WP-Safety

WPFlickr Security & Risk Analysis

wordpress.org/plugins/wpflickr

Handles uploading, modifying images on Flickr, and insertion into posts.

10 active installs v1.1.0 PHP + WP 2.8+ Updated May 30, 2012
adminajaxflickrimagespost
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WPFlickr Safe to Use in 2026?

Generally Safe

Score 85/100

WPFlickr has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago
Risk Assessment

The wpflickr plugin v1.1.0 presents a mixed security posture. On the positive side, it has a very small attack surface with no unprotected entry points and no known past vulnerabilities, indicating a history of responsible development or minimal exposure. However, the static analysis reveals significant concerns. The presence of a `create_function` call is a notable risk, as this is a deprecated and potentially insecure PHP function. Furthermore, a high percentage of output is not properly escaped, leaving the plugin susceptible to cross-site scripting (XSS) vulnerabilities if user-supplied data is ever rendered directly. The taint analysis shows a concerning number of flows with unsanitized paths, which could lead to various injection vulnerabilities if not handled carefully. While there are no explicit critical or high severity findings in the taint analysis or CVE history, these underlying code quality issues represent potential risks that could be exploited.

Key Concerns

  • Use of deprecated and unsafe create_function
  • High percentage of unescaped output
  • Flows with unsanitized paths in taint analysis
  • No capability checks on entry points
Vulnerabilities
None known

WPFlickr Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

WPFlickr Code Analysis

Dangerous Functions
1
Raw SQL Queries
1
3 prepared
Unescaped Output
27
1 escaped
Nonce Checks
2
Capability Checks
0
File Operations
2
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

create_function$buildSize = create_function('$id,$desc', 'return array("id"=>$id,"label"=>$desc);');FlickrPanel.php:326

SQL Query Safety

75% prepared4 total queries

Output Escaping

4% escaped28 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths
func_SaveInfo (FlickrPanel.php:401)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WPFlickr Attack Surface

Entry Points2
Unprotected0

Shortcodes 2

[flickr] index.php:184
[flickrset] index.php:185
WordPress Hooks 30
actioninitFlickrAdmin.php:9
actionadmin_menuFlickrAdmin.php:15
actioninitFlickrPanel.php:15
actionmedia_buttonsFlickrPanel.php:21
actionmedia_upload_flickrFlickrPanel.php:22
actionmedia_upload_flickr_publicFlickrPanel.php:23
actionmedia_upload_flickr_uploadFlickrPanel.php:24
actionmedia_upload_flickr_setsFlickrPanel.php:25
actionadmin_print_styles-media-upload-popupFlickrPanel.php:27
actionadmin_print_scripts-media-upload-popupFlickrPanel.php:28
filterwp_handle_uploadFlickrPanel.php:30
filtermedia_upload_tabsFlickrPanel.php:106
filtermedia_upload_form_urlFlickrPanel.php:162
actioninitindex.php:52
filterplugin_row_metaindex.php:55
actioninitindex.php:191
actionwp_headindex.php:192
actionplugins_loadedOverlayLoader.php:18
actioninitOverlayLoader.php:27
actionwp_headOverlayLoader.php:28
actioninitoverlays\GalleriaOverlay.php:12
actioninitoverlays\HighslideOverlay.php:12
actionwp_headoverlays\HighslideOverlay.php:13
actioninitoverlays\LightboxOverlay.php:11
actioninitoverlays\ThickboxOverlay.php:11
actionwp_print_scriptsoverlays\WordpressOverlay.php:13
filterquery_varsoverlays\WordpressOverlay.php:14
actionparse_requestoverlays\WordpressOverlay.php:15
actiontemplate_redirectoverlays\WordpressOverlay.php:27
filterwp_titleoverlays\WordpressOverlay.php:42
Maintenance & Trust

WPFlickr Maintenance & Trust

Maintenance Signals

WordPress version tested3.3.2
Last updatedMay 30, 2012
PHP min version
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

WPFlickr Alternatives

Easy Thumbnail Switcher

Easy Thumbnail Switcher

easy-thumbnail-switcher

A
85

A simple plugin which adds ability to add/modify/remove featured image just from "All Posts" page on your dashboard.

100 No CVEs
SEO Friendly Images

SEO Friendly Images

seo-image

A
85

SEO Friendly Images automatically adds alt and title attributes to all your images improving traffic from search engines.

20K 1 CVE
Require Featured Image

Require Featured Image

require-featured-image

A
85

Requires content you specify to have a featured image set before they can be published.

4K No CVEs
Custom Header Extended

Custom Header Extended

custom-header-extended

A
85

Allows users to create a custom header on a per-post basis.

1K No CVEs
Custom Background Extended

Custom Background Extended

custom-background-extended

A
85

Allows users to create a custom background on a per-post basis.

900 No CVEs
Developer Profile

WPFlickr Developer Profile

Carey Zhou

2 plugins · 20 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WPFlickr

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wpflickr/css/wfm.css/wp-content/plugins/wpflickr/js/jquery.share.js/wp-content/plugins/wpflickr/js/wfm-share.js/wp-content/plugins/wpflickr/js/jquery.easing.js/wp-content/plugins/wpflickr/js/jquery.lightbox-0.5.js
Script Paths
wpflickr/js/wfm-share.jswpflickr/js/jquery.lightbox-0.5.js
Version Parameters
wpflickr/css/wfm.css?ver=wpflickr/js/jquery.share.js?ver=wpflickr/js/wfm-share.js?ver=wpflickr/js/jquery.easing.js?ver=wpflickr/js/jquery.lightbox-0.5.js?ver=

HTML / DOM Fingerprints

CSS Classes
wfm-sharing
Data Attributes
data-sharing-enabled
JS Globals
WFM_ShareServices
FAQ

Frequently Asked Questions about WPFlickr