Does File Upload For WPForms – Filenzo have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is File Upload For WPForms – Filenzo compatible with WordPress 6.9.4?

According to WordPress.org data, File Upload For WPForms – Filenzo 1.1.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is File Upload For WPForms – Filenzo compatible with PHP 7.0+?

File Upload For WPForms – Filenzo requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is File Upload For WPForms – Filenzo updated?

File Upload For WPForms – Filenzo was last updated on Jan 25, 2026. Frequent updates are generally a positive security signal.

What is File Upload For WPForms – Filenzo's security score?

File Upload For WPForms – Filenzo has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

File Upload For WPForms – Filenzo Security & Risk Analysis

wordpress.org/plugins/file-upload-for-wpforms

Enhance WPForms with a secure file upload field, allowing users to upload files directly through forms.

1K active installs v1.1.0 PHP 7.0+ WP 6.6+ Updated Jan 25, 2026

attachmentsfile-uploadformswpforms

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is File Upload For WPForms – Filenzo Safe to Use in 2026?

Generally Safe

Score 100/100

File Upload For WPForms – Filenzo has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

Based on the static analysis, the "file-upload-for-wpforms" v1.1.0 plugin exhibits a strong security posture with no identified entry points without authentication checks, no dangerous functions, and SQL queries exclusively using prepared statements. The high percentage of properly escaped outputs further indicates good development practices. The lack of file operations and external HTTP requests, along with no recorded vulnerabilities or CVEs, suggests a well-maintained and secure plugin.

However, the absence of any identified taint flows, while seemingly positive, could also indicate that the analysis performed was limited or that the plugin's functionality doesn't expose such critical pathways. The lack of nonce checks and capability checks, particularly given that there are no explicit entry points identified, is a notable omission. While the current structure might not immediately present a risk, it leaves room for potential future vulnerabilities if new entry points are introduced or if existing functionality is extended without proper security checks. Overall, the plugin appears robust and secure in its current state, but the lack of specific security checks on certain aspects warrants cautious monitoring for future updates.

Key Concerns

Missing nonce checks
Missing capability checks

Vulnerabilities

None known

File Upload For WPForms – Filenzo Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

File Upload For WPForms – Filenzo Release Timeline

v1.1.0Current

v1.0.9

v1.0.8

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3

Code Analysis

Analyzed Mar 16, 2026

File Upload For WPForms – Filenzo Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

10 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

91% escaped11 total outputs

Attack Surface

File Upload For WPForms – Filenzo Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 9

actionwpforms_loadedfile-upload-for-wpforms.php:16

actionadmin_noticesfile-upload-for-wpforms.php:40

actionadmin_noticesfile-upload-for-wpforms.php:61

actionadmin_initfile-upload-for-wpforms.php:62

actionwpforms_process_entry_savemove-queue.php:21

filterwpforms_get_form_fields_allowedupload.php:28

actionwpforms_ajax_submit_before_processingupload.php:29

filterwpforms_emails_send_email_dataupload.php:30

actioninitupload.php:411

Maintenance & Trust

File Upload For WPForms – Filenzo Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 25, 2026

PHP min version7.0

Downloads5K

Community Trust

Rating100/100

Number of ratings17

Active installs1K

Alternatives

File Upload For WPForms – Filenzo Alternatives

Image CAPTCHA for Contact Form 7 and WPForms by HookAndHook (DSGVO/GDPR)

contact-form-7-image-captcha

100

Adds an Image CAPTCHA to Contact Form 7 and WPForms, GDPR ready, perfect WPForms or Contact Form 7 Spam Protection Image CAPTCHA, adds a honeypot

80K No CVEs

Database for Contact Form 7, WPforms, Elementor forms

contact-form-entries

Saves Contact Form 7, WPforms,Elementor Forms, CRM Perks Forms and many other contact form submissions to database.

70K 14 CVEs

File Upload Types by WPForms

file-upload-types

Easily allow WordPress to accept and upload any file type extension or MIME type, including custom file types.

30K 1 CVE

Database Addon For WPForms ( wpforms entries ) – WPFormsDB

database-for-wpforms

100

Save and manage WPForms entries (WPForms database). It is a lightweight WPForms database plugin.

20K No CVEs

Utimate Kit ( Styler ) for WPForms

styler-for-wpforms

100

Ultimate Kit for WPForms makes the task of designing WPForms an easy one.

20K No CVEs

Developer Profile

File Upload For WPForms – Filenzo Developer Profile

wpdebuglog

9 plugins · 23K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

9 days

View full developer profile

Detection Fingerprints

How We Detect File Upload For WPForms – Filenzo

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