WP-Safety

Multiple Featured Images Security & Risk Analysis

wordpress.org/plugins/multiple-featured-images

Enables multiple featured images for all post types (including custom post types and WooCommerce products). Comes with a widget and a handy shortcode …

5K active installs v0.5.0 PHP 5.6+ WP 3.5+ Updated Aug 20, 2020
custom-post-typefeatured-imagemultiple-featured-imagemultiple-featured-imagespost-thumbnail
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Multiple Featured Images Safe to Use in 2026?

Generally Safe

Score 85/100

Multiple Featured Images has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The plugin 'multiple-featured-images' v0.5.0 exhibits a generally strong security posture, particularly in its handling of database interactions and the absence of known vulnerabilities. All SQL queries are executed using prepared statements, which is a critical best practice for preventing SQL injection. The plugin also implements nonce checks on its entry points, a vital layer of defense against Cross-Site Request Forgery (CSRF) attacks. Furthermore, the lack of any historical CVEs, especially critical or high-severity ones, suggests a history of secure development or diligent patching by the developers. The absence of file operations and external HTTP requests also reduces the potential attack surface.

Key Concerns

  • Output escaping is not consistently applied
  • Capability checks are missing
Vulnerabilities
None known

Multiple Featured Images Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Multiple Featured Images Release Timeline

v0.5.0Current
v0.4.3
v0.4.2
v0.4.1
v0.4.0
v0.3
v0.2
Code Analysis
Analyzed Mar 16, 2026

Multiple Featured Images Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
39
9 escaped
Nonce Checks
2
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared1 total queries

Output Escaping

19% escaped48 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

3 flows
ajax_set_featured_image (Model\Image_Box.php:129)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Multiple Featured Images Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 2

authwp_ajax_kdmfi_set_featured_imageModel\Image_Box.php:47
authwp_ajax_kdmfi_remove_featured_imageModel\Image_Box.php:48

Shortcodes 1

[kdmfi_featured_image] Controller\KdMfiApp.php:38
WordPress Hooks 7
actionplugins_loadedController\KdMfiApp.php:20
actionadmin_initController\KdMfiApp.php:23
actioninitController\KdMfiApp.php:26
actionwidgets_initController\KdMfiApp.php:32
filterplugin_row_metaController\KdMfiApp.php:35
actionadd_meta_boxesModel\Image_Box.php:45
filterkdmfi_featured_imagesuser_func\user_functions_deprecated.php:47
Maintenance & Trust

Multiple Featured Images Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.18
Last updatedAug 20, 2020
PHP min version5.6
Downloads106K

Community Trust

Rating94/100
Number of ratings28
Active installs5K
Alternatives

Multiple Featured Images Alternatives

B7 Multiple Featured Images for Post

B7 Multiple Featured Images for Post

b7-multiple-featured-images-for-post

A
92

Enhance your posts by adding multiple featured images with ease.

70 No CVEs
AOC Multiple Post Images

AOC Multiple Post Images

aoc-multiple-post-images

A
85

AOC Multiple Post Images allows a user to upload multiple featured images to a post.

10 No CVEs
Auto Featured Image (Auto Post Thumbnail)

Auto Featured Image (Auto Post Thumbnail)

auto-post-thumbnail

A
92

Automatically generate, assign, and manage featured images in bulk so every post on your site has a featured image.

50K 6 CVEs
Quick Featured Images

Quick Featured Images

quick-featured-images

A
97

The time-saving solution for managing tons of featured images within minutes: Set, replace and delete in bulk and set default images for future posts.

50K 3 CVEs
Ultimate Posts Widget

Ultimate Posts Widget

ultimate-posts-widget

A
92

The ultimate widget for displaying posts, custom post types or sticky posts with an array of options.

10K 1 CVE
Developer Profile

Multiple Featured Images Developer Profile

Marcus Kober

1 plugin · 5K total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Multiple Featured Images

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/multiple-featured-images/css/kdmfi-admin.css/wp-content/plugins/multiple-featured-images/js/kdmfi-admin.js
Script Paths
/wp-content/plugins/multiple-featured-images/js/kdmfi-admin.js
Version Parameters
multiple-featured-images/js/kdmfi-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
kdmfi-widget
HTML Comments
Copyright 2016 Marcus Kober (m.kober@koeln-dialog.de)This program is free software; you can redistribute it and/or modifyit under the terms of the GNU General Public License, version 2, aspublished by the Free Software Foundation.+8 more
Data Attributes
data-kdmfi_id
JS Globals
KdMfi
Shortcode Output
[kdmfi_featured_image
FAQ

Frequently Asked Questions about Multiple Featured Images