstrate that an attacker can modify the plugin's settings via a CSRF-style request.\n\n**Step 1: Identify the Vulnerable Action**\nSearch the plugin directory for the settings saving logic:\n`grep -rn \"update_option\" \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fplugins\u002Fkama-thumbnail\u002F`\nLook for the function containing this call and trace back to its `add_action` registration.\n\n**Step 2: Craft the Payload**\nAssume the action is `kama_thumb_options` and the settings are stored in an array named `kama_thumb`. A malicious payload might change the default thumbnail width to an extreme value.\n\n**Step 3: Execute the Exploit (via http_request)**\n```javascript\n\u002F\u002F Simulated CSRF via a POST request as the Admin\nawait http_request.post('http:\u002F\u002Flocalhost:8080\u002Fwp-admin\u002Fadmin-post.php', {\n  headers: {\n    'Content-Type': 'application\u002Fx-www-form-urlencoded',\n  },\n  params: {\n    'action': 'kama_thumb_options', \u002F\u002F (Inferred action name)\n    'kama_thumb[width]': '9999',\n    'kama_thumb[height]': '9999',\n    'save_options': '1'\n  }\n});\n```\n*Note: The agent must use the admin's session\u002Fcookies for this to succeed in a test environment.*\n\n### 6. Test Data Setup\n1.  **Plugin Installation:** Install and activate `kama-thumbnail` version 3.5.1.\n2.  **Baseline Check:** Run `wp option get kama_thumbnail_options` to record the current (default) values.\n3.  **Administrator Session:** Ensure the `http_request` tool is configured with the cookies of a logged-in administrator.\n\n### 7. Expected Results\n*   The server should return a `302 Redirect` back to the settings page (typical behavior for `admin-post.php`).\n*   The `kama_thumbnail_options` entry in the `wp_options` table should be updated with the attacker's values.\n\n### 8. Verification Steps\nAfter sending the HTTP request, verify the success of the exploit using WP-CLI:\n```bash\nwp option get kama_thumbnail_options\n```\nCheck if the output reflects the values sent in the `POST` request (e.g., `width: 9999`).\n\n### 9. Alternative Approaches\n*   **Settings Reset:** If updating specific settings fails, try to trigger a \"Reset Settings\" action if one exists, which often uses a different (and sometimes unprotected) action hook.\n*   **Cache Clearing:** If settings update is protected, test the \"Clear Cache\" functionality. While \"Low Integrity,\" clearing the cache of a high-traffic site via CSRF can lead to a Denial of Service (DoS) by causing a massive CPU spike during regeneration. Look for actions like `kama_thumb_clear_cache`.\n*   **JS-based Extraction:** If a nonce is present but poorly implemented, use `browser_eval` to see if the nonce is available on the frontend to unauthenticated users (e.g., `uid=0` nonces).","The Kama Thumbnail plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) due to a lack of nonce validation in its administrative settings handler. This allows unauthenticated attackers to modify plugin configurations or clear the thumbnail cache by tricking a logged-in administrator into submitting a forged request.","\u002F\u002F kama-thumbnail\u002Fkama-thumbnail.php (Inferred location)\n\nadd_action( 'admin_init', 'kama_thumbnail_options_save' );\n\nfunction kama_thumbnail_options_save() {\n    \u002F\u002F The function lacks a call to check_admin_referer() or wp_verify_nonce()\n    if ( isset( $_POST['save_options'] ) ) {\n        $options = $_POST['kama_thumbnail_options'];\n        update_option( 'kama_thumbnail_options', $options );\n        \n        \u002F\u002F Redirection logic often follows\n        wp_redirect( admin_url( 'options-general.php?page=kama-thumbnail&settings-updated=true' ) );\n        exit;\n    }\n}\n\n---\n\n\u002F\u002F Alternative vulnerable sink for cache clearing\nadd_action( 'admin_post_kama_thumb_clear_cache', 'kama_thumb_clear_cache' );\n\nfunction kama_thumb_clear_cache() {\n    \u002F\u002F Missing nonce verification allows CSRF to clear the cache directory\n    $cache_dir = KAMA_THUMB_CACHE_DIR;\n    kama_thumb_recursive_remove( $cache_dir );\n    wp_redirect( wp_get_referer() );\n    exit;\n}","--- kama-thumbnail\u002Fkama-thumbnail.php\n+++ kama-thumbnail\u002Fkama-thumbnail.php\n@@ -5,6 +5,10 @@\n \n function kama_thumbnail_options_save() {\n     if ( isset( $_POST['save_options'] ) ) {\n+        if ( ! isset( $_POST['kama_thumb_nonce'] ) || ! wp_verify_nonce( $_POST['kama_thumb_nonce'], 'kama_thumb_save_action' ) ) {\n+            wp_die( 'Security check failed' );\n+        }\n+\n         $options = $_POST['kama_thumbnail_options'];\n         update_option( 'kama_thumbnail_options', $options );\n \n@@ -20,6 +24,10 @@\n \n function kama_thumb_clear_cache() {\n+    if ( ! isset( $_GET['_wpnonce'] ) || ! wp_verify_nonce( $_GET['_wpnonce'], 'kama_thumb_clear_cache_action' ) ) {\n+        wp_die( 'Security check failed' );\n+    }\n+\n     $cache_dir = KAMA_THUMB_CACHE_DIR;\n     kama_thumb_recursive_remove( $cache_dir );","The exploit targets administrative endpoints like \u002Fwp-admin\u002Fadmin-post.php or the plugin's settings page via a Cross-Site Request Forgery attack. \n\n1. **Methodology**: The attacker crafts a malicious HTML page containing a hidden form that targets the WordPress administrative backend. \n2. **Payload**: The form includes the `action` parameter (e.g., `kama_thumb_options`) and desired configuration values such as `kama_thumbnail_options[width]=9999`. To trigger the save logic, the `save_options` parameter is included.\n3. **Execution**: The attacker tricks a logged-in site administrator into visiting the malicious page. Upon visit, the form is automatically submitted (via JavaScript) to the WordPress site.\n4. **Outcome**: Because the plugin does not verify a cryptographic nonce, the WordPress core processes the request as a legitimate action performed by the administrator, resulting in unauthorized changes to the plugin's database options or deletion of the thumbnail cache.","gemini-3-flash-preview","2026-05-05 00:17:23","2026-05-05 00:17:43",{"slug":57,"display_name":7,"profile_url":8,"plugin_count":58,"total_installs":59,"avg_security_score":60,"avg_patch_time_days":61,"trust_score":62,"computed_at":63},"tkama",5,22200,85,1448,69,"2026-05-20T06:56:42.155Z",[65,91,115,139,156],{"slug":66,"name":67,"version":68,"author":69,"author_profile":70,"description":71,"short_description":72,"active_installs":73,"downloaded":74,"rating":75,"num_ratings":76,"last_updated":77,"tested_up_to":78,"requires_at_least":79,"requires_php":80,"tags":81,"homepage":87,"download_link":88,"security_score":89,"vuln_count":90,"unpatched_count":90,"last_vuln_date":35,"fetched_at":27},"recent-posts-widget-with-thumbnails","Recent Posts Widget With Thumbnails","7.1.1","Kybernetik Services","https:\u002F\u002Fprofiles.wordpress.org\u002Fkybernetikservices\u002F","\u003Cp>List the most recent posts with post titles, thumbnails, excerpts, authors, categories, dates and more!\u003C\u002Fp>\n\u003Cp>Although the plugin is built only for widget areas users reported that it \u003Cstrong>works in Elementor\u003C\u002Fstrong> and \u003Cstrong>works in Oxygen\u003C\u002Fstrong>. Whether it runs in other page builders is unknown. Please let me know in which \u003Cstrong>page builder\u003C\u002Fstrong> you were able to use the plugin successfully.\u003C\u002Fp>\n\u003Cp>The plugin does not collect any personal data, so it is \u003Cstrong>ready for EU General Data Protection Regulation (GDPR) compliance\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4>Lightweight, simple and effective\u003C\u002Fh4>\n\u003Cp>No huge widget with hundreds of options. This plugin is based on the well-known WordPress default widget ‘Recent Posts’ and extended to display more information about the posts like e.g. thumbnails, excerpts and assigned categories. And it provides more options to build custom-taylored posts lists.\u003C\u002Fp>\n\u003Cp>The thumbnails will be built from the featured image of a post or of the first image in the post content. If there is neither a featured image nor a content image then you can define a default thumbnail.\u003C\u002Fp>\n\u003Cp>You can set the width and height of the thumbnails in the list. The thumbnails appear left-aligned to the post titles in left-to-right languages. In right-to-left languages they appear right-aligned.\u003C\u002Fp>\n\u003Ch4>Custom Post Type\u003C\u002Fh4>\n\u003Cp>If you want to list custom post types with the featured image, please check out our plugin \u003Ca href=\"https:\u002F\u002Fwww.kybernetik-services.com\u002Fshop\u002Fwordpress\u002Fplugin\u002Fultimate-post-list-pro\u002F?utm_source=wordpress_org&utm_medium=plugin&utm_campaign=recent-post-widgets-with-thumbnail&utm_content=readme\" rel=\"nofollow ugc\">Ultimate Post List Pro\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Demo\u003C\u002Fh4>\n\u003Cp>You want to test Recent Posts Widget With Thumbnails before installing on your site? Try it out on your individual and free playground site and \u003Ca href=\"https:\u002F\u002Fplayground.wordpress.net\u002F?theme=twentytwentyone&plugin=recent-posts-widget-with-thumbnails\" rel=\"nofollow ugc\">click here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>What users wrote\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>“This plugin performs a simple task but one that I find to be invaluable.”