Does Plugin Name: oQey Headers have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Plugin Name: oQey Headers compatible with WordPress 3.2.1?

According to WordPress.org data, Plugin Name: oQey Headers 0.5 has been tested up to WordPress 3.2.1. Check the plugin's changelog for the latest compatibility information.

How often is Plugin Name: oQey Headers updated?

Plugin Name: oQey Headers was last updated on Sep 13, 2011. Frequent updates are generally a positive security signal.

What is Plugin Name: oQey Headers's security score?

Plugin Name: oQey Headers has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Plugin Name: oQey Headers Security & Risk Analysis

wordpress.org/plugins/oqey-headers

oQey Headers plugin is a Wordpress Plugin that allows to add and manage images for blog header easily.

10 active installs v0.5 PHP + WP 3.2.1+ Updated Sep 13, 2011

flash-headersheadersimagesmanagewp-header

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Plugin Name: oQey Headers Safe to Use in 2026?

Generally Safe

Score 85/100

Plugin Name: oQey Headers has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago

Risk Assessment

The "oqey-headers" plugin v0.5 exhibits a concerning security posture primarily due to a significant number of unprotected AJAX endpoints. While the absence of known CVEs and dangerous functions are positive indicators, the static analysis reveals critical weaknesses. Specifically, the plugin has 4 AJAX handlers, all of which lack authentication checks, presenting a wide attack surface for unauthorized actions. Furthermore, a high proportion of identified taint flows (3 out of 5 analyzed) are of high severity and involve unsanitized paths, suggesting potential for injection vulnerabilities or unauthorized access to sensitive data. The fact that none of the total outputs are properly escaped is a significant concern, increasing the risk of Cross-Site Scripting (XSS) attacks. The plugin's vulnerability history shows no prior issues, which might indicate a lack of prior scrutiny or a recent introduction of these security flaws. The combination of unprotected entry points and high-severity taint flows with unsanitized paths outweighs the benefits of having no known CVEs, suggesting a need for immediate remediation to address these critical security gaps.

Key Concerns

Unprotected AJAX handlers
High severity unsanitized taint flows
No output escaping
No capability checks

Vulnerabilities

None known

Plugin Name: oQey Headers Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Plugin Name: oQey Headers Release Timeline

v0.5Current

v0.4

v0.3

v0.2

v0.1

Code Analysis

Analyzed Mar 16, 2026

Plugin Name: oQey Headers Code Analysis

Dangerous Functions

Raw SQL Queries

10 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

71% prepared14 total queries

Output Escaping

0% escaped7 total outputs

Data Flows · Security

4 unsanitized

Data Flow Analysis

5 flows4 with unsanitized paths

init_Manage_header (oqey_headers.php:140)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

Plugin Name: oQey Headers Attack Surface

Entry Points4

Unprotected4

AJAX Handlers 4

authwp_ajax_GetAllHeaderImagesoqey_headers.php:297

authwp_ajax_DeleteHeaderImageoqey_headers.php:332

authwp_ajax_SaveHeaderImagesOrderoqey_headers.php:351

authwp_ajax_UpdateHeaderDescriptionoqey_headers.php:373

WordPress Hooks 2

actioninitoqey_headers.php:51

actionadmin_menuoqey_headers.php:105

Maintenance & Trust

Plugin Name: oQey Headers Maintenance & Trust

Maintenance Signals

WordPress version tested3.2.1

Last updatedSep 13, 2011

PHP min version

Downloads12K

Community Trust

Rating20/100

Number of ratings1

Active installs10

Alternatives

Plugin Name: oQey Headers Alternatives

Unique Headers

unique-headers

Adds the ability to use unique custom header images on individual pages, posts or categories or tags.

20K No CVEs

ImageKit – URL based image manipulation and optimization

imagekit

100

Faster & lighter experience for your users. Deliver optimized images on all platforms instantly using ImageKit.

1K No CVEs

Add Custom Header Images

add-custom-header-images

Remove default header images and load custom header images from 'The Headers' page. Allows for easy selection of random header images in your theme.

500 No CVEs

Gumlet – Image optimization with Resize, Compression, Lazy load, Caching & CDN delivery

gumlet

100

Official WordPress plugin to automatically load all your WordPress images via the Gumlet service for smaller, faster, better looking images.

500 No CVEs

Media Manager Plus

uber-media

Upgrade the WordPress Media Manager and add support for Flickr, Instagram, 500px, Facebook etc.

100 No CVEs

Developer Profile

Plugin Name: oQey Headers Developer Profile

oQeySites

5 plugins · 60 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Plugin Name: oQey Headers

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/oqey-headers/js/jquery.jeditable.js

HTML / DOM Fingerprints

Shortcode Output

<?php if (function_exists("oQeyRandomImage")) { oQeyRandomImage("", ""); } ?><?php if (function_exists("oQeyAllImages")) { oQeyAllImages(); } ?><?php if (function_exists("oQeyFlashImages")) { oQeyFlashImages(); } ?>

FAQ