Does Thumbnail Editor have any unpatched vulnerabilities?

Yes — Thumbnail Editor currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Thumbnail Editor compatible with WordPress 6.1.10?

According to WordPress.org data, Thumbnail Editor 2.3.3 has been tested up to WordPress 6.1.10. Check the plugin's changelog for the latest compatibility information.

How often is Thumbnail Editor updated?

Thumbnail Editor was last updated on Mar 23, 2023. Frequent updates are generally a positive security signal.

What is Thumbnail Editor's security score?

Thumbnail Editor has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Thumbnail Editor Security & Risk Analysis

wordpress.org/plugins/thumbnail-editor

Manually Crop and Resize thumbnail images that are uploaded in the Media section.

600 active installs v2.3.3 PHP + WP 2.0.2+ Updated Mar 23, 2023

cropimagesmediathumbthumbnail

C · Use Caution

CVEs total1

Unpatched1

Last CVEJun 27, 2025

Plugin page Download

Safety Verdict

Is Thumbnail Editor Safe to Use in 2026?

Use With Caution

Score 63/100

Thumbnail Editor has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Jun 27, 2025Updated 3yr ago

Risk Assessment

The "thumbnail-editor" plugin v2.3.3 presents a mixed security profile. On the positive side, the static analysis reveals no dangerous functions, no direct SQL queries (all use prepared statements), no file operations, and no external HTTP requests. Taint analysis also shows no critical or high-severity unsanitized flows, indicating a generally robust approach to handling sensitive data within the analyzed code. The presence of nonce checks and a relatively small attack surface with no immediately obvious unprotected entry points are also good signs.

Key Concerns

Unpatched Medium CVE
Low percentage of properly escaped output
No capability checks

Vulnerabilities

Thumbnail Editor Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-53282medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Thumbnail Editor <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jun 27, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Thumbnail Editor Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

24 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

33% escaped72 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

thumb_data_update (includes\class-editor-process.php:8)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Thumbnail Editor Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[thumb_image] thumb-editor.php:54

[thumb_image_src] thumb-editor.php:55

WordPress Hooks 11

actionadmin_initincludes\class-editor-process.php:5

filterwp_calculate_image_srcsetincludes\class-filters.php:6

filterpost_thumbnail_htmlincludes\class-filters.php:9

filterpost_thumbnail_htmlincludes\class-filters.php:11

actionadmin_enqueue_scriptsincludes\class-scripts.php:6

actionwp_enqueue_scriptsincludes\class-scripts.php:7

actionadmin_menuincludes\class-settings.php:6

filtermedia_row_actionsincludes\class-settings.php:7

filterattachment_fields_to_editincludes\class-settings.php:8

actionwidgets_initthumb-editor.php:50

actionplugins_loadedthumb-editor.php:52

Maintenance & Trust

Thumbnail Editor Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10

Last updatedMar 23, 2023

PHP min version

Downloads24K

Community Trust

Rating60/100

Number of ratings5

Active installs600

Alternatives

Thumbnail Editor Alternatives

Crop-Thumbnails

crop-thumbnails

100

"Crop Thumbnails" made it easy to get exacly that specific image-detail you want to show in your featured image or gallery image.

40K No CVEs

iOS images fixer

ios-images-fixer

Automatically fix iOS-taken images' orientation using ImageMagic/PHP GD upon upload.

7K No CVEs

Acme Fix Images – Regenerate Thumbnails

acme-fix-images

100

Fix image sizes after you have changed image sizes from Media Settings. Ensure your images display consistently across your website.

4K 1 CVE

Thumbnail Crop Position

thumbnail-crop-position

Select the crop position of your thumbnails.

2K No CVEs

Delete Thumbnails

delete-thumbnails

Find and delete thumbnails & resized images from your Media Library

100 No CVEs

Developer Profile

Thumbnail Editor Developer Profile

aviplugins.com

9 plugins · 8K total installs

trust score

Avg Security Score

76/100

Avg Patch Time

617 days

View full developer profile

Detection Fingerprints

How We Detect Thumbnail Editor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/thumbnail-editor/css/editor-front.css/wp-content/plugins/thumbnail-editor/css/editor.css/wp-content/plugins/thumbnail-editor/css/jquery.Jcrop.css/wp-content/plugins/thumbnail-editor/css/jquery-ui.css/wp-content/plugins/thumbnail-editor/js/ap-tabs.js/wp-content/plugins/thumbnail-editor/js/ap.cookie.js/wp-content/plugins/thumbnail-editor/js/jquery.Jcrop.js/wp-content/plugins/thumbnail-editor/js/jquery.cr.js

Script Paths

/wp-content/plugins/thumbnail-editor/js/jquery.Jcrop.js/wp-content/plugins/thumbnail-editor/js/jquery.cr.js/wp-content/plugins/thumbnail-editor/js/ap.cookie.js/wp-content/plugins/thumbnail-editor/js/ap-tabs.js

HTML / DOM Fingerprints

HTML Comments

/*
	  |||||   
	<(`0_0`)> 	
	()(afo)()
	  ()-()
*/

JS Globals

THE_PLUGIN_DIR

Shortcode Output

[thumb_image][thumb_image_src]

FAQ