Does Old Core Files have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Old Core Files compatible with WordPress 5.2.24?

According to WordPress.org data, Old Core Files 1.4 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

Is Old Core Files compatible with PHP 5.2.4+?

Old Core Files requires PHP 5.2.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Old Core Files updated?

Old Core Files was last updated on Jul 6, 2019. Frequent updates are generally a positive security signal.

What is Old Core Files's security score?

Old Core Files has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Old Core Files Security & Risk Analysis

wordpress.org/plugins/old-core-files

Increase your WordPress security by deleting old core files that exist in the filesystem before hackers exploit them for attacks.

200 active installs v1.4 PHP 5.2.4+ WP 3.0+ Updated Jul 6, 2019

core-filesold-filesold_filessecuritytool

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Old Core Files Safe to Use in 2026?

Generally Safe

Score 85/100

Old Core Files has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The "old-core-files" v1.4 plugin exhibits a generally strong security posture based on the static analysis. The complete absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits its attack surface. Furthermore, the code demonstrates good practices by exclusively using prepared statements for SQL queries and properly escaping a high percentage of its outputs.

However, a few concerns warrant attention. The presence of the `set_time_limit` function is a potential risk, as it can be exploited to extend script execution time, potentially leading to denial-of-service conditions if abused. While taint analysis showed no unsanitized flows, the lack of nonce checks across all entry points is a significant oversight. This means that if any user-facing functionality were to be added in the future, it would be susceptible to CSRF attacks without proper nonce implementation.

The plugin's vulnerability history is remarkably clean, with no recorded CVEs. This suggests a history of secure development or a lack of past targeting. Overall, "old-core-files" v1.4 is a promising plugin from a security perspective due to its limited attack surface and good coding practices. However, the unaddressed potential for CSRF due to missing nonce checks and the use of `set_time_limit` represent areas for improvement to achieve a truly robust security profile.

Key Concerns

Missing nonce checks on entry points
Dangerous function: set_time_limit
Moderate unescaped output percentage

Vulnerabilities

None known

Old Core Files Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Old Core Files Release Timeline

v1.4Current

v1.3

v1.2

v1.1.3

v1.1.2

v1.1

v1.0

Code Analysis

Analyzed Apr 16, 2026

Old Core Files Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

22 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

set_time_limit@set_time_limit( 300 );old-core-files.php:271

Output Escaping

88% escaped25 total outputs

Attack Surface

Old Core Files Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 6

filterocf_filter_methodsocf-extension-example.php:25

actioninitold-core-files.php:116

actionadmin_menuold-core-files.php:136

actionadd_meta_boxesold-core-files.php:139

filterfilesystem_methodold-core-files.php:247

actionplugins_loadedold-core-files.php:510

Maintenance & Trust

Old Core Files Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedJul 6, 2019

PHP min version5.2.4

Downloads25K

Community Trust

Rating100/100

Number of ratings3

Active installs200

Alternatives

Old Core Files Alternatives

Hostinger Tools

hostinger

Simplified WordPress management. Manage site info, maintenance, security, & redirects.

3.0M 1 CVE

Brozzme DB Prefix & Tools Addons

brozzme-db-prefix-change

100

Easily change your WordPress DB prefix, save time, increase security.

10K No CVEs

Weborado Helper

weborado-helper

100

Essential tools for WordPress site administrators to monitor versions, enhance security, and improve performance.

100 No CVEs

Tweakr – Advanced options toolkit

tweakr

100

Supercharges your Blog with production grade Tweaks, Features and Utilities

30 No CVEs

Encryption Tools Generator

encryption-tools-generator

Convert your wordpress page or post to a security or encryption online tool generator.

10 No CVEs

Developer Profile

Old Core Files Developer Profile

Maor Chasen

6 plugins · 930 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Old Core Files

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