Does Multisite Featured Image have any unpatched vulnerabilities?

No. All known vulnerabilities in Multisite Featured Image have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Multisite Featured Image compatible with WordPress 4.3.34?

According to WordPress.org data, Multisite Featured Image 1.4.0 has been tested up to WordPress 4.3.34. Check the plugin's changelog for the latest compatibility information.

How often is Multisite Featured Image updated?

Multisite Featured Image was last updated on Apr 25, 2017. Frequent updates are generally a positive security signal.

What is Multisite Featured Image's security score?

Multisite Featured Image has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Multisite Featured Image Security & Risk Analysis

wordpress.org/plugins/multisite-featured-image

Multisite Featured Image changes the box of the featured image so that you can use the classic Media Uploader also with Network Shared Media.

10 active installs v1.4.0 PHP + WP 4.0.+ Updated Apr 25, 2017

featured-imagepost-thumbnail

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Multisite Featured Image Safe to Use in 2026?

Generally Safe

Score 85/100

Multisite Featured Image has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The 'multisite-featured-image' v1.4.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates excellent practices regarding SQL queries, utilizing prepared statements exclusively, and has no recorded vulnerabilities in its history. This suggests a generally well-maintained and secure codebase. However, the static analysis reveals potential areas of concern. The presence of two taint flows with unsanitized paths, both flagged with high severity, is a significant risk. While the analysis didn't classify these as critical, high severity taint flows indicate that user-supplied data could be processed in ways that lead to security vulnerabilities if not properly handled. Additionally, the output escaping is only 50% properly implemented, meaning half of the outputs are not being sanitized, which could lead to cross-site scripting (XSS) vulnerabilities. The absence of any nonces, capability checks, and the limited number of output escaps means that even if no direct path to exploitation is immediately apparent, these missing security controls reduce the overall robustness against certain types of attacks.

Key Concerns

High severity taint flows found
Output escaping only 50% implemented
No nonce checks
No capability checks

Vulnerabilities

None known

Multisite Featured Image Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Multisite Featured Image Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared8 total queries

Output Escaping

50% escaped4 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

ibenic_mufimg_save_thumbnail (mu-featured-image.php:95)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Multisite Featured Image Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 7

filteradmin_post_thumbnail_htmlmu-featured-image.php:21

actionadmin_enqueue_scriptsmu-featured-image.php:89

actionsave_postmu-featured-image.php:190

filterpost_thumbnail_htmlmu-featured-image.php:284

actionnetwork_admin_menumu-featured-image.php:286

filterget_post_metadatamu-featured-image.php:425

filterwp_get_attachment_image_srcmu-featured-image.php:476

Maintenance & Trust

Multisite Featured Image Maintenance & Trust

Maintenance Signals

WordPress version tested4.3.34

Last updatedApr 25, 2017

PHP min version

Downloads5K

Community Trust

Rating74/100

Number of ratings3

Active installs10

Alternatives

Multisite Featured Image Alternatives

Auto Featured Image (Auto Post Thumbnail)

auto-post-thumbnail

Automatically generate, assign, and manage featured images in bulk so every post on your site has a featured image.

50K 6 CVEs

Multiple Featured Images

multiple-featured-images

Enables multiple featured images for all post types (including custom post types and WooCommerce products). Comes with a widget and a handy shortcode …

5K No CVEs

Acme Fix Images – Regenerate Thumbnails

acme-fix-images

100

Fix image sizes after you have changed image sizes from Media Settings. Ensure your images display consistently across your website.

4K 1 CVE

Add Featured Image to RSS Feed

add-featured-image-to-rss-feed

Adds the featured image attached to posts to the beginning of the post content and excerpt in RSS feeds.

2K No CVEs

Featured Image in Content

featured-image-in-content

Not all themes work the same way, and sometimes switching themes can lead to a lot of headaches. If you've previously used a theme that supports …

1K No CVEs

Developer Profile

Multisite Featured Image Developer Profile

Igor Benic

12 plugins · 2K total installs

trust score

Avg Security Score

84/100

Avg Patch Time

479 days

View full developer profile

Detection Fingerprints

How We Detect Multisite Featured Image

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/multisite-featured-image/js/ibenic_mufimg.js

Script Paths