Does Show Featured Thumbnails have any unpatched vulnerabilities?

No. All known vulnerabilities in Show Featured Thumbnails have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Show Featured Thumbnails compatible with WordPress 6.8.5?

According to WordPress.org data, Show Featured Thumbnails 1.0.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Show Featured Thumbnails updated?

Show Featured Thumbnails was last updated on May 14, 2025. Frequent updates are generally a positive security signal.

What is Show Featured Thumbnails's security score?

Show Featured Thumbnails has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Show Featured Thumbnails Security & Risk Analysis

wordpress.org/plugins/show-featured-thumbnails

Adds a featured image thumbnail column to the Posts and Pages list screens, and allows assigning an image directly from the list if none exists.

0 active installs v1.0.0 PHP + WP 5.0+ Updated May 14, 2025

adminpost-listthumbnailsupload

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Show Featured Thumbnails Safe to Use in 2026?

Generally Safe

Score 100/100

Show Featured Thumbnails has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10mo ago

Risk Assessment

The "show-featured-thumbnails" plugin version 1.0.0 exhibits a mixed security posture. On the positive side, the code demonstrates good practices by utilizing prepared statements for all SQL queries, having no recorded vulnerabilities (CVEs), and performing capability checks on one of its entry points. The absence of file operations, external HTTP requests, and bundled libraries further reduces potential attack vectors.

However, a significant concern arises from the presence of one AJAX handler that lacks authentication checks. This creates a direct entry point that any unauthenticated user could potentially exploit. While taint analysis and output escaping metrics are not fully detailed, the overall lack of critical or high-severity code signals is reassuring. The plugin's clean vulnerability history is a strong indicator of past security diligence.

In conclusion, while the plugin's foundation appears solid with secure SQL practices and a clean history, the unprotected AJAX handler represents a clear and present risk that requires immediate attention. Addressing this single unprotected entry point would significantly improve the plugin's security.

Key Concerns

Unprotected AJAX handler

Vulnerabilities

None known

Show Featured Thumbnails Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Show Featured Thumbnails Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

5 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

83% escaped6 total outputs

Attack Surface

1 unprotected

Show Featured Thumbnails Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_showfeth_set_featured_imageshow-featured-thumbnails.php:62

WordPress Hooks 7

actioninitshow-featured-thumbnails.php:24

filtermanage_posts_columnsshow-featured-thumbnails.php:37

filtermanage_pages_columnsshow-featured-thumbnails.php:38

actionmanage_posts_custom_columnshow-featured-thumbnails.php:52

actionmanage_pages_custom_columnshow-featured-thumbnails.php:53

actionadmin_enqueue_scriptsshow-featured-thumbnails.php:59

actionadmin_enqueue_scriptsshow-featured-thumbnails.php:90

Maintenance & Trust

Show Featured Thumbnails Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMay 14, 2025

PHP min version

Downloads320

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Show Featured Thumbnails Alternatives

Add From Server

add-from-server

Add From Server is designed to help ease the pain of bad web hosts, allowing you to upload files via FTP or SSH and later import them into WordPress.

70K 1 CVE

Media Deduper

media-deduper

100

Save disk space and bring some order to the chaos of your media library by removing and preventing duplicate files.

9K No CVEs

Admin Taxonomy Filter

admin-taxonomy-filter

100

Filter posts or custom post types in the admin area by custom taxonomies.

5K No CVEs

WEN Featured Image

wen-featured-image

Add featured image column in listings. Add/change/remove featured image directly from the listing page

4K No CVEs

Post Lists View Custom

post-lists-view-custom

Customize the list of the post and page and the custom post type.

1K No CVEs

Developer Profile

Show Featured Thumbnails Developer Profile

Hatsuhito

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Show Featured Thumbnails

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/show-featured-thumbnails/css/admin-style.css/wp-content/plugins/show-featured-thumbnails/js/admin-script.js

Script Paths

/wp-content/plugins/show-featured-thumbnails/js/admin-script.js

Version Parameters

show-featured-thumbnails/css/admin-style.css?ver=show-featured-thumbnails/js/admin-script.js?ver=

HTML / DOM Fingerprints

CSS Classes

showfeth-upload-featured

Data Attributes

data-post-id

JS Globals

showfethData

FAQ