WP-Safety

Taxonomy Images Security & Risk Analysis

wordpress.org/plugins/taxonomy-images

Associate images from your media library to categories, tags and custom taxonomies.

10K active installs v1.0 PHP 5.3+ WP 4.4+ Updated Feb 15, 2024
categoryimagetagtaxonomyterm
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Taxonomy Images Safe to Use in 2026?

Generally Safe

Score 85/100

Taxonomy Images has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The taxonomy-images v1.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and a high percentage of proper output escaping. The absence of known CVEs and dangerous functions in its history is also a strong indicator of a relatively secure codebase. However, a significant concern arises from the large number of unprotected AJAX handlers. With 4 out of 4 AJAX handlers lacking authentication checks, this presents a substantial attack surface for malicious actors to potentially exploit.

The static analysis reveals that all identified entry points, which include 4 AJAX handlers and 1 shortcode, are potentially unprotected, with 4 of these lacking explicit authorization checks. While taint analysis did not reveal any critical or high severity issues, the unprotected AJAX endpoints are a primary concern. The plugin's history of zero vulnerabilities suggests a degree of developer diligence, but it cannot compensate for the immediate risk posed by the unprotected AJAX endpoints. A balanced conclusion is that while the plugin is free from known vulnerabilities and employs sound practices in data handling (SQL and output escaping), the lack of security checks on its AJAX handlers represents a critical weakness that needs immediate attention.

Key Concerns

  • 4 unprotected AJAX handlers
  • 4 entry points without auth checks
Vulnerabilities
None known

Taxonomy Images Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Taxonomy Images Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
15
76 escaped
Nonce Checks
3
Capability Checks
4
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

84% escaped91 total outputs
Attack Surface
4 unprotected

Taxonomy Images Attack Surface

Entry Points5
Unprotected4

AJAX Handlers 4

authwp_ajax_taxonomy_image_create_associationlegacy\plugin.php:40
authwp_ajax_taxonomy_image_plugin_remove_associationlegacy\plugin.php:43
authwp_ajax_taxonomy_images_update_term_imageplugin\plugin.php:166
authwp_ajax_taxonomy_images_delete_term_imageplugin\plugin.php:167

Shortcodes 1

[taxonomy_image_plugin] legacy\includes\deprecated.php:153
WordPress Hooks 49
filterthe_contentlegacy\includes\code-snippets.php:26
filterthe_excerptlegacy\includes\code-snippets.php:27
actiontaxonomy_image_plugin_print_image_htmllegacy\includes\deprecated.php:170
filtertaxonomy-images-get-termslegacy\includes\public-filters.php:22
filtertaxonomy-images-get-the-termslegacy\includes\public-filters.php:23
filtertaxonomy-images-list-the-termslegacy\includes\public-filters.php:24
filtertaxonomy-images-queried-term-imagelegacy\includes\public-filters.php:26
filtertaxonomy-images-queried-term-image-datalegacy\includes\public-filters.php:27
filtertaxonomy-images-queried-term-image-idlegacy\includes\public-filters.php:28
filtertaxonomy-images-queried-term-image-objectlegacy\includes\public-filters.php:29
filtertaxonomy-images-queried-term-image-urllegacy\includes\public-filters.php:30
actioninitlegacy\plugin.php:25
actioninitlegacy\plugin.php:28
filterattachment_fields_to_editlegacy\plugin.php:31
actionadmin_initlegacy\plugin.php:34
actionadmin_menulegacy\plugin.php:37
actioninitlegacy\plugin.php:46
actionadmin_initlegacy\plugin.php:49
actionadmin_print_scripts-media-upload-popuplegacy\plugin.php:52
actionadmin_print_scripts-edit-tags.phplegacy\plugin.php:55
actionadmin_print_styles-edit-tags.phplegacy\plugin.php:58
actionadmin_print_styles-term.phplegacy\plugin.php:59
actionadmin_print_styles-media-upload-popuplegacy\plugin.php:60
actionadmin_print_styles-edit-tags.phplegacy\plugin.php:63
actionwp_enqueue_scriptslegacy\plugin.php:66
actiontemplate_redirectlegacy\plugin.php:72
filterplugin_row_metalegacy\plugin.php:75
actionadmin_enqueue_scriptslegacy\plugin.php:78
filtertaxonomy-images-get-termsplugin\includes\legacy-hooks.php:33
filtertaxonomy-images-get-the-termsplugin\includes\legacy-hooks.php:34
filtertaxonomy-images-list-the-termsplugin\includes\legacy-hooks.php:35
filtertaxonomy-images-queried-term-imageplugin\includes\legacy-hooks.php:37
filtertaxonomy-images-queried-term-image-dataplugin\includes\legacy-hooks.php:38
filtertaxonomy-images-queried-term-image-idplugin\includes\legacy-hooks.php:39
filtertaxonomy-images-queried-term-image-objectplugin\includes\legacy-hooks.php:40
filtertaxonomy-images-queried-term-image-urlplugin\includes\legacy-hooks.php:41
actionplugins_loadedplugin\plugin.php:15
actioninitplugin\plugin.php:147
actioninitplugin\plugin.php:151
actiontemplate_redirectplugin\plugin.php:181
actionadmin_initplugin\plugin.php:198
actionadmin_menuplugin\plugin.php:202
actionadmin_initplugin\plugin.php:203
filterplugin_row_metaplugin\plugin.php:204
actionadmin_initplugin\plugin.php:208
actionadmin_enqueue_scriptsplugin\plugin.php:209
actionadmin_print_styles-edit-tags.phpplugin\plugin.php:210
actionadmin_print_styles-term.phpplugin\plugin.php:211
actionwp_enqueue_scriptsplugin\plugin.php:223
Maintenance & Trust

