WP-Safety

YAY Images Security & Risk Analysis

wordpress.org/plugins/yay-images

Get free, professional images. Our plugin has million of images, a visual search and an editor. Get the perfect image for your post within seconds.

10 active installs v1.1.0 PHP + WP 3.5+ Updated Jan 21, 2016
editorfilterimageimagesposts
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is YAY Images Safe to Use in 2026?

Generally Safe

Score 85/100

YAY Images has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago
Risk Assessment

The 'yay-images' plugin v1.1.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices in its SQL handling, exclusively using prepared statements, and has no recorded vulnerability history, suggesting a generally stable codebase. However, significant concerns arise from its attack surface. The plugin exposes one AJAX handler without any authentication or capability checks, creating a direct and unprotected entry point for potential attackers. Furthermore, a very low percentage (12%) of its output is properly escaped, indicating a high risk of cross-site scripting (XSS) vulnerabilities if any user-controlled data is outputted without sufficient sanitization.

Key Concerns

  • AJAX handler without authentication
  • Low percentage of properly escaped output
Vulnerabilities
None known

YAY Images Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

YAY Images Release Timeline

v1.1.0Current
v1.0.5
v1.0.3
v1.0.2
v1.0.1
v1.0.0
Code Analysis
Analyzed Apr 16, 2026

YAY Images Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
68
9 escaped
Nonce Checks
0
Capability Checks
0
File Operations
2
External Requests
2
Bundled Libraries
0

Output Escaping

12% escaped77 total outputs
Attack Surface
1 unprotected

YAY Images Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_my_actionyayimages.php:230
WordPress Hooks 12
actionadmin_inityayimages.php:66
actionwp_enqueue_scriptsyayimages.php:73
actionadmin_enqueue_scriptsyayimages.php:74
actionmedia_buttonsyayimages.php:75
actionadmin_menuyayimages.php:76
actionadmin_noticesyayimages.php:108
actionprint_media_templatesyayimages.php:182
filterwp_get_attachment_image_attributesyayimages.php:227
filterdelete_post_metadatayayimages.php:228
actioninityayimages.php:244
actionwp_logoutyayimages.php:245
actionwp_loginyayimages.php:246
Maintenance & Trust

YAY Images Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34
Last updatedJan 21, 2016
PHP min version
Downloads4K

Community Trust

Rating100/100
Number of ratings4
Active installs10
Alternatives

YAY Images Alternatives

ThumbPress – Image Management Suite for Performance and Optimization

ThumbPress – Image Management Suite for Performance and Optimization

image-sizes

A
100

Disable Thumbnails, Regenerate Thumbnails, Compress Images, Convert to WebP, Find Unused and Large Images, Edit Images, and more with ThumbPress.

30K No CVEs
Newpost Catch

Newpost Catch

newpost-catch

A
91

Thumbnails in new articles setting widget.

10K 1 CVE
Superb Recent Posts With Thumbnail Images

Superb Recent Posts With Thumbnail Images

superb-recent-posts-with-thumbnail-images

A
100

Responsive Recent Posts Widget With Images for WordPress. Lightweight & SEO Optimized Code. Free.

7K No CVEs
Thumbnail Upscale

Thumbnail Upscale

thumbnail-upscale

A
85

Enables upscaling of thumbnails for small media attachments

4K No CVEs
WP Image Borders

WP Image Borders

wp-image-borders

A
85

WP Image Borders makes it easy to add decorative image borders to pictures in your blog posts.

2K No CVEs
Developer Profile

YAY Images Developer Profile

Bjorn Sjogren

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect YAY Images

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/yay-images/css/yayimages.css/wp-content/plugins/yay-images/js/css.js/wp-content/plugins/yay-images/js/sprintf.js/wp-content/plugins/yay-images/js/yayimages-views.js/wp-content/plugins/yay-images/js/aviary.js/wp-content/plugins/yay-images/css/options.css/wp-content/plugins/yay-images/js/options.js
Script Paths
/wp-content/plugins/yay-images/js/css.js/wp-content/plugins/yay-images/js/sprintf.js/wp-content/plugins/yay-images/js/yayimages-views.js/wp-content/plugins/yay-images/js/aviary.js/wp-content/plugins/yay-images/js/options.js

HTML / DOM Fingerprints

CSS Classes
yay-media-buttons-icon
Data Attributes
id="insert-yayimages-button"class="button yayimages add_media"
JS Globals
window.yayimages_optionswindow.yayimages_user_options
FAQ

Frequently Asked Questions about YAY Images