WP Clinic
Log in Sign up

PLUGIN SECURITY

Is Image Widget safe?

Known vulnerabilities, PHP compatibility and safer alternatives for the Image Widget WordPress plugin — checked against WP Clinic's local security database.

Plugin details

  • Slug: image-widget
  • Max supported PHP (analyzed): 8.4

Known vulnerabilities

  • Image Widget [image-widget] < 4.4.11 [CVE-2024-10939, WordPress Image Widget Plugin < 4.4.11 is vulnerable to Cross Site Scripting (XSS), Image Widget <= 4.4.10 - Authenticated (Admin+) Stored Cross-Site Scripting]
  • Image Widget [image-widget] < 4.4.12 [CVE-2026-42643, Image Widget <= 4.4.11 - Authenticated (Author+) Stored Cross-Site Scripting]

Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.

Safer / more established alternatives

Check your own WordPress site

Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.