Does Blue Storage have any unpatched vulnerabilities?

No. All known vulnerabilities in Blue Storage have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Blue Storage compatible with WordPress 4.4.34?

According to WordPress.org data, Blue Storage 1.2.0 has been tested up to WordPress 4.4.34. Check the plugin's changelog for the latest compatibility information.

How often is Blue Storage updated?

Blue Storage was last updated on Apr 2, 2016. Frequent updates are generally a positive security signal.

What is Blue Storage's security score?

Blue Storage has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Blue Storage Security & Risk Analysis

wordpress.org/plugins/blue-storage

Blue Storage for Microsoft Azure allows you to use Azure Storage to host files for your WordPress powered blog.

10 active installs v1.2.0 PHP + WP 2.8.0+ Updated Apr 2, 2016

azureazure-storagemedia-filesmicrosoftmicrosoft-azure

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Blue Storage Safe to Use in 2026?

Generally Safe

Score 85/100

Blue Storage has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The "blue-storage" plugin v1.2.0 presents a mixed security posture. While it has a seemingly small attack surface with no publicly known vulnerabilities, the static analysis reveals several concerning code signals. The presence of dangerous functions like `unserialize` and `assert`, coupled with a significant number of unsanitized path taint flows (7 out of 7 analyzed), indicates potential for serious security issues if these are not handled with extreme care and robust input validation. Furthermore, only 36% of output is properly escaped, suggesting a risk of cross-site scripting (XSS) vulnerabilities.

The lack of any recorded vulnerabilities in its history is a positive sign, suggesting the developers may have addressed issues in the past or that the plugin hasn't been extensively targeted. However, this cannot fully mitigate the risks identified in the static analysis. The plugin's strengths lie in its limited attack surface and the relatively high percentage of SQL queries using prepared statements. The weaknesses are primarily in the handling of potentially dangerous functions, untrusted input, and output escaping, which could lead to severe security vulnerabilities despite the absence of historical CVEs.

Key Concerns

Unsanitized paths in taint analysis (high severity)
Unsanitized paths in taint analysis (high severity)
Use of dangerous function 'unserialize'
Use of dangerous function 'assert'
Low percentage of properly escaped output
No nonce checks on entry points (AJAX, REST, etc.)
Low percentage of properly escaped output
Low percentage of properly escaped output
Low percentage of properly escaped output
Low percentage of properly escaped output
Low percentage of properly escaped output
Low percentage of properly escaped output
Low percentage of properly escaped output
Low percentage of properly escaped output
Low percentage of properly escaped output
Low percentage of properly escaped output
Low percentage of properly escaped output
Low percentage of properly escaped output
Low percentage of properly escaped output
Low percentage of properly escaped output
Low percentage of properly escaped output
Low percentage of properly escaped output
Low percentage of properly escaped output
Low percentage of properly escaped output
Low percentage of properly escaped output
Low percentage of properly escaped output
Low percentage of properly escaped output
Low percentage of properly escaped output
Low percentage of properly escaped output
Low percentage of properly escaped output
Low percentage of properly escaped output
Low percentage of properly escaped output
Low percentage of properly escaped output
Low percentage of properly escaped output
Low percentage of properly escaped output
Low percentage of properly escaped output
Low percentage of properly escaped output
Low percentage of properly escaped output

Vulnerabilities

None known

Blue Storage Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Blue Storage Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

31 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$data = unserialize($serialized);library\dependencies\HTTP\Request2\CookieJar.php:391

assertassert(Utilities::endsWith($context->getPath(), '/'));library\WindowsAzure\ServiceManagement\ServiceManagementRestProxy.php:1229

assertassert(Utilities::endsWith($context->getPath(), '/'));library\WindowsAzure\ServiceManagement\ServiceManagementRestProxy.php:1280

assertassert(Utilities::endsWith($context->getPath(), '/'));library\WindowsAzure\ServiceManagement\ServiceManagementRestProxy.php:1367

assertassert(Utilities::endsWith($context->getPath(), '/'));library\WindowsAzure\ServiceManagement\ServiceManagementRestProxy.php:1417

assertassert(Utilities::endsWith($context->getPath(), '/'));library\WindowsAzure\ServiceManagement\ServiceManagementRestProxy.php:1529

SQL Query Safety

86% prepared7 total queries

Output Escaping

36% escaped86 total outputs

Data Flows

7 unsanitized

Data Flow Analysis

7 flows7 with unsanitized paths

windows_azure_storage_dialog_browse_tab (blue-storage-dialog.php:78)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Blue Storage Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 22

filtermedia_upload_tabsblue-storage-dialog.php:84

filtermedia_upload_tabsblue-storage-dialog.php:334

filtermedia_upload_tabsblue-storage-dialog.php:446

actionadmin_menublue-storage.php:71

actionadmin_enqueue_scriptsblue-storage.php:94

filtermedia_upload_tabsblue-storage.php:100

actionmedia_upload_browseblue-storage.php:105

actionmedia_upload_searchblue-storage.php:106

actionmedia_upload_uploadblue-storage.php:107

filterwp_update_attachment_metadatablue-storage.php:112

filtercontent_save_preblue-storage.php:120

filterwp_handle_upload_prefilterblue-storage.php:123

filterwp_handle_uploadblue-storage.php:126

filterxmlrpc_methodsblue-storage.php:130

filterwp_get_attachment_urlblue-storage.php:134

filterwp_get_attachment_metadatablue-storage.php:142

actiondelete_attachmentblue-storage.php:150

filterwp_calculate_image_srcsetblue-storage.php:622

actionadmin_print_scriptsblue-storage.php:633

actionadmin_print_scriptsblue-storage.php:647

actionadmin_print_scriptsblue-storage.php:661

actionadmin_initblue-storage.php:684

Maintenance & Trust

Blue Storage Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34

Last updatedApr 2, 2016

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Blue Storage Alternatives

Microsoft Azure Storage for WordPress

windows-azure-storage

Use the Microsoft Azure Storage service to host your website's media files.

2K 1 CVE

Persistent database connection updater

persistent-database-connection-updater

This WordPress plugin automatically updates the MySQL database connection to persistent connection when user update the WordPress version from backend …

80 No CVEs