Does Plugin Mover have any unpatched vulnerabilities?

No. All known vulnerabilities in Plugin Mover have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Plugin Mover compatible with WordPress 5.6.17?

According to WordPress.org data, Plugin Mover 1.1 has been tested up to WordPress 5.6.17. Check the plugin's changelog for the latest compatibility information.

How often is Plugin Mover updated?

Plugin Mover was last updated on Jan 28, 2021. Frequent updates are generally a positive security signal.

What is Plugin Mover's security score?

Plugin Mover has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Plugin Mover Security & Risk Analysis

wordpress.org/plugins/plugin-mover

Easily move your plugins into another folder!

10 active installs v1.1 PHP + WP 4.7+ Updated Jan 28, 2021

adminmanagement

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Plugin Mover Safe to Use in 2026?

Generally Safe

Score 85/100

Plugin Mover has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The plugin-mover v1.1 plugin exhibits a mixed security posture. On one hand, it demonstrates good practices by having a zero attack surface for common entry points like AJAX handlers, REST API routes, and shortcodes, and all SQL queries are performed using prepared statements. This suggests an effort to prevent common injection vulnerabilities. However, there are significant concerns regarding output escaping and file operations.

A critical weakness identified is the complete lack of output escaping (0% properly escaped). This means that any data processed by the plugin and displayed back to users or within the WordPress environment is susceptible to cross-site scripting (XSS) attacks. Furthermore, while there are no external HTTP requests or dangerous functions, the presence of two file operations with unsanitized paths in the taint analysis is a serious concern. This could lead to arbitrary file read or write vulnerabilities, allowing an attacker to access or modify sensitive files on the server.

The plugin's vulnerability history is clean, with no known CVEs. This is a positive indicator, but it does not negate the risks identified in the static analysis. The absence of historical vulnerabilities could be due to the plugin's obscurity, lack of targeted attacks, or simply that the current code has not been exhaustively audited for these specific issues. Overall, while the plugin avoids some common pitfalls, the severe output escaping and file operation vulnerabilities present a substantial risk that needs immediate attention.

Key Concerns

Unsanitized paths in taint flows
No output escaping
Missing capability checks
Missing nonce checks

Vulnerabilities

None known

Plugin Mover Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Plugin Mover Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped7 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

plugin_move_page (plugin-mover-admin-page.php:8)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Plugin Mover Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

filterbulk_actions-pluginsplugin-mover.php:51

actionadmin_menuplugin-mover.php:52

filterhandle_bulk_actions-pluginsplugin-mover.php:53

actionadmin_noticesplugin-mover.php:54

Maintenance & Trust

Plugin Mover Maintenance & Trust

Maintenance Signals

WordPress version tested5.6.17

Last updatedJan 28, 2021

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Plugin Mover Alternatives

Better Plugin Compatibility Control

better-plugin-compatibility-control

100

Adds version compatibility info to the plugins page to inform the admin at a glance if a plugin is compatible with the current WP and PHP version.

4K No CVEs

WP Approve User

wp-approve-user

Adds action links to user table to approve or unapprove user registrations.

3K No CVEs

Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime Monitoring

wemanage-app-worker

Woocommerce Mobile App - manage your woocommerce products, get order notifications, and manage orders and leads from your mobile phone.

1K 1 CVE

Bulk Edit YOAST SEO fields in Spreadsheet

wp-sheet-editor-yoast-seo

Bulk Edit posts, pages, and WooCommerce products YOAST SEO fields using a spreadsheet.

1K No CVEs

Administrator Z

administrator-z

Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore …

400 2 unpatched

Developer Profile

Plugin Mover Developer Profile

theode

11 plugins · 220 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Plugin Mover

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Shortcode Output

Move to

FAQ