\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fsimple-but-invaluable-plugin\u002F\" rel=\"ugc\">reviews\u003C\u002Fa> by funkster on July 1, 2025\u003C\u002Fli>\n\u003Cli>\u003Cstrong>“I just want to say thank you for developing such a good plugin.”\u003C\u002Fstrong> in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fthanks-for-developing-such-a-great-plugin-4\u002F\" rel=\"ugc\">reviews\u003C\u002Fa> by modelaid on July 3, 2024\u003C\u002Fli>\n\u003Cli>\u003Cstrong>“Excellent plugin!”\u003C\u002Fstrong> in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fexcellent-plugin-8567\u002F\" rel=\"ugc\">reviews\u003C\u002Fa> by mystnick on April 18, 2023\u003C\u002Fli>\n\u003Cli>\u003Cstrong>“… one of the dynamic and smart, yet admin and user optimized widget plugins …”\u003C\u002Fstrong> in \u003Ca href=\"https:\u002F\u002Fwww.sktthemes.org\u002Fwordpress-plugins\u002Fadd-widgets-wordpress-website\u002F\" rel=\"nofollow ugc\">How to Add Widgets and Start Using Them in WordPress Website?\u003C\u002Fa> by SKT Posts Themes on September 3, 2020\u003C\u002Fli>\n\u003Cli>\u003Cstrong>“بهترین افزونه های نمایش آخرین نوشته ها در وردپرس”\u003C\u002Fstrong> in \u003Ca href=\"https:\u002F\u002Fmodirwp.com\u002F%D8%A7%D9%81%D8%B2%D9%88%D9%86%D9%87-recent-posts-widget-with-thumbnails\u002F\" rel=\"nofollow ugc\">ابزارک آخرین نوشته وردپرس\u003C\u002Fa> by Ghodsi on December 16, 2019\u003C\u002Fli>\n\u003Cli>\u003Cstrong>“Another good all around widget, suitable for most projects”\u003C\u002Fstrong> in \u003Ca href=\"https:\u002F\u002Fhowto-wordpress-tips.com\u002Ffree-wordpress-recent-posts-widget\u002F\" rel=\"nofollow ugc\">Free WordPress recent posts widget – Which one is the best?\u003C\u002Fa> on December 3, 2019\u003C\u002Fli>\n\u003Cli>\u003Cstrong>“In just a few clicks, your website will look considerably more established and professional.”\u003C\u002Fstrong> in \u003Ca href=\"https:\u002F\u002Fblog.hubspot.com\u002Fwebsite\u002Fwordpress-thumbnail-plugins\" rel=\"nofollow ugc\">3 Best WordPress Thumbnail Plugins to Manage Images Perfectly\u003C\u002Fa> by HubSpot Staff on October 29, 2019\u003C\u002Fli>\n\u003Cli>\u003Cstrong>The best of the recent posts widgets\u003C\u002Fstrong> in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fthe-best-of-the-recent-posts-widget\u002F\" rel=\"ugc\">reviews\u003C\u002Fa> by noddemix on June 13, 2019\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Number 8\u003C\u002Fstrong> in \u003Ca href=\"https:\u002F\u002Fideiasdig.com\u002F14-plugins-para-otimizar-seu-site\u002F#8Recent_Posts_Widget_With_Thumbnails\" rel=\"nofollow ugc\">14 Plugins para Otimizar seu Site\u003C\u002Fa> by Ideias Dig on November 8, 2018\u003C\u002Fli>\n\u003Cli>\u003Cstrong>“Truly EXCELLENT Plugin!”\u003C\u002Fstrong> in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Ftruly-excellent-plugin\u002F\" rel=\"ugc\">reviews\u003C\u002Fa> by dnuttal on October 11, 2018\u003C\u002Fli>\n\u003Cli>\u003Cstrong>“Easier than making an egg, seriously.”\u003C\u002Fstrong> in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Feasier-than-making-an-egg-seriously\u002F\" rel=\"ugc\">reviews\u003C\u002Fa> by djackofall on October 2, 2017\u003C\u002Fli>\n\u003Cli>\u003Cstrong>“This plugin is INCREDIBLE”\u003C\u002Fstrong> in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fdo-you-also-have-one-for-most-popular-posts\u002F\" rel=\"ugc\">reviews\u003C\u002Fa> by lucio7 on August 25, 2017\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Widgets Users Will Love\u003C\u002Fstrong> in \u003Ca href=\"https:\u002F\u002Fspeckyboy.com\u002Ffree-wordpress-widget-plugins\u002F\" rel=\"nofollow ugc\">10 Ultra-Useful Free WordPress Widget Plugins\u003C\u002Fa> by Eric Karkovack on June 16, 2017\u003C\u002Fli>\n\u003Cli>\u003Cstrong>listed\u003C\u002Fstrong> in \u003Ca href=\"https:\u002F\u002Fwpteamsupport.com\u002Fwordpress-plugins-engage-visitors\u002F\" rel=\"nofollow ugc\">20 WordPress Plugins that Steals Attention to Engage Visitors of Your Site\u003C\u002Fa> by WP Team Support on March 6, 2017\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Number 1\u003C\u002Fstrong> in \u003Ca href=\"https:\u002F\u002Fwww.nimbusthemes.com\u002F8-essential-wordpress-widgets-to-supercharge-your-website\u002F\" rel=\"nofollow ugc\">8 essential WordPress widgets to supercharge your website\u003C\u002Fa> by Rafay Ansari on January 31, 2017\u003C\u002Fli>\n\u003Cli>\u003Cstrong>“Excellent (after trying a few)!”\u003C\u002Fstrong> in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fexcellent-after-trying-a-few\u002F\" rel=\"ugc\">reviews\u003C\u002Fa> by giorgissimo on January 6, 2017\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>What users filmed\u003C\u002Fh4>\n\u003Cp>Some users published video tutorials on YouTube:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=dKoqcLBHhkM\" rel=\"nofollow ugc\">Class 09 – Working with Plugins (Recent Posts Widget With Thumbnails)\u003C\u002Fa> by WordPress Learning Bangladesh on March 7, 2017\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=qS9WIeaMb6s\" rel=\"nofollow ugc\">Recent Posts Widget With Thumbnails Setup Tutorial – WordPress Lesson and Tip\u003C\u002Fa> by Making a Website on April 17, 2016\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fyoutu.be\u002Fdqzz8NZc99Q\" rel=\"nofollow ugc\">Add Recent Posts Widget with Thumbnail – WordPress\u003C\u002Fa> by eMediaCoach on August 15, 2015\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Options you can set\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Title of the widget\u003C\u002Fli>\n\u003Cli>Number of listed posts\u003C\u002Fli>\n\u003Cli>Open post links in new windows\u003C\u002Fli>\n\u003Cli>Different options for post order and sorting\u003C\u002Fli>\n\u003Cli>Hide the current post in list\u003C\u002Fli>\n\u003Cli>Show only sticky posts\u003C\u002Fli>\n\u003Cli>Hide sticky posts\u003C\u002Fli>\n\u003Cli>Keep sticky posts on top of the list if not hidden\u003C\u002Fli>\n\u003Cli>Hide post title\u003C\u002Fli>\n\u003Cli>Maximum length of post title\u003C\u002Fli>\n\u003Cli>Show post author name\u003C\u002Fli>\n\u003Cli>Label for the author names\u003C\u002Fli>\n\u003Cli>Show post categories\u003C\u002Fli>\n\u003Cli>Show post category names as links to their archives\u003C\u002Fli>\n\u003Cli>Label for categories\u003C\u002Fli>\n\u003Cli>Show post date\u003C\u002Fli>\n\u003Cli>Show post excerpt\u003C\u002Fli>\n\u003Cli>Show number of comments\u003C\u002Fli>\n\u003Cli>Excerpt length\u003C\u002Fli>\n\u003Cli>Signs after excerpt\u003C\u002Fli>\n\u003Cli>Ignore post excerpt field as excerpt source (builds excerpts only from the post content)\u003C\u002Fli>\n\u003Cli>Ignore post content as excerpt source (builds excerpts only from the excerpt fields)\u003C\u002Fli>\n\u003Cli>Show posts of selected categories (or of all categories)\u003C\u002Fli>\n\u003Cli>Show post thumbnail (featured image)\u003C\u002Fli>\n\u003Cli>Registered thumbnail dimensions\u003C\u002Fli>\n\u003Cli>Thumbnail width in px\u003C\u002Fli>\n\u003Cli>Thumbnail height in px\u003C\u002Fli>\n\u003Cli>Keep the aspect ratio of thumbnails\u003C\u002Fli>\n\u003Cli>Try to take the first post image as thumbnail\u003C\u002Fli>\n\u003Cli>Only use the first post image as thumbnail\u003C\u002Fli>\n\u003Cli>Use default thumbnail if no thumbnail is available\u003C\u002Fli>\n\u003Cli>Always use default thumbnail\u003C\u002Fli>\n\u003Cli>Default thumbnail URL\u003C\u002Fli>\n\u003Cli>Alternative text of the default thumbnail\u003C\u002Fli>\n\u003Cli>Omit all alternative texts of the thumbnails for a better accessibility\u003C\u002Fli>\n\u003Cli>Print slugs of post categories in class attribute of LI elements\u003C\u002Fli>\n\u003Cli>Print inline CSS instead of creating a CSS file\u003C\u002Fli>\n\u003Cli>No CSS generation at all\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Useful hints for developers: Supported Hooks\u003C\u002Fh4>\n\u003Cp>The plugin considers the output of actions hooked on:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Ccode>rpwwt_widget_posts_args\u003C\u002Fcode>\n\u003Cul>\n\u003Cli>\u003Cstrong>passed argument:\u003C\u002Fstrong> the query arguments as an array\u003C\u002Fli>\n\u003Cli>\u003Cstrong>expected return value:\u003C\u002Fstrong> an array of query arguments\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Ccode>widget_title\u003C\u002Fcode>\n\u003Cul>\n\u003Cli>\u003Cstrong>passed arguments:\u003C\u002Fstrong>\n\u003Col>\n\u003Cli>the widget title as a string\u003C\u002Fli>\n\u003Cli>the widget settings as an array\u003C\u002Fli>\n\u003Cli>the widget base ID as a string\u003C\u002Fli>\n\u003C\u002Fol>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>expected return value:\u003C\u002Fstrong> a string\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Ccode>rpwwt_excerpt_length\u003C\u002Fcode>\n\u003Cul>\n\u003Cli>\u003Cstrong>passed argument:\u003C\u002Fstrong> the maximum number of characters for the post excerpt as an integer\u003C\u002Fli>\n\u003Cli>\u003Cstrong>expected return value:\u003C\u002Fstrong> an integer\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Ccode>rpwwt_excerpt_more\u003C\u002Fcode>\n\u003Cul>\n\u003Cli>\u003Cstrong>passed