Does Rename Media Files: Improve Your WordPress SEO have any unpatched vulnerabilities?

No. All known vulnerabilities in Rename Media Files: Improve Your WordPress SEO have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Rename Media Files: Improve Your WordPress SEO compatible with WordPress 6.8.5?

According to WordPress.org data, Rename Media Files: Improve Your WordPress SEO 2.6.7 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Rename Media Files: Improve Your WordPress SEO compatible with PHP 5.3+?

Rename Media Files: Improve Your WordPress SEO requires PHP 5.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

What is Rename Media Files: Improve Your WordPress SEO's security score?

Rename Media Files: Improve Your WordPress SEO has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Rename Media Files: Improve Your WordPress SEO Security & Risk Analysis

wordpress.org/plugins/file-renaming-on-upload

Enhance SEO and organize media effortlessly with Rename Media Files WordPress Plugin. Fix upload issues, santize & optimize filenames, and improve …

10K active installs v2.6.7 PHP 5.3+ WP 4.0.0+ Updated Jan 14, 2026

charactersmediarenamerenamingseo

A · Safe

CVEs total1

Unpatched0

Last CVEMay 25, 2023

Plugin page Download

Safety Verdict

Is Rename Media Files: Improve Your WordPress SEO Safe to Use in 2026?

Generally Safe

Score 100/100

Rename Media Files: Improve Your WordPress SEO has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: May 25, 2023Updated 2mo ago

Risk Assessment

The plugin 'file-renaming-on-upload' v2.6.7 exhibits a mixed security posture. On the positive side, it has a very small attack surface with no apparent entry points exposed without authentication and a complete lack of raw SQL queries, indicating good data handling practices in that area. Furthermore, there are no known unpatched vulnerabilities, and the last recorded vulnerability was patched, suggesting active maintenance.

However, several concerns are raised by the static analysis. The presence of the `create_function` function is a significant red flag, as it is deprecated and can be a source of security vulnerabilities. The taint analysis revealing flows with unsanitized paths is also concerning, even without critical or high severity, as it implies a potential for unexpected behavior or data manipulation if these paths are not handled meticulously. Additionally, the output escaping is only 59% proper, which is a moderate risk for Cross-Site Scripting (XSS) vulnerabilities, especially considering the plugin's history of XSS issues.

The vulnerability history shows one medium severity vulnerability in the past, specifically XSS. While currently unpatched, this indicates a past weakness that could potentially resurface or be indicative of coding patterns that lead to such issues. The plugin's strengths lie in its minimal attack surface and secure SQL handling, but the use of deprecated functions, imperfect output escaping, and past XSS vulnerability patterns warrant careful consideration and potential mitigation.

Key Concerns

Dangerous function create_function usage
Unsanitized paths in taint analysis
Output escaping below 75%
Past medium severity vulnerability (XSS)

Vulnerabilities

Rename Media Files: Improve Your WordPress SEO Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-2684medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

File Renaming on Upload <= 2.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting

May 25, 2023 Patched in 2.5.2 (243d)

Code Analysis

Analyzed Mar 16, 2026

Rename Media Files: Improve Your WordPress SEO Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

22 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_function$callback = create_function( '', 'echo "' . str_replace( '"', '\"', $section['desc'] ) . '";'classes\WeDevs\class-settings-api.php:511

Output Escaping

59% escaped37 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<class-settings-api> (classes\WeDevs\class-settings-api.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Rename Media Files: Improve Your WordPress SEO Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 34

actionadmin_initclasses\Admin_Pages\class-settings-page.php:56

actionadmin_menuclasses\Admin_Pages\class-settings-page.php:57

actioninitclasses\class-plugin-core.php:109

actioninitclasses\class-plugin-core.php:110

filtersanitize_file_nameclasses\class-plugin-core.php:111

actionadmin_initclasses\class-plugin-core.php:112

filterfrou_filename_allowedclasses\class-plugin-core.php:114

filterfrou_filename_allowedclasses\class-plugin-core.php:115

filterfrou_renaming_validationclasses\class-plugin-core.php:116

actionadd_attachmentclasses\class-plugin-core.php:117

actioninitclasses\class-post-utils.php:46

actioninitclasses\class-post-utils.php:47

filterplupload_default_settingsclasses\class-post-utils.php:50

filterplupload_default_paramsclasses\class-post-utils.php:51

filterfrou_structure_rulesclasses\Options\class-rule-option.php:48

filterfrou_sanitize_file_nameclasses\Options\General\class-filename-structure-option.php:33

