Does Safe Attachment Names have any unpatched vulnerabilities?

No. All known vulnerabilities in Safe Attachment Names have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Safe Attachment Names compatible with WordPress 6.8.5?

According to WordPress.org data, Safe Attachment Names 1.1.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Safe Attachment Names compatible with PHP 7.4+?

Safe Attachment Names requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Safe Attachment Names updated?

Safe Attachment Names was last updated on Sep 26, 2025. Frequent updates are generally a positive security signal.

What is Safe Attachment Names's security score?

Safe Attachment Names has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Safe Attachment Names Security & Risk Analysis

wordpress.org/plugins/safe-attachment-names

Automatically detect and change the name of attachments containing special characters such as accented letters.

70 active installs v1.1.0 PHP 7.4+ WP 5.0+ Updated Sep 26, 2025

accentsadminadministrationattachmentlatin

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Safe Attachment Names Safe to Use in 2026?

Generally Safe

Score 100/100

Safe Attachment Names has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago

Risk Assessment

The "safe-attachment-names" plugin v1.1.0 exhibits a strong security posture based on the provided static analysis. The absence of any identified dangerous functions, SQL injection risks (all queries use prepared statements), and external HTTP requests are significant strengths. Furthermore, the zero-count for unsanitized paths in taint analysis indicates robust input handling and sanitization within the analyzed code flows. The presence of nonce and capability checks, while limited in number, demonstrates an awareness of WordPress security best practices.

However, a potential area for improvement lies in output escaping. With 60% of outputs properly escaped, there remains a 40% chance of unescaped output, which could lead to Cross-Site Scripting (XSS) vulnerabilities if user-controlled data is involved in these unescaped outputs. The limited attack surface and zero recorded vulnerabilities in its history are positive indicators, suggesting the developers have a good understanding of secure coding. Overall, the plugin appears to be relatively secure, with the primary concern being the incomplete output escaping.

Key Concerns

Unescaped output detected

Vulnerabilities

None known

Safe Attachment Names Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Safe Attachment Names Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared4 total queries

Output Escaping

60% escaped10 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

admin_page (safe-attachment-names.php:231)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Safe Attachment Names Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionplugins_loadedsafe-attachment-names.php:97

actionadmin_menusafe-attachment-names.php:100

filterwp_handle_upload_prefiltersafe-attachment-names.php:103

actioninitsafe-attachment-names.php:562

Maintenance & Trust

Safe Attachment Names Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedSep 26, 2025

PHP min version7.4

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs70

Alternatives

Safe Attachment Names Alternatives

LightStart – Maintenance Mode, Coming Soon and Landing Page Builder

wp-maintenance-mode

Easy Drag & Drop Page Builder that adds a splash page to your site that it's perfect for a coming soon page, maintenance or landing page.

500K 6 CVEs

Adminimize

adminimize

Adminimize that lets you hide 'unnecessary' items from the WordPress backend

200K 2 CVEs

Remove Dashboard Access

remove-dashboard-access-for-non-admins

Disable Dashboard access for users of a specific role or capability. Disallowed users are redirected to a chosen URL. Get set up in seconds.

30K No CVEs

Error Log Monitor

error-log-monitor

Adds a Dashboard widget that displays the latest messages from your PHP error log. It can also send logged errors to email.

20K 1 CVE

Automatic Domain Changer

automatic-domain-changer

100

Automatically detects a domain name change, and updates all the WordPress tables in the database to reflect this change.

10K 1 CVE

Developer Profile

Safe Attachment Names Developer Profile

nuagelab

3 plugins · 10K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

602 days

View full developer profile

Detection Fingerprints

How We Detect Safe Attachment Names

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/safe-attachment-names/css/style.css/wp-content/plugins/safe-attachment-names/js/script.js

Script Paths

/wp-content/plugins/safe-attachment-names/js/script.js

Version Parameters

safe-attachment-names/css/style.css?ver=safe-attachment-names/js/script.js?ver=

HTML / DOM Fingerprints

FAQ