Does WP Random Post Thumbnails have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Random Post Thumbnails have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Random Post Thumbnails compatible with WordPress 6.7.5?

According to WordPress.org data, WP Random Post Thumbnails 2.6.3 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

How often is WP Random Post Thumbnails updated?

WP Random Post Thumbnails was last updated on Jul 27, 2025. Frequent updates are generally a positive security signal.

What is WP Random Post Thumbnails's security score?

WP Random Post Thumbnails has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Random Post Thumbnails Security & Risk Analysis

wordpress.org/plugins/wp-random-post-thumbnails

Allows you to select images to be shown at random for posts without a featured image.

1K active installs v2.6.3 PHP + WP 3.5+ Updated Jul 27, 2025

post-thumbnailsrandom-featured-imagesrandom-imagesrandom-post-thumbnailrandom-thumbnails

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Random Post Thumbnails Safe to Use in 2026?

Generally Safe

Score 100/100

WP Random Post Thumbnails has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8mo ago

Risk Assessment

The plugin "wp-random-post-thumbnails" v2.6.3 exhibits a generally strong security posture based on the provided static analysis. The absence of dangerous functions, file operations, and external HTTP requests, coupled with 100% of SQL queries using prepared statements, are excellent indicators of secure coding practices. The presence of nonce and capability checks further strengthens its defenses. The 71% proper output escaping is decent, but there is room for improvement to mitigate potential XSS vulnerabilities.

However, the analysis does reveal a potential area of concern with the 2 AJAX handlers, even though the report states 0 are unprotected. It is crucial to ensure that robust authentication and authorization checks are in place for these handlers to prevent unauthorized actions. The lack of any reported vulnerabilities in its history is a positive sign, suggesting consistent security efforts by the developers. The complete absence of taint flows is also reassuring.

In conclusion, this plugin appears to be developed with security in mind, particularly concerning data handling and access control. The primary area for potential risk lies in ensuring the absolute integrity of the AJAX endpoints. Continued vigilance in output escaping and thorough testing of these entry points would further solidify its security.

Key Concerns

Potentially unprotected AJAX handlers
Output escaping could be improved

Vulnerabilities

None known

WP Random Post Thumbnails Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Random Post Thumbnails Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

117 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

71% escaped165 total outputs

Attack Surface

WP Random Post Thumbnails Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_cmb2_oembed_handlerincludes\cmb2\includes\CMB2_Ajax.php:51

