Does Plugin Grabber have any unpatched vulnerabilities?

No. All known vulnerabilities in Plugin Grabber have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Plugin Grabber compatible with WordPress 4.2.39?

According to WordPress.org data, Plugin Grabber 1.02 has been tested up to WordPress 4.2.39. Check the plugin's changelog for the latest compatibility information.

How often is Plugin Grabber updated?

Plugin Grabber was last updated on Apr 28, 2015. Frequent updates are generally a positive security signal.

What is Plugin Grabber's security score?

Plugin Grabber has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Plugin Grabber Security & Risk Analysis

wordpress.org/plugins/plugin-grabber

This wordpress plugin allows you to create and download a backup of a plugin or your entire plugins directory.

10 active installs v1.02 PHP + WP 3.0.1+ Updated Apr 28, 2015

archivebackuppluginszip

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Plugin Grabber Safe to Use in 2026?

Generally Safe

Score 85/100

Plugin Grabber has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The "plugin-grabber" v1.02 plugin exhibits a mixed security posture. While it shows a clean vulnerability history with no recorded CVEs, indicating a generally stable past, the static analysis reveals significant areas of concern. The complete absence of capability checks and nonce checks on any potential entry points is a major red flag. Furthermore, the taint analysis highlights that all five analyzed flows involve unsanitized paths, even though no critical or high severity issues were flagged. This suggests a potential for insecure handling of user-supplied data. The low percentage of properly escaped output (15%) further compounds these concerns, increasing the risk of cross-site scripting (XSS) vulnerabilities. The presence of file operations without explicit mention of sanitization is another point of attention. While the plugin avoids common pitfalls like raw SQL queries and external HTTP requests, the lack of robust input validation and output escaping, coupled with no authorization checks, presents a substantial risk that could be exploited if any entry points were to be discovered or if a flow bypasses the current taint analysis.

Key Concerns

No capability checks on entry points
No nonce checks on entry points
All analyzed flows have unsanitized paths
Low output escaping percentage (15%)
File operations without explicit sanitization mention

Vulnerabilities

None known

Plugin Grabber Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Plugin Grabber Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

15% escaped13 total outputs

Data Flows

5 unsanitized

Data Flow Analysis

5 flows5 with unsanitized paths

plugin_grabber (plugin-grabber.php:76)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Plugin Grabber Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 1

actionadmin_menuplugin-grabber.php:36

Maintenance & Trust

Plugin Grabber Maintenance & Trust

Maintenance Signals

WordPress version tested4.2.39

Last updatedApr 28, 2015

PHP min version

Downloads2K

Community Trust

Rating90/100

Number of ratings2

Active installs10

Alternatives

Plugin Grabber Alternatives

Zippy

zippy

Incredibly easy solution to archive pages and posts as zip file and unpack them back even on the other website!

10K 1 unpatched

Pudding Package Backup

platinaxe-pudding-package-backup

100

Easily backup WordPress plugins and themes with version info. Creates clean ZIP backups excluding development files.

0 No CVEs

BackUpWordPress

backupwordpress

Simple automated backups of your WordPress-powered website.

90K 3 CVEs

Download Plugin

download-plugin

Download any plugin from your WordPress admin panel's Plugins page by just one click! Now, download themes, users, blog posts, pages, custom post …

50K 5 CVEs

Softaculous

softaculous

100

Softaculous provides a single-login centralized panel where you can manage tons of your WordPress websites efficiently, unitedly as well as singularly …

10K No CVEs

Developer Profile

Plugin Grabber Developer Profile

avdude

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Plugin Grabber

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/plugin-grabber/images/loading.gif/wp-content/plugins/plugin-grabber/images/plugingrabber.png

HTML / DOM Fingerprints

CSS Classes

ulli

HTML Comments

This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License, version 2, as 
    published by the Free Software Foundation.

This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

+1 more

Data Attributes

style="background-color:#ccff99;width:400px"style="background-color:pink;width:400px"

JS Globals

PclZip

FAQ