Does Smart Auto Featured Image – WordPress Plugin have any unpatched vulnerabilities?

No. All known vulnerabilities in Smart Auto Featured Image – WordPress Plugin have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Smart Auto Featured Image – WordPress Plugin compatible with WordPress 6.8.5?

According to WordPress.org data, Smart Auto Featured Image – WordPress Plugin 1.5.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Smart Auto Featured Image – WordPress Plugin compatible with PHP 7.0+?

Smart Auto Featured Image – WordPress Plugin requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Smart Auto Featured Image – WordPress Plugin updated?

Smart Auto Featured Image – WordPress Plugin was last updated on Nov 5, 2025. Frequent updates are generally a positive security signal.

What is Smart Auto Featured Image – WordPress Plugin's security score?

Smart Auto Featured Image – WordPress Plugin has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Smart Auto Featured Image – WordPress Plugin Security & Risk Analysis

wordpress.org/plugins/smart-auto-featured-image

Generate Featured Images automatically based on your post content (title, etc). Customize your featured image with the built in template editor.

20 active installs v1.5.1 PHP 7.0+ WP 5.0+ Updated Nov 5, 2025

auto-featured-imagefeatured-imagefeatured-image-generatorpost-thumbnail

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Smart Auto Featured Image – WordPress Plugin Safe to Use in 2026?

Generally Safe

Score 100/100

Smart Auto Featured Image – WordPress Plugin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The "smart-auto-featured-image" v1.5.1 plugin exhibits a mixed security posture. While it has a clean vulnerability history with no recorded CVEs, indicating a generally stable codebase, the static analysis reveals several areas of concern. Specifically, the presence of two AJAX handlers without authentication checks represents a significant attack surface. Furthermore, the taint analysis identified two flows with unsanitized paths, classified as high severity, which could potentially lead to security vulnerabilities if exploited. The moderate percentage of properly escaped output (55%) also suggests a potential for cross-site scripting (XSS) vulnerabilities.

Despite these concerns, the plugin demonstrates some good security practices, such as a reasonable number of nonce and capability checks, and SQL queries largely utilizing prepared statements. The absence of dangerous functions and REST API routes without permission callbacks are positive signs. However, the unprotected AJAX endpoints and the high-severity taint flows are critical areas that require immediate attention. The clean vulnerability history should not lead to complacency, as the current analysis highlights potential weaknesses that could be exploited.

Key Concerns

AJAX handlers without authentication checks
High severity taint flows with unsanitized paths
Moderate percentage of properly escaped output

Vulnerabilities

None known

Smart Auto Featured Image – WordPress Plugin Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Smart Auto Featured Image – WordPress Plugin Code Analysis

Dangerous Functions

Raw SQL Queries

3 prepared

Unescaped Output

475

584 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

SQL Query Safety

43% prepared7 total queries

Output Escaping

55% escaped1059 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths

install_plugin_information (includes\fs\includes\fs-plugin-info-dialog.php:925)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Smart Auto Featured Image – WordPress Plugin Attack Surface

Entry Points3

Unprotected2

AJAX Handlers 3

authwp_ajax_wpjoli_safi_handle_noticecore\Hooks.php:75

authwp_ajax_safi_templatescore\Hooks.php:86

authwp_ajax_fs_toggle_debug_modeincludes\fs\includes\managers\class-fs-debug-manager.php:477

WordPress Hooks 47

actioninitcore\Application.php:47

actioninitcore\Application.php:62

actionafter_setup_themecore\Controllers\MenuController.php:38

actionadmin_noticescore\Controllers\NoticesFreeController.php:41

actionadmin_noticescore\Controllers\NoticesFreeController.php:47

actioninitcore\Hooks.php:74

actioninitcore\Hooks.php:77

actioninitcore\Hooks.php:78

actionadmin_enqueue_scriptscore\Hooks.php:80

actionadmin_menucore\Hooks.php:81

actionadmin_initcore\Hooks.php:82

actionadmin_enqueue_scriptscore\Hooks.php:83

filterinitcore\Hooks.php:87

actioninitcore\Hooks.php:88

filterenqueue_block_editor_assetscore\Hooks.php:89

actionrest_api_initcore\Hooks.php:91

filterconnect_messagefs-helpers.php:25

actionafter_uninstallfs-helpers.php:36

filterplugin_iconfs-helpers.php:48

actionadmin_footerincludes\fs\includes\class-fs-logger.php:111

actionwp_footerincludes\fs\includes\class-fs-logger.php:113

filterplugins_apiincludes\fs\includes\class-fs-plugin-updater.php:85

actionadmin_headincludes\fs\includes\class-fs-plugin-updater.php:108

actionadmin_footerincludes\fs\includes\class-fs-plugin-updater.php:110

filterhttp_request_host_is_externalincludes\fs\includes\class-fs-plugin-updater.php:114