Taxonomy Images Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8
Last updatedFeb 15, 2024
PHP min version5.3
Downloads217K

Community Trust

Rating88/100
Number of ratings40
Active installs10K
Alternatives

Taxonomy Images Alternatives

Categories Images

Categories Images

categories-images

A
100

The Categories Images is a Wordpress plugin allow you to add image to category, tag or custom taxonomy.

50K No CVEs
Term Management Tools

Term Management Tools

term-management-tools

A
100

Allows you to merge terms, move terms between taxonomies, and set term parents, individually or in bulk.

10K No CVEs
Category Icon

Category Icon

category-icon

B
72

A WordPress plugin to easily attach an icon to a category, tag or any other taxonomy term.

2K 1 unpatched
Taxonomy Switcher

Taxonomy Switcher

taxonomy-switcher

A
100

Switch the taxonomy for all terms or only child terms of a specified parent term.

2K 1 CVE
Advanced Category and Custom Taxonomy Image

Advanced Category and Custom Taxonomy Image

advanced-category-and-custom-taxonomy-image

A
99

Add Custom Image To Your Category / Custom Taxonomy Field With Advanced Category and Custom Taxonomy Image Plugin.

1K 1 CVE
Developer Profile

Taxonomy Images Developer Profile

Ben Huson

16 plugins · 21K total installs

90
trust score
Avg Security Score
86/100
Avg Patch Time
2 days
View full developer profile
Detection Fingerprints

How We Detect Taxonomy Images

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/taxonomy-images/legacy/css/admin.css/wp-content/plugins/taxonomy-images/legacy/css/frontend.css/wp-content/plugins/taxonomy-images/legacy/js/admin.js/wp-content/plugins/taxonomy-images/legacy/js/frontend.js
Version Parameters
taxonomy-images/legacy/css/admin.css?ver=taxonomy-images/legacy/css/frontend.css?ver=taxonomy-images/legacy/js/admin.js?ver=taxonomy-images/legacy/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
taxonomy-image-modal-controlcreate-associationremove-associationtaxonomy-image-button-image-idtaxonomy-image-button-nonce-createtaxonomy-image-button-nonce-remove
Data Attributes
taxonomy-image-modal-controltaxonomy-image-button-image-idtaxonomy-image-button-nonce-createtaxonomy-image-button-nonce-remove
JS Globals
taxonomy_images
FAQ

Frequently Asked Questions about Taxonomy Images