WP-Safety

CloudSync Master – Offload Media to S3, Cloudflare R2 & Google Cloud Security & Risk Analysis

wordpress.org/plugins/wp-cloudsync-master

Speed up WordPress by offloading media to Cloudflare R2, Amazon S3, Google Cloud & 7 more. Zero egress fees. Migrate from WP Offload Media in one …

10 active installs v2.0.4 PHP 7.4+ WP 5.0+ Updated Apr 3, 2026
amazon-s3cdncloud-storagecloudflare-r2media-offload
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is CloudSync Master – Offload Media to S3, Cloudflare R2 & Google Cloud Safe to Use in 2026?

Generally Safe

Score 100/100

CloudSync Master – Offload Media to S3, Cloudflare R2 & Google Cloud has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "wp-cloudsync-master" v2.0.4 plugin exhibits a mixed security posture. On the positive side, it demonstrates strong practices in SQL query handling, exclusively using prepared statements, and a high percentage of properly escaped output. The absence of known vulnerabilities in its history is also a significant positive indicator. However, the plugin presents notable risks due to its attack surface, with 4 out of 5 AJAX handlers lacking authentication checks. This creates a substantial entry point for potential attackers to exploit without proper authorization. The presence of dangerous functions like `unserialize`, `ini_set`, and `set_time_limit` further elevates concern, as these can be leveraged in various attack vectors if improperly handled. While the taint analysis did not reveal critical or high-severity issues, the presence of 7 flows with unsanitized paths warrants attention, as these could lead to unexpected behavior or vulnerabilities if user input is involved. In conclusion, while the plugin has good practices in some areas, the significant number of unprotected AJAX endpoints and the use of sensitive functions are serious weaknesses that require immediate attention to mitigate potential security risks.

Key Concerns

  • 4 unprotected AJAX handlers
  • Use of dangerous functions (unserialize, ini_set, set_time_limit)
  • 7 flows with unsanitized paths
Vulnerabilities
None known

CloudSync Master – Offload Media to S3, Cloudflare R2 & Google Cloud Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

CloudSync Master – Offload Media to S3, Cloudflare R2 & Google Cloud Release Timeline

No version history available.
Code Analysis
Analyzed Apr 16, 2026

CloudSync Master – Offload Media to S3, Cloudflare R2 & Google Cloud Code Analysis

Dangerous Functions
7
Raw SQL Queries
0
31 prepared
Unescaped Output
124
898 escaped
Nonce Checks
16
Capability Checks
16
File Operations
47
External Requests
2
Bundled Libraries
1

Dangerous Functions Found

unserialize$value = unserialize(file_get_contents($filePath));includes/Cache/Storage/TmpFile.php:59
ini_set@ini_set('zlib.output_compression', 'Off'); // @codingStandardsIgnoreLineincludes/WC/Admin/LogExporter/LogExporter.php:134
ini_set@ini_set('output_buffering', 'Off'); // @codingStandardsIgnoreLineincludes/WC/Admin/LogExporter/LogExporter.php:135
ini_set@ini_set('output_handler', ''); // @codingStandardsIgnoreLineincludes/WC/Admin/LogExporter/LogExporter.php:136
unserialize$data = unserialize($response['body']);includes/WP/Admin/OneTeamSoftware.php:976
set_time_limitset_time_limit(0);includes/WP/Task/AsyncTaskScheduler.php:105
move_uploaded_file$this->moved = \PHP_SAPI === 'cli' ? rename($this->file, $targetPath) : move_uploaded_file($this->fipackages/psr7/src/UploadedFile.php:127

Bundled Libraries

Guzzle

SQL Query Safety

100% prepared31 total queries

Output Escaping

88% escaped1022 total outputs
Data Flows · Security
7 unsanitized

Data Flow Analysis

12 flows7 with unsanitized paths
display (includes/WP/CloudSyncMaster/Admin/SettingsPage.php:171)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

CloudSync Master – Offload Media to S3, Cloudflare R2 & Google Cloud Attack Surface

