WP-Safety

WP Image Importer Security & Risk Analysis

wordpress.org/plugins/wp-image-importer

WP Image Importer plugin allows you to easily insert image into your wordpress post from facebook, flickr and pixabay

30 active installs v1.0.5 PHP + WP 4.4+ Updated Jun 29, 2021
facebook-imagesimage-importerimagesimport-images-from-social-mediawordpress-image-importer
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WP Image Importer Safe to Use in 2026?

Generally Safe

Score 85/100

WP Image Importer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The wp-image-importer plugin version 1.0.5 exhibits a mixed security posture. While it demonstrates good practices in SQL query handling by exclusively using prepared statements and a reasonable number of nonce checks, significant concerns arise from its attack surface and output escaping. The presence of two AJAX handlers without authentication checks is a notable weakness, potentially allowing unauthorized users to trigger sensitive actions. Furthermore, a substantial portion of output (78%) is not properly escaped, increasing the risk of cross-site scripting (XSS) vulnerabilities. The plugin also utilizes the `unserialize` function, which, if improperly handled with untrusted input, can lead to remote code execution. The absence of any recorded historical vulnerabilities is a positive sign, suggesting a potentially stable codebase, but it does not negate the immediate risks identified in the static and taint analysis. The reliance on the Guzzle library also introduces a potential risk if that library is outdated and contains known vulnerabilities.

Key Concerns

  • AJAX handlers without authentication checks
  • High percentage of unescaped output
  • Use of unserialize function
  • Bundled library (Guzzle) potential for outdated versions
Vulnerabilities
None known

WP Image Importer Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WP Image Importer Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
67
19 escaped
Nonce Checks
8
Capability Checks
0
File Operations
10
External Requests
6
Bundled Libraries
1

Dangerous Functions Found

unserializelist($id, $secret) = unserialize($serialized);Facebook\FacebookApp.php:97

Bundled Libraries

Guzzle

Output Escaping

22% escaped86 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

4 flows1 with unsanitized paths
<importer-option> (includes\importer-option.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

WP Image Importer Attack Surface

Entry Points10
Unprotected2

AJAX Handlers 10

authwp_ajax_save_flickr_settingsincludes\wp-image-importer-class.php:69
authwp_ajax_save_pixabay_settingsincludes\wp-image-importer-class.php:70
authwp_ajax_ced_iimp_save_image_to_postincludes\wp-image-importer-class.php:76
authwp_ajax_wpiimp_save_img_to_media_libraryincludes\wp-image-importer-class.php:77
authwp_ajax_wpiimp_submit_suggestionsincludes\wp-image-importer-class.php:79
authwp_ajax_ced_image_importer_send_mailincludes\wp-image-importer-class.php:83
authwp_ajax_save_fb_settingsincludes\wpiimp-facebook.php:21
authwp_ajax_wpiimp_get_fb_album_picsincludes\wpiimp-facebook.php:22
authwp_ajax_wpiimp_save_fb_img_to_media_libraryincludes\wpiimp-facebook.php:23
authwp_ajax_wpiimp_get_flickr_album_picsincludes\wpiimp-flickr.php:19
WordPress Hooks 8
actionadmin_menuincludes\wp-image-importer-class.php:56
filtermedia_upload_tabsincludes\wp-image-importer-class.php:61
actionmedia_upload_imgimportertabincludes\wp-image-importer-class.php:62
actionadmin_enqueue_scriptsincludes\wp-image-importer-class.php:64
actionwpiimp_set_admin_noticesincludes\wp-image-importer-class.php:81
actionadmin_noticesincludes\wp-image-importer-class.php:82
filterplugin_row_metawp-image-importer.php:63
actionplugins_loadedwp-image-importer.php:76
Maintenance & Trust

WP Image Importer Maintenance & Trust

Maintenance Signals

WordPress version tested5.6.17
Last updatedJun 29, 2021
PHP min version
Downloads5K

Community Trust

Rating0/100
Number of ratings0
Active installs30
Alternatives

WP Image Importer Alternatives

CS Multiple Image Import

CS Multiple Image Import

cs-multiple-image-import

A
85

A simple plugin to read the zip file with the images and its attributes to import in WordPress Media.

10 No CVEs
Imagify Image Optimization – Optimize Images | Compress Images | Convert WebP | Convert AVIF

Imagify Image Optimization – Optimize Images | Compress Images | Convert WebP | Convert AVIF

imagify

A
100

Optimize images in 1-click: compress images, convert to WebP & AVIF, resize, and boost your site with the easiest WordPress image optimization plugin!

1.0M No CVEs
Smush Image Optimization – Optimize Images | Compress & Lazy Load Images | Convert WebP & AVIF | Image CDN

Smush Image Optimization – Optimize Images | Compress & Lazy Load Images | Convert WebP & AVIF | Image CDN

wp-smushit

A
93

Optimize and compress images with lossless and lossy compression, lazy load, WebP & AVIF conversion, and global image CDN.

1.0M 6 CVEs
Autoptimize

Autoptimize

autoptimize

B
77

Autoptimize speeds up your website by optimizing JS, CSS, images (incl. lazy-load), HTML and Google Fonts, asyncing JS, removing emoji cruft and more.

900K 10 CVEs
Broken Link Checker

Broken Link Checker

broken-link-checker

A
91

Broken Link Checker helps you catch broken links & images fast, before they hurt your SEO or UX. Scan and bulk-fix issues from one easy dashboard.

500K 11 CVEs
Developer Profile

WP Image Importer Developer Profile

cedcommerce

21 plugins · 5K total installs

67
trust score
Avg Security Score
83/100
Avg Patch Time
204 days
View full developer profile
Detection Fingerprints

How We Detect WP Image Importer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-image-importer/css/wpiimp-admin.css/wp-content/plugins/wp-image-importer/css/wpiimp-frontend.css/wp-content/plugins/wp-image-importer/js/wpiimp-admin.js/wp-content/plugins/wp-image-importer/js/wpiimp-frontend.js/wp-content/plugins/wp-image-importer/js/wpiimp-upload.js
Script Paths
/wp-content/plugins/wp-image-importer/js/wpiimp-admin.js/wp-content/plugins/wp-image-importer/js/wpiimp-frontend.js/wp-content/plugins/wp-image-importer/js/wpiimp-upload.js
Version Parameters
wp-image-importer/css/wpiimp-admin.css?ver=wp-image-importer/css/wpiimp-frontend.css?ver=wp-image-importer/js/wpiimp-admin.js?ver=wp-image-importer/js/wpiimp-frontend.js?ver=wp-image-importer/js/wpiimp-upload.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpiimp-admin-pagewpiimp-media-tabwpiimp-tab-contentwpiimp-settings-sectionwpiimp-notice-dismiss
HTML Comments
<!-- WP Image Importer Wordpress Plugin. Allows easy import of Images into posts --><!-- Constructor --><!-- Register a setting Menu. --><!-- Create Wp Image Importer Tab in Add Media section. -->+3 more
Data Attributes
data-wpiimp-noncedata-wpiimp-actiondata-wpiimp-tab
JS Globals
WPIIMP_AdminWPIIMP_FrontendWPIIMP_Upload
FAQ

Frequently Asked Questions about WP Image Importer