Smart Featured Image Security & Risk Analysis

wordpress.org/plugins/smart-featured-image

Automagically add featured image to posts using images inserted into post content, if no featured image is explicitly added to post.

10 active installs v0.2.4 PHP 5.3+ WP 4.0+ Updated Aug 29, 2017
automatic-featured-imagefeatured-imagepost-thumbnailsmart-featured-image
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Smart Featured Image Safe to Use in 2026?

Generally Safe

Score 85/100

Smart Featured Image has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The "smart-featured-image" plugin version 0.2.4 demonstrates a strong security posture based on the provided static analysis. The absence of any identified attack surface points such as AJAX handlers, REST API routes, shortcodes, or cron events significantly limits the plugin's exposure to external manipulation. Furthermore, the code analysis reveals a healthy reliance on security best practices, including 100% usage of prepared statements for SQL queries, a high percentage of properly escaped output, and the presence of nonce and capability checks. The lack of any dangerous functions, file operations, external HTTP requests, or identified taint flows further reinforces this positive assessment. The vulnerability history being entirely clear of any recorded CVEs, across all severity levels and types, strongly suggests a well-maintained and secure codebase.

Vulnerabilities
None known

Smart Featured Image Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Smart Featured Image Release Timeline

v0.2.4Current
v0.2.3
v0.2.2
v0.2.1
v0.2.0
v0.1.3
v0.1.2
v0.1.1
v0.1.0
Code Analysis
Analyzed Mar 17, 2026

Smart Featured Image Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
3
15 escaped
Nonce Checks
4
Capability Checks
4
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

83% escaped18 total outputs
Attack Surface

Smart Featured Image Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 15
actionadmin_noticesincludes\helpers.php:87
actionadmin_initincludes\helpers.php:100
actionadmin_initincludes\setup.php:28
actionsave_postincludes\setup.php:30
actionedit_attachmentincludes\setup.php:31
actionthe_postincludes\setup.php:33
actiondraft_to_publishincludes\setup.php:34
actionnew_to_publishincludes\setup.php:35
actionpending_to_publishincludes\setup.php:36
actionfuture_to_publishincludes\setup.php:37
filterget_post_metadataincludes\setup.php:39
filterupdate_post_metadataincludes\setup.php:40
filterpre_update_optionincludes\setup.php:42
actionadmin_enqueue_scriptsincludes\setup.php:124
actionplugins_loadedsmart-featured-image.php:71
Maintenance & Trust

Smart Featured Image Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28
Last updatedAug 29, 2017
PHP min version5.3
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

Smart Featured Image Developer Profile

GrottoPress

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Smart Featured Image

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/smart-featured-image/assets/css/sfi-backend.css/wp-content/plugins/smart-featured-image/assets/js/sfi-backend.js

HTML / DOM Fingerprints

CSS Classes
sfi-backend-css
Data Attributes
data-sfi-post-id
FAQ

Frequently Asked Questions about Smart Featured Image