Does WP SmartCrop have any unpatched vulnerabilities?

No. All known vulnerabilities in WP SmartCrop have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP SmartCrop compatible with WordPress 6.4.8?

According to WordPress.org data, WP SmartCrop 2.0.10 has been tested up to WordPress 6.4.8. Check the plugin's changelog for the latest compatibility information.

How often is WP SmartCrop updated?

WP SmartCrop was last updated on Sep 13, 2024. Frequent updates are generally a positive security signal.

What is WP SmartCrop's security score?

WP SmartCrop has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP SmartCrop Security & Risk Analysis

wordpress.org/plugins/wp-smartcrop

WP SmartCrop will crop your images on-the-fly to match your CSS, keeping the main focal point in view.

4K active installs v2.0.10 PHP + WP 3.5.0+ Updated Sep 13, 2024

aspect-ratiocropcroppingimageresize

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is WP SmartCrop Safe to Use in 2026?

Generally Safe

Score 92/100

WP SmartCrop has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The wp-smartcrop plugin v2.0.10 exhibits a generally good security posture based on the provided static analysis. The absence of any AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points is a significant strength, indicating a limited attack surface. Furthermore, the exclusive use of prepared statements for all SQL queries is excellent practice, mitigating the risk of SQL injection vulnerabilities.

However, there are areas for improvement. The relatively low percentage (30%) of properly escaped outputs from the 20 identified output points is a concern. This could potentially lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not consistently and correctly sanitized before being displayed. The lack of any detected taint flows or dangerous functions is positive, but it doesn't entirely negate the risk associated with unescaped output.

The plugin's vulnerability history is clean, with zero recorded CVEs. This suggests a well-maintained codebase or a lack of past significant security issues. While this is a strong indicator of current security, it's important to remember that this is based on historical data, and new vulnerabilities can emerge. Overall, the plugin is strong in its handling of core web security principles like SQL injection and attack surface management, but the output escaping needs to be a priority for enhanced security.

Key Concerns

Low percentage of properly escaped output

Vulnerabilities

None known

WP SmartCrop Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP SmartCrop Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

30% escaped20 total outputs

Attack Surface

WP SmartCrop Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 14

actionadmin_menuwp-smartcrop.php:44

actionadmin_initwp-smartcrop.php:45

filterwp_handle_uploadwp-smartcrop.php:48

actionadd_attachmentwp-smartcrop.php:49

actionedit_attachmentwp-smartcrop.php:50

actionwp_enqueue_mediawp-smartcrop.php:53

filterattachment_fields_to_editwp-smartcrop.php:54

filterget_attached_filewp-smartcrop.php:57

filterupdate_attached_filewp-smartcrop.php:58

filterimage_resize_dimensionswp-smartcrop.php:59

filterwp_generate_attachment_metadatawp-smartcrop.php:60

actionwp_enqueue_scriptswp-smartcrop.php:63

filterwp_get_attachment_image_attributeswp-smartcrop.php:64

filterthe_contentwp-smartcrop.php:65

Maintenance & Trust

WP SmartCrop Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8

Last updatedSep 13, 2024

PHP min version

Downloads124K

Community Trust

Rating74/100

Number of ratings9

Active installs4K

Alternatives

WP SmartCrop Alternatives

Manual Image Crop

manual-image-crop

100

Plugin allows you to manually crop all the image sizes registered in your WordPress theme (in particular featured image).

8K 1 CVE

WPThumb

wp-thumb

An on-demand image generation replacement for WordPress' image resizing.

900 1 unpatched

WP Image Cropper

wp-image-cropper

WP Image Cropper is a smart image cropping plugin that seamlessly integrates with the WordPress image functions.

90 No CVEs

Crop and Resize Images

crop-and-resize-images

Crop and Resize Images Plugin allows you to easily modify WordPress uploaded images.

80 No CVEs

JResizr

jresizr

Resize with no crop and fill background color of the rest area

60 No CVEs

Developer Profile

WP SmartCrop Developer Profile

Bytes.co

4 plugins · 5K total installs

trust score

Avg Security Score

81/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP SmartCrop

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-smartcrop/style.css/wp-content/plugins/wp-smartcrop/wp-smartcrop.js

Script Paths

/wp-content/plugins/wp-smartcrop/wp-smartcrop.js

Version Parameters

wp-smartcrop/style.css?ver=wp-smartcrop.js?ver=

HTML / DOM Fingerprints

HTML Comments

FAQ