Does WP Remote Thumbnail have any unpatched vulnerabilities?

Yes — WP Remote Thumbnail currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is WP Remote Thumbnail compatible with WordPress 6.9.4?

According to WordPress.org data, WP Remote Thumbnail 1.3.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is WP Remote Thumbnail compatible with PHP 5.4+?

WP Remote Thumbnail requires PHP 5.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP Remote Thumbnail updated?

WP Remote Thumbnail was last updated on Dec 13, 2025. Frequent updates are generally a positive security signal.

What is WP Remote Thumbnail's security score?

WP Remote Thumbnail has a WP-Safety security score of 76/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Remote Thumbnail Security & Risk Analysis

wordpress.org/plugins/wp-remote-thumbnail

A small lightweight plugin to set external/remote images as post thumbnail/featured image.

90 active installs v1.3.2 PHP 5.4+ WP 4.4+ Updated Dec 13, 2025

external-featured-imagefeatured-imageremote-featured-imageremote-thumbnailurl-to-featured-image

B · Generally Safe

CVEs total1

Unpatched1

Last CVEApr 8, 2025

Plugin page Download

Safety Verdict

Is WP Remote Thumbnail Safe to Use in 2026?

Mostly Safe

Score 76/100

WP Remote Thumbnail is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Apr 8, 2025Updated 3mo ago

Risk Assessment

The "wp-remote-thumbnail" plugin v1.3.2 exhibits a generally strong security posture from a code analysis perspective, with no dangerous functions, 100% prepared SQL statements, and all outputs properly escaped. The attack surface is also minimal, with no apparent AJAX handlers, REST API routes, shortcodes, or cron events that are not protected by authentication checks. Taint analysis also yielded no concerning flows. However, a significant concern arises from the plugin's vulnerability history. There is one known high-severity CVE, an Unrestricted Upload of File with Dangerous Type, which is currently unpatched and was recently disclosed. This indicates a potential for attackers to upload malicious files, leading to arbitrary code execution or other severe compromises.

Key Concerns

Unpatched high severity CVE
Vulnerability history of 'Unrestricted Upload'

Vulnerabilities

WP Remote Thumbnail Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2025-32140high · 8.8Unrestricted Upload of File with Dangerous Type

WP Remote Thumbnail <= 1.3.2 - Authenticated (Contributor+) Arbitrary File Upload

Apr 8, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

WP Remote Thumbnail Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped1 total outputs

Attack Surface

WP Remote Thumbnail Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionload-post.phpwp-remote-thumbnail.php:24

actionload-post-new.phpwp-remote-thumbnail.php:25

actionadd_meta_boxeswp-remote-thumbnail.php:35

actionsave_postwp-remote-thumbnail.php:36

Maintenance & Trust

WP Remote Thumbnail Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 13, 2025

PHP min version5.4

Downloads11K

Community Trust

Rating70/100

Number of ratings8

Active installs90

Alternatives

WP Remote Thumbnail Alternatives

External Thumbnail

external-thumbnail

Using external images from anywhere to make thumbnail

10K No CVEs

Featured Image with URL

featured-image-with-url

100

Featured Image with URL allows to use an external URL Images as Featured Image for your post types. Includes support for Product Gallery(WooCommerce).

2K No CVEs

Remote Thumbnail

remote-thumbnail

Lightweight plugin to use remote images for post thumbnails and featured image. Enter remote image url into custom field 'remote_thumbnail' …

10 No CVEs

Add Featured Image Custom Link

custom-url-to-featured-image

Try it out on your free dummy site: Click here => https://tastewp.com/new?pre-installed-plugin-slug=custom-url-to-featured-image&redirect=plugi …

1K 1 unpatched

Ngx Image Resizer

ngx-image-resizer

Requires at least: 4.4 Tested up to: 4.9 Stable tag: 1.0.0 License: GNU General Public License v2 or later License URI: http://www.gnu.

0 No CVEs

Developer Profile

WP Remote Thumbnail Developer Profile

Nirmal Kumar Ram

6 plugins · 31K total installs

trust score

Avg Security Score

93/100

Avg Patch Time

826 days

View full developer profile

Detection Fingerprints

How We Detect WP Remote Thumbnail

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Data Attributes

name="remote_thumb"id="remote_thumb"

FAQ