Does StockPack – Stock photos from Unsplash, Adobe Stock and more have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is StockPack – Stock photos from Unsplash, Adobe Stock and more compatible with WordPress 6.8.5?

According to WordPress.org data, StockPack – Stock photos from Unsplash, Adobe Stock and more 3.5.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

StockPack – Stock photos from Unsplash, Adobe Stock and more Security & Risk Analysis

wordpress.org/plugins/stockpack

Integrated image search in WordPress for Unsplash, Adobe Stock, Getty Images, iStock, Pixabay, Pexels and Depositphotos. Seamless stock photos downloa …

7K active installs v3.5.0 PHP + WP 4.6+ Updated Aug 21, 2025

adobe-stockgettyistockstock-imagesunsplash

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is StockPack – Stock photos from Unsplash, Adobe Stock and more Safe to Use in 2026?

Generally Safe

Score 100/100

StockPack – Stock photos from Unsplash, Adobe Stock and more has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9mo ago

Risk Assessment

The stockpack v3.5.0 plugin demonstrates a generally good security posture with several positive indicators. It has a complete absence of known CVEs and no historical vulnerabilities, which suggests a history of responsible development and maintenance. The plugin also utilizes prepared statements for all SQL queries and implements nonce checks on all identified AJAX handlers. Furthermore, the taint analysis shows no critical or high-severity flows with unsanitized paths, and there are no dangerous functions or file operations detected.

However, there are areas for improvement. A significant concern is the output escaping, where only 54% of outputs are properly escaped. This indicates a potential risk of cross-site scripting (XSS) vulnerabilities if user-supplied data is reflected in these unescaped outputs. Additionally, the plugin makes two external HTTP requests, which could be a vector for various attacks if the target endpoints are compromised or if the requests are not properly validated and sanitized. While the attack surface is entirely protected by authentication, the presence of unescaped outputs and external HTTP requests warrants attention.

Key Concerns

Insufficient output escaping
External HTTP requests without clear validation

Vulnerabilities

None known

StockPack – Stock photos from Unsplash, Adobe Stock and more Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

StockPack – Stock photos from Unsplash, Adobe Stock and more Release Timeline

v3.5.0Current

v3.4.7

v3.4.6

v3.4.5

v3.4.4

v3.4.3

v3.4.2

v3.4.1

v3.4.0

v3.3.9

v3.3.8

v3.3.7

v3.3.6

v3.3.5

v3.3.4

v3.3.3

v3.3.2

v3.3.1

v3.3.0

v3.2.9

Code Analysis

Analyzed Mar 16, 2026

StockPack – Stock photos from Unsplash, Adobe Stock and more Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

13 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

54% escaped24 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

<class-stockpackquery> (src\class-stockpackquery.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