filterupgrader_post_installincludes\fs\includes\class-fs-plugin-updater.php:122

filterupgrader_pre_installincludes\fs\includes\class-fs-plugin-updater.php:125

filterupgrader_source_selectionincludes\fs\includes\class-fs-plugin-updater.php:126

filterwp_prepare_themes_for_jsincludes\fs\includes\class-fs-plugin-updater.php:129

actionadmin_footerincludes\fs\includes\class-fs-plugin-updater.php:179

filterpre_set_site_transient_update_pluginsincludes\fs\includes\class-fs-plugin-updater.php:294

filterpre_set_site_transient_update_themesincludes\fs\includes\class-fs-plugin-updater.php:299

filterupgrader_source_selectionincludes\fs\includes\class-fs-plugin-updater.php:1388

filterdebug_bar_panelsincludes\fs\includes\debug\debug-bar-start.php:51

filterdebug_bar_statusesincludes\fs\includes\debug\debug-bar-start.php:52

actioninstall_plugins_pre_plugin-informationincludes\fs\includes\fs-plugin-info-dialog.php:66

filterfs_plugins_apiincludes\fs\includes\fs-plugin-info-dialog.php:69

actionadmin_footerincludes\fs\includes\managers\class-fs-admin-notice-manager.php:217

actionnetwork_admin_noticesincludes\fs\includes\managers\class-fs-admin-notice-manager.php:396

actionadmin_noticesincludes\fs\includes\managers\class-fs-admin-notice-manager.php:397

actionadmin_enqueue_scriptsincludes\fs\includes\managers\class-fs-admin-notice-manager.php:400

actionadmin_post_fs_clone_resolutionincludes\fs\includes\managers\class-fs-clone-manager.php:145

actionadmin_footerincludes\fs\includes\managers\class-fs-clone-manager.php:163

actionfs_debug_turn_off_logging_hookincludes\fs\includes\managers\class-fs-debug-manager.php:492

actionhttp_api_curlincludes\fs\includes\sdk\FreemiusWordPress.php:482

actionadmin_footerincludes\fs\templates\account.php:93

actionafter_uninstallsmart-auto-featured-image.php:79

Scheduled Events 1

fs_debug_turn_off_logging_hook

Maintenance & Trust

Smart Auto Featured Image – WordPress Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedNov 5, 2025

PHP min version7.0

Downloads2K

Community Trust

Rating100/100

Number of ratings1

Active installs20

Alternatives

Smart Auto Featured Image – WordPress Plugin Alternatives

Auto Featured Image (Auto Post Thumbnail)

auto-post-thumbnail

Automatically generate, assign, and manage featured images in bulk so every post on your site has a featured image.

50K 6 CVEs

AI Thumbnails Maker – auto featured image & force regenerate thumbnails

ai-thumbnails-maker

100

Revolutionary auto featured image generator with AI. Effortlessly create thumbnails, force regenerate thumbnails, and automate image workflows.

60 No CVEs

Really Simple Featured Image: Automatic Featured Images

really-simple-featured-image

100

Automatically generate missing featured images from video or image inside content for Posts, Pages and CPTs.

0 No CVEs

Thumbnail Image Generator – Automatically Generate Featured Images

thumbnail-image-generator

100

Automatically generate featured images and post thumbnails for your WordPress posts, and pages.

0 No CVEs

XO Featured Image Tools

xo-featured-image-tools

100

Automatically generate the featured image from the image of the post.

30K No CVEs

Developer Profile

Smart Auto Featured Image – WordPress Plugin Developer Profile

WPJoli

4 plugins · 8K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

194 days

View full developer profile

Detection Fingerprints

How We Detect Smart Auto Featured Image – WordPress Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/smart-auto-featured-image/assets/admin/css/wpjoli-safi-admin.css/wp-content/plugins/smart-auto-featured-image/assets/admin/js/wpjoli-safi-admin.js/wp-content/plugins/smart-auto-featured-image/vendor/wp-color-picker-alpha/wp-color-picker-alpha.min.js/wp-content/plugins/smart-auto-featured-image/assets/admin/js/wpjoli-safi-admin-notices.js

Version Parameters

smart-auto-featured-image/assets/admin/css/wpjoli-safi-admin.css?ver=smart-auto-featured-image/assets/admin/js/wpjoli-safi-admin.js?ver=smart-auto-featured-image/vendor/wp-color-picker-alpha/wp-color-picker-alpha.min.js?ver=smart-auto-featured-image/assets/admin/js/wpjoli-safi-admin-notices.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-safi-template-id

JS Globals

safiAdminsafiAdminNotice

FAQ