Does Autoremove Attachments have any unpatched vulnerabilities?

No. All known vulnerabilities in Autoremove Attachments have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Autoremove Attachments compatible with WordPress 6.3.8?

According to WordPress.org data, Autoremove Attachments 1.3.1 has been tested up to WordPress 6.3.8. Check the plugin's changelog for the latest compatibility information.

Is Autoremove Attachments compatible with PHP 7.4+?

Autoremove Attachments requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Autoremove Attachments updated?

Autoremove Attachments was last updated on Aug 12, 2023. Frequent updates are generally a positive security signal.

What is Autoremove Attachments's security score?

Autoremove Attachments has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Autoremove Attachments Security & Risk Analysis

wordpress.org/plugins/autoremove-attachments

Remove child attachments when parent post, page or custom post type is deleted.

3K active installs v1.3.1 PHP 7.4+ WP 5.8+ Updated Aug 12, 2023

attachmentcustom-post-typemediapagepost

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Autoremove Attachments Safe to Use in 2026?

Generally Safe

Score 85/100

Autoremove Attachments has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The "autoremove-attachments" plugin v1.3.1 exhibits a generally good security posture with no known vulnerabilities in its history and a limited attack surface. The static analysis reveals no direct entry points that are unprotected, indicating a conscious effort to implement security checks. The presence of nonce and capability checks, though limited, is a positive sign. However, the code analysis raises significant concerns regarding data handling. The plugin performs SQL queries, and a concerning 100% of these queries are not using prepared statements, posing a high risk of SQL injection vulnerabilities. Furthermore, a substantial portion of output (83%) is not properly escaped, leading to potential Cross-Site Scripting (XSS) vulnerabilities. The absence of taint analysis results is noted, but the identified SQL and output issues are critical enough to warrant immediate attention.

Key Concerns

SQL queries not using prepared statements
High percentage of unescaped output

Vulnerabilities

None known

Autoremove Attachments Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Autoremove Attachments Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared3 total queries

Output Escaping

17% escaped35 total outputs

Attack Surface

Autoremove Attachments Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 10

actionplugins_loadedautoremove-attachments.php:103

actionnetwork_admin_noticesincludes\class-autoremove-attachments-requirements.php:32

actionadmin_noticesincludes\class-autoremove-attachments-requirements.php:33

actionplugins_loadedincludes\class-autoremove-attachments-textdomain.php:31

actionnetwork_admin_noticesincludes\classes\class-autoremove-attachments-admin.php:31

actionadmin_noticesincludes\classes\class-autoremove-attachments-admin.php:32

actionbefore_delete_postincludes\classes\class-autoremove-attachments-admin.php:33

actionadmin_initincludes\classes\class-autoremove-attachments-options.php:30

actionplugins_loadedincludes\classes\class-autoremove-attachments-updates.php:31

actionwpmu_new_blogincludes\classes\class-autoremove-attachments-updates.php:32

Maintenance & Trust

Autoremove Attachments Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8

Last updatedAug 12, 2023

PHP min version7.4

Downloads34K

Community Trust

Rating100/100

Number of ratings15

Active installs3K

Alternatives

Autoremove Attachments Alternatives

Auto Attachments Cleaner

auto-attachments-cleaner

Automatically deletes attachments on post delete

70 No CVEs

All Round Order

all-round-order

Order all items(Pages, Posts, Custom Post Types and attachments) easily with a drag and drop feature

40 No CVEs

Reveal IDs

reveal-ids-for-wp-admin-25

100

What this plugin does is to reveal most removed IDs on admin pages, as it was in versions prior to 2.5.

40K No CVEs

Apollo13 Framework Extensions

apollo13-framework-extensions

Adds custom post types, shortcodes and some features that are used in themes built on Apollo13 Framework.

20K 6 CVEs

No Page Comment

no-page-comment

An admin interface to control the default comment and trackback settings on new posts, pages and custom post types.

10K 2 CVEs

Developer Profile

Autoremove Attachments Developer Profile

Polygon Themes

2 plugins · 4K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Autoremove Attachments

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/autoremove-attachments/assets/css/admin.css/wp-content/plugins/autoremove-attachments/assets/js/admin.js

Script Paths

/wp-content/plugins/autoremove-attachments/assets/js/admin.js

Version Parameters

autoremove-attachments/assets/css/admin.css?ver=autoremove-attachments/assets/js/admin.js?ver=

HTML / DOM Fingerprints

FAQ