Does Picture Tag have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Picture Tag compatible with WordPress 6.9.4?

According to WordPress.org data, Picture Tag 1.5.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Picture Tag compatible with PHP 7.4+?

Picture Tag requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Picture Tag updated?

Picture Tag was last updated on Jan 9, 2026. Frequent updates are generally a positive security signal.

What is Picture Tag's security score?

Picture Tag has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Picture Tag Security & Risk Analysis

wordpress.org/plugins/picture-tag

Generate responsive tags with support for WebP and AVIF formats in WordPress.

10 active installs v1.5.0 PHP 7.4+ WP 5.0+ Updated Jan 9, 2026

picture-tagresponsive-images

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Picture Tag Safe to Use in 2026?

Generally Safe

Score 100/100

Picture Tag has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The picture-tag plugin v1.5.0 exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The absence of dangerous functions, reliance on prepared statements for all SQL queries, and a high percentage of properly escaped output are all positive indicators. Furthermore, the plugin has no recorded vulnerabilities (CVEs), which suggests a history of secure development or diligent patching by its maintainers. The minimal attack surface, consisting of only one shortcode and no unprotected entry points, also contributes to its good security standing.

However, a few minor areas warrant attention. While the plugin has a nonce check and a capability check, these are relatively limited. The overall number of entry points is very small, so this might not be a significant concern in practice, but the absence of more robust checks on its single shortcode could be a potential, albeit minor, weakness if the shortcode's functionality is complex or user-controllable. The taint analysis results being zero is excellent, indicating no immediate concerns with malicious data flowing through the code. In conclusion, the plugin is currently in a good security state with strengths in its coding practices and vulnerability history, but a review of the shortcode's implementation for any potential input sanitization gaps, though not explicitly flagged, would be prudent for complete assurance.

Key Concerns

Low number of capability checks
Low number of nonce checks

Vulnerabilities

None known

Picture Tag Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Picture Tag Release Timeline

v1.5.0Current

v1.4.2

v1.4.1

v1.4.0

v1.3.1

v1.3.0

v1.2.0

v1.1.1

v1.1.0

v1.0.0

Code Analysis

Analyzed Mar 17, 2026

Picture Tag Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

39 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared4 total queries

Output Escaping

83% escaped47 total outputs

Attack Surface

Picture Tag Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[arti_picture] includes\shortcode.php:10

WordPress Hooks 8

actionadmin_post_clear_picture_cacheincludes\cache.php:127

actionedit_attachmentincludes\cache.php:156

actiondelete_attachmentincludes\cache.php:157

actionadmin_menuincludes\settings.php:18

actionadmin_initincludes\settings.php:35

actionadmin_noticesincludes\settings.php:111

actioninitincludes\shortcode.php:12

actionplugins_loadedpicture-tag.php:36

Maintenance & Trust

Picture Tag Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 9, 2026

PHP min version7.4

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Picture Tag Alternatives

Adaptive Images for WordPress

adaptive-images

Adaptive images plugin transparently resizes your images, per device screen size, in order to reduce download times in mobile environments.

4K 3 CVEs

Disable Responsive Images Complete

disable-responsive-images-complete

100

Completely disables WP responsive images.

2K No CVEs

RICG Responsive Images

ricg-responsive-images

Bringing automatic default responsive images to WordPress.

2K No CVEs

Responsify WP

responsify-wp

Responsive images. Plug and play.

600 1 unpatched

Force HTTPS srcset

force-https-srcset

Replace Responsive images srcset since wp 4.4 to https!

100 No CVEs

Developer Profile

Picture Tag Developer Profile

Artilab Company LTD

2 plugins · 30 total installs

trust score

Avg Security Score

96/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Picture Tag

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/picture-tag/assets/css/picture-tag.css

Script Paths

/wp-content/plugins/picture-tag/assets/js/picture-tag.js

Version Parameters

picture-tag/assets/css/picture-tag.css?ver=picture-tag/assets/js/picture-tag.js?ver=

HTML / DOM Fingerprints

HTML Comments

Data Attributes

data-

FAQ