Does Generate Images (AI) – Magic Post Thumbnail have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Generate Images (AI) – Magic Post Thumbnail compatible with WordPress 6.9.4?

According to WordPress.org data, Generate Images (AI) – Magic Post Thumbnail 6.2.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Generate Images (AI) – Magic Post Thumbnail compatible with PHP 7.3+?

Generate Images (AI) – Magic Post Thumbnail requires PHP 7.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Generate Images (AI) – Magic Post Thumbnail updated?

Generate Images (AI) – Magic Post Thumbnail was last updated on Apr 2, 2026. Frequent updates are generally a positive security signal.

What is Generate Images (AI) – Magic Post Thumbnail's security score?

Generate Images (AI) – Magic Post Thumbnail has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Generate Images (AI) – Magic Post Thumbnail Security & Risk Analysis

wordpress.org/plugins/magic-post-thumbnail

Get images for your posts with automatic generation & multiple banks. Generate as featured images or in your content with Gutenberg Block and in bulk

7K active installs v6.2.1 PHP 7.3+ WP 6.0+ Updated Apr 2, 2026

dallegenerateimagereplicatestable-diffusion

A · Safe

CVEs total4

Unpatched0

Last CVEAug 26, 2024

Plugin page Download

Safety Verdict

Is Generate Images (AI) – Magic Post Thumbnail Safe to Use in 2026?

Generally Safe

Score 96/100

Generate Images (AI) – Magic Post Thumbnail has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

4 known CVEsLast CVE: Aug 26, 2024Updated 1mo ago

Risk Assessment

The magic-post-thumbnail plugin exhibits a mixed security posture. While it demonstrates good practices like using prepared statements for all SQL queries, the static analysis reveals significant concerns. A notable issue is the presence of two AJAX handlers that lack authentication checks, creating a direct entry point for potential unauthorized actions. Furthermore, the taint analysis indicates one flow with unsanitized paths, which, although not classified as critical or high severity in this analysis, represents a potential risk for data manipulation or unauthorized access if not properly handled.

The vulnerability history of this plugin is a significant red flag. With four known CVEs, including one high severity and three medium severity vulnerabilities, the plugin has a documented history of security flaws. The fact that the last vulnerability was recorded very recently (August 26, 2024) and that it predominantly involves Cross-Site Scripting (XSS) suggests that the developers may struggle with properly sanitizing and escaping user-supplied input, a weakness corroborated by the low percentage (15%) of properly escaped outputs in the static analysis. Although there are currently no unpatched CVEs, the recurring nature of vulnerabilities indicates a pattern of insecure coding practices that require ongoing vigilance.

In conclusion, while the plugin has some strengths such as its SQL query practices, the high number of historical vulnerabilities, coupled with the discovery of unprotected AJAX handlers and unsanitized paths in the current analysis, present substantial security risks. The prevalence of XSS vulnerabilities in its history, along with the low output escaping rate, suggests a need for more robust input validation and output sanitization to mitigate future risks. Users should proceed with caution and ensure the plugin is kept up-to-date, though the historical pattern raises concerns about the overall security maturity of the plugin.

Key Concerns

Unprotected AJAX handlers
Taint flow with unsanitized paths
Low output escaping percentage
One high severity CVE historically
Three medium severity CVEs historically
Recent vulnerability recorded

Vulnerabilities

4 published

Generate Images (AI) – Magic Post Thumbnail Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

1 CVE in 2023

2023

2 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

High

Medium

4 total CVEs

CVE-2024-43921medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Magic Post Thumbnail <= 5.2.9 - Reflected Cross-Site Scripting

Aug 26, 2024 Patched in 5.2.10 (10d)

CVE-2024-6724medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Generate Images – Magic Post Thumbnail <= 5.2.7 - Authenticated (Admin+) Stored Cross-Site Scripting

Jul 22, 2024 Patched in 5.2.8 (24d)

CVE-2023-29171high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Magic Post Thumbnail <= 4.1.10 - Unauthenticated Stored Cross-Site Scripting

Apr 3, 2023 Patched in 4.1.11 (295d)

WF-55c586a0-bb91-4702-a9f2-d7503f247da3-magic-post-thumbnailmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Magic Post Thumbnail <= 3.3.6 - Reflected Cross-Site Scripting

Jul 5, 2021 Patched in 3.3.7 (932d)

Version History

Generate Images (AI) – Magic Post Thumbnail Release Timeline

v6.2.1Current

v6.2.0

v6.1.8

v6.1.7

v6.1.6

v6.1.5

v6.1.4

v6.1.3

v6.1.2

v6.1.1

v6.1.0

v6.0.8

v6.0.7

v6.0.6

v6.0.5

v6.0.4

v6.0.3

v6.0.2

v6.0.1

v6.0.0

Code Analysis

Analyzed Mar 16, 2026

Generate Images (AI) – Magic Post Thumbnail Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

207

37 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

Output Escaping

15% escaped244 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

4 flows1 with unsanitized paths

MPT_test_apis (admin\class-magic-post-thumbnail-admin.php:1219)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Generate Images (AI) – Magic Post Thumbnail Attack Surface

