Does Regenerate Thumbnails have any unpatched vulnerabilities?

No. All known vulnerabilities in Regenerate Thumbnails have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Regenerate Thumbnails compatible with WordPress 6.8.5?

According to WordPress.org data, Regenerate Thumbnails 3.1.6 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Regenerate Thumbnails compatible with PHP 5.2.4+?

Regenerate Thumbnails requires PHP 5.2.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Regenerate Thumbnails updated?

Regenerate Thumbnails was last updated on Aug 20, 2025. Frequent updates are generally a positive security signal.

What is Regenerate Thumbnails's security score?

Regenerate Thumbnails has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Regenerate Thumbnails Security & Risk Analysis

wordpress.org/plugins/regenerate-thumbnails

Regenerate the thumbnails for one or more of your image uploads. Useful when changing their sizes or your theme.

1.0M active installs v3.1.6 PHP 5.2.4+ WP 4.7+ Updated Aug 20, 2025

post-thumbnailpost-thumbnailsthumbnailthumbnails

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Regenerate Thumbnails Safe to Use in 2026?

Generally Safe

Score 100/100

Regenerate Thumbnails has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7mo ago

Risk Assessment

The "regenerate-thumbnails" plugin, version 3.1.6, exhibits a generally strong security posture based on the provided static analysis. The plugin demonstrates excellent adherence to secure coding practices by avoiding dangerous functions, utilizing prepared statements for all SQL queries, and incorporating nonce and capability checks. Furthermore, the complete absence of external HTTP requests and file operations significantly reduces its attack surface. The lack of any recorded vulnerabilities in its history is a positive indicator of its stability and the development team's focus on security.

However, while the static analysis reveals a very low risk profile, a minor concern exists regarding the output escaping. With 16% of outputs not properly escaped, there is a potential, albeit likely low, risk of cross-site scripting (XSS) vulnerabilities if user-supplied data is involved in these unescaped outputs. The taint analysis showing zero unsanitized flows provides some reassurance, suggesting that even unescaped outputs might not be directly exploitable by malicious inputs. Overall, this plugin appears to be a secure choice, with the only notable area for potential improvement being the consistent application of output escaping.

Key Concerns

Some outputs are not properly escaped

Vulnerabilities

None known

Regenerate Thumbnails Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Regenerate Thumbnails Code Analysis

Dangerous Functions

Raw SQL Queries

5 prepared

Unescaped Output

16 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared5 total queries

Output Escaping

84% escaped19 total outputs

Attack Surface

Regenerate Thumbnails Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 14

filterintermediate_image_sizes_advancedincludes\class-regeneratethumbnails-regenerator.php:198

filterrest_attachment_queryincludes\class-regeneratethumbnails-rest-controller.php:97

filterrest_attachment_queryincludes\class-regeneratethumbnails-rest-controller.php:98

actionrest_api_initregenerate-thumbnails.php:127

actionadmin_menuregenerate-thumbnails.php:130

actionadmin_enqueue_scriptsregenerate-thumbnails.php:133

actionadmin_head-upload.phpregenerate-thumbnails.php:136

actionadmin_action_bulk_regenerate_thumbnailsregenerate-thumbnails.php:137

actionadmin_action_-1regenerate-thumbnails.php:138

actionattachment_submitbox_misc_actionsregenerate-thumbnails.php:141

filterattachment_fields_to_editregenerate-thumbnails.php:145

filtermedia_row_actionsregenerate-thumbnails.php:148

actionadmin_noticesregenerate-thumbnails.php:350

actioninitregenerate-thumbnails.php:570

Maintenance & Trust

Regenerate Thumbnails Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedAug 20, 2025

PHP min version5.2.4

Downloads22.5M

Community Trust

Rating92/100

Number of ratings395

Active installs1.0M

Alternatives

Regenerate Thumbnails Alternatives

Auto Featured Image (Auto Post Thumbnail)

auto-post-thumbnail

Automatically generate, assign, and manage featured images in bulk so every post on your site has a featured image.

50K 6 CVEs

Crop-Thumbnails

crop-thumbnails

100

"Crop Thumbnails" made it easy to get exacly that specific image-detail you want to show in your featured image or gallery image.

40K No CVEs

Acme Fix Images – Regenerate Thumbnails

acme-fix-images

100

Fix image sizes after you have changed image sizes from Media Settings. Ensure your images display consistently across your website.

4K 1 CVE

WP Random Post Thumbnails

wp-random-post-thumbnails

100

Allows you to select images to be shown at random for posts without a featured image.

1K No CVEs

Genesis Featured Images

genesis-featured-images

This plugin sets a default image for post thumbnails for the Genesis framework.

100 No CVEs

Developer Profile

Regenerate Thumbnails Developer Profile

Alex Mills

5 plugins · 1.0M total installs

trust score

Avg Security Score

95/100

Avg Patch Time

1675 days

View full developer profile

Detection Fingerprints

How We Detect Regenerate Thumbnails

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/regenerate-thumbnails/dist/build.js/wp-content/plugins/regenerate-thumbnails/js/api-request.min.js

Script Paths

/wp-content/plugins/regenerate-thumbnails/dist/build.js/wp-content/plugins/regenerate-thumbnails/js/api-request.min.js

Version Parameters

regenerate-thumbnails/dist/build.js?ver=regenerate-thumbnails/js/api-request.min.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-regenerate-action

JS Globals

wpApiSettingsregenerateThumbnails

REST Endpoints

/wp-json/regenerate-thumbnails/v1/regenerate/wp-json/regenerate-thumbnails/v1/regenerate-all

FAQ