filterfrou_structure_rules_listclasses\Options\General\class-filename-structure-option.php:34

filterfrou_after_sanitize_file_nameclasses\Options\General\class-filename-structure-option.php:35

filtersanitize_file_nameclasses\Options\General\class-permalink-update-option.php:61

filtersanitize_file_nameclasses\Options\General\class-permalink-update-option.php:62

actionadd_attachmentclasses\Options\General\class-permalink-update-option.php:63

filterfrou_sanitize_file_nameclasses\Options\Rules\class-datetime-option.php:56

filterfrou_sanitize_file_nameclasses\Options\Rules\class-filename-option.php:143

filterfrou_sanitize_file_nameclasses\Options\Rules\class-filename-option.php:144

filterfrou_sanitize_file_nameclasses\Options\Rules\class-filename-option.php:145

filterfrou_sanitize_file_nameclasses\Options\Rules\class-filename-option.php:146

filterfrou_sanitize_file_nameclasses\Options\Rules\class-filename-option.php:147

actionsanitize_file_name_charsclasses\Options\Rules\class-filename-option.php:148

filterfrou_sanitize_file_nameclasses\Options\Rules\class-filename-option.php:149

filterfrou_sanitize_file_nameclasses\Options\Rules\class-post-title-option.php:46

filterfrou_sanitize_file_nameclasses\Options\Rules\class-siteurl-option.php:78

actioninitclasses\WordPress\class-plugin.php:70

actionupgrader_process_completefile-renaming-on-upload.php:79

actionplugins_loadedfile-renaming-on-upload.php:92

Maintenance & Trust

Rename Media Files: Improve Your WordPress SEO Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJan 14, 2026

PHP min version5.3

Downloads257K

Community Trust

Rating96/100

Number of ratings40

Active installs10K

Alternatives

Rename Media Files: Improve Your WordPress SEO Alternatives

Media File Renamer: Rename for better SEO (AI-Powered)

media-file-renamer

Rename filenames and media metadata for SEO and tidiness. Using AI, manually, in bulk, or in so many other ways!

40K 5 CVEs

File Media Renamer for SEO

file-media-renamer-for-seo

100

Rename media files with SEO-friendly names, auto-update references, alt/title sync, and 301 redirects — fast and safe.

80 No CVEs

Seopic – Intelligent SEO images for WordPress

seopic-intelligent-seo-images

Intelligent WordPress plugin which helps you automate image file renaming for better SEO.

0 No CVEs

Phoenix Media Rename

phoenix-media-rename

100

The Phoenix Media Rename plugin allows you to easily rename (and retitle) your media files, once uploaded.

50K 1 CVE

Media Library Helper — Bulk edit image ALT, caption & description

media-library-helper

100

Add or edit or bulk edit image ALT tag, caption & description with one click straight from the WordPress media library to improve your SEO score.

10K 1 CVE

Developer Profile

Rename Media Files: Improve Your WordPress SEO Developer Profile

WPFactory

63 plugins · 136K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

98 days

View full developer profile

Detection Fingerprints

How We Detect Rename Media Files: Improve Your WordPress SEO

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/file-renaming-on-upload/classes/class-plugin-core.php/wp-content/plugins/file-renaming-on-upload/classes/class-post-utils.php/wp-content/plugins/file-renaming-on-upload/classes/class-settings-api.php/wp-content/plugins/file-renaming-on-upload/classes/options/class-options.php/wp-content/plugins/file-renaming-on-upload/classes/options/general/class-enable-option.php/wp-content/plugins/file-renaming-on-upload/classes/options/advanced/class-ignore-extensions-option.php/wp-content/plugins/file-renaming-on-upload/classes/options/advanced/class-ignore-empty-extensions-option.php/wp-content/plugins/file-renaming-on-upload/classes/options/advanced/class-ignore-filenames-option.php+6 more

Version Parameters

file-renaming-on-upload/style.css?ver=file-renaming-on-upload/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

frou_settings_pagefrou_advanced_settingsfrou_general_settings

HTML Comments

+2 more

Data Attributes

data-frou-option-namedata-frou-option-type

JS Globals

frou_php_data

FAQ