StockPack – Stock photos from Unsplash, Adobe Stock and more Attack Surface

Entry Points7

Unprotected0

AJAX Handlers 7

authwp_ajax_query-stockpacksrc\class-stockpackquery.php:69

authwp_ajax_license_cost-stockpacksrc\class-stockpackquery.php:70

authwp_ajax_download-stockpacksrc\class-stockpackquery.php:74

authwp_ajax_cache-stockpacksrc\class-stockpackquery.php:75

authwp_ajax_validate-stockpacksrc\class-stockpackquery.php:76

authwp_ajax_terms-stockpacksrc\class-stockpackquery.php:77

authwp_ajax_token-stockpacksrc\class-stockpackquery.php:78

WordPress Hooks 38

filterpost_thumbnail_htmlextra\captions.php:53

actioninitsrc\class-stockpackadmin.php:41

actionwp_loadedsrc\class-stockpackadmin.php:56

actionadmin_initsrc\class-stockpackadmin.php:57

actionadmin_menusrc\class-stockpackadmin.php:58

filterstockpack_download_timeoutsrc\class-stockpackadmin.php:62

actionadmin_noticessrc\class-stockpackadmin.php:103

actionadmin_initsrc\class-stockpackadmin.php:107

actionadmin_noticessrc\class-stockpackadmin.php:109

actionwsa_form_bottom_stockpack_debugsrc\class-stockpackadmin.php:111

actioninitsrc\class-stockpackcaptions.php:36

filterstockpack_captionsrc\class-stockpackcaptions.php:60

filterattachment_fields_to_editsrc\class-stockpackcaptions.php:61

filterattachment_fields_to_savesrc\class-stockpackcaptions.php:62

actioninitsrc\class-stockpackmedia.php:47

filtermedia_view_stringssrc\class-stockpackmedia.php:218

filtermedia_view_settingssrc\class-stockpackmedia.php:219

actionadmin_headsrc\class-stockpackmedia.php:223

actionadmin_enqueue_scriptssrc\class-stockpackmedia.php:224

actionelementor/editor/after_enqueue_stylessrc\class-stockpackmedia.php:225

actionelementor/editor/footersrc\class-stockpackmedia.php:226

actionelementor/editor/footersrc\class-stockpackmedia.php:228

actionelementor/editor/footersrc\class-stockpackmedia.php:229

actionfusion_builder_enqueue_live_scriptssrc\class-stockpackmedia.php:231

actionwp_enqueue_scriptssrc\class-stockpackmedia.php:235

actionwp_enqueue_scriptssrc\class-stockpackmedia.php:237

actionwp_enqueue_scriptssrc\class-stockpackmedia.php:239

actionwp_headsrc\class-stockpackmedia.php:244

actionwp_footersrc\class-stockpackmedia.php:245

actionwp_footersrc\class-stockpackmedia.php:246

actiontcb_hook_editor_footersrc\class-stockpackmedia.php:250

actiontcb_hook_template_redirectsrc\class-stockpackmedia.php:251

actiontcb_hook_template_redirectsrc\class-stockpackmedia.php:252

actioninitsrc\class-stockpackquery.php:45

actionhttp_api_debugsrc\class-stockpackquery.php:81

actioninitstockpack.php:74

actionafter_setup_themestockpack.php:135

actionget_headerstockpack.php:181

Maintenance & Trust

StockPack – Stock photos from Unsplash, Adobe Stock and more Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedAug 21, 2025

PHP min version

Downloads172K

Community Trust

Rating88/100

Number of ratings24

Active installs7K

Alternatives

StockPack – Stock photos from Unsplash, Adobe Stock and more Alternatives

LS Stock Portfolio

ls-stock-portfolio

100

Display Adobe Stock, Unsplash and Pixabay portfolios in responsive masonry or grid layouts with Lightbox and load-more functionality.

10 No CVEs

Instant Images – One-click Image Uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy

instant-images

One-click uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy directly to your WordPress media library.

200K 3 CVEs

Image Hub – Free Images from Unsplash, Pixabay, Pexels, Openverse & Giphy

image-hub

100

Access and manage royalty-free images from Unsplash, Pixabay, Pexels, Openverse & Giphy without leaving your WordPress dashboard.

10K No CVEs

Free Assets Library – Openverse/Pixabay 600+ Million Images

free-images

Free Assets Library is the #1 WordPress plugin which provides 600 Million FREE Images with 90,000+ downloads 🚀

4K No CVEs

Getty Images

getty-images

Search and use Getty Images photos in your posts without ever leaving WordPress.

2K 1 unpatched

Developer Profile

StockPack – Stock photos from Unsplash, Adobe Stock and more Developer Profile

StockPack

1 plugin · 7K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect StockPack – Stock photos from Unsplash, Adobe Stock and more

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/stockpack/dist/style.css/wp-content/plugins/stockpack/dist/stockpack-admin.js/wp-content/plugins/stockpack/dist/stockpack-frontend.js/wp-content/plugins/stockpack/dist/stockpack-load-admin.js

Script Paths

/wp-content/plugins/stockpack/vendor/autoload.php/wp-content/plugins/stockpack/dist/stockpack-load-admin.js

Version Parameters

stockpack/dist/style.css?ver=stockpack/dist/stockpack-admin.js?ver=stockpack/dist/stockpack-frontend.js?ver=stockpack/dist/stockpack-load-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

stockpack-admin-page

Data Attributes

data-stockpack-url

JS Globals

stockpack

FAQ