Does PDF Thumbnails have any unpatched vulnerabilities?

No. All known vulnerabilities in PDF Thumbnails have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is PDF Thumbnails compatible with WordPress 4.6.30?

According to WordPress.org data, PDF Thumbnails 2.2.0 has been tested up to WordPress 4.6.30. Check the plugin's changelog for the latest compatibility information.

How often is PDF Thumbnails updated?

PDF Thumbnails was last updated on Oct 24, 2016. Frequent updates are generally a positive security signal.

What is PDF Thumbnails's security score?

PDF Thumbnails has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

PDF Thumbnails Security & Risk Analysis

wordpress.org/plugins/pdf-thumbnails

This plugin generates a thumbnail everytime you upload a PDF attachment. Generated thumbnail is an image of the first page in uploaded document.

1K active installs v2.2.0 PHP + WP + Updated Oct 24, 2016

generatorpdfthumbnail

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is PDF Thumbnails Safe to Use in 2026?

Generally Safe

Score 85/100

PDF Thumbnails has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The pdf-thumbnails plugin, version 2.2.0, exhibits a generally strong security posture based on the provided static analysis. The absence of dangerous functions, reliance on prepared statements for all SQL queries, and lack of external HTTP requests are positive indicators. However, the analysis reveals some areas for concern. With only one entry point (a shortcode) and no AJAX handlers or REST API routes, the attack surface is minimal, and there are no identified unprotected entry points. The primary area of concern is the output escaping, where 75% of outputs are properly escaped, leaving 25% potentially unescaped, which could lead to cross-site scripting vulnerabilities if user-supplied data is not handled with sufficient care. Furthermore, the absence of nonce checks and capability checks on the identified shortcode is a significant oversight that could allow unauthorized actions.

Key Concerns

Unescaped output found
Missing nonce check on entry point
Missing capability check on entry point

Vulnerabilities

None known

PDF Thumbnails Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

PDF Thumbnails Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

75% escaped4 total outputs

Attack Surface

PDF Thumbnails Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[pdf_thumbnails_link] pdf-thumbnails.php:17

WordPress Hooks 5

actionadmin_initpdf-thumbnails.php:12

actioninitpdf-thumbnails.php:13

actionadmin_noticespdf-thumbnails.php:23

filterwp_generate_attachment_metadatapdf-thumbnails.php:26

actiondeleted_postpdf-thumbnails.php:27

Maintenance & Trust

PDF Thumbnails Maintenance & Trust

Maintenance Signals

WordPress version tested4.6.30

Last updatedOct 24, 2016

PHP min version

Downloads34K

Community Trust

Rating92/100

Number of ratings9

Active installs1K

Alternatives

PDF Thumbnails Alternatives

PDF Thumbnail Generator

pdf-thumbnail-generator

Generates thumbnail for PDF files

2K 2 CVEs

DK PDF – WordPress PDF Generator

dk-pdf

DK PDF allows your site visitors generate PDF files from WordPress posts, pages, custom post types and WooCommerce products using a button.

4K 2 CVEs

PDF Invoices & Packing Slips for WooCommerce – Challan

webappick-pdf-invoice-for-woocommerce

WooCommerce PDF invoice generator with automatic email attachment. Create packing slips, shipping labels, credit notes, multilingual.

3K 2 CVEs

PDF Generator for WordPress

pdf-generator-for-wp

PDF Generator for WordPress allows you to convert posts into PDF files to share information across multiple channels.

2K 2 CVEs

PDF Catalog for WooCommerce

pdf-catalog-woocommerce

Generate dynamic PDF catalogs for WooCommerce products. Allow customers to download shop, category, or single product catalogs including images, price …

1K 1 CVE

Developer Profile

PDF Thumbnails Developer Profile

stianlik

1 plugin · 1K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect PDF Thumbnails

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/pdf-thumbnails/

HTML / DOM Fingerprints

Data Attributes

download

Shortcode Output

<a href="

FAQ