Does WP Featured Screenshot have any unpatched vulnerabilities?

Yes — WP Featured Screenshot currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is WP Featured Screenshot compatible with WordPress 4.9.29?

According to WordPress.org data, WP Featured Screenshot 1.3 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is WP Featured Screenshot updated?

WP Featured Screenshot was last updated on Sep 18, 2018. Frequent updates are generally a positive security signal.

What is WP Featured Screenshot's security score?

WP Featured Screenshot has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Featured Screenshot Security & Risk Analysis

wordpress.org/plugins/wp-featured-screenshot

This plugin will allow you to take a screenshot of a website using the url and add it to your media library.

90 active installs v1.3 PHP + WP + Updated Sep 18, 2018

linkpost-image-screenshotscreenshotscreenshot-featured-imagewp-featured-screenshot

C · Use Caution

CVEs total1

Unpatched1

Last CVEApr 11, 2025

Plugin page Download

Safety Verdict

Is WP Featured Screenshot Safe to Use in 2026?

Use With Caution

Score 63/100

WP Featured Screenshot has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Apr 11, 2025Updated 7yr ago

Risk Assessment

The wp-featured-screenshot plugin exhibits a mixed security posture. While it demonstrates good practices in handling SQL queries with prepared statements and a lack of external HTTP requests or bundled libraries, significant concerns arise from its attack surface and code signal analysis. The presence of an unprotected AJAX handler is a critical weakness, as it represents an easily accessible entry point for attackers. Furthermore, the taint analysis revealing flows with unsanitized paths indicates potential vulnerabilities even if no critical or high severity issues were explicitly flagged in this analysis. The vulnerability history, particularly the unpatched medium severity CVE from 2025-04-11, strongly suggests that the plugin has had exploitable security flaws in the past, and the current version still carries a known risk. This historical pattern, combined with the current lack of robust input validation on the AJAX endpoint, points to a plugin that may not consistently prioritize security, and users should exercise caution.

Key Concerns

Unprotected AJAX handler detected
Flows with unsanitized paths found
Unpatched medium severity CVE
Insufficient output escaping (60% proper)
Missing nonce checks on AJAX
Missing capability checks

Vulnerabilities

WP Featured Screenshot Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-32557medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Featured Screenshot <= 1.3 - Reflected Cross-Site Scripting

Apr 11, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

WP Featured Screenshot Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

12 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

60% escaped20 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

wpfs_form (wp-featured-screenshot.php:68)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

WP Featured Screenshot Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_wpfs_ajaxwp-featured-screenshot.php:214

WordPress Hooks 6

actionadmin_enqueue_scriptswp-featured-screenshot.php:34

filtermedia_upload_tabswp-featured-screenshot.php:43

actionmedia_upload_wpfswp-featured-screenshot.php:50

actionadmin_initwp-featured-screenshot.php:59

actionmedia_upload_wpfswp-featured-screenshot.php:62

filterattachment_fields_to_editwp-featured-screenshot.php:192

Maintenance & Trust

WP Featured Screenshot Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedSep 18, 2018

PHP min version

Downloads4K

Community Trust

Rating84/100

Number of ratings5

Active installs90

Alternatives

WP Featured Screenshot Alternatives

WP Links Page

wp-links-page

This plugin allows you to create a dynamic link gallery with screenshots of each link.

4K 5 CVEs

Open Link 图链

open-link

Use [wp-openlink] to output all your Blogroll in a Page, with website screenshot thumbnail and clicks countable, no database altered or images storage …

60 No CVEs

Broken Link Checker

broken-link-checker

Broken Link Checker helps you catch broken links & images fast, before they hurt your SEO or UX. Scan and bulk-fix issues from one easy dashboard.

500K 11 CVEs

Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links

broken-link-checker-seo

Broken Link Checker by AIOSEO ensures all links on your website are working. Check your site for broken links and easily fix them to improve SEO.

300K 3 CVEs

PrettyLinks – Affiliate Links, Link Branding, Link Tracking, Marketing and Stripe Payments Plugin

pretty-link

🌠 The best WordPress link management, branding, tracking, sharing and payments plugin. Easily make pretty & trackable shortlinks. 🔗

300K 8 CVEs

Developer Profile

WP Featured Screenshot Developer Profile

Rico Macchi

3 plugins · 6K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

79 days

View full developer profile

Detection Fingerprints

How We Detect WP Featured Screenshot

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-featured-screenshot/wp-featured-screenshot.js/wp-content/plugins/wp-featured-screenshot/wp-featured-screenshot.css

Script Paths

wp-featured-screenshot/wp-featured-screenshot.js

Version Parameters

wp-featured-screenshot/wp-featured-screenshot.js?ver=wp-featured-screenshot/wp-featured-screenshot.css?ver=

HTML / DOM Fingerprints

CSS Classes

wpfs-labelwpfs-input

HTML Comments

<!-- 
		jQuery(function($){
			var preloaded = $(".media-item.preloaded");
			if ( preloaded.length > 0 ) {
				preloaded.each(function(){
					prepareMediaItem({id:this.id.replace(/[^0-9]/g, '')},'');
				});
				updateMediaForm();
			}
		});
		-->

Data Attributes

id="wpfs_saveimg"id="post_ID"id="url-input"class="wpfs-label"class="wpfs-input"id="media-item-+3 more

JS Globals

ajax_objectwp_iframemedia_upload_headerwp_edit_attachments_querypaginate_linkswp_nonce_field+4 more

Shortcode Output

<img src="http://

wp-featured-screenshot/WP-Featured-Screenshot-ad.jpg" style="border: 1px solid #000; border-radius: 10px; margin-top: 20px; max-width: 95%; padding: 10px;"

<label class="wpfs-label" for="url-input">URL: </label><input class="wpfs-input" id="url-input" type="text" name="url" maxlength="255" />

FAQ