Does File Upload Types by WPForms have any unpatched vulnerabilities?

No. All known vulnerabilities in File Upload Types by WPForms have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is File Upload Types by WPForms compatible with WordPress 6.6.5?

According to WordPress.org data, File Upload Types by WPForms 1.5.0 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is File Upload Types by WPForms compatible with PHP 7.0+?

File Upload Types by WPForms requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is File Upload Types by WPForms updated?

File Upload Types by WPForms was last updated on Oct 23, 2024. Frequent updates are generally a positive security signal.

What is File Upload Types by WPForms's security score?

File Upload Types by WPForms has a WP-Safety security score of 91/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

File Upload Types by WPForms Security & Risk Analysis

wordpress.org/plugins/file-upload-types

Easily allow WordPress to accept and upload any file type extension or MIME type, including custom file types.

30K active installs v1.5.0 PHP 7.0+ WP 5.5+ Updated Oct 23, 2024

attachmentsfile-uploadfilesmimeupload

A · Safe

CVEs total1

Unpatched0

Last CVEOct 24, 2024

Plugin page Download

Safety Verdict

Is File Upload Types by WPForms Safe to Use in 2026?

Generally Safe

Score 91/100

File Upload Types by WPForms has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Oct 24, 2024Updated 1yr ago

Risk Assessment

The 'file-upload-types' plugin version 1.5.0 exhibits a generally good security posture due to the absence of critical and high-severity vulnerabilities in its code analysis and taint flows. The plugin effectively utilizes prepared statements for its SQL queries and has a high percentage of properly escaped output, which are strong indicators of secure coding practices. The presence of nonce checks on its single AJAX handler also mitigates potential cross-site request forgery (CSRF) attacks, further bolstering its security. However, a review of its vulnerability history reveals a past medium-severity Cross-Site Scripting (XSS) vulnerability, which, although currently patched, suggests a potential area of concern for input sanitization and output escaping within the plugin's functionality. The absence of capability checks on the AJAX handler, while the attack surface is small and limited to one entry point, could represent a minor oversight in robust access control. Overall, the plugin is in good shape, but historical vulnerabilities warrant continued vigilance.

Key Concerns

Missing capability checks on AJAX handler
Past medium severity XSS vulnerability history

Vulnerabilities

File Upload Types by WPForms Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-10016medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

File Upload Types by WPForms <= 1.4.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

Oct 24, 2024 Patched in 1.5.0 (1d)

Code Analysis

Analyzed Mar 16, 2026

File Upload Types by WPForms Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

45 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

98% escaped46 total outputs

Attack Surface

File Upload Types by WPForms Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_file_upload_types_check_samplesrc\Settings.php:44

WordPress Hooks 20

actioninitsrc\functions.php:93

actioninitsrc\Plugin.php:60

filterupload_mimessrc\Plugin.php:62

filterwp_check_filetype_and_extsrc\Plugin.php:63

filterupload_mimessrc\Plugin.php:239

filterwp_check_filetype_and_extsrc\Plugin.php:248

actionwpforms_pro_forms_fields_file_upload_chunk_finalize_savedsrc\Sanitizer.php:19

actionwpforms_ajax_submit_before_processingsrc\Sanitizer.php:20

filterwp_handle_sideload_prefiltersrc\Sanitizer.php:21

filterwp_handle_upload_prefiltersrc\Sanitizer.php:22

actionadmin_enqueue_scriptssrc\Settings.php:36

actionin_admin_headersrc\Settings.php:37

actionadmin_menusrc\Settings.php:38

actionadmin_initsrc\Settings.php:39

actionfile_upload_types_settings_after_nav_barsrc\Settings.php:40

actionadmin_initsrc\Settings.php:41

filteradmin_footer_textsrc\Settings.php:42

actionadmin_print_scriptssrc\Settings.php:43

actionfile_upload_types_settings_after_nav_barsrc\Settings.php:574

actionfile_upload_types_settings_after_nav_barsrc\Settings.php:651

Maintenance & Trust

File Upload Types by WPForms Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedOct 23, 2024

PHP min version7.0

Downloads242K

Community Trust

Rating80/100

Number of ratings20

Active installs30K

Alternatives

File Upload Types by WPForms Alternatives

File Upload For WPForms – Filenzo

file-upload-for-wpforms

100

Enhance WPForms with a secure file upload field, allowing users to upload files directly through forms.

1K No CVEs

Frontend File Manager Plugin

nmedia-user-file-uploader

N-Media Frontend File Manager plugin enables WordPress site users to upload, manage, and share files directly from the frontend with secure storage an …

1K 3 unpatched

Modify Attachments Meta

modify-attachments-meta

Allows modification of meta data of attachments, such as date fields, menu order... (soon to add more, I guess).

300 No CVEs

Filestack WP Upload

filestack-upload

Upload files directly to the cloud with support for multiple sources including local, Facebook, Dropbox, Google Drive, and more.

70 1 CVE

MaxUpload – Upload Larger Files Easily

maxupload-upload-larger-files-easily

100

Upload large files easily with chunked uploads and server limit customization.

50 No CVEs

Developer Profile

File Upload Types by WPForms Developer Profile

Jared Atchison

8 plugins · 53K total installs

trust score

Avg Security Score

87/100

Avg Patch Time

1 days

View full developer profile

Detection Fingerprints

How We Detect File Upload Types by WPForms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/file-upload-types/assets/css/style.css/wp-content/plugins/file-upload-types/assets/js/dropzone.min.js/wp-content/plugins/file-upload-types/assets/js/script.js/wp-content/plugins/file-upload-types/assets/js/script.min.js

Script Paths

/wp-content/plugins/file-upload-types/assets/js/script.js/wp-content/plugins/file-upload-types/assets/js/script.min.js/wp-content/plugins/file-upload-types/assets/js/dropzone.min.js

Version Parameters

file-upload-types/style.css?ver=script.js?ver=script.min.js?ver=dropzone.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

file-upload-types-header-logofile-upload-types-pagefile-upload-types-page-settingsfile-upload-types-navfile-upload-types-nav-titlefie-upload-types-docsfile-upload-types-contentfile-upload-types-table+4 more

Data Attributes

id="file-upload-types-header"id="file-upload-types"id="file-upload-types-page-settings"id="add-custom-file-types"

JS Globals

file_upload_types_params

FAQ