Does Square Thumbnails have any unpatched vulnerabilities?

No. All known vulnerabilities in Square Thumbnails have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Square Thumbnails compatible with WordPress 6.8.5?

According to WordPress.org data, Square Thumbnails 2.4.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Square Thumbnails updated?

Square Thumbnails was last updated on May 23, 2025. Frequent updates are generally a positive security signal.

What is Square Thumbnails's security score?

Square Thumbnails has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Square Thumbnails Security & Risk Analysis

wordpress.org/plugins/square-thumbnails

Creates square thumbnails from images without cropping. Works like CSS background-size: contain.

800 active installs v2.4.0 PHP + WP 3.5+ Updated May 23, 2025

image-processingsquare-thumbnailstags-cropthumbnailswoocommerce

A · Safe

CVEs total1

Unpatched0

Last CVEDec 7, 2023

Plugin page Download

Safety Verdict

Is Square Thumbnails Safe to Use in 2026?

Generally Safe

Score 100/100

Square Thumbnails has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 7, 2023Updated 10mo ago

Risk Assessment

The "square-thumbnails" v2.4.0 plugin exhibits a mixed security posture. While it demonstrates good practices in areas like SQL query preparation and output escaping, significant concerns arise from its attack surface and historical vulnerability patterns. A considerable portion of its AJAX handlers lack authentication checks, creating potential entry points for unauthorized actions. The presence of flows with unsanitized paths, although not flagged as critical or high severity in this analysis, warrants attention as it could lead to unintended behavior if exploited.

The plugin's vulnerability history, though currently showing no unpatched CVEs, indicates a pattern of "Missing Authorization" vulnerabilities. The most recent vulnerability was in December 2023, suggesting that authorization issues have been a recurring problem. This historical trend, coupled with the current number of unprotected AJAX handlers, points to a persistent weakness in how the plugin validates user permissions for certain operations.

In conclusion, while the "square-thumbnails" plugin has strengths in data handling and escaping, the significant number of unprotected AJAX entry points and the historical pattern of authorization vulnerabilities are notable weaknesses. These factors increase the risk of potential exploits targeting unauthorized actions. Further investigation into the specific nature of the unsanitized paths and robust implementation of capability checks on all AJAX handlers would be recommended.

Key Concerns

Unprotected AJAX handlers
Flows with unsanitized paths
History of missing authorization vulns

Vulnerabilities

Square Thumbnails Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-49851medium · 5.3Missing Authorization

Square Thumbnails <= 1.1.0 - Missing Authorization

Dec 7, 2023 Patched in 1.1.2 (210d)

Code Analysis

Analyzed Mar 16, 2026

Square Thumbnails Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

94 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

91% escaped103 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

5 flows3 with unsanitized paths

regenerate_single_image (admin\class-square-thumbnails-admin.php:1321)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

Square Thumbnails Attack Surface

Entry Points9

Unprotected6

AJAX Handlers 8

authwp_ajax_sqt_pro_notifyadmin\class-square-thumbnails-pro.php:36

authwp_ajax_sqt_dismiss_pro_noticeadmin\class-square-thumbnails-pro.php:39

authwp_ajax_sqt_settingsincludes\class-square-thumbnails.php:188

noprivwp_ajax_sqt_settingsincludes\class-square-thumbnails.php:189

authwp_ajax_sqt_regenerate_thumbnailsincludes\class-square-thumbnails.php:190

authwp_ajax_sqt_regenerate_singleincludes\class-square-thumbnails.php:191

authwp_ajax_square_thumbnails_subscribeincludes\class-square-thumbnails.php:233

noprivwp_ajax_square_thumbnails_subscribeincludes\class-square-thumbnails.php:234

Shortcodes 1

[square_thumbnails_newsletter] includes\class-square-thumbnails-newsletter.php:58

