WP-Safety

Replace External Images Security & Risk Analysis

wordpress.org/plugins/replace-external-images

Easily import externally hosted images found in post content into your media library and replace them with local copies.

60 active installs v1.2.0 PHP 7.4+ WP 5.0+ Updated Feb 13, 2026
external-imageshotlinkingimagesimportmedia
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Replace External Images Safe to Use in 2026?

Generally Safe

Score 100/100

Replace External Images has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "replace-external-images" v1.2.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates excellent practices regarding SQL query preparation and output escaping, with 100% of both being handled securely. The absence of any recorded vulnerabilities in its history is a strong indicator of a well-maintained and secure codebase. Furthermore, the presence of nonce and capability checks on some entry points suggests an awareness of WordPress security best practices.

However, the plugin does present significant concerns primarily related to its attack surface. With a total of 4 AJAX handlers, 3 of them lack any authentication checks. This creates a substantial risk of unauthorized access and execution of potentially harmful actions. While there are no identified critical or high-severity taint flows, and no dangerous functions are used, the unprotected AJAX handlers remain a primary vector for exploitation. The single file operation and external HTTP request also warrant careful consideration, although their context and potential impact are not detailed here.

Key Concerns

  • Unprotected AJAX handlers
  • Large attack surface without auth
Vulnerabilities
None known

Replace External Images Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Replace External Images Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
15 escaped
Nonce Checks
4
Capability Checks
2
File Operations
1
External Requests
1
Bundled Libraries
0

Output Escaping

100% escaped15 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<replexim-live-handler> (includes\replexim-live-handler.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Replace External Images Attack Surface

Entry Points4
Unprotected3

AJAX Handlers 4

authwp_ajax_replexim_live_importincludes\replexim-live-handler.php:100
authwp_ajax_replexim_bulk_countincludes\replexim-live-handler.php:294
authwp_ajax_replexim_pingreplace-external-images.php:17
authwp_ajax_replexim_dismiss_global_addon_noticereplace-external-images.php:259
WordPress Hooks 8
actionafter_setup_themeincludes\replexim-live-handler.php:7
actiondeactivated_pluginreplace-external-images.php:41
actionadd_meta_boxesreplace-external-images.php:47
actionadmin_initreplace-external-images.php:78
actionadmin_footer-edit.phpreplace-external-images.php:125
actionadmin_noticesreplace-external-images.php:138
actionadmin_menureplace-external-images.php:181
actionin_plugin_update_message-replace-external-images/replace-external-images.phpreplace-external-images.php:283
Maintenance & Trust

Replace External Images Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 13, 2026
PHP min version7.4
Downloads570

Community Trust

Rating0/100
Number of ratings0
Active installs60
Alternatives

Replace External Images Alternatives

Smart Auto Upload Images – Import External Images

Smart Auto Upload Images – Import External Images

smart-auto-upload-images

A
97

Import external images automatically on save. Adds to media library and updates URLs. No manual downloads. Works with any post type.

2K 1 CVE
GL Import External Images

GL Import External Images

gl-import-external-images

A
92

Import and insert images to WordPress Media Library from external URLs.

800 No CVEs
Sage Auto Upload Images

Sage Auto Upload Images

sage-auto-upload-images

A
100

Automatically detect and import external images to your WordPress media library. Bulk process existing posts and prevent broken links.

10 No CVEs
Archivarix External Images Importer

Archivarix External Images Importer

archivarix-external-images-importer

A
100

Import external images in posts and pages from external sources or Web Archive if original sources are not available anymore.

2K No CVEs
WP Image Importer

WP Image Importer

wp-image-importer

A
85

WP Image Importer plugin allows you to easily insert image into your wordpress post from facebook, flickr and pixabay

30 No CVEs
Developer Profile

Replace External Images Developer Profile

Hans & Friends

2 plugins · 60 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Replace External Images

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/replace-external-images/assets/replexim-live.js
Script Paths
/wp-content/plugins/replace-external-images/assets/replexim-live.js
Version Parameters
replace-external-images/assets/replexim-live.js?ver=

HTML / DOM Fingerprints

CSS Classes
replexim-global-addon-notice
JS Globals
replexim_dismiss_global_addon_noticereplexim_live_import
REST Endpoints
/wp-json/replexim/v1/ping
FAQ

Frequently Asked Questions about Replace External Images