PLUGIN SECURITY
Is Image Widget safe?
Known vulnerabilities, PHP compatibility and safer alternatives for the Image Widget WordPress plugin — checked against WP Clinic's local security database.
Plugin details
- Slug:
image-widget - Max supported PHP (analyzed): 8.4
Known vulnerabilities
- Image Widget [image-widget] < 4.4.11 [CVE-2024-10939, WordPress Image Widget Plugin < 4.4.11 is vulnerable to Cross Site Scripting (XSS), Image Widget <= 4.4.10 - Authenticated (Admin+) Stored Cross-Site Scripting]
- Image Widget [image-widget] < 4.4.12 [CVE-2026-42643, Image Widget <= 4.4.11 - Authenticated (Author+) Stored Cross-Site Scripting]
Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.
Safer / more established alternatives
- CookieAdmin – Cookie Consent Banner — 400000+ active installs — max PHP 8.4
- Simple Banner – Easily add multiple Banners/Bars/Notifications/Announcements to the top or bottom of your website — 50000+ active installs — max PHP 8.4
- AdRotate Banner Manager — 20000+ active installs — max PHP 8.4
- Quads Ads Manager for Google AdSense — 20000+ active installs
- Meks Easy Ads Widget — 10000+ active installs
Check your own WordPress site
Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.