Does Pretty file list have any unpatched vulnerabilities?

No. All known vulnerabilities in Pretty file list have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Pretty file list compatible with WordPress 3.3.2?

According to WordPress.org data, Pretty file list 0.4 has been tested up to WordPress 3.3.2. Check the plugin's changelog for the latest compatibility information.

How often is Pretty file list updated?

Pretty file list was last updated on Mar 19, 2012. Frequent updates are generally a positive security signal.

What is Pretty file list's security score?

Pretty file list has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Pretty file list Security & Risk Analysis

wordpress.org/plugins/pretty-file-lister

A plugin that lists files attached to the current post/page.

100 active installs v0.4 PHP + WP 3.0.0+ Updated Mar 19, 2012

docdownload-linkfile-listingpdfxls

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Pretty file list Safe to Use in 2026?

Generally Safe

Score 85/100

Pretty file list has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago

Risk Assessment

The "pretty-file-lister" v0.4 plugin exhibits a generally good security posture with a limited attack surface. The absence of known CVEs and a clean vulnerability history are positive indicators. However, the static analysis reveals significant concerns regarding output sanitization. With 100% of identified outputs not being properly escaped, this presents a substantial risk of cross-site scripting (XSS) vulnerabilities. While the plugin has capability checks, the lack of nonce checks on its single shortcode, which is the only entry point, leaves it susceptible to CSRF attacks if user-initiated actions are performed via this shortcode without proper validation.

The taint analysis indicates one flow with unsanitized paths, which, although not classified as critical or high severity, warrants investigation. This, combined with the unescaped outputs, suggests that user-supplied data could potentially be manipulated to execute malicious scripts or lead to unintended file access, even if not immediately apparent as a critical flaw. The plugin's strengths lie in its limited attack surface and use of prepared statements for SQL. Nevertheless, the identified weaknesses in output escaping and potential CSRF vectors are significant and require attention.

Key Concerns

Unescaped output found
Missing nonce check on shortcode
Taint flow with unsanitized paths

Vulnerabilities

None known

Pretty file list Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Pretty file list Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TinyMCE

Output Escaping

0% escaped3 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

srf_prettylist_settings (PrettyFileList.php:247)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Pretty file list Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[prettyfilelist] PrettyFileList.php:23

WordPress Hooks 7

actioninitPrettyFileList.php:43

actioninitPrettyFileList.php:45

actionadmin_menuPrettyFileList.php:50

filterattachment_fields_to_savePrettyFileList.php:52

actioninitPrettyFileList.php:54

filtermce_external_pluginsPrettyFileList.php:331

filtermce_buttonsPrettyFileList.php:332

Maintenance & Trust

Pretty file list Maintenance & Trust

Maintenance Signals

WordPress version tested3.3.2

Last updatedMar 19, 2012

PHP min version

Downloads8K

Community Trust

Rating100/100

Number of ratings1

Active installs100

Alternatives

Pretty file list Alternatives

PDF Embedder

pdf-embedder

100

Seamlessly embed PDFs into your content, with customizations and intelligent responsive resizing, and no third-party services or iframes.

300K 1 CVE

EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more

embedpress

EmbedPress lets you embed videos, pages, social feeds, embed PDF 3D flipbooks & other content on WordPress without coding & enhance storytelling.

100K 27 CVEs

Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files

embed-any-document

Embed PDF, DOC, PPT and XLS documents easily on your WordPress website with the help of Google Docs Viewer or Microsoft Office Online.

50K 4 CVEs

Document Embedder – Embed PDFs, Word, Excel, and Other Files

document-emberdder

Document Embedder lets you display PDF, DOCX, PPTX, XLSX, and other files in WordPress sites with a responsive viewer and optional download button.

10K 4 CVEs

E2Pdf – Export Pdf Tool for WordPress

e2pdf

PDF Builder for CF7, Divi, Elementor Forms, Everest, Fluent, Formidable, Forminator, Gravity, JFB, Ninja, WPForms, WooCommerce, Post Meta, ACF, etc.

10K 9 CVEs

Developer Profile

Pretty file list Developer Profile

smartredfox

1 plugin · 100 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Pretty file list

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/pretty-file-lister/styles/prettylinks.css

Script Paths

/wp-content/plugins/pretty-file-lister/js/style_previewer.js

HTML / DOM Fingerprints

CSS Classes

prettyFileListprettylink

JS Globals

prettylistScriptParams

Shortcode Output

<a class="prettylinkprettyFileList

FAQ