Does Letterbox Thumbnails have any unpatched vulnerabilities?

No. All known vulnerabilities in Letterbox Thumbnails have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Letterbox Thumbnails compatible with WordPress 5.2.24?

According to WordPress.org data, Letterbox Thumbnails 2.0.1 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

How often is Letterbox Thumbnails updated?

Letterbox Thumbnails was last updated on May 22, 2019. Frequent updates are generally a positive security signal.

What is Letterbox Thumbnails's security score?

Letterbox Thumbnails has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Letterbox Thumbnails Security & Risk Analysis

wordpress.org/plugins/letterbox-thumnails

This plugin add new editor for generating thumbnails with letterbox style. Background color for letterbox style sets in settings.

10 active installs v2.0.1 PHP + WP 4.5.0+ Updated May 22, 2019

letterboxingthumbnails

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Letterbox Thumbnails Safe to Use in 2026?

Generally Safe

Score 85/100

Letterbox Thumbnails has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The plugin "letterbox-thumnails" v2.0.1 exhibits a generally good security posture based on the provided static analysis. The absence of known vulnerabilities in its history is a positive sign. The plugin demonstrates awareness of security best practices by utilizing prepared statements for all SQL queries and implementing a nonce check for its single AJAX handler. The limited attack surface, with only one AJAX entry point and no shortcodes or cron events, further contributes to its secure design. However, a significant concern arises from the output escaping analysis, where only 7% of outputs are properly escaped. This suggests a high risk of Cross-Site Scripting (XSS) vulnerabilities, as unsanitized output can be rendered directly in the browser, allowing attackers to inject malicious scripts. While the taint analysis found only one flow and no critical or high severity issues, the presence of an unsanitized path is still a potential concern that warrants further investigation. The lack of capability checks on the AJAX handler, while not explicitly flagged as a vulnerability in this analysis, could also be a weakness depending on the functionality of the AJAX endpoint. Overall, the plugin is built on a foundation of good practices, but the poor output escaping is a critical weakness that needs immediate attention.

Key Concerns

Poor output escaping
Unsanitized path in taint analysis
No capability checks on AJAX handler

Vulnerabilities

None known

Letterbox Thumbnails Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Letterbox Thumbnails Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

7% escaped14 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<settings> (templates\admin\settings.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Letterbox Thumbnails Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_letterbox_thumbnails_settings_saveincludes\admin\handler\class-letterbox-thumbnails-admin-settings-handler.php:53

WordPress Hooks 5

actionadmin_menuincludes\admin\class-letterbox-thumbnails-admin-menus.php:23

actioninitincludes\admin\class-letterbox-thumbnails-admin.php:19

filterwp_image_editorsincludes\class-letterbox-thumbnails-image-editor.php:28

filterplugin_row_metaincludes\class-letterbox-thumbnails.php:125

actionplugins_loadedincludes\class-letterbox-thumbnails.php:141

Maintenance & Trust

Letterbox Thumbnails Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedMay 22, 2019

PHP min version

Downloads4K

Community Trust

Rating100/100

Number of ratings2

Active installs10

Alternatives

Letterbox Thumbnails Alternatives

Regenerate Thumbnails

regenerate-thumbnails

100

Regenerate the thumbnails for one or more of your image uploads. Useful when changing their sizes or your theme.

1.0M No CVEs

Force Regenerate Thumbnails

force-regenerate-thumbnails

100

Delete and REALLY force thumbnail regeneration.

200K No CVEs

reGenerate Thumbnails Advanced

regenerate-thumbnails-advanced

100

Regenerate thumbnails quickly and easily, including forced regeneration; very useful when changing a theme or adding new thumbnail sizes.

70K No CVEs

Perfect Images: Regenerate Thumbnails, Image Sizes, WebP & AVIF

wp-retina-2x

Optimize image sizes, regenerate thumbnails, enable retina, convert to WebP/AVIF, or use cloud optimization. An essential image toolkit.

70K 3 CVEs

Developer Profile

Letterbox Thumbnails Developer Profile

dark_diesel

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Letterbox Thumbnails

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/letterbox-thumnails/assets/css/admin_menu_settings.css/wp-content/plugins/letterbox-thumnails/assets/js/admin_menu_settings.js

Script Paths

/wp-content/plugins/letterbox-thumnails/assets/js/admin_menu_settings.js

Version Parameters

letterbox-thumbnails/assets/css/admin_menu_settings.css?ver=letterbox-thumbnails/assets/js/admin_menu_settings.js?ver=

HTML / DOM Fingerprints

JS Globals

letterbox_thumbnails_menu_settings_vars

FAQ