argument:\u003C\u002Fstrong> the string to append after the post excerpt\u003C\u002Fli>\n\u003Cli>\u003Cstrong>expected return value:\u003C\u002Fstrong> a string\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Ccode>rpwwt_the_excerpt\u003C\u002Fcode>\n\u003Cul>\n\u003Cli>\u003Cstrong>passed arguments:\u003C\u002Fstrong>\n\u003Col>\n\u003Cli>the content of the post excerpt field as a string\u003C\u002Fli>\n\u003Cli>the post object\u003C\u002Fli>\n\u003C\u002Fol>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>expected return value:\u003C\u002Fstrong> a string\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Ccode>the_excerpt\u003C\u002Fcode>\n\u003Cul>\n\u003Cli>\u003Cstrong>passed argument:\u003C\u002Fstrong> the post excerpt as a string\u003C\u002Fli>\n\u003Cli>\u003Cstrong>expected return value:\u003C\u002Fstrong> a string\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Ccode>rpwwt_categories\u003C\u002Fcode>\n\u003Cul>\n\u003Cli>\u003Cstrong>passed argument:\u003C\u002Fstrong> the category list of each post as a string\u003C\u002Fli>\n\u003Cli>\u003Cstrong>expected return value:\u003C\u002Fstrong> a string\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Ccode>rpwwt_list_cats\u003C\u002Fcode>\n\u003Cul>\n\u003Cli>\u003Cstrong>passed arguments:\u003C\u002Fstrong>\n\u003Col>\n\u003Cli>the category name as a string\u003C\u002Fli>\n\u003Cli>the category as an array\u003C\u002Fli>\n\u003C\u002Fol>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>expected return value:\u003C\u002Fstrong> a string\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Useful hints for developers: Available CSS Selectors\u003C\u002Fh4>\n\u003Cp>To design the list and its items, you can use these CSS selectors:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>.rpwwt-widget: the element which contains the post list\n.rpwwt-widget ul: the list which contains the list items\n.rpwwt-widget ul li: the list item in the list\n.rpwwt-widget ul li.rpwwt-sticky: the list item of a sticky post\n.rpwwt-widget ul li a: link in the list\n.rpwwt-widget ul li a img: linked image\n.rpwwt-widget ul li a span.rpwwt-post-title: the post title\n.rpwwt-widget ul li div.rpwwt-post-author: the post author\n.rpwwt-widget ul li div.rpwwt-post-categories: the post category list\n.rpwwt-widget ul li div.rpwwt-post-date: the post date\n.rpwwt-widget ul li div.rpwwt-post-excerpt: the post excerpt\n.rpwwt-widget ul li div.rpwwt-post-excerpt .rpwwt-post-excerpt-more: the \"more\" text following the excerpt.\n.rpwwt-widget ul li div.rpwwt-post-comments-number: the number of comments\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Languages\u003C\u002Fh4>\n\u003Cp>The user interface is available in several languages.\u003C\u002Fp>\n\u003Cp>Starting from version 7.1.0 the handling for translations are moved to \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Frecent-posts-widget-with-thumbnails\u002F\" rel=\"nofollow ugc\">translate.wordpress.org\u003C\u002Fa>.\u003Cbr \u002F>\nPlease help to translate into more languages, or you can re-work on the current translations if you think it’s needed.\u003Cbr \u002F>\nIf you have done your translation, please leave a comment in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Frecent-posts-widget-with-thumbnails\" rel=\"ugc\">plugin’s support forum\u003C\u002Fa>. I’ll take care of the review and approval.\u003C\u002Fp>\n","List the most recent posts with post titles, thumbnails, excerpts, authors, categories, dates and more!",100000,3603616,96,212,"2026-04-15T18:03:00.000Z","7.0","4.6","5.2",[82,83,84,85,86],"featured-image","recent-posts","sidebar","thumbnails","widget","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frecent-posts-widget-with-thumbnails\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frecent-posts-widget-with-thumbnails.7.1.1.zip",100,0,{"slug":92,"name":93,"version":94,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":99,"downloaded":100,"rating":101,"num_ratings":102,"last_updated":103,"tested_up_to":78,"requires_at_least":104,"requires_php":105,"tags":106,"homepage":111,"download_link":112,"security_score":113,"vuln_count":25,"unpatched_count":90,"last_vuln_date":114,"fetched_at":27},"simple-image-sizes","Simple Image Sizes","3.2.5","Nicolas Juen","https:\u002F\u002Fprofiles.wordpress.org\u002Frahe\u002F","\u003Cp>This plugin lets you create custom image sizes for your site. Override your theme sizes directly on the Media settings page, regenerate thumbnails, and copy \u003Ccode>add_image_size\u003C\u002Fcode> PHP for your theme.\u003C\u002Fp>\n\u003Ch3>ℹ️ Simple Image Sizes, a Mediapapa product\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Simple Image Sizes will always remain free.\u003C\u002Fstrong> It is actively maintained by me (Nicolas Juen). I’m also building \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmediapapa\u002F\" rel=\"ugc\">Mediapapa\u003C\u002Fa>, a complementary plugin focused on understanding and organizing your media library. \u003Ca href=\"https:\u002F\u002Fwww.wp-mediapapa.com\u002Fblog\u002Fsimple-image-sizes-update\u002F\" rel=\"nofollow ugc\">> More on these changes\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Insert images in posts at the right size using your custom sizes.\u003C\u002Fli>\n\u003Cli>Control whether each size appears in the “Insert media” size dropdown.\u003C\u002Fli>\n\u003Cli>Regenerate thumbnails in bulk from \u003Cstrong>Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Media\u003C\u002Fstrong>, and pick which sizes to rebuild.\u003C\u002Fli>\n\u003Cli>Copy generated \u003Ccode>add_image_size\u003C\u002Fcode> PHP for your theme when you want to keep sizes and deactivate the plugin.\u003C\u002Fli>\n\u003Cli>Regenerate from the \u003Cstrong>Media\u003C\u002Fstrong> library: one file at a time or with list bulk actions.\u003C\u002Fli>\n\u003Cli>Regenerate from a single attachment’s edit screen.\u003C\u002Fli>\n\u003Cli>Approximate end time and clearer feedback while bulk regeneration runs.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FRahe\u002FSimple-image-sizes\" rel=\"nofollow ugc\">Contribute on GitHub directly.\u003C\u002Fa>\u003C\u002Fp>\n","This plugin lets you create custom image sizes for your site. Override your theme sizes directly on the Media settings page, regenerate thumbnails, an …",60000,997064,92,90,"2026-04-14T15:37:00.000Z","3.5","8.0",[107,108,20,109,110],"custom-images","custom-sizes","images","thumbnail-regenerate","https:\u002F\u002Fgithub.com\u002FRahe\u002FSimple-image-sizes","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-image-sizes.3.2.5.zip",99,"2025-01-28 00:00:00",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":123,"downloaded":124,"rating":125,"num_ratings":126,"last_updated":127,"tested_up_to":128,"requires_at_least":129,"requires_php":130,"tags":131,"homepage":135,"download_link":136,"security_score":101,"vuln_count":137,"unpatched_count":90,"last_vuln_date":138,"fetched_at":27},"auto-post-thumbnail","Auto Featured Image (Auto Post Thumbnail)","5.0.2","Themeisle","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemeisle\u002F","\u003Cp>Auto Featured Image automatically fixes missing featured images and thumbnails across your WordPress site.\u003C\u002Fp>\n\u003Cp>Generate featured images from post titles, extract images from post content, or bulk assign thumbnails using advanced filters and scheduling — all in just a few clicks.\u003C\u002Fp>\n\u003Cp>It works seamlessly with Gutenberg, Elementor, Classic Editor, and any custom post type.\u003C\u002Fp>\n\u003Cp>No more manual uploads. No more posts going live without featured images.\u003C\u002Fp>\n\u003Cp>With Auto Featured Image, you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Generate featured images in bulk\u003C\u002Fli>\n\u003Cli>Create dynamic images from post titles\u003C\u002Fli>\n\u003Cli>Detect and assign images already inside post content\u003C\u002Fli>\n\u003Cli>Automatically apply default fallback images\u003C\u002Fli>\n\u003Cli>Set advanced filters and control generation rules\u003C\u002Fli>\n\u003Cli>Schedule bulk image generation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Whether you run a small blog or manage thousands of posts, Auto Featured Image saves hours of repetitive work and keeps your website visually consistent — automatically.\u003C\u002Fp>\n\u003Ch3>⚡ Quick Links\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fauto-post-thumbnail\u002F\" rel=\"ugc\">Support Forum\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdocs.themeisle.com\u002Fcategory\u002F2453-installation-and-setup\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fthemeisle.com\u002Fplugins\u002Fauto-featured-image\u002Fupgrade\u002F?utm_source=plugin-readme&utm_medium=afi&utm_campaign=compare#free-vs-pro\" rel=\"nofollow ugc\">Compare Free vs Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fthemeisle.com\u002Fplugins\u002Fauto-featured-image\u002Fupgrade\u002F?utm_source=plugin-readme&utm_medium=afi&utm_campaign=quick-links\" rel=\"nofollow ugc\">Go Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🚀 How It Works\u003C\u002Fh3>\n\u003Ch3>Step 1: Choose a Generation Method\u003C\u002Fh3>\n\u003Cp>Select how featured images should be created:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Find in post – Uses the first image found inside the content.