Does RSS Image Widget have any unpatched vulnerabilities?

No. All known vulnerabilities in RSS Image Widget have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is RSS Image Widget compatible with WordPress 6.9.4?

According to WordPress.org data, RSS Image Widget 3.0.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is RSS Image Widget compatible with PHP 7.4+?

RSS Image Widget requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is RSS Image Widget updated?

RSS Image Widget was last updated on Feb 23, 2026. Frequent updates are generally a positive security signal.

What is RSS Image Widget's security score?

RSS Image Widget has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

RSS Image Widget Security & Risk Analysis

wordpress.org/plugins/rss-image-widget

Display images from an RSS or Atom feed as a widget or block with a lightweight lightbox gallery.

60 active installs v3.0.0 PHP 7.4+ WP 6.0+ Updated Feb 23, 2026

feedgalleryimagersswidget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is RSS Image Widget Safe to Use in 2026?

Generally Safe

Score 100/100

RSS Image Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The 'rss-image-widget' plugin version 3.0.0 demonstrates a strong security posture based on the static analysis and vulnerability history provided. The absence of AJAX handlers, REST API routes, shortcodes, cron events, and file operations significantly limits the potential attack surface. Furthermore, the code analysis reveals no dangerous functions, no raw SQL queries (all using prepared statements), and a high percentage of output escaping. The complete lack of known CVEs and recorded vulnerabilities in its history is a very positive indicator of secure development practices.

While the static analysis indicates a clean bill of health with no identified taint flows, critical or high severity issues, the absence of nonce checks and capability checks across all identified entry points (though there are zero entry points) suggests a potential area for improvement if any entry points were to be introduced in future versions. The current analysis shows zero unprotected entry points, which is ideal. However, the lack of any recorded vulnerabilities is a strong testament to the developers' commitment to security. Overall, the plugin appears to be well-secured, with no immediate or historical security concerns evident in the provided data. The strengths far outweigh any minor theoretical concerns.

Key Concerns

No Nonce Checks found
No Capability Checks found

Vulnerabilities

None known

RSS Image Widget Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

RSS Image Widget Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

32 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

82% escaped39 total outputs

Attack Surface

RSS Image Widget Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 1

actionwidgets_initrss_image.php:220

Maintenance & Trust

RSS Image Widget Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 23, 2026

PHP min version7.4

Downloads33K

Community Trust

Rating60/100

Number of ratings2

Active installs60

Alternatives

RSS Image Widget Alternatives

Meks Easy Photo Feed Widget

meks-easy-instagram-widget

Easily display Instagram photos as a widget that looks good in (almost) any WordPress theme.

20K 1 CVE

Image Feed Widget

image-feed-widget

A widget to display imges from RSS feeds such as twitter, flickr or youtube

40 No CVEs

DeMomentSomTres Image Feed Widget

demomentsomtres-image-feed-widget

A widget to display imges from RSS feeds such as twitter, flickr or youtube or instagram

10 No CVEs

Smash Balloon Social Photo Feed – Easy Social Feeds Plugin

instagram-feed

Formerly "Instagram Feed". Display clean, customizable, and responsive Instagram feeds from multiple accounts. Supports Instagram oEmbeds.

1.0M 4 CVEs

Feeds for YouTube (YouTube video, channel, and gallery plugin)

feeds-for-youtube

The Feeds for YouTube plugin allows you to display customizable YouTube feeds from any YouTube channel.

100K 4 CVEs

Developer Profile

RSS Image Widget Developer Profile

zackdesign

3 plugins · 270 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect RSS Image Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/rss-image-widget/css/style.css/wp-content/plugins/rss-image-widget/js/lightbox.js

Script Paths

/wp-content/plugins/rss-image-widget/js/lightbox.js

Version Parameters

rss-image-widget/css/style.css?ver=rss-image-widget/js/lightbox.js?ver=

HTML / DOM Fingerprints

CSS Classes

rss-image-galleryrss-image-gallery__emptyrss-image-gallery__itemrss-image-gallery__linkrss-image-gallery__imagerss-image-gallery__captionrss-image-gallery--widgetrss-image-gallery--block

Data Attributes

data-rss-lightbox

FAQ