Does YD Recent Images have any unpatched vulnerabilities?

No. All known vulnerabilities in YD Recent Images have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is YD Recent Images compatible with WordPress 3.0.5?

According to WordPress.org data, YD Recent Images 0.2.1 has been tested up to WordPress 3.0.5. Check the plugin's changelog for the latest compatibility information.

How often is YD Recent Images updated?

YD Recent Images was last updated on Oct 11, 2011. Frequent updates are generally a positive security signal.

What is YD Recent Images's security score?

YD Recent Images has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

YD Recent Images Security & Risk Analysis

wordpress.org/plugins/yd-recent-images

Recent images in a Widget

10 active installs v0.2.1 PHP + WP 2.8+ Updated Oct 11, 2011

automaticenglishimagepostposts

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is YD Recent Images Safe to Use in 2026?

Generally Safe

Score 85/100

YD Recent Images has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago

Risk Assessment

The "yd-recent-images" plugin v0.2.1 exhibits a generally good security posture with no known vulnerabilities and a small attack surface. The code analysis indicates a conscientious effort towards security, with 100% of SQL queries utilizing prepared statements and the presence of nonce and capability checks. The absence of file operations and external HTTP requests further reduces potential attack vectors.

However, there are notable areas for improvement. The low percentage of properly escaped output (5%) suggests a significant risk of Cross-Site Scripting (XSS) vulnerabilities. While taint analysis did not reveal critical or high severity unsanitized paths, the presence of one flow with an unsanitized path, even if of lower severity, warrants attention. The plugin's limited vulnerability history might indicate it hasn't been a target or extensively scrutinized, rather than an assurance of perfect security.

In conclusion, while the plugin demonstrates a strong foundation in preventing common web vulnerabilities like SQL injection and unauthorized access, the high rate of unescaped output represents a tangible and potentially exploitable risk. Addressing the output escaping concerns should be a priority to enhance its overall security.

Key Concerns

Low percentage of properly escaped output
Flows with unsanitized paths

Vulnerabilities

None known

YD Recent Images Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

YD Recent Images Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

5% escaped62 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

form_footer (inc\yd-widget-framework.inc.php:534)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

YD Recent Images Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

actionadmin_menuinc\yd-widget-framework.inc.php:84

actionwidgets_initinc\yd-widget-framework.inc.php:85

actionwp_print_stylesinc\yd-widget-framework.inc.php:87

actionplugins_loadedinc\yd-widget-framework.inc.php:88

actionwp_footerinc\yd-widget-framework.inc.php:89

Scheduled Events 2

yd_hourly_event

yd_daily_event

Maintenance & Trust

YD Recent Images Maintenance & Trust

Maintenance Signals

WordPress version tested3.0.5

Last updatedOct 11, 2011

PHP min version

Downloads10K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

YD Recent Images Alternatives

YD FeedWordPress Content Filter

yd-feedwordpress-content-filter

This plugin is an add-on to the FeedWordPress RSS content syndication plugin.

10 No CVEs

Chip Get Image

chip-get-image

A flexible image script for adding thumbnails and feature images to the post.

10 No CVEs

Gif Controller

gif-controller

100

The GIF Controller is a simple and lightweight plugin for playing and stopping the GIF images.

0 No CVEs

Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories

post-expirator

PublishPress Future can make scheduled changes to your content. You can unpublish posts, move posts to a new status, update the categories, and more.

100K 5 CVEs

YD Recent Images Developer Profile

Yann at WP&Co

14 plugins · 180 total installs

trust score

Avg Security Score

88/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect YD Recent Images

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/yd-recent-images/css/yd_recent-images.css

Version Parameters

yd-recent-images/css/yd_recent-images.css?ver=

HTML / DOM Fingerprints

CSS Classes

yd_riyd_rii

Data Attributes

data-yd_widget_id

FAQ