WP-Safety

Prevent files / folders access Security & Risk Analysis

wordpress.org/plugins/prevent-file-access

Prevent public access to WordPress files and folders. Protect downloads from public access, Role-based folder access, and User base folder access.

1K active installs v2.6.1 PHP 5.6+ WP 3.0.1+ Updated Jun 24, 2025
content-restrictionmedia-restrictionprotect-uploadsprotect-folderssecure-files
97
A · Safe
CVEs total2
Unpatched0
Last CVEAug 6, 2025
Plugin page Download
Safety Verdict

Is Prevent files / folders access Safe to Use in 2026?

Generally Safe

Score 97/100

Prevent files / folders access has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: Aug 6, 2025Updated 10mo ago
Risk Assessment

The 'prevent-file-access' plugin v2.6.1 exhibits a mixed security posture. On the positive side, the static analysis reveals a clean attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events that are unprotected. The code also demonstrates good practices with 100% of SQL queries using prepared statements and a high percentage (98%) of output properly escaped. Nonce checks and capability checks are present, indicating an awareness of securing actions. However, concerns arise from the vulnerability history, which shows two known CVEs, one of which was a high-severity 'Path Traversal' vulnerability. Although no CVEs are currently unpatched, the past presence of such critical flaws, particularly in conjunction with two flows with unsanitized paths identified in the taint analysis, warrants caution. The file operations and external HTTP requests also represent potential areas for exploitation if not meticulously handled, even if no direct vulnerabilities were flagged in this analysis.

Key Concerns

  • Past high-severity vulnerability (Path Traversal)
  • Past medium-severity vulnerability
  • Taint flows with unsanitized paths
  • Multiple file operations
  • Multiple external HTTP requests
Vulnerabilities
2 published

Prevent files / folders access Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
1

2 total CVEs

CVE-2025-53561medium · 4.3Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Prevent files / folders access <= 2.6.0 - Authenticated (Subscriber+) Path Traversal

Aug 6, 2025 Patched in 2.6.1 (6d)
CVE-2023-4238high · 7.2Unrestricted Upload of File with Dangerous Type

Prevent files / folders access <= 2.5.1 - Authenticated (Administrator+) Arbitrary File Upload in mo_media_restrict_page

Aug 28, 2023 Patched in 2.5.2 (148d)
Version History

Prevent files / folders access Release Timeline

v2.6.1Current
v2.6.01 CVE
CVE-2025-53561
v2.5.41 CVE
CVE-2025-53561
v2.5.31 CVE
CVE-2025-53561
v2.5.21 CVE
CVE-2025-53561
v2.5.12 CVEs
CVE-2025-53561 CVE-2023-4238
v2.5.02 CVEs
CVE-2025-53561 CVE-2023-4238
v2.4.82 CVEs
CVE-2025-53561 CVE-2023-4238
v2.4.72 CVEs
CVE-2025-53561 CVE-2023-4238
v2.4.62 CVEs
CVE-2025-53561 CVE-2023-4238
v2.4.52 CVEs
CVE-2025-53561 CVE-2023-4238
v2.4.42 CVEs
CVE-2025-53561 CVE-2023-4238
v2.4.32 CVEs
CVE-2025-53561 CVE-2023-4238
v2.4.22 CVEs
CVE-2025-53561 CVE-2023-4238
v2.4.12 CVEs
CVE-2025-53561 CVE-2023-4238
v2.4.02 CVEs
CVE-2025-53561 CVE-2023-4238
v2.3.22 CVEs
CVE-2025-53561 CVE-2023-4238
v2.3.12 CVEs
CVE-2025-53561 CVE-2023-4238
v2.3.02 CVEs
CVE-2025-53561 CVE-2023-4238
v2.2.02 CVEs
CVE-2025-53561 CVE-2023-4238
Code Analysis
Analyzed Mar 16, 2026

Prevent files / folders access Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
2
126 escaped
Nonce Checks
14
Capability Checks
2
File Operations
5
External Requests
9
Bundled Libraries
1

Bundled Libraries

DataTables

Output Escaping

98% escaped128 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
mo_media_restriction_validate (admin\class-media-restriction-admin.php:228)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Prevent files / folders access Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 9
actioninitadmin\class-media-restriction-admin.php:59
actionadmin_noticesadmin\class-media-restriction-admin.php:526
actionadmin_noticesadmin\class-media-restriction-admin.php:536
actionplugins_loadedincludes\class-media-restriction.php:135
actionadmin_enqueue_scriptsincludes\class-media-restriction.php:150
actionadmin_enqueue_scriptsincludes\class-media-restriction.php:151
actionadmin_menuincludes\class-media-restriction.php:152
actionadmin_initincludes\class-media-restriction.php:153
actionadmin_footermedia-restriction.php:55
Maintenance & Trust

Prevent files / folders access Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJun 24, 2025
PHP min version5.6
Downloads35K

Community Trust

Rating92/100
Number of ratings35
Active installs1K
Alternatives

Prevent files / folders access Alternatives

User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder

User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder

user-registration

B
76

Build membership sites with tiered plans, content restriction, drag-&-drop custom registration & login form builder, and built-in payment system.

60K 36 CVEs
Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More

Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More

content-control

A
97

Restrict content based on login status, user roles, device type & more. Monetize your content with a paywall or members-only content.

40K 4 CVEs
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

paid-member-subscriptions

B
82

Feature-packed membership plugin for creating subscription plans, adding recurring payments & content restriction on your membership site.

10K 17 CVEs
Restrict User Access – Ultimate Membership & Content Protection

Restrict User Access – Ultimate Membership & Content Protection

restrict-user-access

A
99

Create Access Levels and restrict any post, page, category, etc. Supports bbPress, BuddyPress, WooCommerce, WPML, and more.

10K 2 CVEs
s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions

s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions

s2member

B
76

❤️ Excellent membership plugin! Easy, quick, flexible. Monetize your site with memberships and subscriptions. Protect content instantly and securely.

9K 12 CVEs
Developer Profile

Prevent files / folders access Developer Profile

miniOrange

41 plugins · 83K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
324 days
View full developer profile
Detection Fingerprints

How We Detect Prevent files / folders access

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/prevent-file-access/css/admin.css/wp-content/plugins/prevent-file-access/js/admin.js
Version Parameters
prevent-file-access/css/admin.css?ver=prevent-file-access/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
mo_media_restriction_wrap
Data Attributes
data-nonce
JS Globals
wpMediaRestriction
FAQ

Frequently Asked Questions about Prevent files / folders access