\u003C\u002Fli>\n\u003Cli>Generate from title – Creates a featured image dynamically using the post title.\u003C\u002Fli>\n\u003Cli>Find or generate – Uses existing images, otherwise generates one.\u003C\u002Fli>\n\u003Cli>Find or use default image – Falls back to a predefined image if none is found.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Step 2: Filter Your Posts\u003C\u002Fh3>\n\u003Cp>Apply filters to control exactly where images should be generated:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Post Type\u003C\u002Fli>\n\u003Cli>Post Status\u003C\u002Fli>\n\u003Cli>Post Category\u003C\u002Fli>\n\u003Cli>Date Range\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This ensures you only modify the content you intend to.\u003C\u002Fp>\n\u003Ch3>Step 3: Generate in One Click\u003C\u002Fh3>\n\u003Cp>Click \u003Cstrong>Generate Featured Images\u003C\u002Fstrong> and the plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Processes posts in bulk\u003C\u002Fli>\n\u003Cli>Shows real-time progress\u003C\u002Fli>\n\u003Cli>Logs the last 100 generated images\u003C\u002Fli>\n\u003Cli>Updates thumbnails instantly in the posts list\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔥 Core Features (Free Version)\u003C\u002Fh3>\n\u003Cp>✅ \u003Cstrong>Bulk Generate Featured Images:\u003C\u002Fstrong> Automatically create and assign featured images to multiple posts at once. Perfect for fixing older content in minutes instead of hours.\u003C\u002Fp>\n\u003Cp>✅ \u003Cstrong>Find Images Inside Content:\u003C\u002Fstrong> Automatically detect the first image inside a post and set it as the featured image. Ideal for blogs that already include images but missed setting thumbnails.\u003C\u002Fp>\n\u003Cp>✅ \u003Cstrong>Generate from Title:\u003C\u002Fstrong> Create clean, text-based featured images using the post title. Great for minimal blogs, news sites, and content-heavy websites.\u003C\u002Fp>\n\u003Cp>✅ \u003Cstrong>Default Fallback Image:\u003C\u002Fstrong> Set a default image that will be applied whenever no suitable image is found, ensuring every post always has a featured image.\u003C\u002Fp>\n\u003Cp>✅ \u003Cstrong>One-Click Generation:\u003C\u002Fstrong> Generate featured images for all selected posts instantly from a single dashboard screen.\u003C\u002Fp>\n\u003Cp>✅ \u003Cstrong>Generation Log:\u003C\u002Fstrong> Monitor recently generated images with preview, size, generation method, and status for full transparency and control.\u003C\u002Fp>\n\u003Cp>✅ \u003Cstrong>Live Preview Mode:\u003C\u002Fstrong> Instantly see how your featured image will look while adjusting background, font, alignment, colors, and layout settings. No need to save and regenerate repeatedly.\u003C\u002Fp>\n\u003Cp>✅ \u003Cstrong>Posts List Integration:\u003C\u002Fstrong> Generate, set, or remove featured images directly from the WordPress Posts screen using bulk actions. Manage multiple posts at once without opening each post individually.\u003C\u002Fp>\n\u003Ch3>💎 Auto Featured Image Pro\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fthemeisle.com\u002Fplugins\u002Fauto-featured-image\u002Fupgrade\u002F?utm_source=plugin-readme&utm_medium=afi&utm_campaign=pro-section\" rel=\"nofollow ugc\">Upgrade\u003C\u002Fa> to unlock full control and automation power\u003C\u002Fp>\n\u003Ch3>[PRO] Smart Filters & Targeting\u003C\u002Fh3>\n\u003Cp>Generate featured images exactly where and when you need them:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Filter by post status, category, or date range\u003C\u002Fli>\n\u003Cli>Target specific post types\u003C\u002Fli>\n\u003Cli>Schedule generation automatically\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>[PRO] Advanced Background Controls\u003C\u002Fh3>\n\u003Cp>Design featured images that match your brand:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Gradient background support\u003C\u002Fli>\n\u003Cli>Upload custom background images\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>[PRO] Typography & Layout Controls\u003C\u002Fh3>\n\u003Cp>Full control over how your title-based images look:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Use Google Fonts\u003C\u002Fli>\n\u003Cli>Upload custom font files\u003C\u002Fli>\n\u003Cli>Horizontal text alignment\u003C\u002Fli>\n\u003Cli>Vertical text alignment\u003C\u002Fli>\n\u003Cli>Custom before\u002Fafter string text\u003C\u002Fli>\n\u003Cli>Custom padding\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>[PRO] External Image Integration\u003C\u002Fh3>\n\u003Cp>Find images without leaving your dashboard:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Search and select images directly from Unsplash\u003C\u002Fli>\n\u003Cli>Search and select images from Pixabay\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>[PRO] Import & Automation\u003C\u002Fh3>\n\u003Cp>Scale your workflow:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatically upload external images to Media Library\u003C\u002Fli>\n\u003Cli>Schedule featured image generation\u003C\u002Fli>\n\u003Cli>Advanced post type targeting\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🧩 Use Cases\u003C\u002Fh3>\n\u003Ch3>Fix Missing Thumbnails\u003C\u002Fh3>\n\u003Cp>Clean up old blogs or imported content that lacks featured images.\u003C\u002Fp>\n\u003Ch3>Affiliate & Content Sites\u003C\u002Fh3>\n\u003Cp>Automatically generate branded thumbnails from titles.\u003C\u002Fp>\n\u003Ch3>High-Volume Publishing\u003C\u002Fh3>\n\u003Cp>Use filters and scheduling to automate thumbnail generation at scale.\u003C\u002Fp>\n\u003Cp>Auto Featured Image is developed and maintained by \u003Ca href=\"https:\u002F\u002Fthemeisle.com\u002F\" rel=\"nofollow ugc\">Themeisle\u003C\u002Fa>, a company trusted by over 1 million WordPress users worldwide.\u003C\u002Fp>\n","Automatically generate, assign, and manage featured images in bulk so every post on your site has a featured image.",50000,1841521,76,117,"2026-03-16T08:35:00.000Z","6.9.4","5.6","7.4",[132,82,133,134,85],"auto-featured-image","featured-image-from-title","post-thumbnails","https:\u002F\u002Fthemeisle.com\u002Fplugins\u002Fauto-featured-image","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauto-post-thumbnail.5.0.2.zip",6,"2025-12-15 16:51:43",{"slug":140,"name":141,"version":142,"author":69,"author_profile":70,"description":143,"short_description":144,"active_installs":123,"downloaded":145,"rating":13,"num_ratings":146,"last_updated":147,"tested_up_to":78,"requires_at_least":129,"requires_php":80,"tags":148,"homepage":152,"download_link":153,"security_score":154,"vuln_count":47,"unpatched_count":90,"last_vuln_date":155,"fetched_at":27},"quick-featured-images","Quick Featured Images","13.7.5","\u003Cp>Your time-saving Swiss army knife for managing tons of featured images within minutes: Set, replace and delete them in bulk, in posts lists and set default images for future posts.\u003C\u002Fp>\n\u003Cp>The plugin does not collect any personal data and is 100% compliant with the EU General Data Protection Regulation (GDPR).\u003C\u002Fp>\n\u003Ch4>Manage featured images quickly\u003C\u002Fh4>\n\u003Cp>The plugin ‘Quick Featured Images’ helps you bulk managing featured images, setting automatic default featured images to save your time.\u003C\u002Fp>\n\u003Col>\n\u003Cli>It \u003Cstrong>sets, replaces and removes featured images for hundreds of posts and pages in one go\u003C\u002Fstrong>. You can run it over all contents or let it work only to desired contents by using flexible filters.\u003C\u002Fli>\n\u003Cli>It \u003Cstrong>sets, replaces and removes featured images in a sortable image column\u003C\u002Fstrong> in lists of posts, pages and custom post types if they support thumbnails. So you can change the images per post quickly without leaving the posts list page.\u003C\u002Fli>\n\u003Cli>It enables you to \u003Cstrong>define presets for automatic default featured images\u003C\u002Fstrong> for future posts as many as you need. You can set \u003Cstrong>accurate rules based on post properties\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>It \u003Cstrong>removes database entries of featured images without existing image files\u003C\u002Fstrong> with a simple single click\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>If you want to include \u003Cstrong>audios, videos and custom post types\u003C\u002Fstrong> and get more options, than take a look the \u003Cstrong>Pro version\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwww.quickfeaturedimages.com\u002F?utm_source=wordpress_org&utm_medium=plugin&utm_campaign=quick-featured-images&utm_content=go_pro\" rel=\"nofollow ugc\">Quick Featured Images Pro\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Demo\u003C\u002Fh4>\n\u003Cp>You want to test Quick Featured Images before installing on your site? Try it out on your individual WordPress playground and \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fquick-featured-images\u002F?preview=1\" rel=\"ugc\">click here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>Support can take place in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fquick-featured-images\u002F\" rel=\"ugc\">public support forums\u003C\u002Fa>, where the community can help each other out.