WP-Safety

BFG Tools – Extension Zipper Security & Risk Analysis

wordpress.org/plugins/bfg-tools-extension-zipper

A clean, reliable way to package any installed plugin into a ZIP file directly inside WP-Admin.

0 active installs v1.0.8 PHP 7.4+ WP 6.0+ Updated Unknown
99
A · Safe
CVEs total1
Unpatched0
Last CVEFeb 13, 2026
Download
Safety Verdict

Is BFG Tools – Extension Zipper Safe to Use in 2026?

Generally Safe

Score 99/100

BFG Tools – Extension Zipper has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Feb 13, 2026
Risk Assessment
Assessment pending
Vulnerabilities
1

BFG Tools – Extension Zipper Security Vulnerabilities

CVEs by Year

1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-13681medium · 4.9Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BFG Tools – Extension Zipper <= 1.0.7 - Authenticated (Administrator+) Path Traversal via 'first_file' Parameter

Feb 13, 2026 Patched in 1.0.8 (1d)
Code Analysis
Analyzed Mar 17, 2026

BFG Tools – Extension Zipper Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
6
38 escaped
Nonce Checks
1
Capability Checks
4
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

86% escaped44 total outputs
Attack Surface

BFG Tools – Extension Zipper Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 4
actionadmin_menubfg-tools-extension-zipper.php:116
actionadmin_menubfg-tools-extension-zipper.php:131
actionadmin_post_bfgtoexz_zipbfg-tools-extension-zipper.php:132
actionadmin_noticesbfg-tools-extension-zipper.php:134
Maintenance & Trust

BFG Tools – Extension Zipper Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedUnknown
PHP min version7.4
Downloads189

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

BFG Tools – Extension Zipper Alternatives

No alternatives data available yet.

Developer Profile

BFG Tools – Extension Zipper Developer Profile

Joby Franczek

2 plugins · 0 total installs

100
trust score
Avg Security Score
100/100
Avg Patch Time
1 days
View full developer profile
Detection Fingerprints

How We Detect BFG Tools – Extension Zipper

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bfg-tools-extension-zipper/css/style.css/wp-content/plugins/bfg-tools-extension-zipper/js/script.js
Script Paths
/wp-content/plugins/bfg-tools-extension-zipper/js/script.js
Version Parameters
bfg-tools-extension-zipper/css/style.css?ver=bfg-tools-extension-zipper/js/script.js?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- A unique, prefixed hub slug for this plugin’s top-level menu --><!-- Top-level “BFG Tools” hub (guarded + prefixed) --><!-- Extension Zipper (prefixed, i18n fixed, safer paths) --><!-- Canonical constants (reviewer request: determine locations via helpers) -->
Data Attributes
data-nonce="bfgtoexz_nonce"
JS Globals
BFGTOEXZ_HUB_SLUGbfgtoexz_tools_register_menubfgtoexz_tools_render_hubBFGTOEXZ_Extension_Zipper
FAQ

Frequently Asked Questions about BFG Tools – Extension Zipper