Does Multiple Featured Images: Reloaded have any unpatched vulnerabilities?

No. All known vulnerabilities in Multiple Featured Images: Reloaded have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Multiple Featured Images: Reloaded compatible with WordPress 3.6.1?

According to WordPress.org data, Multiple Featured Images: Reloaded 1.0.0 has been tested up to WordPress 3.6.1. Check the plugin's changelog for the latest compatibility information.

How often is Multiple Featured Images: Reloaded updated?

Multiple Featured Images: Reloaded was last updated on Mar 18, 2014. Frequent updates are generally a positive security signal.

What is Multiple Featured Images: Reloaded's security score?

Multiple Featured Images: Reloaded has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Multiple Featured Images: Reloaded Security & Risk Analysis

wordpress.org/plugins/mfi-reloaded

This plugin allows developers to easily register additional image pickers for any post type.

10 active installs v1.0.0 PHP + WP 3.6+ Updated Mar 18, 2014

adminimages

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Multiple Featured Images: Reloaded Safe to Use in 2026?

Generally Safe

Score 85/100

Multiple Featured Images: Reloaded has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago

Risk Assessment

The mfi-reloaded v1.0.0 plugin exhibits a generally positive security posture based on the static analysis, with no detected dangerous functions, raw SQL queries, or file operations. The presence of a capability check on its single AJAX handler and the absence of REST API routes or shortcodes contribute to a limited attack surface. However, a significant concern arises from the fact that 100% of its single output is not properly escaped. This leaves the plugin vulnerable to Cross-Site Scripting (XSS) attacks, as user-supplied data, if processed through this unescaped output, could be injected and executed in the victim's browser. The plugin's vulnerability history is clean, with no recorded CVEs, which is a strong indicator of good development practices or at least a lack of past exploits. Despite this clean history, the unescaped output remains a critical weakness that requires immediate attention to mitigate potential XSS vulnerabilities.

Key Concerns

Unescaped output found

Vulnerabilities

None known

Multiple Featured Images: Reloaded Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Multiple Featured Images: Reloaded Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped1 total outputs

Attack Surface

Multiple Featured Images: Reloaded Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_mfi_reloaded_set_image_idmfi-reloaded.php:24

WordPress Hooks 2

actionadd_meta_boxesmfi-reloaded.php:27

actionadmin_enqueue_scriptsmfi-reloaded.php:28

Maintenance & Trust

Multiple Featured Images: Reloaded Maintenance & Trust

Maintenance Signals

WordPress version tested3.6.1

Last updatedMar 18, 2014

PHP min version

Downloads2K

Community Trust

Rating66/100

Number of ratings4

Active installs10

Alternatives

Multiple Featured Images: Reloaded Alternatives

SEO Friendly Images

seo-image

SEO Friendly Images automatically adds alt and title attributes to all your images improving traffic from search engines.

20K 1 CVE

Require Featured Image

require-featured-image

Requires content you specify to have a featured image set before they can be published.

4K No CVEs

Featured Galleries

featured-galleries

Do you like giving posts a Featured Image? Try out a Featured Gallery. It's like a Featured Images ... except as many images as you want.

3K No CVEs

Custom Header Extended

custom-header-extended

Allows users to create a custom header on a per-post basis.

1K No CVEs

WP Sanitize File Name Plus

wp-sanitize-file-name-plus

Sanitize file names and enhance security.

1K No CVEs

Developer Profile

Multiple Featured Images: Reloaded Developer Profile

nickohrn

12 plugins · 760 total installs

trust score

Avg Security Score

86/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Multiple Featured Images: Reloaded

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/mfi-reloaded/resources/backend/mfi-reloaded.js/wp-content/plugins/mfi-reloaded/resources/backend/mfi-reloaded.css

Script Paths

/wp-content/plugins/mfi-reloaded/resources/backend/mfi-reloaded.js

Version Parameters

mfi-reloaded/resources/backend/mfi-reloaded.js?ver=mfi-reloaded/resources/backend/mfi-reloaded.css?ver=

HTML / DOM Fingerprints

CSS Classes

mfi-reloaded-image-picker

Data Attributes

data-mfi-reloaded-image-iddata-mfi-reloaded-image-name

JS Globals

mfi_reloaded_admin

REST Endpoints

/wp-json/mfi-reloaded/v1/image

FAQ