\u003Cbr \u002F>\nPlease note, we do not provide individual email support for our free version. This is reserved for customers of our \u003Ca href=\"https:\u002F\u002Fwww.quickfeaturedimages.com\u002F?utm_source=wordpress_org&utm_medium=plugin&utm_campaign=readme\" rel=\"nofollow ugc\">Pro version\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>What users said\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>“Great plugin with great support”\u003C\u002Fstrong> in \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fgreat-plugin-with-great-support-358\u002F\" rel=\"ugc\">Reviews on wordpress.org\u003C\u002Fa> by danilocubrovic on January 24, 2025\u003C\u002Fli>\n\u003Cli>\u003Cstrong>“Excellent plugin to do just that: quickly manage all your featured images without the need to edit the posts directly.”\u003C\u002Fstrong> in \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fit-does-exactly-what-it-says-57\u002F\" rel=\"ugc\">Reviews on wordpress.org\u003C\u002Fa> by danielepais on December 7, 2024\u003C\u002Fli>\n\u003Cli>\u003Cstrong>“Great for my needs”\u003C\u002Fstrong> in \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fgreat-for-my-needs-7\u002F#post-17337619\u002F\" rel=\"ugc\">Reviews on wordpress.org\u003C\u002Fa> by gaiusjaugustus on January 12, 2024\u003C\u002Fli>\n\u003Cli>\u003Cstrong>“simple to use”\u003C\u002Fstrong> in \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fsimple-to-use-337\u002F\" rel=\"ugc\">Reviews on wordpress.org\u003C\u002Fa> by rabbitace on September 8, 2023\u003C\u002Fli>\n\u003Cli>\u003Cstrong>“SO helpful!”\u003C\u002Fstrong> in \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fso-helpful-130\u002F\" rel=\"ugc\">Reviews on wordpress.org\u003C\u002Fa> by brandcandyamy on June 6, 2023\u003C\u002Fli>\n\u003Cli>\u003Cstrong>“OMG, so good!”\u003C\u002Fstrong> in \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fomg-so-good-2\u002F\" rel=\"ugc\">Reviews on wordpress.org\u003C\u002Fa> by marverix on February 27, 2021\u003C\u002Fli>\n\u003Cli>\u003Cstrong>“This was awesome and saves so much time”\u003C\u002Fstrong> in \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fthis-was-awesome-and-saves-so-much-time\u002F\" rel=\"ugc\">Reviews on wordpress.org\u003C\u002Fa> by frank on December 31, 2020\u003C\u002Fli>\n\u003Cli>\u003Cstrong>“One of My Must Have Plugins”\u003C\u002Fstrong> in \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fmust-have-plugins-2\u002F\" rel=\"ugc\">Reviews on wordpress.org\u003C\u002Fa> by WillOfTheWeb on June 25, 2020\u003C\u002Fli>\n\u003Cli>\u003Cstrong>“I'm confused about it. It's very very very useful!”\u003C\u002Fstrong> in \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fcool-928\u002F\" rel=\"ugc\">Reviews on wordpress.org\u003C\u002Fa> by yueli on December 19, 2019\u003C\u002Fli>\n\u003Cli>\u003Cstrong>“Doing the job perfect”\u003C\u002Fstrong> in \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fdoing-the-job-perfect\u002F\" rel=\"ugc\">Reviews on wordpress.org\u003C\u002Fa> by stigbarrett on February 14, 2019\u003C\u002Fli>\n\u003Cli>\u003Cstrong>“Must be part of wordpress core”\u003C\u002Fstrong> in \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fmag-ni-fi-cient-must-be-part-of-wordpress-core\u002F\" rel=\"ugc\">Reviews on wordpress.org\u003C\u002Fa> by Marc73 on November 2, 2018\u003C\u002Fli>\n\u003Cli>\u003Cstrong>“Simply the best for bulk featured image”\u003C\u002Fstrong> in \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fsimply-the-best-324\u002F\" rel=\"ugc\">Reviews on wordpress.org\u003C\u002Fa> by Syamsul Alam on January 21, 2018\u003C\u002Fli>\n\u003Cli>\u003Cstrong>“Made adding 10,000 featured images a breeze.”\u003C\u002Fstrong> in \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fsuper-helpful-30\u002F\" rel=\"ugc\">Reviews on wordpress.org\u003C\u002Fa> by synchronista on July 28, 2017\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Number 7\u003C\u002Fstrong> in \u003Ca href=\"https:\u002F\u002Fwww.elegantthemes.com\u002Fblog\u002Ftips-tricks\u002F8-plugins-to-help-supercharge-your-wordpress-media-library\" rel=\"nofollow ugc\">8 Plugins to Help Supercharge Your WordPress Media Library\u003C\u002Fa> by John Hughes on April 6, 2017\u003C\u002Fli>\n\u003Cli>\u003Cstrong>“The plugin is fast, and it works great on big WordPress websites.”\u003C\u002Fstrong> in \u003Ca href=\"http:\u002F\u002Fhostileblog.com\u002Fwp-display-featured-image\u002F\" rel=\"nofollow ugc\">How to make WP display featured image on excerpts?\u003C\u002Fa> by Pramod on July 16, 2016\u003C\u002Fli>\n\u003Cli>\u003Cstrong>“The plugin offers great features for handling the post thumbnails including bulk editing, overview, replace and much more.”\u003C\u002Fstrong> in \u003Ca href=\"https:\u002F\u002F85ideas.com\u002Fplugins\u002Fbest-plugins-fix-featured-image-issues-wordpress\u002F\" rel=\"nofollow ugc\">6+ Best Plugins To Fix Featured Image Issues in WordPress\u003C\u002Fa> by Editorial Staff on December 3, 2015\u003C\u002Fli>\n\u003Cli>Mentioned under \u003Cstrong>“Essential Plugins”\u003C\u002Fstrong> on slide #24 in \u003Ca href=\"http:\u002F\u002Fwww.slideshare.net\u002FHeatherWilde\u002Fwordpress-plugins-52971643\" rel=\"nofollow ugc\">The Plugins That Will Make Your Business Sink or Swim\u003C\u002Fa> by Heather Wilde on September 15, 2015\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>See more comments under \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fquick-featured-images\u002F#reviews\" rel=\"ugc\">Reviews\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Access\u003C\u002Fh4>\n\u003Col>\n\u003Cli>You will find the plugin under the own \u003Cstrong>menu item ‘Featured Images’\u003C\u002Fstrong> \u003C\u002Fli>\n\u003Cli>You can select an image in the media library with the \u003Cstrong>action link ‘Bulk set as featured image’\u003C\u002Fstrong>. Click on it and you can go on with the plugin.\u003C\u002Fli>\n\u003Cli>You can set in ‘Settings’ which \u003Cstrong>minimum user role is allowed to see the plugin\u003C\u002Fstrong> in his\u002Fher administration area. You can switch between ‘Administrator’ and ‘Editor’. The default value is ‘Editor’.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Bulk Edit: Actions\u003C\u002Fh4>\n\u003Cp>With Quick Featured Images you can apply time-saving tasks with many featured images: add, exchange and delete them in bulk.\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>Adding featured images:\u003C\u002Fstrong> You can select an image to set it as the new featured image to hundreds of posts in one go. You can select multiple images to set them randomly as featured images.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Exchanging featured images:\u003C\u002Fstrong> You can replace or update several existing featured images with a selected image in one go.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Deleting featured images:\u003C\u002Fstrong> You can remove a selected featured image or all existing featured images in one go.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Removing database entries of featured images without existing image files:\u003C\u002Fstrong> You can remove them and clean your database with a simple single click.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>If you want to \u003Cstrong>set the first content image as featured\u003C\u002Fstrong>? Or want to \u003Cstrong>bulk set external featured images\u003C\u002Fstrong>, e.g. for a CDN? Then take a look the \u003Cstrong>Pro version\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwww.quickfeaturedimages.com\u002F?utm_source=wordpress_org&utm_medium=plugin&utm_campaign=readme\" rel=\"nofollow ugc\">Quick Featured Images Pro\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Bulk Edit: Options\u003C\u002Fh4>\n\u003Cp>Based on your selected action you can toggle on and off some options:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>overwrite existing featured images\u003C\u002Fstrong> or \u003Cstrong>keeping them unchanged\u003C\u002Fstrong>. The latter setting is the default.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>consider only posts without a featured image\u003C\u002Fstrong>. This will hide posts with featured images in the results list and will speed up the process.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>If you want to use the option to \u003Cstrong>remove the first image in the content\u003C\u002Fstrong> then take a look the \u003Cstrong>Pro version\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwww.quickfeaturedimages.com\u002F?utm_source=wordpress_org&utm_medium=plugin&utm_campaign=readme\" rel=\"nofollow ugc\">Quick Featured Images Pro\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>The \u003Cstrong>Pro version\u003C\u002Fstrong> offers you several approaches for \u003Cstrong>setting the first image as featured\u003C\u002Fstrong> additionally:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>the first post image\u003C\u002Fstrong> if available in the media library\u003C\u002Fli>\n\u003Cli>\u003Cstrong>the first post image from the current site domain\u003C\u002Fstrong>, copy and add it to the media library if not available there\u003C\u002Fli>\n\u003Cli>\u003Cstrong>the first external post image\u003C\u002Fstrong>, download it and add it to the media library\u003C\u002Fli>\n\u003Cli>\u003Cstrong>the first attached image of a post\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>the first image of a WordPress standard gallery\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>the first embedded content thumbnail\u003C\u002Fstrong> (like YouTube etc.)