ShrinkTheWeb (STW) Website Previews Plugin Security & Risk Analysis
wordpress.org/plugins/shrinktheweb-website-preview-pluginThis plugin accesses the ShrinkTheWeb API to automatically replace special tags in posts with website screenshots, where desired.
Is ShrinkTheWeb (STW) Website Previews Plugin Safe to Use in 2026?
Use With Caution
Score 63/100ShrinkTheWeb (STW) Website Previews Plugin has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.
The "shrinktheweb-website-preview-plugin" v2.8.5 exhibits a mixed security posture. The static analysis shows a relatively small attack surface with no immediately apparent unprotected entry points. However, the presence of dangerous functions like `create_function` and `unserialize` raises significant concerns, as these can be exploited for code execution if not handled with extreme care and input validation. While the majority of SQL queries use prepared statements and output escaping is generally good, these specific dangerous functions represent a potential backdoor for attackers. The vulnerability history reveals a past medium severity Cross-Site Request Forgery (CSRF) vulnerability, and importantly, one currently unpatched CVE. This pattern suggests a need for more robust security practices to prevent future exploits, especially given the unpatched vulnerability that could still be leveraged.
Key Concerns
- Unpatched CVE found
- Use of dangerous function: unserialize
- Use of dangerous function: create_function
- Medium severity vulnerability in history
ShrinkTheWeb (STW) Website Previews Plugin Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
ShrinkTheWeb (STW) Website Previews <= 2.8.5 - Cross-Site Request Forgery
ShrinkTheWeb (STW) Website Previews Plugin Code Analysis
Dangerous Functions Found
Bundled Libraries
SQL Query Safety
Output Escaping
ShrinkTheWeb (STW) Website Previews Plugin Attack Surface
AJAX Handlers 2
Shortcodes 2
WordPress Hooks 14
Maintenance & Trust
ShrinkTheWeb (STW) Website Previews Plugin Maintenance & Trust
Maintenance Signals
Community Trust
ShrinkTheWeb (STW) Website Previews Plugin Alternatives
ShrinkTheWeb Refresh All
shrinktheweb-refresh-all
Refresh all the STW shrinktheweb.com screenshots at once
Auto Social-Media Screenshot Preview
auto-social-media-screenshot-preview
Add a unique live social media preview to your web pages. Free for small sites.
WP Links Page
wp-links-page
This plugin allows you to create a dynamic link gallery with screenshots of each link.
Snap A Site
snap-a-site
The easiest way to take and embed snapshot of a site on Wordpress blog.
Page Preview
page-preview
Quickly see how each page looks at a glance and manage your site more efficiently.
ShrinkTheWeb (STW) Website Previews Plugin Developer Profile
2 plugins · 80 total installs
How We Detect ShrinkTheWeb (STW) Website Previews Plugin
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/shrinktheweb-website-preview-plugin/js/stw-script.js/wp-content/plugins/shrinktheweb-website-preview-plugin/css/stw-style.css/wp-content/plugins/shrinktheweb-website-preview-plugin/js/stw-script.jsshrinktheweb-website-preview-plugin/js/stw-script.js?ver=shrinktheweb-website-preview-plugin/css/stw-style.css?ver=HTML / DOM Fingerprints
data-stw-image-widthdata-stw-image-heightdata-stw-image-urldata-stw-site-urldata-stw-titledata-stw-descriptionSTWWT_plugin_pathSTWWT_THUMBNAIL_WIDTHSTWWT_THUMBNAIL_HEIGHTSTWWT_THUMBNAIL_LINKSTWWT_THUMBNAIL_LINK_TARGETSTWWT_THUMBNAIL_ALT_TEXT+3 more[thumb][stwthumb]