Does Melapress File Monitor have any unpatched vulnerabilities?

No. All known vulnerabilities in Melapress File Monitor have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Melapress File Monitor compatible with WordPress 6.9.4?

According to WordPress.org data, Melapress File Monitor 2.3.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Melapress File Monitor compatible with PHP 8.0+?

Melapress File Monitor requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Melapress File Monitor updated?

Melapress File Monitor was last updated on Feb 26, 2026. Frequent updates are generally a positive security signal.

What is Melapress File Monitor's security score?

Melapress File Monitor has a WP-Safety security score of 95/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Melapress File Monitor Security & Risk Analysis

wordpress.org/plugins/website-file-changes-monitor

Get email alerts for file and permission changes on your WordPress sites. No false positives!

5K active installs v2.3.0 PHP 8.0+ WP 5.0+ Updated Feb 26, 2026

file-monitorfile-securityfile-changesmalware-detectionsecurity

A · Safe

CVEs total4

Unpatched0

Last CVEJul 3, 2025

Plugin page Download

Safety Verdict

Is Melapress File Monitor Safe to Use in 2026?

Generally Safe

Score 95/100

Melapress File Monitor has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Jul 3, 2025Updated 1mo ago

Risk Assessment

This plugin exhibits a concerning security posture primarily due to a significant number of unprotected AJAX handlers, representing a large attack surface that could be exploited by unauthenticated users. While the plugin demonstrates good practices in its use of prepared statements for SQL queries and proper output escaping, the 14 unprotected AJAX endpoints are a critical weakness. The presence of the `unserialize` function also raises a red flag, as it can lead to deserialization vulnerabilities if not handled with extreme care, especially when dealing with user-controlled input. The plugin's vulnerability history, with four known CVEs including one high-severity SQL injection and three medium-severity vulnerabilities, highlights a pattern of past security oversights. Although no CVEs are currently unpatched, the recurring nature of these issues suggests potential ongoing security challenges and the need for more rigorous development and testing practices. Overall, while some good security practices are in place, the substantial unprotected attack surface and past vulnerability trends indicate a notable risk.

Key Concerns

Unprotected AJAX handlers
Dangerous function unserialize
Past high severity vulnerability (SQLi)
Past medium severity vulnerabilities

Vulnerabilities

Melapress File Monitor Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

3 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

4 total CVEs

CVE-2025-3702medium · 4.3Missing Authorization

Melapress File Monitor < 2.2.0 - Missing Authorization

Jul 3, 2025 Patched in 2.2.0 (6d)

CVE-2024-10009medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Melapress File Monitor <= 2.0.2 - Authenticated (Admin+) Authenticated SQL Injection

Mar 2, 2025 Patched in 2.1.0 (87d)

CVE-2024-9879medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Melapress File Monitor <= 2.1.0 - Authenticated (Admin+) Authenticated SQL Injection

Mar 2, 2025 Patched in 2.1.1 (90d)

CVE-2022-2269high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Website File Changes Monitor <= 1.8.2 - Authenticated (Admin+) SQL Injection

Jul 13, 2022 Patched in 1.8.3 (559d)

Code Analysis

Analyzed Mar 16, 2026

Melapress File Monitor Code Analysis

Dangerous Functions

Raw SQL Queries

72 prepared

Unescaped Output

236 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$input_data = serialize( unserialize( $found[0]['data'] ) + unserialize( $data['data'] ) ); // phpcsclasses\class-db-handler.php:693

SQL Query Safety

97% prepared74 total queries

Output Escaping

93% escaped253 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

5 flows1 with unsanitized paths

events_markup (classes\admin\class-admin-manager.php:379)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