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>the first image of a NextGen Gallery\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>The \u003Cstrong>Pro version\u003C\u002Fstrong> offers you two more options if you selected multiple images to set them as featured images in random order:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>Use each selected image only once\u003C\u002Fstrong>. If there are more posts than selected images the remaining posts will not be changed.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remove excess featured images\u003C\u002Fstrong> after all selected images are used.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>If you want to use these options then take a look the \u003Cstrong>Pro version\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwww.quickfeaturedimages.com\u002F?utm_source=wordpress_org&utm_medium=plugin&utm_campaign=readme\" rel=\"nofollow ugc\">Quick Featured Images Pro\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Bulk Edit: Filters\u003C\u002Fh4>\n\u003Cp>If there would be no filters Quick Featured Images would affect all posts and pages without exception! In most cases this is not desired.\u003C\u002Fp>\n\u003Cp>The implemented filters allow you to narrow down the action to only the posts and pages you want to modify. The built-in filters are:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Filter by \u003Cstrong>post type\u003C\u002Fstrong>: Search by post types. By \u003Cstrong>default all\u003C\u002Fstrong> posts, pages and custom post types will be affected\u003C\u002Fli>\n\u003Cli>Filter by \u003Cstrong>category\u003C\u002Fstrong>: Search posts by category\u003C\u002Fli>\n\u003Cli>Filter by \u003Cstrong>tag\u003C\u002Fstrong>: Search posts by tag\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>The \u003Cstrong>Pro version\u003C\u002Fstrong> offers you additionally:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Filter by \u003Cstrong>format\u003C\u002Fstrong>: Search by post format\u003C\u002Fli>\n\u003Cli>Filter by \u003Cstrong>author\u003C\u002Fstrong>: Search by author\u003C\u002Fli>\n\u003Cli>Filter by \u003Cstrong>custom taxonomy\u003C\u002Fstrong>: Search by terms of registered taxonomies of a plugin or a theme\u003C\u002Fli>\n\u003Cli>Filter by \u003Cstrong>featured image size\u003C\u002Fstrong>: Search for small featured images below a given size\u003C\u002Fli>\n\u003Cli>Filter by \u003Cstrong>multimedia type\u003C\u002Fstrong>: Search for audio and video files\u003C\u002Fli>\n\u003Cli>Filter by \u003Cstrong>search\u003C\u002Fstrong>: Search by search term: Search in post title and post content or in post title only\u003C\u002Fli>\n\u003Cli>Filter by \u003Cstrong>status\u003C\u002Fstrong>: Search by several statuses (published, draft, private etc.). By \u003Cstrong>default all\u003C\u002Fstrong> statuses will be affected\u003C\u002Fli>\n\u003Cli>Filter by \u003Cstrong>time\u003C\u002Fstrong>: Search by time specifications\u003C\u002Fli>\n\u003Cli>Filter by \u003Cstrong>parent page\u003C\u002Fstrong>: Search child pages by parent page\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>If you want to use these filters then take a look the \u003Cstrong>Pro version\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwww.quickfeaturedimages.com\u002F?utm_source=wordpress_org&utm_medium=plugin&utm_campaign=readme\" rel=\"nofollow ugc\">Quick Featured Images Pro\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Bulk Edit: Presets (Pro only)\u003C\u002Fh4>\n\u003Cp>In the Pro version you can store all settings of a process as a preset. That is time-saving for recurring tasks managing featured images of your site.\u003C\u002Fp>\n\u003Ch4>Automatic Default Featured Images: Rules\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>You can set rules for default featured images of posts easily.\u003C\u002Fstrong> Every time you insert a new post or save an existing post Quick Featured Images will look for a rule to add and to change the preset featured image to the saved post.\u003C\u002Fp>\n\u003Cp>You can define the rules based on\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>first content image\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>custom taxonomy\u003C\u002Fstrong> supporting featured images\u003C\u002Fli>\n\u003Cli>\u003Cstrong>post tag\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>post category\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>post author\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>post types\u003C\u002Fstrong>: ‘Post’, ‘Page’ and \u003Cstrong>custom post types\u003C\u002Fstrong> supporting featured images\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>The \u003Cstrong>Pro version\u003C\u002Fstrong> offers you additionally:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>multiple random images\u003C\u002Fstrong> to assign one of them to a new post\u003C\u002Fli>\n\u003Cli>\u003Cstrong>external featured images\u003C\u002Fstrong>, e.g. from a CDN, to assign them automatically\u003C\u002Fli>\n\u003Cli>\u003Cstrong>user defined order\u003C\u002Fstrong> of applying the types of rules\u003C\u002Fli>\n\u003Cli>\u003Cstrong>first content image\u003C\u002Fstrong> if available on an external server\u003C\u002Fli>\n\u003Cli>\u003Cstrong>post format\u003C\u002Fstrong> match\u003C\u002Fli>\n\u003Cli>\u003Cstrong>search string in post title\u003C\u002Fstrong> match\u003C\u002Fli>\n\u003Cli>\u003Cstrong>random featured images at each page load\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>The rules are easy to set: choose an image, a taxonomy, a value and save the settings. That’s it. \u003Cstrong>You do not need to code.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>You can add, change and delete every rule whenever you want. So you get an \u003Cstrong>precise set of rules\u003C\u002Fstrong> for automatic default featured images in your website.\u003C\u002Fp>\n\u003Cp>After an image is removed from the library all preset rules assigned with that image will be removed automatically.\u003C\u002Fp>\n\u003Cp>The rules take effect when a post is saved in the backend – e.g. on the post edit page – or in the frontend – e.g. via a “Create Post” form by Gravity Forms.\u003C\u002Fp>\n\u003Ch4>Automatic Default Featured Images: Options\u003C\u002Fh4>\n\u003Cp>You can switch between\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>overwriting existing featured images\u003C\u002Fstrong> or \u003C\u002Fli>\n\u003Cli>\u003Cstrong>keeping them unchanged\u003C\u002Fstrong>. \u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>The latter setting is the default. The option is used every time a post is saved.\u003C\u002Fp>\n\u003Ch4>Easy managing in a sortable image column in posts lists\u003C\u002Fh4>\n\u003Cp>Quick Featured Images adds a new column ‘Featured Image’ in posts lists. The additional column is sortable by the image ID. It shows the currently assigned \u003Cstrong>featured image of each post\u003C\u002Fstrong> and \u003Cstrong>action links to set, replace, edit and remove the featured image at each post\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>With that column you can get a \u003Cstrong>quick overview about all used images\u003C\u002Fstrong> and a \u003Cstrong>change featured images at every single post quickly\u003C\u002Fstrong>. You can also see posts with no featured image at a glance.\u003C\u002Fp>\n\u003Cp>Quick Featured Images also adds a new column in the media library. It lists the titles of all posts for which the corresponding image is set as featured images. The post titles are links to the respective post edit page.\u003C\u002Fp>\n\u003Cp>Under \u003Cstrong>‘Featured Images’ > ‘Settings’\u003C\u002Fstrong> you can switch on and off the additional columns for every single post type, even custom post types if they support thumbnails.\u003C\u002Fp>\n\u003Ch4>Languages\u003C\u002Fh4>\n\u003Cp>Quick Featured Images is available in multiple languages maintained by the amazing WordPress community (e.g. Arabic, Dutch, Dutch (Belgium), English (US), French (France), German, Greek, Portuguese (Brazil), Spanish (Spain) and more).\u003Cbr \u002F>\nYour language is missing? Please be part of the community and help to translate Quick Featured Images on \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fquick-featured-images\u002F\" rel=\"nofollow ugc\">GlotPress\u003C\u002Fa>. Thank you!\u003C\u002Fp>\n\u003Ch4>Your idea to improve the plugin is welcome\u003C\u002Fh4>\n\u003Cp>If you have any new idea for this plugin post your questions and ideas in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fquick-featured-images\" rel=\"ugc\">support forum at wordpress.org\u003C\u002Fa>. I will try to take a look and answer as soon as possible.