WordPress Hooks 20

filteradmin_noticesadmin\class-square-thumbnails-admin.php:826

actionadmin_menuadmin\class-square-thumbnails-mailchimp-admin.php:66

actionadmin_initadmin\class-square-thumbnails-mailchimp-admin.php:69

actionplugins_loadedincludes\class-square-thumbnails.php:169

actionadmin_menuincludes\class-square-thumbnails.php:182

filterwp_generate_attachment_metadataincludes\class-square-thumbnails.php:184

actionadmin_enqueue_scriptsincludes\class-square-thumbnails.php:185

actionadmin_enqueue_scriptsincludes\class-square-thumbnails.php:186

actionsquare-thumbnails-settingsincludes\class-square-thumbnails.php:187

filterattachment_fields_to_editincludes\class-square-thumbnails.php:194

filterbulk_actions-uploadincludes\class-square-thumbnails.php:195

filterhandle_bulk_actions-uploadincludes\class-square-thumbnails.php:196

actionadmin_noticesincludes\class-square-thumbnails.php:197

actiondelete_attachmentincludes\class-square-thumbnails.php:199

actionadmin_noticesincludes\class-square-thumbnails.php:203

actionadmin_footerincludes\class-square-thumbnails.php:206

actionwp_enqueue_scriptsincludes\class-square-thumbnails.php:225

actionwp_enqueue_scriptsincludes\class-square-thumbnails.php:226

actioninitincludes\class-square-thumbnails.php:232

actionwidgets_initincludes\class-square-thumbnails.php:237

Maintenance & Trust

Square Thumbnails Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMay 23, 2025

PHP min version

Downloads18K

Community Trust

Rating84/100

Number of ratings19

Active installs800

Alternatives

Square Thumbnails Alternatives

reGenerate Thumbnails Advanced

regenerate-thumbnails-advanced

100

Regenerate thumbnails quickly and easily, including forced regeneration; very useful when changing a theme or adding new thumbnail sizes.

70K No CVEs

Smart Image Resize – Make WooCommerce Images the Same Size

smart-image-resize

100

Automatically make WooCommerce product images the same size. Perfect for messy grids, works with existing photos, no cropping.

8K No CVEs

Advanced WooCommerce Product Gallery Slider

advanced-woocommerce-product-gallery-slider

Instantly transform the gallery on your WooCommerce Product page into a fully Responsive Stunning Carousel Slider.

4K No CVEs

GazChap's WooCommerce Auto Category Product Thumbnails

gazchaps-woocommerce-auto-category-product-thumbnails

100

Pick WooCommerce category thumbnails automatically from products contained within those categories.

2K No CVEs

Image Processing Queue

image-processing-queue

On-the-fly image processing done right.

400 No CVEs

Developer Profile

Square Thumbnails Developer Profile

ilmdesigns

1 plugin · 800 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

210 days

View full developer profile

Detection Fingerprints

How We Detect Square Thumbnails

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/square-thumbnails/admin/css/square-thumbnails-admin.css/wp-content/plugins/square-thumbnails/admin/js/square-thumbnails-admin.js/wp-content/plugins/square-thumbnails/public/css/square-thumbnails-public.css/wp-content/plugins/square-thumbnails/public/js/square-thumbnails-public.js

Script Paths

/wp-content/plugins/square-thumbnails/admin/js/square-thumbnails-admin.js/wp-content/plugins/square-thumbnails/public/js/square-thumbnails-public.js

Version Parameters

square-thumbnails/admin/css/square-thumbnails-admin.css?ver=square-thumbnails/admin/js/square-thumbnails-admin.js?ver=square-thumbnails/public/css/square-thumbnails-public.css?ver=square-thumbnails/public/js/square-thumbnails-public.js?ver=

HTML / DOM Fingerprints

CSS Classes

sqt-pro-admin-noticesqt-pro-notice-contentsqt-see-more

HTML Comments

Data Attributes

data-nonce

JS Globals

sqt_pro_notice_dismissed

FAQ