WP-Safety

Files Inspector Security & Risk Analysis

wordpress.org/plugins/files-inspector

Compare files changes within wordpress.

10 active installs v0.1 PHP + WP 3.1+ Updated Dec 16, 2014
filefile-changesfile-comparefiles-inspectorsecurity
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Files Inspector Safe to Use in 2026?

Generally Safe

Score 85/100

Files Inspector has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago
Risk Assessment

The "files-inspector" v0.1 plugin exhibits significant security concerns primarily due to its unprotected entry points and lack of robust input sanitization. The static analysis reveals three AJAX handlers, all of which lack authentication checks, presenting a direct attack vector. Furthermore, the plugin utilizes the dangerous `unserialize` function and performs all SQL queries without prepared statements, increasing the risk of deserialization vulnerabilities and SQL injection. The taint analysis highlights two flows with unsanitized paths, indicating potential for path traversal or other file system manipulation vulnerabilities. Although the plugin has no recorded vulnerability history, this does not negate the immediate risks identified in the code. The absence of capability checks and nonce verifications on AJAX actions further exacerbates these vulnerabilities, making it highly susceptible to unauthorized actions and potential compromise. While the plugin has a small attack surface and no external HTTP requests, these strengths are overshadowed by the critical security flaws.

Key Concerns

  • AJAX handlers without auth checks
  • Dangerous function: unserialize
  • SQL queries without prepared statements
  • Taint flow with unsanitized path (critical)
  • Taint flow with unsanitized path (critical)
  • Output escaping is poorly implemented
  • No nonce checks on AJAX
  • No capability checks on AJAX
Vulnerabilities
None known

Files Inspector Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Files Inspector Code Analysis

Dangerous Functions
4
Raw SQL Queries
5
0 prepared
Unescaped Output
23
4 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$thisRecord = unserialize($thisRecord[0]->data);model\general.php:47
unserialize$targetRecord = unserialize($targetRecord[0]->data);model\general.php:48
unserialize<?php $data = unserialize($latestRecord[0]->summary); ?>template\config.php:25
unserialize<?php $summary = unserialize($record->summary); ?>template\config.php:80

SQL Query Safety

0% prepared5 total queries

Output Escaping

15% escaped27 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
addAction (filesinespector.php:84)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Files Inspector Attack Surface

Entry Points3
Unprotected3

AJAX Handlers 3

authwp_ajax_filesinspector_delete_recordfilesinespector.php:90
authwp_ajax_filesinspector_compare_recordfilesinespector.php:96
authwp_ajax_filesinspector_run_actionfilesinespector.php:112
WordPress Hooks 5
actioninitfilesinespector.php:50
actionadmin_menufilesinespector.php:86
actioninitfilesinespector.php:87
filteryour_filter_herefilesinespector.php:88
actionwp_enqueue_scriptsfilesinespector.php:221
Maintenance & Trust

Files Inspector Maintenance & Trust

Maintenance Signals

WordPress version tested4.0.38
Last updatedDec 16, 2014
PHP min version
Downloads2K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

Files Inspector Alternatives

Melapress File Monitor

Melapress File Monitor

website-file-changes-monitor

A
95

Get email alerts for file and permission changes on your WordPress sites. No false positives!

5K 4 CVEs
Lord of the Files: Enhanced Upload Security

Lord of the Files: Enhanced Upload Security

blob-mimes

A
100

This plugin expands file-related security and sanity around the upload process.

1K No CVEs
Disable File Editor

Disable File Editor

disable-file-editor

A
100

This plugin will disable file editing tool in your WordPress admin panel.

600 No CVEs
Guard Dog Security & Site Lock

Guard Dog Security & Site Lock

folder-auditor

A
100

Audit your site to keep WordPress clean and secure. Enable our one-of-a-kind SITE LOCK to give your site the ultimate security.

200 No CVEs
Random File Upload Names

Random File Upload Names

random-file-upload-names

A
85

This plugin from WPZA provides your website randomised file names when you upload files into WordPress.

100 No CVEs
Developer Profile

Files Inspector Developer Profile

alexhee

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Files Inspector

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/files-inspector/assets/css/bootstrap.min.css/wp-content/plugins/files-inspector/assets/css/style.css/wp-content/plugins/files-inspector/assets/js/bootstrap.min.js/wp-content/plugins/files-inspector/assets/js/script.js
Script Paths
/wp-content/plugins/files-inspector/assets/js/script.js
Version Parameters
files-inspector/assets/css/style.css?ver=files-inspector/assets/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
filesinspector-contentfilesinspector-compare-recordfilesinspector-main-content
HTML Comments
<!-- Files Inspector Plugin -->
Data Attributes
data-ajax-url
JS Globals
filesInspectorSettings
FAQ

Frequently Asked Questions about Files Inspector