WP-Safety

PDF Thumbnail Generator Security & Risk Analysis

wordpress.org/plugins/pdf-thumbnail-generator

Generates thumbnail for PDF files

2K active installs v1.5 PHP 5.6+ WP 3.0.1+ Updated Dec 1, 2025
creatorgeneratorimagepdfthumbnail
98
A · Safe
CVEs total2
Unpatched0
Last CVEDec 6, 2025
Plugin page Download
Safety Verdict

Is PDF Thumbnail Generator Safe to Use in 2026?

Generally Safe

Score 98/100

PDF Thumbnail Generator has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Dec 6, 2025Updated 4mo ago
Risk Assessment

The PDF Thumbnail Generator plugin, version 1.5, presents a mixed security posture. On the positive side, static analysis reveals a limited attack surface with no immediately apparent unprotected entry points like AJAX handlers or REST API routes lacking permission checks. Furthermore, the absence of dangerous functions, external HTTP requests, and critical/high severity taint flows are encouraging signs. However, significant concerns arise from the handling of SQL queries and output escaping. All identified SQL queries are executed without prepared statements, posing a substantial risk of SQL injection vulnerabilities, especially if any user input is incorporated into these queries. While most output is properly escaped, a portion remains unescaped, creating potential avenues for Cross-Site Scripting (XSS) attacks. The plugin's vulnerability history, with two medium severity CVEs in the past, specifically CSRF and XSS, further reinforces these concerns, suggesting a recurring pattern of input validation and output sanitization weaknesses that require diligent attention. Despite a clean recent vulnerability record, the underlying code quality issues in SQL and output handling warrant caution.

Key Concerns

  • Raw SQL queries without prepared statements
  • Unescaped output detected
  • Past medium severity vulnerabilities (CSRF, XSS)
Vulnerabilities
2

PDF Thumbnail Generator Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-67469medium · 4.3Cross-Site Request Forgery (CSRF)

PDF Thumbnail Generator <= 1.4 - Cross-Site Request Forgery

Dec 6, 2025 Patched in 1.5 (6d)
CVE-2024-8737medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PDF Thumbnail Generator <= 1.3 - Reflected Cross-Site Scripting

Sep 12, 2024 Patched in 1.4 (1d)
Code Analysis
Analyzed Mar 16, 2026

PDF Thumbnail Generator Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
7
20 escaped
Nonce Checks
2
Capability Checks
0
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared1 total queries

Output Escaping

74% escaped27 total outputs
Attack Surface

PDF Thumbnail Generator Attack Surface

Entry Points3
Unprotected0

Shortcodes 3

[pdf_thumbnail] pdf-thumbnail-generator.php:27
[pdf_thumbnail_url] pdf-thumbnail-generator.php:35
[pdf_clickable_thumbnail] pdf-thumbnail-generator.php:43
WordPress Hooks 6
actionplugins_loadedpdf-thumbnail-generator.php:20
actionadmin_menupdf-thumbnail-generator.php:21
actioninitpdf-thumbnail-generator.php:22
actionadd_attachmentpdf-thumbnail-generator.php:23
actiondelete_attachmentpdf-thumbnail-generator.php:24
filterwp_mime_type_iconpdf-thumbnail-generator.php:25
Maintenance & Trust

PDF Thumbnail Generator Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 1, 2025
PHP min version5.6
Downloads20K

Community Trust

Rating86/100
Number of ratings6
Active installs2K
Alternatives

PDF Thumbnail Generator Alternatives

PDF Thumbnails

PDF Thumbnails

pdf-thumbnails

A
85

This plugin generates a thumbnail everytime you upload a PDF attachment. Generated thumbnail is an image of the first page in uploaded document.

1K No CVEs
AI Featured Image

AI Featured Image

ai-featured-image-generator

A
100

One-click AI Featured Image Generator using OpenAI model - Free users can bulk-generate up to 5 posts per batch. Pro adds Google Gemini support, unlim &hellip;

100 No CVEs
thumbGen

thumbGen

thumbgen

A
85

This plugin creates a function named thumbGen() that allows to show any image in the specified size (plus many other things).

100 No CVEs
AI Thumbnails Maker – auto featured image & force regenerate thumbnails

AI Thumbnails Maker – auto featured image & force regenerate thumbnails

ai-thumbnails-maker

A
100

Revolutionary auto featured image generator with AI. Effortlessly create thumbnails, force regenerate thumbnails, and automate image workflows.

60 No CVEs
Disable PDF Thumbnails

Disable PDF Thumbnails

disable-pdf-thumbnails

A
85

Disables WordPress from generating image thumbnails when you upload a PDF.

60 No CVEs
Developer Profile

PDF Thumbnail Generator Developer Profile

kubiq

13 plugins · 136K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
468 days
View full developer profile
Detection Fingerprints

How We Detect PDF Thumbnail Generator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Shortcode Output
<a href="" target="_blank">
FAQ

Frequently Asked Questions about PDF Thumbnail Generator