WP-Safety

Uploadcare File Uploader and Adaptive Delivery (beta) Security & Risk Analysis

wordpress.org/plugins/uploadcare

Uploadcare, an all-round media upload, storage, management, and delivery solution, breaks many WordPress Media Library limitations.

90 active installs v3.1.0 PHP 7.4+ WP 5.0+ Updated Jun 14, 2024
adaptive-deliverycdnfile-uploadresponsivestorage
91
A · Safe
CVEs total1
Unpatched0
Last CVEMay 30, 2024
Plugin page Download
Safety Verdict

Is Uploadcare File Uploader and Adaptive Delivery (beta) Safe to Use in 2026?

Generally Safe

Score 91/100

Uploadcare File Uploader and Adaptive Delivery (beta) has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: May 30, 2024Updated 1yr ago
Risk Assessment

The Uploadcare plugin v3.1.0 exhibits a concerning security posture primarily due to a significant number of unprotected entry points. While the plugin demonstrates good practices like 100% use of prepared statements for SQL queries and a high percentage of properly escaped output, the presence of 5 AJAX handlers, all lacking authentication checks, creates a substantial attack surface. Furthermore, taint analysis reveals 2 high-severity flows with unsanitized paths, indicating potential risks for data manipulation or injection if these flows are triggered by malicious input. The use of the `unserialize` function, though only present twice, is a known risk vector if not handled with extreme care, especially with user-supplied data. The vulnerability history shows one medium-severity CVE recently, which, although patched, highlights a pattern of past vulnerabilities. The plugin's strengths lie in its secure database interactions and output handling, but these are overshadowed by the critical weaknesses in its entry point security and data sanitization for specific flows.

Key Concerns

  • Unprotected AJAX handlers
  • High severity unsanitized taint flows
  • Use of unserialize function
  • Medium severity CVE history
Vulnerabilities
1

Uploadcare File Uploader and Adaptive Delivery (beta) Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-35636medium · 4.3Cross-Site Request Forgery (CSRF)

Uploadcare File Uploader and Adaptive Delivery (beta) <= 3.0.11 - Cross-Site Request Forgery

May 30, 2024 Patched in 3.1.0 (29d)
Code Analysis
Analyzed Mar 16, 2026

Uploadcare File Uploader and Adaptive Delivery (beta) Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
7 prepared
Unescaped Output
13
52 escaped
Nonce Checks
4
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserialize$key_data = unserialize( $option_data['option_value'] );admin\class-ucfilemodel.php:161
unserialize$key_data = unserialize( $option_data['option_value'] );includes\uploadcare_settings.php:122

Bundled Libraries

Guzzle

SQL Query Safety

100% prepared7 total queries

Output Escaping

80% escaped65 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

5 flows4 with unsanitized paths
transferDown (admin\UcAdmin.php:356)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
5 unprotected