Entry Points10

Unprotected2

AJAX Handlers 10

authwp_ajax_test_apisadmin\class-magic-post-thumbnail-admin.php:77

noprivwp_ajax_test_apisadmin\class-magic-post-thumbnail-admin.php:78

authwp_ajax_block_searching_imagesadmin\class-magic-post-thumbnail-admin.php:84

noprivwp_ajax_block_searching_imagesadmin\class-magic-post-thumbnail-admin.php:85

authwp_ajax_block_downloading_imageadmin\class-magic-post-thumbnail-admin.php:87

noprivwp_ajax_block_downloading_imageadmin\class-magic-post-thumbnail-admin.php:88

authwp_ajax_mpt_hide_noticeadmin\class-magic-post-thumbnail-admin.php:96

authwp_ajax_mpt_remind_lateradmin\class-magic-post-thumbnail-admin.php:97

noprivwp_ajax_generate_imageadmin\class-magic-post-thumbnail-generation.php:40

authwp_ajax_generate_imageadmin\class-magic-post-thumbnail-generation.php:41

WordPress Hooks 27

actioninitadmin\class-magic-post-thumbnail-admin.php:81

actionenqueue_block_editor_assetsadmin\class-magic-post-thumbnail-admin.php:82

filterhttp_request_timeoutadmin\class-magic-post-thumbnail-admin.php:92

actionadmin_noticesadmin\class-magic-post-thumbnail-admin.php:95

actioninitadmin\class-magic-post-thumbnail-admin.php:99

actionsave_postadmin\class-magic-post-thumbnail-admin.php:113

filtercategory_row_actionsadmin\class-magic-post-thumbnail-admin.php:584

filtermap_meta_capadmin\class-magic-post-thumbnail-admin.php:653

actionadmin_enqueue_scriptsadmin\class-magic-post-thumbnail-admin.php:1320

filterhttp_request_timeoutadmin\class-magic-post-thumbnail-admin.php:1435

filterhttp_request_argsadmin\class-magic-post-thumbnail-admin.php:1437

filterhttp_request_timeoutadmin\class-magic-post-thumbnail-admin.php:1449

filterhttp_request_argsadmin\class-magic-post-thumbnail-admin.php:1451

actionsave_postadmin\class-magic-post-thumbnail-generation.php:45

actionsave_postadmin\class-magic-post-thumbnail-generation.php:710

actioninitincludes\class-magic-post-thumbnail.php:147

actionadmin_enqueue_scriptsincludes\class-magic-post-thumbnail.php:163

actionadmin_enqueue_scriptsincludes\class-magic-post-thumbnail.php:164

actionadmin_menuincludes\class-magic-post-thumbnail.php:166

filtersubmenu_fileincludes\class-magic-post-thumbnail.php:167

actioninitincludes\class-magic-post-thumbnail.php:169

actionwp_enqueue_scriptsincludes\class-magic-post-thumbnail.php:184

actionwp_enqueue_scriptsincludes\class-magic-post-thumbnail.php:185

actioninitmagic-post-thumbnail.php:169

actioninitmagic-post-thumbnail.php:170

actioninitmagic-post-thumbnail.php:172

actionafter_uninstallmagic-post-thumbnail.php:177

Scheduled Events 1

mpt_generate_scheduled_image

Maintenance & Trust

Generate Images (AI) – Magic Post Thumbnail Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 2, 2026

PHP min version7.3

Downloads475K

Community Trust

Rating86/100

Number of ratings25

Active installs7K

Alternatives

Generate Images (AI) – Magic Post Thumbnail Alternatives

ImageMagick Engine

imagemagick-engine

Improve the quality of re-sized images by replacing standard GD library with ImageMagick.

60K 3 CVEs

Simple Image Sizes

simple-image-sizes

This plugin lets you create custom image sizes for your site. Override your theme sizes directly on the Media settings page, regenerate thumbnails, an …

60K 1 CVE

ThumbPress – Image Management Suite for Performance and Optimization

image-sizes

100

Disable Thumbnails, Regenerate Thumbnails, Compress Images, Convert to WebP, Find Unused and Large Images, Edit Images, and more with ThumbPress.

30K No CVEs

Image Regenerate & Select Crop

image-regenerate-select-crop

Advanced management for images, register new sub-sizes, sub-sizes details, regenerate and cleanup files.

8K 4 CVEs

Acme Fix Images – Regenerate Thumbnails

acme-fix-images

Fix image sizes after you have changed image sizes from Media Settings. Ensure your images display consistently across your website.

4K 1 CVE

Developer Profile

Generate Images (AI) – Magic Post Thumbnail Developer Profile

Alexandre Gaboriau

5 plugins · 7K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

315 days

View full developer profile

Detection Fingerprints

How We Detect Generate Images (AI) – Magic Post Thumbnail

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/magic-post-thumbnail/admin/css/magic-post-thumbnail-admin.css/wp-content/plugins/magic-post-thumbnail/admin/js/magic-post-thumbnail-admin.js/wp-content/plugins/magic-post-thumbnail/public/css/magic-post-thumbnail-public.css/wp-content/plugins/magic-post-thumbnail/public/js/magic-post-thumbnail-public.js

Script Paths

/wp-content/plugins/magic-post-thumbnail/admin/js/magic-post-thumbnail-admin.js/wp-content/plugins/magic-post-thumbnail/public/js/magic-post-thumbnail-public.js

Version Parameters

magic-post-thumbnail/admin/css/magic-post-thumbnail-admin.css?ver=magic-post-thumbnail/admin/js/magic-post-thumbnail-admin.js?ver=magic-post-thumbnail/public/css/magic-post-thumbnail-public.css?ver=magic-post-thumbnail/public/js/magic-post-thumbnail-public.js?ver=

HTML / DOM Fingerprints

CSS Classes

mpt-admin-wrapmpt-main-settings-sectionmpt-posts-settings-sectionmpt-banks-settings-sectionmpt-cron-settings-sectionmpt-logs-settings-sectionmpt-proxy-settings-sectionmpt-compatibility-settings-section

HTML Comments

+5 more

Data Attributes

data-mpt-id

JS Globals

magic_post_thumbnail_admin_objectmagic_post_thumbnail_public_object

FAQ