WP-Safety

Taxonomy Thumbnail Security & Risk Analysis

wordpress.org/plugins/sf-taxonomy-thumbnail

Add a thumbnail to your taxonomy terms.

4K active installs v1.3 PHP + WP 3.5+ Updated May 30, 2016
categorydevimagetaxonomythumbnail
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Taxonomy Thumbnail Safe to Use in 2026?

Generally Safe

Score 85/100

Taxonomy Thumbnail has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago
Risk Assessment

The sf-taxonomy-thumbnail v1.3 plugin exhibits a mixed security posture. On the positive side, it has a clean vulnerability history with no known CVEs, suggesting a generally well-maintained codebase or limited exposure. The absence of dangerous functions, file operations, external HTTP requests, and critical/high taint flows are strong indicators of good security practices in these areas.

However, several concerns are present in the static analysis. The plugin exposes one AJAX handler without any authentication checks, creating a significant entry point for potential attacks. Furthermore, all three SQL queries are executed without using prepared statements, which is a substantial risk that could lead to SQL injection vulnerabilities. While the plugin has a decent rate of output escaping, the presence of 13 improperly escaped outputs (21%) could still allow for cross-site scripting (XSS) vulnerabilities in certain contexts.

In conclusion, while the plugin's lack of historical vulnerabilities is reassuring, the immediate findings from the static analysis highlight critical areas that require attention. The unprotected AJAX endpoint and the pervasive use of raw SQL queries without prepared statements are significant weaknesses. Addressing these specific issues should be the priority to improve the overall security of the plugin.

Key Concerns

  • AJAX handler without auth check
  • SQL queries without prepared statements
  • Improperly escaped outputs (21%)
Vulnerabilities
None known

Taxonomy Thumbnail Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Taxonomy Thumbnail Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
0 prepared
Unescaped Output
9
33 escaped
Nonce Checks
2
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared3 total queries

Output Escaping

79% escaped42 total outputs
Attack Surface
1 unprotected

Taxonomy Thumbnail Attack Surface

Entry Points3
Unprotected1

AJAX Handlers 3

authwp_ajax_add-taginc\admin-and-ajax.php:67
authwp_ajax_set-term-thumbnailinc\ajax.php:10
authwp_ajax_delete-term-thumbnailinc\ajax.php:47
WordPress Hooks 18
actioninitinc\admin-and-ajax.php:10
actioncreated_terminc\admin-and-ajax.php:25
actionedited_terminc\admin-and-ajax.php:26
actionadmin_initinc\admin-and-ajax.php:66
actionload-edit-tags.phpinc\admin.php:10
actionadmin_enqueue_scriptsinc\admin.php:27
filterterms_clausesinc\compat\filters.php:10
filterget_termsinc\compat\filters.php:54
actiondelete_attachmentinc\compat\filters.php:79
filtersftth_terms_thumbnail_clear_options_cacheinc\compat\filters.php:109
actionwp_trash_postinc\compat\filters.php:114
filtersftth_terms_thumbnail_clear_options_cacheinc\compat\option.php:89
filtersftth_terms_thumbnail_clear_options_cacheinc\compat\option.php:97
actiondeleted_term_taxonomyinc\compat\option.php:105
filterget_terms_argsinc\filters.php:13
actiondelete_attachmentinc\filters.php:46
actionwp_trash_postinc\filters.php:65
actionplugins_loadedsf-taxonomy-thumbnail.php:60
Maintenance & Trust

Taxonomy Thumbnail Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33
Last updatedMay 30, 2016
PHP min version
Downloads51K

Community Trust

Rating100/100
Number of ratings10
Active installs4K
Alternatives

Taxonomy Thumbnail Alternatives

Jam Taxonomy Image

Jam Taxonomy Image

jam-taxonomy-image

A
85

Jam Taxonomy Image will help you have a nicer Category/Tag/Custom Post type Page with banner, and have a nice and powerful Taxonomy Widget

10 No CVEs
Category Image Manager by DevDesignDazzle

Category Image Manager by DevDesignDazzle

category-image-manager-by-devdesigndazzle

A
100

Category Image Manager by DevDesignDazzle is a lightweight WordPress plugin to add images to WordPress categories.

0 No CVEs
Categories Images

Categories Images

categories-images

A
100

The Categories Images is a Wordpress plugin allow you to add image to category, tag or custom taxonomy.

50K No CVEs
Taxonomy Images

Taxonomy Images

taxonomy-images

A
85

Associate images from your media library to categories, tags and custom taxonomies.

10K No CVEs
Category Icon

Category Icon

category-icon

B
72

A WordPress plugin to easily attach an icon to a category, tag or any other taxonomy term.

2K 1 unpatched
Developer Profile

Taxonomy Thumbnail Developer Profile

Grégory Viguier

5 plugins · 7K total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Taxonomy Thumbnail

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/sf-taxonomy-thumbnail/res/css/style.css
Script Paths
/wp-content/plugins/sf-taxonomy-thumbnail/res/js/admin.js
Version Parameters
sf-taxonomy-thumbnail/res/css/style.css?ver=sf-taxonomy-thumbnail/res/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
term-thumbnailwp-thumbnail-wrapthumbnail-field-wrapperadd-term-thumbnailchange-term-thumbnailremove-term-thumbnail
HTML Comments
<!-- THE FIELD =================================================================================== --><!-- Add new term. --><!-- Edit term. --><!-- Styles and scripts. -->
Data Attributes
data-tt-id
JS Globals
sftth_term_id
FAQ

Frequently Asked Questions about Taxonomy Thumbnail