Does Cloud S3 Storage have any unpatched vulnerabilities?

No. All known vulnerabilities in Cloud S3 Storage have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Cloud S3 Storage compatible with WordPress 6.9.4?

According to WordPress.org data, Cloud S3 Storage 1.4.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Cloud S3 Storage compatible with PHP 7.2.5+?

Cloud S3 Storage requires PHP 7.2.5 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Cloud S3 Storage updated?

Cloud S3 Storage was last updated on Jan 20, 2026. Frequent updates are generally a positive security signal.

What is Cloud S3 Storage's security score?

Cloud S3 Storage has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Cloud S3 Storage Security & Risk Analysis

wordpress.org/plugins/cloud-s3-storage

Manage your WordPress media files with ease using S3-compatible object storage services.

10 active installs v1.4.6 PHP 7.2.5+ WP 5.0+ Updated Jan 20, 2026

cloud-storagemedia-managementmedia-storageobject-storages3

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Cloud S3 Storage Safe to Use in 2026?

Generally Safe

Score 100/100

Cloud S3 Storage has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The cloud-s3-storage v1.4.6 plugin exhibits a generally strong security posture with several positive indicators. Notably, 100% of output is properly escaped, and there are no identified file operations or external HTTP requests, which are common vectors for compromise. The plugin also avoids dangerous functions and has a reasonable rate of SQL queries using prepared statements (56%). The absence of known CVEs and a clean vulnerability history are further strengths, suggesting a commitment to secure development or a lack of targeted attacks.

However, a key concern arises from the presence of one AJAX handler without authentication checks. This represents a direct entry point that could be exploited if it handles user-supplied data without proper validation or authorization. While taint analysis shows no unsanitized paths, the unprotected AJAX handler warrants careful review to ensure no sensitive operations can be triggered by unauthenticated users. The overall risk is moderate, leaning towards good practice, but this single unprotected entry point introduces a specific, actionable vulnerability that needs immediate attention.

Key Concerns

AJAX handler without auth check

Vulnerabilities

None known

Cloud S3 Storage Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Cloud S3 Storage Code Analysis

Dangerous Functions

Raw SQL Queries

10 prepared

Unescaped Output

34 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Guzzle

SQL Query Safety

56% prepared18 total queries

Output Escaping

100% escaped34 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

save_mime_type_settings (class\base\cloud-s3-storage_mime.php:81)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Cloud S3 Storage Attack Surface

Entry Points4

Unprotected1

AJAX Handlers 1

authwp_ajax_modifica_url_immagineclass\base\cloud-s3-storage_observer.php:11

REST API Routes 3

GET/wp-json/cloud-s3-storage/v1/reindex-image/class\cloud-s3-storageClass.php:103

GET/wp-json/cloud-s3-storage/v1/clear-image/class\cloud-s3-storageClass.php:110

GET/wp-json/cloud-s3-storage/v1/rollback-image/class\cloud-s3-storageClass.php:117

WordPress Hooks 19

actionattachment_submitbox_misc_actionsclass\base\cloud-s3-storage_media.php:12

actionedit_attachmentclass\base\cloud-s3-storage_media.php:13

actionattachment_submitbox_misc_actionsclass\base\cloud-s3-storage_media.php:15

actionedit_attachmentclass\base\cloud-s3-storage_media.php:16

actioncloud_s3_storage_menu_hookclass\base\cloud-s3-storage_mime.php:14

actionadmin_initclass\base\cloud-s3-storage_mime.php:15

filterwp_get_attachment_urlclass\base\cloud-s3-storage_observer.php:12

filterthe_contentclass\base\cloud-s3-storage_observer.php:13

actionwp_headclass\base\cloud-s3-storage_observer.php:14

actionwp_footerclass\base\cloud-s3-storage_observer.php:15

filterattachment_classclass\base\cloud-s3-storage_observer.php:103

filterwp_calculate_image_srcsetclass\base\cloud-s3-storage_observer.php:104

filterwp_prepare_attachment_for_jsclass\base\cloud-s3-storage_observer.php:106

filterplugin_action_linksclass\cloud-s3-storageClass.php:13

filterplugin_action_linksclass\cloud-s3-storageClass.php:14

actionrest_api_initclass\cloud-s3-storageClass.php:28

actioninitcloud-s3-storage.php:58

actioncloud_s3_storage_action_reindex_imagecloud-s3-storage.php:62

actioncloud_s3_storage_action_clear_imagecloud-s3-storage.php:63

Scheduled Events 4

cloud_s3_storage_action_reindex_image

cloud_s3_storage_action_clear_image

cloud_s3_storage_action_reindex_image

cloud_s3_storage_action_clear_image

Maintenance & Trust

Cloud S3 Storage Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 20, 2026

PHP min version7.2.5

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Cloud S3 Storage Alternatives

Upcasted S3 Offload – AWS S3, DigitalOcean Spaces, Backblaze, MinIO Storage Integration

upcasted-s3-offload

Easily migrate and manage WordPress Media Library files to AWS S3 or S3-compatible storage providers. Boost performance and reduce hosting costs.

200 1 CVE

Ultimate Media On The Cloud Lite

ultimate-media-on-the-cloud-lite

With Ultimate Media On The Cloud plugin, you can easy migrate/ move and mange wordpress medias on the Cloud Storage Platforms like Amazon S3, Google C …

10 No CVEs

WP2Cloud

wp2cloud-wordpress-to-cloud

Now WordPress site can store all its content (pages and media) in cloud. This makes site powered by enormous scale and reliability of cloud storage.

10 No CVEs

[Aotuman] Auto Sync Tencent Cloud Object Storage COS

apoyl-tencentcos

100

Design philosophy: This plugin is green and pollution-free. It does not modify the original system's database image paths, preventing issues if c …

0 No CVEs

Articla media offload lite for oracle cloud infrastructure

articla-media-offload-lite-for-oracle-cloud-infrastructure

100

Offload your Media Library to Oracle Cloud (OCI) via S3. Supports private and public buckets.

0 No CVEs

Developer Profile

Cloud S3 Storage Developer Profile

Matteo Enna

14 plugins · 850 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

11 days

View full developer profile

Detection Fingerprints

How We Detect Cloud S3 Storage

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cloud-s3-storage/class/base/../assets/css/style.css/wp-content/plugins/cloud-s3-storage/class/base/../assets/js/admin-script.js

Script Paths

/wp-content/plugins/cloud-s3-storage/class/base/../assets/js/admin-script.js

Version Parameters

cloud-s3-storage/class/base/../assets/css/style.css?ver=cloud-s3-storage/class/base/../assets/js/admin-script.js?ver=

HTML / DOM Fingerprints

CSS Classes

cloud_s3_storage_admin_wrap

HTML Comments

Data Attributes

data-cloud-s3-storage-setting-page

JS Globals

cloud_s3_storage_paths

FAQ