Entry Points5
Unprotected4

AJAX Handlers 5

authwp_ajax_ots_activate_pluginincludes/WP/Admin/OneTeamSoftware.php:101
authwp_ajax_query-attachmentsincludes/WP/CloudSyncMaster/Hooks/UrlRewritingHooks.php:160
authwp_ajax_upload-attachmentincludes/WP/CloudSyncMaster/Hooks/UrlRewritingHooks.php:163
authwp_ajax_image-editorincludes/WP/CloudSyncMaster/Hooks/UrlRewritingHooks.php:164
authwp_ajax_send-attachment-to-editorincludes/WP/CloudSyncMaster/Hooks/UrlRewritingHooks.php:165
WordPress Hooks 63
actionadmin_enqueue_scriptsincludes/WC/Admin/Form/Form.php:170
filterwoocommerce_screen_idsincludes/WC/Admin/Form/Form.php:171
actioninitincludes/WC/Admin/LogExporter/LogExporter.php:50
actioninitincludes/WC/Admin/PageForm/AbstractPageForm.php:63
actionadmin_noticesincludes/WP/Admin/Notices/Notices.php:107
actionshutdownincludes/WP/Admin/Notices/Notices.php:108
filterwp_redirectincludes/WP/Admin/Notices/Notices.php:109
actionadmin_menuincludes/WP/Admin/OneTeamSoftware.php:99
actionadmin_enqueue_scriptsincludes/WP/Admin/OneTeamSoftware.php:100
actionadmin_menuincludes/WP/Admin/Page/AbstractPage.php:66
filterwoocommerce_screen_idsincludes/WP/Admin/Page/AbstractPage.php:67
actioninitincludes/WP/Admin/Table/AbstractTable.php:98
filteradmin_body_classincludes/WP/Admin/Theme/AdminTheme.php:79
filteradmin_body_classincludes/WP/CloudSyncMaster/Admin/SettingsPage.php:134
actionwoocommerce_admin_field_infoincludes/WP/CloudSyncMaster/Admin/SettingsPage.php:139
actioninitincludes/WP/CloudSyncMaster/Admin/Table/AbstractTable.php:92
actionadmin_initincludes/WP/CloudSyncMaster/Hooks/AssetFallbackHooks.php:46
actionwp_enqueue_scriptsincludes/WP/CloudSyncMaster/Hooks/AssetFallbackHooks.php:49
filterscript_loader_srcincludes/WP/CloudSyncMaster/Hooks/AssetFallbackHooks.php:65
filterstyle_loader_srcincludes/WP/CloudSyncMaster/Hooks/AssetFallbackHooks.php:66
actiondelete_attachmentincludes/WP/CloudSyncMaster/Hooks/DeleteFileHooks.php:79
actionadmin_footerincludes/WP/CloudSyncMaster/Hooks/MediaLibraryHooks.php:62
actionadmin_noticesincludes/WP/CloudSyncMaster/Hooks/UploadErrorNotice.php:65
filterwp_handle_uploadincludes/WP/CloudSyncMaster/Hooks/UploadFileHooks.php:96
filterwp_generate_attachment_metadataincludes/WP/CloudSyncMaster/Hooks/UploadFileHooks.php:98
filterwoocommerce_download_product_filepathincludes/WP/CloudSyncMaster/Hooks/UrlRewritingHooks.php:118
filterwp_get_attachment_urlincludes/WP/CloudSyncMaster/Hooks/UrlRewritingHooks.php:121
filterwp_get_attachment_thumb_urlincludes/WP/CloudSyncMaster/Hooks/UrlRewritingHooks.php:122
filterattachment_linkincludes/WP/CloudSyncMaster/Hooks/UrlRewritingHooks.php:123
filterwp_get_attachment_image_srcincludes/WP/CloudSyncMaster/Hooks/UrlRewritingHooks.php:126
filterwp_calculate_image_srcsetincludes/WP/CloudSyncMaster/Hooks/UrlRewritingHooks.php:129
filterwp_get_attachment_image_attributesincludes/WP/CloudSyncMaster/Hooks/UrlRewritingHooks.php:131
filterthe_contentincludes/WP/CloudSyncMaster/Hooks/UrlRewritingHooks.php:134
filterthe_excerptincludes/WP/CloudSyncMaster/Hooks/UrlRewritingHooks.php:135
filtercustomize_value_custom_cssincludes/WP/CloudSyncMaster/Hooks/UrlRewritingHooks.php:139
filterwp_get_custom_cssincludes/WP/CloudSyncMaster/Hooks/UrlRewritingHooks.php:140
filtertheme_mod_background_imageincludes/WP/CloudSyncMaster/Hooks/UrlRewritingHooks.php:141
filtertheme_mod_header_imageincludes/WP/CloudSyncMaster/Hooks/UrlRewritingHooks.php:142
filterwidget_form_callbackincludes/WP/CloudSyncMaster/Hooks/UrlRewritingHooks.php:145
filterwidget_display_callbackincludes/WP/CloudSyncMaster/Hooks/UrlRewritingHooks.php:146
filtercustomize_value_widget_blockincludes/WP/CloudSyncMaster/Hooks/UrlRewritingHooks.php:147
filterwidget_block_contentincludes/WP/CloudSyncMaster/Hooks/UrlRewritingHooks.php:148
filterrender_blockincludes/WP/CloudSyncMaster/Hooks/UrlRewritingHooks.php:151
filteredd_download_filesincludes/WP/CloudSyncMaster/Hooks/UrlRewritingHooks.php:154
actiontemplate_redirectincludes/WP/CloudSyncMaster/Hooks/UrlRewritingHooks.php:157
filterwp_prepare_attachment_for_jsincludes/WP/CloudSyncMaster/Hooks/UrlRewritingHooks.php:615
filterwp_prepare_attachment_for_jsincludes/WP/CloudSyncMaster/Hooks/UrlRewritingHooks.php:628
actionadmin_noticesincludes/WP/CloudSyncMaster/Migration/MigrationNotice.php:105
actionadmin_noticesincludes/WP/CloudSyncMaster/Migration/MigrationNotice.php:106
actionadmin_enqueue_scriptsincludes/WP/CloudSyncMaster/Migration/MigrationNotice.php:107
actionadmin_enqueue_scriptsincludes/WP/CloudSyncMaster/Migration/MigrationRegistrar.php:104
actionplugins_loadedincludes/WP/CloudSyncMaster/Plugin.php:174
actionadmin_initincludes/WP/CloudSyncMaster/Plugin.php:421
actionadmin_footerincludes/WP/Feedback/FeedbackManager.php:106
actionadmin_enqueue_scriptsincludes/WP/Feedback/FeedbackManager.php:109
actionadmin_footerincludes/WP/Feedback/FeedbackManager.php:295
filteradmin_footer_textincludes/WP/Feedback/UI/FooterLink.php:43
actionadmin_initincludes/WP/Installer/Installer.php:65
actionadmin_initincludes/WP/Installer/Installer.php:66
actionadmin_enqueue_scriptsincludes/WP/SensitiveFields/SensitiveFields.php:151
actionwp_enqueue_scriptsincludes/WP/SensitiveFields/SensitiveFields.php:152
actionrest_api_initincludes/WP/Task/AsyncTaskScheduler.php:69
actionadmin_noticeswp-cloudsync-master.php:77
Maintenance & Trust

