WP Disable Attachment Pages Security & Risk Analysis

wordpress.org/plugins/wp-disable-attachment-pages

Redirects attachment pages to the parent post, or home page if no parent post exists.

10 active installs v1.2.0 PHP 5.6+ WP 4.0+ Updated Feb 15, 2019
attachmentsdisableredirectsecurity
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is WP Disable Attachment Pages Safe to Use in 2026?

Generally Safe

Score 85/100

WP Disable Attachment Pages has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago
Risk Assessment

The "wp-disable-attachment-pages" v1.2.0 plugin exhibits a strong security posture based on the provided static analysis and vulnerability history. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events significantly limits the plugin's attack surface. Furthermore, the code analysis reveals no dangerous functions, file operations, or external HTTP requests, and all SQL queries utilize prepared statements, with all output being properly escaped. This indicates a proactive approach to secure coding practices. The plugin's vulnerability history is also clean, with no recorded CVEs, suggesting a consistent track record of security. While the lack of capability checks and nonce checks is noted, given the minimal attack surface and the plugin's likely function (disabling attachment pages), the immediate risk appears very low. The strengths of this plugin lie in its limited attack surface and adherence to secure coding principles in its operations. The primary area for potential improvement, if applicable to its functionality, would be the introduction of capability checks to further restrict access to its settings or operations, even if indirectly.

Vulnerabilities
None known

WP Disable Attachment Pages Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

WP Disable Attachment Pages Release Timeline

No version history available.
Code Analysis
Analyzed Mar 16, 2026

WP Disable Attachment Pages Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
2 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped2 total outputs
Attack Surface

WP Disable Attachment Pages Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 4
actiontemplate_redirectwp-disable-attachment-pages.php:40
actionadmin_headwp-disable-attachment-pages.php:63
actionadmin_headwp-disable-attachment-pages.php:79
actionadmin_headwp-disable-attachment-pages.php:95
Maintenance & Trust

WP Disable Attachment Pages Maintenance & Trust

Maintenance Signals

WordPress version tested5.1.0
Last updatedFeb 15, 2019
PHP min version5.6
Downloads1K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Developer Profile

WP Disable Attachment Pages Developer Profile

Magda Sicknick

7 plugins · 80 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WP Disable Attachment Pages

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes
attachment-display-settingsview-attachment
FAQ

Frequently Asked Questions about WP Disable Attachment Pages