WP-Safety

AMW Clear Upload Folder Security & Risk Analysis

wordpress.org/plugins/amw-clear-upload-folder

Removes unused files from the 'uploads' folder

10 active installs v1.1.5 PHP 5.5+ WP 4.4.2+ Updated Unknown
clear-uploadsimagesmediaunused-imagesuploads
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is AMW Clear Upload Folder Safe to Use in 2026?

Generally Safe

Score 100/100

AMW Clear Upload Folder has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The "amw-clear-upload-folder" v1.1.5 plugin exhibits a concerning security posture primarily due to its extensive unprotected attack surface and lack of basic security checks. All 12 identified AJAX handlers are exposed without any authentication or capability checks, making them prime targets for unauthorized actions. Furthermore, the presence of the dangerous `unserialize` function, coupled with two high-severity taint flows involving unsanitized paths, indicates a significant risk of arbitrary code execution or data manipulation if malicious data can be injected into these flows.

The plugin also shows a complete absence of nonce checks and capability checks, which are fundamental WordPress security mechanisms. While there is no documented vulnerability history, this is likely due to the plugin not being widely used or analyzed, rather than a sign of inherent security. The poor output escaping (0% properly escaped) further exacerbates the risk, potentially leading to Cross-Site Scripting (XSS) vulnerabilities.

In conclusion, despite having no known CVEs, the plugin's code analysis reveals critical weaknesses. The unprotected AJAX endpoints, dangerous function usage, and unsanitized data flows represent a substantial security risk. Addressing these fundamental security oversights is paramount to mitigating potential exploitation.

Key Concerns

  • All AJAX handlers lack authentication
  • Dangerous function 'unserialize' used
  • 2 high severity taint flows with unsanitized paths
  • No nonce checks found
  • No capability checks found
  • 0% of outputs properly escaped
  • SQL queries lack prepared statements (71%)
  • File operations present without clear sanitization context
Vulnerabilities
None known

AMW Clear Upload Folder Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

AMW Clear Upload Folder Code Analysis

Dangerous Functions
5
Raw SQL Queries
12
5 prepared
Unescaped Output
12
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
3
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$extArr = unserialize($extArr[0]['settings_value']);includes\AMVCUFClass.php:143
unserialize$extArr = unserialize($extArr[0]['settings_value']);includes\AMVCUFClass.php:217
unserialize$tempExtArr = unserialize($settingsArr[0]['settings_value']);includes\AMVCUFSettingsClass.php:58
unserialize$extensionsArrVal = unserialize($extensionsArr[0]['settings_value']);views\settings-admin.php:39
unserialize$serachedExtensionsArrVal = unserialize($serachedExtensionsArr[0]['settings_value']);views\settings-admin.php:42

SQL Query Safety

29% prepared17 total queries

Output Escaping

0% escaped12 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
AMVCUFAddIgnoredFolder (includes\ajaxFunctions.php:3)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
12 unprotected

AMW Clear Upload Folder Attack Surface

Entry Points12
Unprotected12

AJAX Handlers 12

authwp_ajax_add_ignored_folderincludes\functions.php:51
noprivwp_ajax_add_ignored_folderincludes\functions.php:52
authwp_ajax_remove_ignored_folderincludes\functions.php:54
noprivwp_ajax_remove_ignored_folderincludes\functions.php:55
authwp_ajax_render_images_markupincludes\functions.php:57
noprivwp_ajax_render_images_markupincludes\functions.php:58
authwp_ajax_run_cleanerincludes\functions.php:60
noprivwp_ajax_run_cleanerincludes\functions.php:61
authwp_ajax_update_thumbsincludes\functions.php:63
noprivwp_ajax_update_thumbsincludes\functions.php:64
authwp_ajax_update_extensionsincludes\functions.php:66
noprivwp_ajax_update_extensionsincludes\functions.php:67
WordPress Hooks 5
actioninitamw-clear-upload-folder.php:65
actionadmin_noticesamw-clear-upload-folder.php:66
actionadmin_menuincludes\functions.php:6
filterplugin_action_linksincludes\functions.php:29
actionadmin_enqueue_scriptsincludes\functions.php:34
Maintenance & Trust

AMW Clear Upload Folder Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28
Last updatedUnknown
PHP min version5.5
Downloads2K

Community Trust

Rating100/100
Number of ratings3
Active installs10
Alternatives

AMW Clear Upload Folder Alternatives

Pro Uploads Cleaner

Pro Uploads Cleaner

pro-uploads-cleaner

A
100

Scan and clean unused images from your WordPress uploads folder safely.

0 No CVEs
Disable Media Sizes

Disable Media Sizes

disable-media-sizes

A
100

Provides options to disable the extra images generated by WordPress.

10K No CVEs
WP Image Size Limit

WP Image Size Limit

wp-image-size-limit

A
85

Adds a new setting under Settings -> Media where an admin can set a maximum upload file size for image files.

3K No CVEs
PixRem – Unused Image Cleaner

PixRem – Unused Image Cleaner

pixrem

A
100

Find and delete unused images in your Media Library. Backup, restore, whitelist, and scan support for all major page builders.

20 No CVEs
Assetbroom – Unused Media & Duplicate Image Cleaner

Assetbroom – Unused Media & Duplicate Image Cleaner

assetbroom-media-cleaner

A
100

Detect unused images, duplicate media files, and safely clean your WordPress media library without breaking your website.

0 No CVEs
Developer Profile

AMW Clear Upload Folder Developer Profile

alim511

1 plugin · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect AMW Clear Upload Folder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/amw-clear-upload-folder/assets/css/bootstrap-responsive.css/wp-content/plugins/amw-clear-upload-folder/assets/css/bootstrap.css/wp-content/plugins/amw-clear-upload-folder/assets/css/amw-style.css/wp-content/plugins/amw-clear-upload-folder/assets/js/bootstrap.js/wp-content/plugins/amw-clear-upload-folder/assets/js/sweetalert.min.js/wp-content/plugins/amw-clear-upload-folder/assets/js/amw-admin.js/wp-content/plugins/amw-clear-upload-folder/assets/js/amw-settings.js
Script Paths
/wp-content/plugins/amw-clear-upload-folder/assets/js/bootstrap.js/wp-content/plugins/amw-clear-upload-folder/assets/js/sweetalert.min.js/wp-content/plugins/amw-clear-upload-folder/assets/js/amw-admin.js/wp-content/plugins/amw-clear-upload-folder/assets/js/amw-settings.js
Version Parameters
amw-clear-upload-folder/assets/js/bootstrap.js?ver=amw-clear-upload-folder/assets/js/sweetalert.min.js?ver=amw-clear-upload-folder/assets/js/amw-admin.js?ver=amw-clear-upload-folder/assets/js/amw-settings.js?ver=amw-clear-upload-folder/assets/css/bootstrap.css?ver=amw-clear-upload-folder/assets/css/bootstrap-responsive.css?ver=amw-clear-upload-folder/assets/css/amw-style.css?ver=

HTML / DOM Fingerprints

CSS Classes
amw-clear-upload-folder-wrap
HTML Comments
<!-- Clear Upload Folder --><!-- AMW CUF -->
Data Attributes
data-amw-cuf-actiondata-amw-cuf-nonce
JS Globals
amw_cuf_admin_obj
FAQ

Frequently Asked Questions about AMW Clear Upload Folder