Does Auto Files have any unpatched vulnerabilities?

No. All known vulnerabilities in Auto Files have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Auto Files compatible with WordPress 4.1.42?

According to WordPress.org data, Auto Files 0.8 has been tested up to WordPress 4.1.42. Check the plugin's changelog for the latest compatibility information.

How often is Auto Files updated?

Auto Files was last updated on Jan 31, 2015. Frequent updates are generally a positive security signal.

What is Auto Files's security score?

Auto Files has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Auto Files Security & Risk Analysis

wordpress.org/plugins/auto-files

Auto Files is a minified version of Auto Attachments. This Plugin show you attached files in your the_content(). Supported file types are doc, docx, x …

50 active installs v0.8 PHP + WP 3.6+ Updated Jan 31, 2015

attachmentattachmentsrartarzip

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Auto Files Safe to Use in 2026?

Generally Safe

Score 85/100

Auto Files has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The static analysis of the "auto-files" plugin v0.8 reveals a generally strong security posture, with no critical or high-severity issues identified in taint analysis and zero known vulnerabilities. The plugin demonstrates good practices by utilizing prepared statements for all SQL queries and including nonce and capability checks.

However, a significant concern arises from the output escaping, where 100% of the four identified outputs are not properly escaped. This presents a risk of Cross-Site Scripting (XSS) vulnerabilities if the data being output is user-controlled or sourced from external inputs that are not sufficiently sanitized before being displayed. While the attack surface appears minimal with no AJAX, REST API routes, shortcodes, or cron events, the lack of output escaping on any rendered content still poses a potential threat.

In conclusion, "auto-files" v0.8 shows promise with its adherence to secure coding practices like prepared statements and authorization checks. The absence of a vulnerability history is also a positive indicator. The primary weakness lies in the complete lack of output escaping, which requires immediate attention to mitigate potential XSS risks. Addressing this output escaping issue would significantly improve the plugin's overall security.

Key Concerns

0% of outputs properly escaped

Vulnerabilities

None known

Auto Files Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Auto Files Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped4 total outputs

Attack Surface

Auto Files Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actioninitautofiles.php:26

filterthe_contentautofiles.php:79

actionadd_meta_boxesmetaboxes.php:11

actionsave_postmetaboxes.php:12

Maintenance & Trust

Auto Files Maintenance & Trust

Maintenance Signals

WordPress version tested4.1.42

Last updatedJan 31, 2015

PHP min version

Downloads6K

Community Trust

Rating100/100

Number of ratings1

Active installs50

Alternatives

Auto Files Alternatives

Document Gallery

document-gallery

100

This plugin generates thumbnails for documents and displays them in a gallery-like format for easy sharing.

9K No CVEs

Fix Media Library

wow-media-library-fix

Fix Media Library inconsistency between database and wp-content/uploads folder contents. Unused image files, broken media library entries, missing att …

2K 1 unpatched

F4 Media Taxonomies

f4-media-taxonomies

Add filters and bulk actions for attachment categories, tags and custom taxonomies.

1K 1 CVE

Upgrade for Unattach and Re-attach Media Attachments

upgrade-for-unattach-re-attach-media-attachments

Allows to unattach and reattach images and other attachments from within the media library page.

300 No CVEs

VA Removing Exif

va-removing-exif

Automatically remove all Exif data from the new JPEG images when uploading.

300 No CVEs

Developer Profile

Auto Files Developer Profile

Serkan Algur

6 plugins · 610 total installs

trust score

Avg Security Score

88/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Auto Files

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/auto-files/autofiles.css

HTML / DOM Fingerprints

CSS Classes

filessectiongroupcolspan_1_of_6fileinsfl-application-pdfsfl-application-rar+20 more

Data Attributes

id="aa_post_meta"name="aa_post_meta"id="aa_post_meta"name="aa_post_meta"name="aa_meta_nonce"name="post_type"

FAQ