Does Thumbnail Manager have any unpatched vulnerabilities?

No. All known vulnerabilities in Thumbnail Manager have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Thumbnail Manager compatible with WordPress 6.9.4?

According to WordPress.org data, Thumbnail Manager 1.0.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Thumbnail Manager compatible with PHP 7.4+?

Thumbnail Manager requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Thumbnail Manager updated?

Thumbnail Manager was last updated on Unknown. Frequent updates are generally a positive security signal.

What is Thumbnail Manager's security score?

Thumbnail Manager has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Thumbnail Manager Security & Risk Analysis

wordpress.org/plugins/thumbnail-manager

Clean up unused thumbnails with progress; find orphan -WxH files; disable sizes for future uploads.

30 active installs v1.0.1 PHP 7.4+ WP 6.3+ Updated Unknown

cleanupimagesmediaorphanthumbnails

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Thumbnail Manager Safe to Use in 2026?

Generally Safe

Score 100/100

Thumbnail Manager has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The thumbnail-manager v1.0.1 plugin exhibits a generally good security posture based on the provided static analysis. The absence of REST API routes, shortcodes, and cron events, combined with all SQL queries using prepared statements and a focus on nonce and capability checks for its two AJAX handlers, are positive indicators. The code also demonstrates no file operations or external HTTP requests, further reducing its attack surface. However, a significant concern arises from the output escaping, where only 58% of outputs are properly escaped. This leaves a potential avenue for cross-site scripting (XSS) vulnerabilities if user-supplied data is directly outputted without adequate sanitization. The plugin's vulnerability history is clean, with no recorded CVEs, which suggests a history of stable and secure development. Overall, while the plugin has strong foundational security practices in place, the partial output escaping is a notable weakness that requires attention to prevent potential XSS exploits.

Key Concerns

Unescaped output detected

Vulnerabilities

None known

Thumbnail Manager Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Thumbnail Manager Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

38 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

58% escaped65 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

yotm_prune_thumbnails_page (inc\admin-menu.php:62)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Thumbnail Manager Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_yotm_prune_delete_batchinc\handle-delete.php:7

authwp_ajax_yotm_prune_prepareinc\handle-prune.php:7

WordPress Hooks 3

actionadmin_enqueue_scriptsinc\admin-menu.php:15

actionadmin_menuinc\admin-menu.php:51

filterintermediate_image_sizes_advancedinc\filter-disabled-sizes.php:8

Maintenance & Trust

Thumbnail Manager Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedUnknown

PHP min version7.4

Downloads292

Community Trust

Rating0/100

Number of ratings0

Active installs30

Alternatives

Thumbnail Manager Alternatives

Auto Generated Images Remover

auto-generated-images-remover

100

Short Description: Scan and remove auto-generated WordPress image thumbnails safely.

40 No CVEs

Cleanup Orphan Images

cleanup-orphan-images

100

Finds and deletes orphan media files from the uploads directory that are not registered in WordPress.

20 No CVEs

Thumbs

thumbs

100

Ein einfaches Tool zur Verwaltung von Thumbnail-Dateien in WordPress. Zählt, listet und löscht generierte Thumbnails und entfernt leere Upload-Ordner, …

0 No CVEs

Crop-Thumbnails

crop-thumbnails

100

"Crop Thumbnails" made it easy to get exacly that specific image-detail you want to show in your featured image or gallery image.

40K No CVEs

iOS images fixer

ios-images-fixer

Automatically fix iOS-taken images' orientation using ImageMagic/PHP GD upon upload.

7K No CVEs

Developer Profile

Thumbnail Manager Developer Profile

YoOhw Studio

7 plugins · 3K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Thumbnail Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/thumbnail-manager/css/style.css/wp-content/plugins/thumbnail-manager/js/admin.js

Script Paths

/wp-content/plugins/thumbnail-manager/js/admin.js

Version Parameters

thumbnail-manager/css/style.css?ver=thumbnail-manager/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

yo-tabsyo-tabyo-panelyo-rowyo-sizesyo-progress

Data Attributes

data-tabid="yotm_tabs"id="yotm_panel_prune"id="yotm_limit_subpath"id="yotm_form"onsubmit="return false;"+10 more

JS Globals

YOTM

FAQ