Does Screenshot Generator have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Screenshot Generator compatible with WordPress 4.2.39?

According to WordPress.org data, Screenshot Generator 0.1.7 has been tested up to WordPress 4.2.39. Check the plugin's changelog for the latest compatibility information.

How often is Screenshot Generator updated?

Screenshot Generator was last updated on May 5, 2015. Frequent updates are generally a positive security signal.

What is Screenshot Generator's security score?

Screenshot Generator has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Screenshot Generator Security & Risk Analysis

wordpress.org/plugins/screenshot-generator

Screenshot Generator takes screenshots of posts and pages when they are updated. These screenshots can be used for e.g. previews in social media.

10 active installs v0.1.7 PHP + WP 4.0.0+ Updated May 5, 2015

phantomjspreviewscreendumpscreenshotsocial

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Screenshot Generator Safe to Use in 2026?

Generally Safe

Score 85/100

Screenshot Generator has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The 'screenshot-generator' plugin v0.1.7 presents a mixed security posture. While there's no known vulnerability history and SQL queries are properly prepared, several significant code signals raise concerns. The presence of the `exec` function, combined with a complete lack of output escaping, creates a substantial risk for cross-site scripting (XSS) and arbitrary code execution vulnerabilities. Taint analysis reveals flows with unsanitized paths, indicating potential injection risks, though no critical or high severity issues were identified in this specific analysis. The absence of nonce checks and capability checks on entry points, despite a seemingly small attack surface, means that if any vulnerabilities were to be introduced, they could be exploited with relative ease. The plugin's strengths lie in its clean history and secure database interactions, but the critical weaknesses in output handling and the use of dangerous functions require immediate attention.

Key Concerns

Dangerous function 'exec' used
Output escaping not implemented
Flows with unsanitized paths detected
No nonce checks
No capability checks

Vulnerabilities

None known

Screenshot Generator Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Screenshot Generator Release Timeline

v0.1.7Current

v0.1.6

v0.1.5

v0.1.4

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Code Analysis

Analyzed Mar 17, 2026

Screenshot Generator Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

execexec($escaped_command);screenshot-generator.php:98

exec$path = exec('which phantomjs');screenshot-generator.php:117

Output Escaping

0% escaped11 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

scrgen_admin_regenerate (admin.php:18)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Screenshot Generator Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 7

actionadmin_menuadmin.php:2

actionadmin_initadmin.php:3

actionadmin_action_scrgen-regenerateadmin.php:4

actionscrgen_update_post_screenshotscreenshot-generator.php:167

actionscrgen_post_screenshot_generatedscreenshot-generator.php:168

actionpost_updatedscreenshot-generator.php:169

actionwp_headscreenshot-generator.php:171

Scheduled Events 1

scrgen_update_post_screenshot

Maintenance & Trust

Screenshot Generator Maintenance & Trust

Maintenance Signals

WordPress version tested4.2.39

Last updatedMay 5, 2015

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Screenshot Generator Alternatives

Auto Social-Media Screenshot Preview

auto-social-media-screenshot-preview

Add a unique live social media preview to your web pages. Free for small sites.

0 No CVEs

MightyShare – Auto-Generated Social Media Images

mightyshare

Automatically generate social share preview images with MightyShare!

200 No CVEs

Activity Link Preview For BuddyPress

activity-link-preview-for-buddypress

BuddyPress activity link preview displays image, title and description from websites when links are shared in activity posts.

100 1 CVE

ShrinkTheWeb (STW) Website Previews Plugin

shrinktheweb-website-preview-plugin

This plugin accesses the ShrinkTheWeb API to automatically replace special tags in posts with website screenshots, where desired.

70 1 unpatched

Page Preview

page-preview

100

Quickly see how each page looks at a glance and manage your site more efficiently.

20 No CVEs

Developer Profile

Screenshot Generator Developer Profile

lassebunk

2 plugins · 110 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Screenshot Generator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Version Parameters

screenshot-generator/style.css?ver=screenshot-generator/admin.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-scrgen-widthdata-scrgen-heightdata-scrgen-enable-croppingdata-scrgen-crop-leftdata-scrgen-crop-topdata-scrgen-crop-width+2 more

JS Globals

scrgen_settings

FAQ