Big File Uploads – Increase Maximum File Upload Size Security & Risk Analysis
wordpress.org/plugins/tuxedo-big-file-uploadsEnable large file uploads in the built-in WordPress media uploader via file chunking, and set maximum upload file size to any value based on user role …
Is Big File Uploads – Increase Maximum File Upload Size Safe to Use in 2026?
Generally Safe
Score 99/100Big File Uploads – Increase Maximum File Upload Size has a strong security track record. Known vulnerabilities have been patched promptly.
The "tuxedo-big-file-uploads" v2.1.7 plugin exhibits a generally good security posture, particularly in its handling of AJAX requests and SQL queries. The static analysis shows a robust implementation of authorization checks for all identified AJAX entry points, and all SQL queries are properly prepared, which significantly mitigates common injection vulnerabilities. Furthermore, the absence of critical or high-severity taint flows suggests that user-supplied data is being handled with reasonable care, and the code does not appear to expose sensitive information through obvious unsanitized paths.
However, the plugin's vulnerability history is a notable concern. Having two known medium-severity CVEs, even if currently patched, indicates a recurring pattern of security weaknesses. The historical vulnerability types, Exposure of Sensitive Information to an Unauthorized Actor and Cross-Site Request Forgery (CSRF), are significant and can lead to serious security breaches. While the current version may have patched these, the history suggests a potential for such issues to re-emerge or for new vulnerabilities to be introduced in future updates if not addressed with stringent security practices.
In conclusion, the "tuxedo-big-file-uploads" v2.1.7 plugin demonstrates strengths in its defensive coding practices for new vulnerabilities, particularly in its secure handling of AJAX and SQL. Nevertheless, the historical presence of medium-severity vulnerabilities warrants caution. The plugin's development team should prioritize a thorough security review and robust testing process to prevent the recurrence of past vulnerability types.
Key Concerns
- Known medium vulnerabilities historically
- Potential for past vulnerability types to recur
- 19% of output not properly escaped
Big File Uploads – Increase Maximum File Upload Size Security Vulnerabilities
CVEs by Year
Severity Breakdown
2 total CVEs
Big File Uploads <= 2.1.2 - Authenticated (Author+) Full Path Disclosure
Big File Uploads <= 2.1.1 - Cross-Site Request Forgery via actions
Big File Uploads – Increase Maximum File Upload Size Code Analysis
Output Escaping
Data Flow Analysis
Big File Uploads – Increase Maximum File Upload Size Attack Surface
AJAX Handlers 6
WordPress Hooks 17
Maintenance & Trust
Big File Uploads – Increase Maximum File Upload Size Maintenance & Trust
Maintenance Signals
Community Trust
Big File Uploads – Increase Maximum File Upload Size Alternatives
Increase Maximum Upload File Size
upload-max-file-size
Increase maximum upload file size limit to any value. Increase upload limit - upload large files.
Themx Maximum Upload File Size | Increase Maximum Upload File Size
themx-maximum-upload-file-size
Increase maximum upload file size limit to larger value. Increase upload limit, upload big files. Increase maximum execution time.
EasyMedia – Increase Media Upload File Size | Role-Based Upload Limit | Increase Execution Time
wp-maximum-upload-file-size
EasyMedia - Increase the maximum upload file size limit to any value. Increase upload limit - upload large files effortlessly.
Increase Maximum Upload file Size Limit
increase-maximum-upload-file-size-limit
Increase Maximum file size Upload Limit. Control Post Max Size, Max upload size, Increase Upload limit, execution time, big file upload from WordPress …
Increase Upload Limit
increase-upload-limit
Increase maximum upload file size limit to any value. Increase upload limit - upload large files.
Big File Uploads – Increase Maximum File Upload Size Developer Profile
6 plugins · 101K total installs
How We Detect Big File Uploads – Increase Maximum File Upload Size
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/tuxedo-big-file-uploads/assets/js/bfu-gutenberg-block.js/wp-content/plugins/tuxedo-big-file-uploads/assets/js/bfu-admin-notices.js/wp-content/plugins/tuxedo-big-file-uploads/assets/js/bfu-admin-settings.js/wp-content/plugins/tuxedo-big-file-uploads/assets/css/bfu-admin-styles.css/wp-content/plugins/tuxedo-big-file-uploads/assets/js/bfu-gutenberg-block.js/wp-content/plugins/tuxedo-big-file-uploads/assets/js/bfu-admin-notices.js/wp-content/plugins/tuxedo-big-file-uploads/assets/js/bfu-admin-settings.jstuxedo-big-file-uploads/assets/js/bfu-gutenberg-block.js?ver=tuxedo-big-file-uploads/assets/js/bfu-admin-notices.js?ver=tuxedo-big-file-uploads/assets/js/bfu-admin-settings.js?ver=tuxedo-big-file-uploads/assets/css/bfu-admin-styles.css?ver=HTML / DOM Fingerprints
bfu-noticebfu-review-noticebfu-upgrade-noticebfu-upgrade-messagebfu-buttonbfu-pro-featurebfu-settings-fieldbfu-admin-notice-dismiss+2 moreBig File Uploads ManagerBig File Uploads SettingsBig File Uploads Admin NoticesBig File Uploads Gutenberg Block Noticedata-bfu-dismissdata-bfu-subscribe-dismissdata-bfu-upgrade-dismissdata-bfu-review-dismissbfu_admin_paramsbfu_gutenberg_params/wp-json/bfu/v1/scan/wp-json/bfu/v1/dismiss/wp-json/bfu/v1/upgrade/dismiss/wp-json/bfu/v1/subscribe/dismiss