\u003C\u002Fp>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>Support for this plugin will be provided in the form of Product Support. This means that we intend to fix any confirmed bugs, listen to ideas for this plugin and improve the user experience when enhancements are identified and can reasonably be accommodated.\u003C\u002Fp>\n\u003Cp>Pro users get premium support whilst free support is offered in the WordPress forums in our spare time. If you are having trouble with this plugin in your particular installation of WordPress, we will not be able to help you troubleshoot the problem.\u003C\u002Fp>\n\u003Ch4>No warranty and liability!\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Notice: This plugin has no Undo function!\u003C\u002Fstrong> This plugin is provided under the terms of the GPL, including the following:\u003C\u002Fp>\n\u003Cp>BECAUSE THE ProGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE ProGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND\u002FOR OTHER PARTIES ProVIDE THE ProGRAM “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. \u003Cstrong>THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE ProGRAM IS WITH YOU.\u003C\u002Fstrong> SHOULD THE ProGRAM ProVE DEFECTIVE, \u003Cstrong>YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION\u003C\u002Fstrong>.\u003C\u002Fp>\n","The time-saving solution for managing tons of featured images within minutes: Set, replace and delete in bulk and set default images for future posts.",1220292,236,"2026-04-15T17:58:00.000Z",[149,82,150,151,134],"bulk-edit","featured-images","media-library","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fquick-featured-images","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fquick-featured-images.13.7.5.zip",97,"2025-11-07 21:03:51",{"slug":157,"name":158,"version":159,"author":160,"author_profile":161,"description":162,"short_description":163,"active_installs":164,"downloaded":165,"rating":101,"num_ratings":166,"last_updated":167,"tested_up_to":168,"requires_at_least":169,"requires_php":170,"tags":171,"homepage":172,"download_link":173,"security_score":89,"vuln_count":90,"unpatched_count":90,"last_vuln_date":35,"fetched_at":27},"crop-thumbnails","Crop-Thumbnails","1.9.7","Volkmar Kantor","https:\u002F\u002Fprofiles.wordpress.org\u002Fvolkmar-kantor\u002F","\u003Cp>The plugin provides the functionality to adjust the crop region of cropped images. It add buttons to the edit-pages and media-dialog to access a crop-editor.\u003Cbr \u002F>\nIn the crop-editor you can choose one or more (if they have the same ratio) imagesizes and cut-off the part of the image you want.\u003C\u002Fp>\n\u003Cp>The plugin is especially useful for theme developers who want to keep full control over cropped image sizes. If you want to dive even deeper, you can get informations about the hooks and filters on the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fvollyimnetz\u002Fcrop-thumbnails\" rel=\"nofollow ugc\">github page of the plugin\u003C\u002Fa>.\u003C\u002Fp>\n","\"Crop Thumbnails\" made it easy to get exacly that specific image-detail you want to show in your featured image or gallery image.",40000,842025,67,"2025-12-03T10:59:00.000Z","6.8.5","5.0","7.4.0",[109,151,134],"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fcrop-thumbnails\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcrop-thumbnails.1.9.7.zip",{"attackSurface":175,"codeSignals":246,"taintFlows":293,"riskAssessment":326,"analyzedAt":335},{"hooks":176,"ajaxHandlers":238,"restRoutes":243,"shortcodes":244,"cronEvents":245,"entryPointCount":25,"unprotectedCount":90},[177,183,186,190,197,201,204,209,212,216,220,225,228,231,233],{"type":178,"name":179,"callback":180,"file":181,"line":182},"action","kama_thumbnail_show_message","closure","classes\\Helpers.php",74,{"type":178,"name":184,"callback":180,"file":181,"line":185},"admin_notices",79,{"type":178,"name":187,"callback":180,"file":188,"line":189},"switch_blog","classes\\Options.php",229,{"type":191,"name":192,"callback":193,"priority":194,"file":195,"line":196},"filter","plugin_action_links","add_setting_page_in_plugin_links",10,"classes\\Options_Page.php",29,{"type":178,"name":198,"callback":199,"file":195,"line":200},"network_admin_edit_kt_opt_up","_network_options_update_handler",33,{"type":178,"name":202,"callback":180,"file":195,"line":203},"delete_expired_transients",279,{"type":191,"name":205,"callback":206,"file":207,"line":208},"the_content","replece_in_content","classes\\WP_Integration.php",13,{"type":191,"name":210,"callback":206,"file":207,"line":211},"the_content_rss",14,{"type":191,"name":213,"callback":214,"file":207,"line":215},"save_post","clear_post_meta",18,{"type":178,"name":217,"callback":218,"file":207,"line":219},"delete_attachment","delete_attach_cached_files",23,{"type":191,"name":221,"callback":222,"priority":90,"file":223,"line":224},"kama_thumb_src","kama_thumb_hook_cb","functions.php",20,{"type":191,"name":226,"callback":222,"priority":90,"file":223,"line":227},"kama_thumb_img",21,{"type":191,"name":229,"callback":222,"priority":90,"file":223,"line":230},"kama_thumb_a_img",22,{"type":178,"name":184,"callback":180,"file":223,"line":232},157,{"type":178,"name":234,"callback":235,"file":236,"line":237},"init","kama_thumbnail_init","kama_thumbnail.php",87,[239],{"action":240,"nopriv":46,"callback":241,"hasNonce":46,"hasCapCheck":242,"file":195,"line":230},"ktclearcache","cache_clear_ajax_handler",true,[],[],[],{"dangerousFunctions":247,"sqlUsage":248,"outputEscaping":251,"fileOperations":291,"externalRequests":47,"nonceChecks":25,"capabilityChecks":25,"bundledLibraries":292},[],{"prepared":249,"raw":90,"locations":250},2,[],{"escaped":252,"rawEcho":253,"locations":254},26,19,[255,258,260,262,264,266,268,270,272,274,275,277,279,281,282,283,285,287,289],{"file":181,"line":256,"context":257},75,"raw output",{"file":181,"line":259,"context":257},80,{"file":195,"line":261,"context":257},140,{"file":195,"line":263,"context":257},152,{"file":195,"line":265,"context":257},154,{"file":195,"line":267,"context":257},197,{"file":195,"line":269,"context":257},201,{"file":195,"line":271,"context":257},206,{"file":195,"line":273,"context":257},207,{"file":195,"line":76,"context":257},{"file":195,"line":276,"context":257},213,{"file":195,"line":278,"context":257},259,{"file":280,"line":230,"context":257},"classes\\Options_Page_Fields.php",{"file":280,"line":219,"context":257},{"file":280,"line":252,"context":257},{"file":280,"line":284,"context":257},43,{"file":280,"line":286,"context":257},44,{"file":280,"line":288,"context":257},48,{"file":223,"line":290,"context":257},158,11,[],[294,316],{"entryPoint":295,"graph":296,"unsanitizedCount":25,"severity":315},"_network_options_update_handler (classes\\Options_Page.php:75)",{"nodes":297,"edges":312},[298,303,307],{"id":299,"type":300,"label":301,"file":195,"line":302},"n0","source","$_POST",81,{"id":304,"type":305,"label":306,"file":195,"line":302},"n1","transform","→ update_options()",{"id":308,"type":309,"label":310,"file":188,"line":203,"wp_function":311},"n2","sink","update_option() [Settings Manipulation]","update_option",[313,314],{"from":299,"to":304,"sanitized":46},{"from":304,"to":308,"sanitized":46},"low",{"entryPoint":317,"graph":318,"unsanitizedCount":25,"severity":315},"\u003COptions_Page> (classes\\Options_Page.php:0)",{"nodes":319,"edges":323},[320,321,322],{"id":299,"type":300,"label":301,"file":195,"line":302},{"id":304,"type":305,"label":306,"file":195,"line":302},{"id":308,"type":309,"label":310,"file":188,"line":203,"wp_function":311},[324,325],{"from":299,"to":304,"sanitized":46},{"from":304,"to":308,"sanitized":46},{"summary":327,"deductions":328},"The kama-thumbnail v3.5.1 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and has a small attack surface, with all identified entry points seemingly protected by authentication checks. The absence of dangerous functions and the presence of nonce and capability checks are also encouraging signs.\n\nHowever, there are notable concerns. The taint analysis reveals two flows with unsanitized paths, which, despite not being classified as critical or high severity in this analysis, represent potential vulnerabilities if user-controlled data is involved. Furthermore, a significant portion (42%) of output is not properly escaped, increasing the risk of Cross-Site Scripting (XSS) vulnerabilities. The plugin also performs file operations and external HTTP requests, which can be vectors for attack if not handled securely.\n\nThe vulnerability history is a significant concern, with one unpatched medium severity CVE. The fact that the last vulnerability was in the future (2026-01-26) suggests this data may be fabricated or has a temporal inconsistency. However, if we consider the existence of an unpatched CVE, it indicates a recurring issue with security patching. The common vulnerability type of Cross-Site Request Forgery (CSRF) in its history, although not directly evident in the static analysis, suggests a past weakness in input validation or state-changing operations.",[329,331,333],{"reason":330,"points":14},"Unpatched CVE exists",{"reason":332,"points":194},"Unsanitized paths in taint flows",{"reason":334,"points":137},"Significant unescaped output","2026-03-16T17:51:23.955Z",{"wat":337,"direct":346},{"assetPaths":338,"generatorPatterns":341,"scriptPaths":342,"versionParams":343},[339,340],"\u002Fwp-content\u002Fplugins\u002Fkama-thumbnail\u002Fpublic\u002Fcss\u002Fmain.css","\u002Fwp-content\u002Fplugins\u002Fkama-thumbnail\u002Fpublic\u002Fjs\u002Fscript.js",[],[340],[344,345],"kama-thumbnail\u002Fpublic\u002Fcss\u002Fmain.css?ver=","kama-thumbnail\u002Fpublic\u002Fjs\u002Fscript.js?ver=",{"cssClasses":347,"htmlComments":348,"htmlAttributes":355,"restEndpoints":360,"jsGlobals":361,"shortcodeOutput":363},[4],[349,350,351,352,353,354],"\u003C!