Does Protect Uploads have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Protect Uploads compatible with WordPress 6.9.4?

According to WordPress.org data, Protect Uploads 0.6.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Protect Uploads compatible with PHP 7.0+?

Protect Uploads requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Protect Uploads updated?

Protect Uploads was last updated on Dec 28, 2025. Frequent updates are generally a positive security signal.

What is Protect Uploads's security score?

Protect Uploads has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Protect Uploads Security & Risk Analysis

wordpress.org/plugins/protect-uploads

Protect your uploads directory. Prevent browsing, add watermarks, disable right-click, and password-protect files. For more information, visit protect …

40K active installs v0.6.0 PHP 7.0+ WP 3.0.1+ Updated Dec 28, 2025

password-protectionprotectionsecurityuploadswatermark

A · Safe

CVEs total1

Unpatched0

Last CVEAug 13, 2022

Plugin page Download

Safety Verdict

Is Protect Uploads Safe to Use in 2026?

Generally Safe

Score 100/100

Protect Uploads has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Aug 13, 2022Updated 4mo ago

Risk Assessment

The "protect-uploads" v0.6.0 plugin exhibits a generally good security posture, with strengths in its use of prepared statements for all SQL queries and near-perfect output escaping. The plugin also implements nonce and capability checks for its AJAX handlers, and no REST API routes or shortcodes are present, significantly limiting its external attack surface. However, the taint analysis reveals a concerning number of flows with unsanitized paths, including three high-severity issues. This, combined with the plugin's history of a medium severity "Improper Authorization" vulnerability, suggests potential weaknesses in how user-supplied data is handled and validated before being used in sensitive operations. While no unpatched CVEs are currently listed, the presence of high-severity taint flows warrants careful investigation and remediation.

Key Concerns

High severity taint flows found
Unsanitized paths in taint flows
Previous medium severity vulnerability

Vulnerabilities

1 published

Protect Uploads Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

WF-e3702936-9ae2-4efb-bdfe-9e1dfceb246b-protect-uploadsmedium · 4.8Improper Authorization

Protect uploads <= 0.3 - Authorization Bypass

Aug 13, 2022 Patched in 0.4 (528d)

Version History

Protect Uploads Release Timeline

v0.6.0Current

v0.5.2

v0.5.1

v0.4

v0.31 CVE

WF-e3702936-9ae2-4efb-bdfe-9e1dfceb246b-protect-uploads

v0.21 CVE

WF-e3702936-9ae2-4efb-bdfe-9e1dfceb246b-protect-uploads

v0.11 CVE

WF-e3702936-9ae2-4efb-bdfe-9e1dfceb246b-protect-uploads

Code Analysis

Analyzed Mar 16, 2026

Protect Uploads Code Analysis

Dangerous Functions

Raw SQL Queries

10 prepared

Unescaped Output

71 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared10 total queries

Output Escaping

99% escaped72 total outputs

Data Flows · Security

5 unsanitized

Data Flow Analysis

6 flows5 with unsanitized paths

handle_protected_file_request (includes\class-protect-uploads-frontend.php:62)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Protect Uploads Attack Surface

Entry Points4

Unprotected0

AJAX Handlers 4

authwp_ajax_protect_uploads_add_passwordincludes\class-protect-uploads-passwords.php:47

authwp_ajax_protect_uploads_delete_passwordincludes\class-protect-uploads-passwords.php:48

authwp_ajax_verify_attachment_passwordincludes\class-protect-uploads-passwords.php:49

noprivwp_ajax_verify_attachment_passwordincludes\class-protect-uploads-passwords.php:50

WordPress Hooks 9

actionparse_requestincludes\class-protect-uploads-frontend.php:53

filterwp_handle_uploadincludes\class-protect-uploads-image.php:43

actionadd_meta_boxesincludes\class-protect-uploads-passwords.php:44

filterwp_get_attachment_urlincludes\class-protect-uploads-passwords.php:53

actionplugins_loadedincludes\class-protect-uploads.php:50

actionadmin_menuincludes\class-protect-uploads.php:60

actionadmin_enqueue_scriptsincludes\class-protect-uploads.php:66

actionadmin_enqueue_scriptsincludes\class-protect-uploads.php:72

actionwp_enqueue_scriptsincludes\class-protect-uploads.php:87

Maintenance & Trust

Protect Uploads Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 28, 2025

PHP min version7.0

Downloads1.4M

Community Trust

Rating96/100

Number of ratings12

Active installs40K

Alternatives

Protect Uploads Alternatives

Solid Security – Password, Two Factor Authentication, and Brute Force Protection

better-wp-security

Harden your site security with Login Security, Two-Factor Authentication (2FA), Vulnerability Scanner, Firewall, and more. Formerly iThemes Security.

700K 19 CVEs

Product Watermark for WooCommerce

product-watermark-for-woocommerce

100

Allows you to add watermark to images that applied to products

2K No CVEs

WP Double Protection

wp-double-protection

This plugin allows a second password option and thus making your website doubly protected.

30 No CVEs

Geotrixe Content Protector & Image Watermarker

geotrixe-content-protector-watermarker

100

Protect your WordPress content by disabling right-click, text selection, copy/paste shortcuts, and image dragging. Includes image watermarking.

0 No CVEs

Password Protected — Lock Entire Site, Pages, Posts, Categories, and Partial Content

password-protected

Protect your WordPress site, pages, posts, WooCommerce products, and categories with single or multiple passwords.

300K 5 CVEs

Developer Profile

Protect Uploads Developer Profile

Protect Uploads

1 plugin · 40K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

528 days

View full developer profile

Detection Fingerprints

How We Detect Protect Uploads

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/protect-uploads/assets/css/protect-uploads.css/wp-content/plugins/protect-uploads/assets/js/protect-uploads.js

Script Paths

/wp-content/plugins/protect-uploads/assets/js/protect-uploads.js

Version Parameters

protect-uploads/assets/css/protect-uploads.css?ver=protect-uploads/assets/js/protect-uploads.js?ver=

HTML / DOM Fingerprints

CSS Classes

protect-uploadsnginx-noticedirectory-status-tabletab-content

Data Attributes

data-protect-uploads-nonce

JS Globals

protect_uploads_vars

FAQ

Protect Uploads Security & Risk Analysis

Is Protect Uploads Safe to Use in 2026?

Generally Safe

Key Concerns

Protect Uploads Security Vulnerabilities

CVEs by Year

Severity Breakdown

Protect Uploads Release Timeline

Protect Uploads Code Analysis

SQL Query Safety

Output Escaping

Data Flow Analysis

Protect Uploads Attack Surface

AJAX Handlers 4

Protect Uploads Maintenance & Trust

Maintenance Signals

Community Trust

Protect Uploads Alternatives

Solid Security – Password, Two Factor Authentication, and Brute Force Protection

Product Watermark for WooCommerce

WP Double Protection

Geotrixe Content Protector & Image Watermarker

Password Protected — Lock Entire Site, Pages, Posts, Categories, and Partial Content

Protect Uploads Developer Profile

How We Detect Protect Uploads

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Protect Uploads