noprivwp_ajax_cmb2_oembed_handlerincludes\cmb2\includes\CMB2_Ajax.php:52

WordPress Hooks 61

actionadmin_initclasses\class-wprpt-options.php:73

actioncmb2_admin_initclasses\class-wprpt-options.php:74

actioncmb2_admin_initclasses\class-wprpt-options.php:75

actioncmb2_admin_initclasses\class-wprpt-options.php:76

actioncmb2_before_formclasses\class-wprpt-options.php:77

actionadmin_headclasses\class-wprpt-options.php:78

filtercmb2metatabs_before_formclasses\class-wprpt-options.php:108

filterpost_thumbnail_idclasses\class-wprpt.php:25

filterwp_get_attachment_image_attributesclasses\class-wprpt.php:26

filterwprpt_all_imagesclasses\class-wprpt.php:27

filterwprpt_all_imagesclasses\class-wprpt.php:28

filterwprpt_all_imagesclasses\class-wprpt.php:29

filterwprpt_all_imagesclasses\class-wprpt.php:30

actioncmb2_admin_initincludes\cmb2\example-functions.php:105

actioncmb2_admin_initincludes\cmb2\example-functions.php:447

actioncmb2_admin_initincludes\cmb2\example-functions.php:478

actioncmb2_admin_initincludes\cmb2\example-functions.php:542

actioncmb2_admin_initincludes\cmb2\example-functions.php:612

actioncmb2_admin_initincludes\cmb2\example-functions.php:654

actioncmb2_initincludes\cmb2\example-functions.php:756

filterwp_prepare_attachment_for_jsincludes\cmb2\includes\CMB2.php:1441

actionadmin_enqueue_scriptsincludes\cmb2\includes\CMB2.php:1459

actioncmb2_save_options-page_fieldsincludes\cmb2\includes\CMB2_Ajax.php:54

filterget_post_metadataincludes\cmb2\includes\CMB2_Ajax.php:147

filterupdate_post_metadataincludes\cmb2\includes\CMB2_Ajax.php:150

filtercmb2_show_onincludes\cmb2\includes\CMB2_hookup.php:79

actionedit_form_topincludes\cmb2\includes\CMB2_hookup.php:115

actionedit_form_before_permalinkincludes\cmb2\includes\CMB2_hookup.php:119

actionedit_form_after_titleincludes\cmb2\includes\CMB2_hookup.php:123

actionedit_form_after_editorincludes\cmb2\includes\CMB2_hookup.php:127

actionadd_meta_boxesincludes\cmb2\includes\CMB2_hookup.php:131

actionadd_attachmentincludes\cmb2\includes\CMB2_hookup.php:134

actionedit_attachmentincludes\cmb2\includes\CMB2_hookup.php:135

actionsave_postincludes\cmb2\includes\CMB2_hookup.php:136

actionadd_meta_boxes_commentincludes\cmb2\includes\CMB2_hookup.php:149

actionedit_commentincludes\cmb2\includes\CMB2_hookup.php:150

filtermanage_edit-comments_columnsincludes\cmb2\includes\CMB2_hookup.php:153

actionmanage_comments_custom_columnincludes\cmb2\includes\CMB2_hookup.php:154

actionshow_user_profileincludes\cmb2\includes\CMB2_hookup.php:163

actionedit_user_profileincludes\cmb2\includes\CMB2_hookup.php:164

actionuser_new_formincludes\cmb2\includes\CMB2_hookup.php:165

actionpersonal_options_updateincludes\cmb2\includes\CMB2_hookup.php:167

actionedit_user_profile_updateincludes\cmb2\includes\CMB2_hookup.php:168

actionuser_registerincludes\cmb2\includes\CMB2_hookup.php:169

filtermanage_users_columnsincludes\cmb2\includes\CMB2_hookup.php:172

filtermanage_users_custom_columnincludes\cmb2\includes\CMB2_hookup.php:173

actioncreated_termincludes\cmb2\includes\CMB2_hookup.php:221

actionedited_termsincludes\cmb2\includes\CMB2_hookup.php:222

actiondelete_termincludes\cmb2\includes\CMB2_hookup.php:223

actioncmb2_do_oembedincludes\cmb2\includes\helper-functions.php:127

filteris_protected_metaincludes\cmb2\includes\rest-api\CMB2_REST.php:144

actioninitincludes\cmb2\init.php:126

actionadmin_initincludes\cmb2-metatabs-options\code\cmb2_metatabs_options.php:269

actionadmin_headincludes\cmb2-metatabs-options\code\cmb2_metatabs_options.php:290

actionadmin_enqueue_scriptsincludes\cmb2-metatabs-options\code\cmb2_metatabs_options.php:298

actioncmb2_render_options_save_buttonincludes\cmb2-metatabs-options\code\cmb2_metatabs_options.php:306

actionadmin_print_footer_scriptsincludes\cmb2-metatabs-options\code\cmb2_metatabs_options.php:513

actioncmb2_admin_initincludes\cmb2-metatabs-options\example.php:19

filtercmb2metatabs_before_formincludes\cmb2-metatabs-options\example.php:32

actioninitwp-random-thumbnails.php:40

actioninitwp-random-thumbnails.php:57

Maintenance & Trust

WP Random Post Thumbnails Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedJul 27, 2025

PHP min version

Downloads37K

Community Trust

Rating100/100

Number of ratings8

Active installs1K

Alternatives

WP Random Post Thumbnails Alternatives

Regenerate Thumbnails

regenerate-thumbnails

100

Regenerate the thumbnails for one or more of your image uploads. Useful when changing their sizes or your theme.

1.0M No CVEs

Auto Featured Image (Auto Post Thumbnail)

auto-post-thumbnail

Automatically generate, assign, and manage featured images in bulk so every post on your site has a featured image.

50K 6 CVEs

Crop-Thumbnails

crop-thumbnails

100

"Crop Thumbnails" made it easy to get exacly that specific image-detail you want to show in your featured image or gallery image.

40K No CVEs

Acme Fix Images – Regenerate Thumbnails

acme-fix-images

100

Fix image sizes after you have changed image sizes from Media Settings. Ensure your images display consistently across your website.

4K 1 CVE

Genesis Featured Images

genesis-featured-images

This plugin sets a default image for post thumbnails for the Genesis framework.

100 No CVEs

Developer Profile

WP Random Post Thumbnails Developer Profile

Brianna Deleasa

1 plugin · 1K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Random Post Thumbnails

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-random-post-thumbnails/css/style.css/wp-content/plugins/wp-random-post-thumbnails/js/wp-random-post-thumbnails.js

Script Paths

/wp-content/plugins/wp-random-post-thumbnails/js/wp-random-post-thumbnails.js

Version Parameters

wp-random-post-thumbnails/css/style.css?ver=wp-random-post-thumbnails/js/wp-random-post-thumbnails.js?ver=

HTML / DOM Fingerprints

FAQ