CloudSync Master – Offload Media to S3, Cloudflare R2 & Google Cloud Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 3, 2026
PHP min version7.4
Downloads1K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

CloudSync Master – Offload Media to S3, Cloudflare R2 & Google Cloud Alternatives

Swift Offload

Swift Offload

swift-offload

A
100

Offload WordPress media to Amazon S3, Wasabi, DigitalOcean Spaces, or MinIO. Serve files via CloudFront CDN for faster delivery.

0 No CVEs
WP-Stateless – Google Cloud Storage

WP-Stateless – Google Cloud Storage

wp-stateless

A
99

Upload and serve your WordPress media files from Google Cloud Storage.

4K 2 CVEs
Infinite Uploads – Offload Media and Video to Cloud Storage

Infinite Uploads – Offload Media and Video to Cloud Storage

infinite-uploads

A
100

Move, encode, and serve all your video and other media files from the cloud to boost performance and save on storage.

800 No CVEs
Filestack WP Upload

Filestack WP Upload

filestack-upload

A
99

Upload files directly to the cloud with support for multiple sources including local, Facebook, Dropbox, Google Drive, and more.

60 1 CVE
Advanced Media Manager

Advanced Media Manager

advanced-media-manager

A
85

Automatically copies wp media files to Amazon S3 or DigitalOcean.

10 No CVEs
Developer Profile

CloudSync Master – Offload Media to S3, Cloudflare R2 & Google Cloud Developer Profile

oneteamsoftware

15 plugins · 5K total installs

79
trust score
Avg Security Score
100/100
Avg Patch Time
97 days
View full developer profile
Detection Fingerprints

How We Detect CloudSync Master – Offload Media to S3, Cloudflare R2 & Google Cloud

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-cloudsync-master/assets/css/admin-style.css/wp-content/plugins/wp-cloudsync-master/assets/js/admin-script.js
Script Paths
/wp-content/plugins/wp-cloudsync-master/assets/js/admin-script.js
Version Parameters
wp-cloudsync-master/assets/css/admin-style.css?ver=wp-cloudsync-master/assets/js/admin-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
woocommerce-help-tip
HTML Comments
PROGRAM FlexRC PROPERTY 604-1097 View St OF Victoria BC V8V 0G9 Voice 604 800-7879 +4 more
Data Attributes
data-tip
FAQ

Frequently Asked Questions about CloudSync Master – Offload Media to S3, Cloudflare R2 & Google Cloud