Does WP Thumbnail Column have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Thumbnail Column have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Thumbnail Column compatible with WordPress 3.4.2?

According to WordPress.org data, WP Thumbnail Column 1.0.0 has been tested up to WordPress 3.4.2. Check the plugin's changelog for the latest compatibility information.

How often is WP Thumbnail Column updated?

WP Thumbnail Column was last updated on Sep 16, 2012. Frequent updates are generally a positive security signal.

What is WP Thumbnail Column's security score?

WP Thumbnail Column has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Thumbnail Column Security & Risk Analysis

wordpress.org/plugins/wp-thumbnail-column

This plugin adds column with thumbnails for selected post types

20 active installs v1.0.0 PHP + WP 3.0+ Updated Sep 16, 2012

columnfeatured-imagethumbnail

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Thumbnail Column Safe to Use in 2026?

Generally Safe

Score 85/100

WP Thumbnail Column has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago

Risk Assessment

The wp-thumbnail-column v1.0.0 plugin exhibits a seemingly strong security posture based on the provided static analysis. The absence of identified AJAX handlers, REST API routes, shortcodes, and cron events with unprotected entry points suggests a limited attack surface. Furthermore, the code signals indicate no dangerous functions, all SQL queries utilize prepared statements, and there are no file operations or external HTTP requests, which are all positive security indicators. The lack of any recorded vulnerabilities, CVEs, or historical issues further reinforces this impression of a well-maintained and secure plugin. However, the significantly low percentage of properly escaped outputs (33%) is a notable concern. While the plugin may not have direct vulnerabilities exploitable through its current entry points, improperly escaped output can still lead to Cross-Site Scripting (XSS) vulnerabilities if data is ever introduced through other means or if the plugin's functionality is extended in the future without proper attention to output sanitization. The absence of nonce checks and capability checks also means that if any new entry points were to be introduced, they would lack fundamental security protections.

Key Concerns

Low output escaping rate
No nonce checks
No capability checks

Vulnerabilities

None known

WP Thumbnail Column Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Thumbnail Column Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

33% escaped6 total outputs

Attack Surface

WP Thumbnail Column Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionadmin_headinclude\CustomColumns.php:26

actioninitwp-thumbnail-column.php:20

actionadmin_initwp-thumbnail-column.php:47

actionadmin_menuwp-thumbnail-column.php:48

Maintenance & Trust

WP Thumbnail Column Maintenance & Trust

Maintenance Signals

WordPress version tested3.4.2

Last updatedSep 16, 2012

PHP min version

Downloads2K

Community Trust

Rating100/100

Number of ratings1

Active installs20

Alternatives

WP Thumbnail Column Alternatives

Auto Featured Image (Auto Post Thumbnail)

auto-post-thumbnail

Automatically generate, assign, and manage featured images in bulk so every post on your site has a featured image.

50K 6 CVEs

Quick Featured Images

quick-featured-images

The time-saving solution for managing tons of featured images within minutes: Set, replace and delete in bulk and set default images for future posts.

50K 3 CVEs