Uploadcare File Uploader and Adaptive Delivery (beta) Attack Surface

Entry Points5
Unprotected5

AJAX Handlers 5

authwp_ajax_uploadcare_handleincludes\UploadcareMain.php:85
authwp_ajax_uploadcare_transferincludes\UploadcareMain.php:86
authwp_ajax_uploadcare_downincludes\UploadcareMain.php:87
authwp_ajax_uploadcare_upload_multiplyincludes\UploadcareMain.php:88
authwp_ajax_uploadcare_download_multiplyincludes\UploadcareMain.php:89
WordPress Hooks 25
actionplugins_loadedincludes\UploadcareMain.php:52
actioninitincludes\UploadcareMain.php:63
filterwp_prepare_attachment_for_jsincludes\UploadcareMain.php:64
actionwp_enqueue_scriptsincludes\UploadcareMain.php:65
filterrender_blockincludes\UploadcareMain.php:66
filterpost_thumbnail_htmlincludes\UploadcareMain.php:67
filterwp_calculate_image_srcsetincludes\UploadcareMain.php:68
filterwp_get_attachment_metadataincludes\UploadcareMain.php:69
filterwp_image_src_get_dimensionsincludes\UploadcareMain.php:70
filterwp_get_attachment_image_srcincludes\UploadcareMain.php:71
actionadmin_headincludes\UploadcareMain.php:82
actioninitincludes\UploadcareMain.php:83
actionadmin_enqueue_scriptsincludes\UploadcareMain.php:84
actionpost-upload-uiincludes\UploadcareMain.php:90
actionadmin_menuincludes\UploadcareMain.php:91
actiondelete_attachmentincludes\UploadcareMain.php:92
actionmanage_post_posts_custom_columnincludes\UploadcareMain.php:93
actionmanage_page_posts_custom_columnincludes\UploadcareMain.php:94
filterplugin_action_links_uploadcare/uploadcare.phpincludes\UploadcareMain.php:96
filterload_image_to_edit_attachmenturlincludes\UploadcareMain.php:97
filterwp_get_attachment_urlincludes\UploadcareMain.php:98
filterimage_downsizeincludes\UploadcareMain.php:99
filterpost_thumbnail_htmlincludes\UploadcareMain.php:100
filtermanage_post_posts_columnsincludes\UploadcareMain.php:101
filtermanage_page_posts_columnsincludes\UploadcareMain.php:102
Maintenance & Trust

Uploadcare File Uploader and Adaptive Delivery (beta) Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8
Last updatedJun 14, 2024
PHP min version7.4
Downloads27K

Community Trust

Rating76/100
Number of ratings9
Active installs90
Alternatives

Uploadcare File Uploader and Adaptive Delivery (beta) Alternatives

Filestack WP Upload

Filestack WP Upload

filestack-upload

A
99

Upload files directly to the cloud with support for multiple sources including local, Facebook, Dropbox, Google Drive, and more.

70 1 CVE
WP-Stateless – Google Cloud Storage

WP-Stateless – Google Cloud Storage

wp-stateless

A
98

Upload and serve your WordPress media files from Google Cloud Storage.

4K 2 CVEs
Microsoft Azure Storage for WordPress

Microsoft Azure Storage for WordPress

windows-azure-storage

A
99

Use the Microsoft Azure Storage service to host your website's media files.

2K 1 CVE
Max Upload File Size Manager

Max Upload File Size Manager

max-upload-file-size-manager

A
100

Max Upload File Size Manager empowers you to effortlessly overcome your hosting provider's file size limits (up to 2 GB) by allowing seamless upl &hellip;

200 No CVEs
Cloud Storage Manager for Fluent Forms – Google Drive, Dropbox, OneDrive, S3 Uploads

Cloud Storage Manager for Fluent Forms – Google Drive, Dropbox, OneDrive, S3 Uploads

cloud-storage-manager

A
100

Upload Fluent Forms files to Google Drive, Dropbox, OneDrive, S3, and Cloudflare R2. Save server space with cloud storage.

100 No CVEs
Developer Profile

Uploadcare File Uploader and Adaptive Delivery (beta) Developer Profile

grayhound1

1 plugin · 90 total installs

88
trust score
Avg Security Score
91/100
Avg Patch Time
29 days
View full developer profile
Detection Fingerprints

How We Detect Uploadcare File Uploader and Adaptive Delivery (beta)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/uploadcare/css/uploadcare.css/wp-content/plugins/uploadcare/compiled-js/blocks.css/wp-content/plugins/uploadcare/css/custom.css/wp-content/plugins/uploadcare/compiled-js/admin.css
Script Paths
/wp-content/plugins/uploadcare/js/config.js/wp-content/plugins/uploadcare/compiled-js/blocks.js/wp-content/plugins/uploadcare/compiled-js/admin.js
Version Parameters
uploadcare.css?ver=blocks.css?ver=custom.css?ver=admin.css?ver=

HTML / DOM Fingerprints

CSS Classes
uploadcare-widget-formuploadcare-widget-file-uploader
Data Attributes
data-uploadcare-public-key
JS Globals
WP_UC_PARAMS
FAQ

Frequently Asked Questions about Uploadcare File Uploader and Adaptive Delivery (beta)