Does Upload Larger Plugins have any unpatched vulnerabilities?

No. All known vulnerabilities in Upload Larger Plugins have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Upload Larger Plugins compatible with WordPress 6.9.4?

According to WordPress.org data, Upload Larger Plugins 2.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Upload Larger Plugins updated?

Upload Larger Plugins was last updated on Nov 17, 2025. Frequent updates are generally a positive security signal.

What is Upload Larger Plugins's security score?

Upload Larger Plugins has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Upload Larger Plugins Security & Risk Analysis

wordpress.org/plugins/upload-larger-plugins

Install plugins of any size (i.e. work around web hosting limits)

7K active installs v2.0 PHP + WP 3.3+ Updated Nov 17, 2025

plugins-installationpluploadupload-file-limitupload-larger-plugins

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Upload Larger Plugins Safe to Use in 2026?

Generally Safe

Score 100/100

Upload Larger Plugins has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The "upload-larger-plugins" v2.0 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of known CVEs and the use of prepared statements for all SQL queries are significant strengths. Furthermore, the plugin implements nonce and capability checks on its entry points, indicating an effort to secure against common attack vectors. The taint analysis also reveals no critical or high severity unsanitized path flows, suggesting that sensitive data handling within the plugin is likely robust.

However, there are areas of concern that warrant attention. The most notable weakness lies in the output escaping, where only 22% of the nine observed outputs are properly escaped. This leaves a significant portion of the plugin's output potentially vulnerable to cross-site scripting (XSS) attacks if the data processed by these outputs originates from untrusted sources. While the attack surface is small and appears protected, the lack of comprehensive output escaping is a weakness that could be exploited.

In conclusion, the plugin has commendable security practices in place, particularly regarding SQL injection and authorization. The lack of a vulnerability history is also a positive sign. The primary risk identified is the insufficient output escaping, which could lead to XSS vulnerabilities. Addressing this issue would significantly improve the plugin's overall security.

Key Concerns

Insufficient output escaping

Vulnerabilities

None known

Upload Larger Plugins Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Upload Larger Plugins Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

22% escaped9 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

ulp_plupload_action (upload-larger-plugins.php:198)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Upload Larger Plugins Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_ulp_plupload_actionupload-larger-plugins.php:38

WordPress Hooks 10

actioninstall_plugins_uploadupload-larger-plugins.php:33

actioninstall_plugins_pre_uploadupload-larger-plugins.php:34

actionadmin_enqueue_scriptsupload-larger-plugins.php:35

actionplugins_loadedupload-larger-plugins.php:36

actionadmin_headupload-larger-plugins.php:37

actionadmin_initupload-larger-plugins.php:39

filterinstall_plugin_overwrite_actionsupload-larger-plugins.php:43

filterupload_dirupload-larger-plugins.php:110

actionupgrader_process_completeupload-larger-plugins.php:111

filterupload_dirupload-larger-plugins.php:212

Maintenance & Trust

Upload Larger Plugins Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedNov 17, 2025

PHP min version

Downloads144K

Community Trust

Rating100/100

Number of ratings20

Active installs7K

Alternatives

Upload Larger Plugins Alternatives

Resize images before upload

resize-images-before-upload

Automatically resizes your images right in your browser, before uploading.

1K No CVEs

Multi Uploader for Gravity Forms

gf-multi-uploader

Chunked Multiple file uploads, from images, videos to pdf. Files stored in WP Media Library.

30 2 CVEs

Developer Profile

Upload Larger Plugins Developer Profile

David Anderson / Team Updraft

16 plugins · 6.4M total installs

trust score

Avg Security Score

98/100

Avg Patch Time

1197 days

View full developer profile

Detection Fingerprints

How We Detect Upload Larger Plugins

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/upload-larger-plugins/admin.js

Script Paths