Add featured images to any part of your WordPress website with ease. Provides shortcodes, widgets, and PHP functions for maximum flexibility.
CRITICAL: Version 2.2 fixes a Stored Cross-Site Scripting (XSS) vulnerability (CVE-2025-12019). Please update immediately.
- ✅ Easy Implementation - Simple shortcode and widget
- ✅ Flexible Display - Use inside or outside the loop
- ✅ Featured Image Caption - Display image captions
- ✅ Alt Text Support - SEO-friendly with proper alt attributes
- ✅ Secure - Properly escaped output to prevent XSS
- ✅ WordPress Standards - Follows WordPress coding standards
- Go to Plugins → Add New
- Search for "Featured Image"
- Click Install Now and then Activate
- Download the plugin zip file
- Extract the contents
- Upload the
featured-imagefolder to/wp-content/plugins/ - Activate the plugin through the Plugins menu in WordPress
Display featured image in posts/pages:
[featured-img]
Display featured image caption:
[featured-img-caption]
Use inside the loop in your theme:
<?php if ( function_exists('get_featured_img') ) get_featured_img(); ?>For caption:
<?php if ( function_exists('get_featured_img_caption') ) get_featured_img_caption(); ?>- Go to Appearance → Widgets
- Find "Featured Image" widget
- Drag it to your desired widget area
- Configure and save
Security Fixes:
- Fixed Stored Cross-Site Scripting (XSS) vulnerability in image metadata (CVE-2025-12019)
- Added
esc_url()for image URLs - Added
esc_attr()for alt text attributes - Added
wp_kses_post()for caption sanitization
Bug Fixes:
- Fixed missing
global $postdeclaration ingetting_featured_img_caption() - Improved error handling to prevent PHP warnings
Improvements:
- Code refactored to use
sprintf()for better readability - Enhanced WordPress coding standards compliance
- Better null checks and validation
- Fixed global $post issue
- Added Featured Image Caption
- Added Alt Text for images
- Fixed various bugs
- Initial release
This plugin follows WordPress security best practices:
- ✅ All output is properly escaped
- ✅ Input is sanitized before use
- ✅ No SQL injection vulnerabilities
- ✅ No XSS vulnerabilities
- ✅ Follows WordPress coding standards
If you discover a security vulnerability, please email security@mer.vin
- WordPress 3.0 or higher
- PHP 5.6 or higher (7.4+ recommended)
- WordPress.org Support: Plugin Support Forum
- Documentation: Plugin Documentation
- Bug Reports: GitHub Issues
Contributions are welcome! Please feel free to submit a Pull Request.
- Fork the repository
- Create your feature branch (
git checkout -b feature/AmazingFeature) - Commit your changes (
git commit -m 'Add some AmazingFeature') - Push to the branch (
git push origin feature/AmazingFeature) - Open a Pull Request
This plugin is licensed under the GPL v2 or later.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
Mervin Praison
- Website: mer.vin
- Plugin URI: WordPress Featured Image
- Security vulnerability discovered by: ZAST.AI
- Reported by: Wordfence
⭐ If you find this plugin useful, please consider leaving a review on WordPress.org!