14 unprotected

Melapress File Monitor Attack Surface

Entry Points17

Unprotected14

AJAX Handlers 16

authwp_ajax_dismiss_mfm_update_noticeclasses\admin\class-admin-manager.php:67

authwp_ajax_mfm_start_directory_runnerclasses\class-mfm.php:95

authwp_ajax_mfm_send_test_emailclasses\class-mfm.php:96

authwp_ajax_mfm_load_extra_metadataclasses\class-mfm.php:97

authwp_ajax_monitor_mfm_scan_statusclasses\class-mfm.php:98

authwp_ajax_mfm_purge_dataclasses\class-mfm.php:101

authwp_ajax_mfm_update_settingclasses\class-mfm.php:102

authwp_ajax_mfm_validate_settingclasses\class-mfm.php:103

authwp_ajax_mfm_reset_settingclasses\class-mfm.php:104

authwp_ajax_mfm_mark_as_readclasses\class-mfm.php:105

authwp_ajax_mfm_finish_setup_wizardclasses\class-mfm.php:106

authwp_ajax_mfm_dismiss_events_noticeclasses\class-mfm.php:107

authwp_ajax_mfm_abort_scanclasses\class-mfm.php:108

authwp_ajax_mfm_event_lookupclasses\class-mfm.php:109

authwp_ajax_mfm_cancel_scanclasses\class-mfm.php:110

authwp_ajax_mfm_cancel_setup_wizardclasses\class-mfm.php:111

REST API Routes 1

GET/wp-json/mfm-scan-statusget-statusclasses\class-scan-status-monitor.php:34

WordPress Hooks 22

actionwsal_sensors_manager_addclasses\activity-log\class-init-sensor.php:35

actionwsal_custom_alerts_registerclasses\activity-log\class-init-sensor.php:53

filterwsal_event_type_dataclasses\activity-log\class-init-sensor.php:71

filterwsal_event_objectsclasses\activity-log\class-init-sensor.php:92

filterwsal_togglealerts_obsolete_eventsclasses\activity-log\class-init-sensor.php:113

actionadmin_enqueue_scriptsclasses\admin\class-admin-manager.php:59

actionadmin_initclasses\admin\class-admin-manager.php:63

actionadmin_noticesclasses\admin\class-admin-manager.php:65

actionnetwork_admin_noticesclasses\admin\class-admin-manager.php:66

actionadmin_noticesclasses\admin\class-admin-manager.php:266

actionadmin_noticesclasses\admin\class-admin-manager.php:530

actionadmin_noticesclasses\admin\class-admin-manager.php:535

actionadmin_noticesclasses\admin\class-admin-manager.php:540

actionrest_api_initclasses\class-mfm.php:114

actioninitclasses\class-mfm.php:120

actioninitclasses\class-mfm.php:123

actionadmin_initclasses\class-mfm.php:137

actionadmin_initclasses\class-plugins-and-themes-monitor.php:54

actionshutdownclasses\class-plugins-and-themes-monitor.php:56

filtercron_schedulesclasses\crons\class-cron-handler.php:126

actionadmin_initwebsite-file-changes-monitor.php:61

actionadmin_noticeswebsite-file-changes-monitor.php:67

Maintenance & Trust

Melapress File Monitor Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 26, 2026

PHP min version8.0

Downloads128K

Community Trust

Rating82/100

Number of ratings31

Active installs5K

Alternatives

Melapress File Monitor Alternatives

File Change Monitor

file-change-monitor

100

Detects file changes in WordPress core, themes, and plugins. Sends email alerts to the site admin.

10 No CVEs

File Inspection

file-inspection

100

The plugin creates MD5 hash from every file in your blog.

10 No CVEs

Files Inspector

files-inspector

Compare files changes within wordpress.

10 No CVEs

Recent File Scanner

recent-file-scanner

100

Scan themes and plugins for newly created files added in the last N days. Great for detecting suspicious uploads.

0 No CVEs

Wordfence Security – Firewall, Malware Scan, and Login Security

wordfence

Firewall, Malware Scanner, Two Factor Auth, and Comprehensive Security Features, powered by our 24-hour team. Make security a priority with Wordfence.

5.0M 12 CVEs

Developer Profile

Melapress File Monitor Developer Profile

Melapress

6 plugins · 417K total installs

trust score

Avg Security Score

93/100

Avg Patch Time

540 days

View full developer profile

Detection Fingerprints

How We Detect Melapress File Monitor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/website-file-changes-monitor/assets/js/script.js/wp-content/plugins/website-file-changes-monitor/assets/css/style.css

Script Paths

/wp-content/plugins/website-file-changes-monitor/assets/js/script.js

Version Parameters

website-file-changes-monitor/assets/js/script.js?ver=website-file-changes-monitor/assets/css/style.css?ver=

HTML / DOM Fingerprints

CSS Classes

mfm-settings-form

HTML Comments

Data Attributes

data-mfm-settings

JS Globals

window.mfm_settings

REST Endpoints

/wp-json/mfm/v1/settings/wp-json/mfm/v1/logs

FAQ

Melapress File Monitor Security & Risk Analysis

Is Melapress File Monitor Safe to Use in 2026?

Generally Safe

Key Concerns

Melapress File Monitor Security Vulnerabilities

CVEs by Year

Severity Breakdown

Melapress File Monitor Code Analysis

Dangerous Functions Found

SQL Query Safety

Output Escaping

Data Flow Analysis

Melapress File Monitor Attack Surface

AJAX Handlers 16

REST API Routes 1

Melapress File Monitor Maintenance & Trust

Maintenance Signals

Community Trust

Melapress File Monitor Alternatives

File Change Monitor

File Inspection

Files Inspector

Recent File Scanner

Wordfence Security – Firewall, Malware Scan, and Login Security

Melapress File Monitor Developer Profile

How We Detect Melapress File Monitor

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Melapress File Monitor