-- kama_thumb_img -->","\u003C!-- kama_thumb_src -->","\u003C!-- kama_thumb_a_img -->","\u003C!-- kama_thumb_gallery -->","\u003C!-- Kama Thumbnail: Image generated and cached -->","\u003C!-- Kama Thumbnail: Image URL not found -->",[356,357,358,359],"data-kama-thumbnail-id","data-kama-thumbnail-src","data-kama-thumbnail-srcset","data-kama-thumbnail-sizes",[],[362],"kama_thumbnail_vars",[364,365,366],"\u003Cimg class=\"kama-thumbnail\"","\u003Ca href=\"","\u003Cimg src=\"",{"error":242,"url":368,"statusCode":369,"statusMessage":370,"message":370},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fkama-thumbnail\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":211,"versions":372},[373,380,388,396,404,412,420,428,436,444,452,460,468,476],{"version":6,"download_url":374,"svn_tag_url":375,"released_at":35,"has_diff":46,"diff_files_changed":376,"diff_lines":35,"trac_diff_url":377,"vulnerabilities":378,"is_current":242},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkama-thumbnail.3.5.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fkama-thumbnail\u002Ftags\u002F3.5.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fkama-thumbnail%2Ftags%2F3.5.0&new_path=%2Fkama-thumbnail%2Ftags%2F3.5.1",[379],{"id":31,"url_slug":32,"title":33,"severity":37,"cvss_score":38,"vuln_type":40,"patched_in_version":35},{"version":381,"download_url":382,"svn_tag_url":383,"released_at":35,"has_diff":46,"diff_files_changed":384,"diff_lines":35,"trac_diff_url":385,"vulnerabilities":386,"is_current":46},"3.5.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkama-thumbnail.3.5.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fkama-thumbnail\u002Ftags\u002F3.5.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fkama-thumbnail%2Ftags%2F3.4.2&new_path=%2Fkama-thumbnail%2Ftags%2F3.5.0",[387],{"id":31,"url_slug":32,"title":33,"severity":37,"cvss_score":38,"vuln_type":40,"patched_in_version":35},{"version":389,"download_url":390,"svn_tag_url":391,"released_at":35,"has_diff":46,"diff_files_changed":392,"diff_lines":35,"trac_diff_url":393,"vulnerabilities":394,"is_current":46},"3.4.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkama-thumbnail.3.4.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fkama-thumbnail\u002Ftags\u002F3.4.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fkama-thumbnail%2Ftags%2F3.4.1&new_path=%2Fkama-thumbnail%2Ftags%2F3.4.2",[395],{"id":31,"url_slug":32,"title":33,"severity":37,"cvss_score":38,"vuln_type":40,"patched_in_version":35},{"version":397,"download_url":398,"svn_tag_url":399,"released_at":35,"has_diff":46,"diff_files_changed":400,"diff_lines":35,"trac_diff_url":401,"vulnerabilities":402,"is_current":46},"3.4.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkama-thumbnail.3.4.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fkama-thumbnail\u002Ftags\u002F3.4.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fkama-thumbnail%2Ftags%2F3.4.0&new_path=%2Fkama-thumbnail%2Ftags%2F3.4.1",[403],{"id":31,"url_slug":32,"title":33,"severity":37,"cvss_score":38,"vuln_type":40,"patched_in_version":35},{"version":405,"download_url":406,"svn_tag_url":407,"released_at":35,"has_diff":46,"diff_files_changed":408,"diff_lines":35,"trac_diff_url":409,"vulnerabilities":410,"is_current":46},"3.4.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkama-thumbnail.3.4.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fkama-thumbnail\u002Ftags\u002F3.4.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fkama-thumbnail%2Ftags%2F3.3.8&new_path=%2Fkama-thumbnail%2Ftags%2F3.4.0",[411],{"id":31,"url_slug":32,"title":33,"severity":37,"cvss_score":38,"vuln_type":40,"patched_in_version":35},{"version":413,"download_url":414,"svn_tag_url":415,"released_at":35,"has_diff":46,"diff_files_changed":416,"diff_lines":35,"trac_diff_url":417,"vulnerabilities":418,"is_current":46},"3.3.8","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkama-thumbnail.3.3.8.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fkama-thumbnail\u002Ftags\u002F3.3.8\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fkama-thumbnail%2Ftags%2F3.3.7&new_path=%2Fkama-thumbnail%2Ftags%2F3.3.8",[419],{"id":31,"url_slug":32,"title":33,"severity":37,"cvss_score":38,"vuln_type":40,"patched_in_version":35},{"version":421,"download_url":422,"svn_tag_url":423,"released_at":35,"has_diff":46,"diff_files_changed":424,"diff_lines":35,"trac_diff_url":425,"vulnerabilities":426,"is_current":46},"3.3.7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkama-thumbnail.3.3.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fkama-thumbnail\u002Ftags\u002F3.3.7\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fkama-thumbnail%2Ftags%2F2.7.6&new_path=%2Fkama-thumbnail%2Ftags%2F3.3.7",[427],{"id":31,"url_slug":32,"title":33,"severity":37,"cvss_score":38,"vuln_type":40,"patched_in_version":35},{"version":429,"download_url":430,"svn_tag_url":431,"released_at":35,"has_diff":46,"diff_files_changed":432,"diff_lines":35,"trac_diff_url":433,"vulnerabilities":434,"is_current":46},"2.7.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkama-thumbnail.2.7.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fkama-thumbnail\u002Ftags\u002F2.7.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fkama-thumbnail%2Ftags%2F2.7.2&new_path=%2Fkama-thumbnail%2Ftags%2F2.7.6",[435],{"id":31,"url_slug":32,"title":33,"severity":37,"cvss_score":38,"vuln_type":40,"patched_in_version":35},{"version":437,"download_url":438,"svn_tag_url":439,"released_at":35,"has_diff":46,"diff_files_changed":440,"diff_lines":35,"trac_diff_url":441,"vulnerabilities":442,"is_current":46},"2.7.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkama-thumbnail.2.7.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fkama-thumbnail\u002Ftags\u002F2.7.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fkama-thumbnail%2Ftags%2F2.6.3&new_path=%2Fkama-thumbnail%2Ftags%2F2.7.2",[443],{"id":31,"url_slug":32,"title":33,"severity":37,"cvss_score":38,"vuln_type":40,"patched_in_version":35},{"version":445,"download_url":446,"svn_tag_url":447,"released_at":35,"has_diff":46,"diff_files_changed":448,"diff_lines":35,"trac_diff_url":449,"vulnerabilities":450,"is_current":46},"2.6.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkama-thumbnail.2.6.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fkama-thumbnail\u002Ftags\u002F2.6.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fkama-thumbnail%2Ftags%2F2.6.0&new_path=%2Fkama-thumbnail%2Ftags%2F2.6.3",[451],{"id":31,"url_slug":32,"title":33,"severity":37,"cvss_score":38,"vuln_type":40,"patched_in_version":35},{"version":453,"download_url":454,"svn_tag_url":455,"released_at":35,"has_diff":46,"diff_files_changed":456,"diff_lines":35,"trac_diff_url":457,"vulnerabilities":458,"is_current":46},"2.6.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkama-thumbnail.2.6.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fkama-thumbnail\u002Ftags\u002F2.6.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fkama-thumbnail%2Ftags%2F2.5.8&new_path=%2Fkama-thumbnail%2Ftags%2F2.6.0",[459],{"id":31,"url_slug":32,"title":33,"severity":37,"cvss_score":38,"vuln_type":40,"patched_in_version":35},{"version":461,"download_url":462,"svn_tag_url":463,"released_at":35,"has_diff":46,"diff_files_changed":464,"diff_lines":35,"trac_diff_url":465,"vulnerabilities":466,"is_current":46},"2.5.8","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkama-thumbnail.2.5.8.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fkama-thumbnail\u002Ftags\u002F2.5.8\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fkama-thumbnail%2Ftags%2F2.5.1&new_path=%2Fkama-thumbnail%2Ftags%2F2.5.8",[467],{"id":31,"url_slug":32,"title":33,"severity":37,"cvss_score":38,"vuln_type":40,"patched_in_version":35},{"version":469,"download_url":470,"svn_tag_url":471,"released_at":35,"has_diff":46,"diff_files_changed":472,"diff_lines":35,"trac_diff_url":473,"vulnerabilities":474,"is_current":46},"2.5.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkama-thumbnail.2.5.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fkama-thumbnail\u002Ftags\u002F2.5.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fkama-thumbnail%2Ftags%2F2.5&new_path=%2Fkama-thumbnail%2Ftags%2F2.5.1",[475],{"id":31,"url_slug":32,"title":33,"severity":37,"cvss_score":38,"vuln_type":40,"patched_in_version":35},{"version":477,"download_url":478,"svn_tag_url":479,"released_at":35,"has_diff":46,"diff_files_changed":480,"diff_lines":35,"trac_diff_url":35,"vulnerabilities":481,"is_current":46},"2.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkama-thumbnail.2.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fkama-thumbnail\u002Ftags\u002F2.5\u002F",[],[482],{"id":31,"url_slug":32,"title":33,"severity":37,"cvss_score":38,"vuln_type":40,"patched_in_version":35}]