Does Upload Tracker have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Upload Tracker compatible with WordPress 6.2.9?

According to WordPress.org data, Upload Tracker 1.3.2 has been tested up to WordPress 6.2.9. Check the plugin's changelog for the latest compatibility information.

Is Upload Tracker compatible with PHP 5.4+?

Upload Tracker requires PHP 5.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Upload Tracker updated?

Upload Tracker was last updated on Apr 27, 2023. Frequent updates are generally a positive security signal.

What is Upload Tracker's security score?

Upload Tracker has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Upload Tracker Security & Risk Analysis

wordpress.org/plugins/upload-tracker

Easy access your uploaded file web links.

0 active installs v1.3.2 PHP 5.4+ WP 5.0+ Updated Apr 27, 2023

fileslinkstrackeruploadweblinks

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Upload Tracker Safe to Use in 2026?

Generally Safe

Score 85/100

Upload Tracker has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The upload-tracker v1.3.2 plugin exhibits a concerning security posture primarily due to its unprotected AJAX handlers. While the code analysis indicates good practices in areas like SQL query preparation and output escaping, the presence of three AJAX handlers that lack any authentication checks represents a significant attack surface. This means that any unauthenticated user could potentially trigger these functionalities, leading to unintended actions or information disclosure.

The lack of vulnerability history is a positive sign, suggesting that the plugin has not been publicly exploited or identified as having severe flaws in the past. However, this must be considered in conjunction with the identified code issues. The absence of taint analysis flows doesn't necessarily imply security, but rather that the analysis may not have been able to identify potential pathways for data manipulation or that such pathways simply don't exist or are difficult to exploit given the plugin's functionality.

In conclusion, while the plugin demonstrates strengths in database interaction and output handling, the unprotected AJAX endpoints are a critical weakness. This oversight dramatically increases the risk of exploitation, especially if these AJAX handlers perform sensitive operations. Developers should prioritize implementing robust authentication and authorization checks for all AJAX endpoints to mitigate this significant risk.

Key Concerns

Unprotected AJAX handlers
No nonce checks on AJAX
No capability checks on AJAX

Vulnerabilities

None known

Upload Tracker Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Upload Tracker Release Timeline

v1.3.2Current

v1.3.1

v1.3

v1.2

v1.1

v1.0

Code Analysis

Analyzed Apr 16, 2026

Upload Tracker Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared4 total queries

Attack Surface

3 unprotected

Upload Tracker Attack Surface

Entry Points3

Unprotected3

AJAX Handlers 3

authwp_ajax_uut_callbackupload-tracker.php:166

authwp_ajax_usww_callbackupload-tracker.php:167

authwp_ajax_usrr_callbackupload-tracker.php:168

WordPress Hooks 4

actionadd_attachmentupload-tracker.php:56

actionadmin_bar_menuupload-tracker.php:58

actionwp_loadedupload-tracker.php:124

actionadmin_enqueue_scriptsupload-tracker.php:125

Maintenance & Trust

Upload Tracker Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9

Last updatedApr 27, 2023

PHP min version5.4

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Upload Tracker Alternatives

Link to WordPress Files

link-to-wp-files

"Link to WordPress files" helps link your content to media files easily and quickly.

20 No CVEs

FileOrganizer – WordPress File Manager

fileorganizer

FileOrganizer is an intuitive file manager to easily edit, delete, upload, download, and manage all your WordPress files and folders right from the da …

200K 5 CVEs

Clean Image Filenames

clean-image-filenames

100

This plugin automatically converts language accent characters to non-accent characters in filenames when uploading to the media library.

30K No CVEs

File Upload Types by WPForms

file-upload-types

Easily allow WordPress to accept and upload any file type extension or MIME type, including custom file types.

30K 1 CVE

Max upload filesize

max-upload-filesize

It will help you to increase your upload filesize limit.

9K No CVEs

Developer Profile

Upload Tracker Developer Profile

rlf89

1 plugin · 0 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Upload Tracker

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/upload-tracker/styles.css/wp-content/plugins/upload-tracker/uscript.js

Script Paths

/wp-content/plugins/upload-tracker/uscript.js

Version Parameters

upload-tracker/styles.css?ver=upload-tracker/uscript.js?ver=

HTML / DOM Fingerprints

CSS Classes

ab-iconuut-green

Data Attributes

onclick

JS Globals

uwwEnableAjaxuwwShowAjaxuwwClearAjax

REST Endpoints

/wp-json/upload-tracker/v1/uut_callback/wp-json/upload-tracker/v1/usww_callback/wp-json/upload-tracker/v1/usrr_callback

FAQ