Does WP-QINIU （WordPress连接到七牛云存储） have any unpatched vulnerabilities?

No. All known vulnerabilities in WP-QINIU （WordPress连接到七牛云存储） have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP-QINIU （WordPress连接到七牛云存储） compatible with WordPress 4.9.29?

According to WordPress.org data, WP-QINIU （WordPress连接到七牛云存储） 2.0.5 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is WP-QINIU （WordPress连接到七牛云存储） updated?

WP-QINIU （WordPress连接到七牛云存储） was last updated on Oct 25, 2018. Frequent updates are generally a positive security signal.

What is WP-QINIU （WordPress连接到七牛云存储）'s security score?

WP-QINIU （WordPress连接到七牛云存储） has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP-QINIU （WordPress连接到七牛云存储） Security & Risk Analysis

wordpress.org/plugins/wp-qiniu

备份WordPress到七牛云存储，把七牛云存储作为网站附件存储空间。

60 active installs v2.0.5 PHP + WP 4.5.0+ Updated Oct 25, 2018

backupobject-cloud-storageqiniusyncwp-qiniu

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP-QINIU （WordPress连接到七牛云存储） Safe to Use in 2026?

Generally Safe

Score 85/100

WP-QINIU （WordPress连接到七牛云存储） has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The wp-qiniu v2.0.5 plugin exhibits a mixed security posture. While it has no recorded vulnerability history and utilizes prepared statements for a significant portion of its SQL queries, several concerning aspects were identified in the static analysis. A notable concern is the large attack surface exposed through AJAX handlers, with 10 out of 17 handlers lacking authentication checks. This presents a significant risk of unauthorized actions being performed by unauthenticated users. Furthermore, the taint analysis revealed three flows with unsanitized paths, all classified as high severity. These unsanitized paths could potentially lead to code injection or other malicious operations if exploited. The moderate output escaping (53% properly escaped) also indicates potential for cross-site scripting vulnerabilities. While the absence of known CVEs and the use of prepared statements are positive indicators, the identified unauthenticated AJAX endpoints and high-severity unsanitized paths necessitate immediate attention to mitigate potential security risks.

Key Concerns

Unauthenticated AJAX handlers
High severity unsanitized paths
Moderate output escaping

Vulnerabilities

None known

WP-QINIU （WordPress连接到七牛云存储） Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP-QINIU （WordPress连接到七牛云存储） Code Analysis

Dangerous Functions

Raw SQL Queries

21 prepared

Unescaped Output

68 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

78% prepared27 total queries

Output Escaping

53% escaped129 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

7 flows3 with unsanitized paths

wp_qiniu_create_floder_ajax (wp-qiniu-ajax.php:417)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

10 unprotected

WP-QINIU （WordPress连接到七牛云存储） Attack Surface

Entry Points26

Unprotected10

AJAX Handlers 17

noprivwp_ajax_wp_qiniu_get_uptokenwp-qiniu-ajax.php:3

authwp_ajax_wp_qiniu_get_uptokenwp-qiniu-ajax.php:9

noprivwp_ajax_wp_qiniu_upload_callbackwp-qiniu-ajax.php:109

authwp_ajax_wp_qiniu_upload_callbackwp-qiniu-ajax.php:110

authwp_ajax_wp_qiniu_upload_completewp-qiniu-ajax.php:233

noprivwp_ajax_wp_qiniu_get_download_urlwp-qiniu-ajax.php:337

authwp_ajax_wp_qiniu_get_download_urlwp-qiniu-ajax.php:343

noprivwp_ajax_wp_qiniu_list_fileswp-qiniu-ajax.php:360

authwp_ajax_wp_qiniu_list_fileswp-qiniu-ajax.php:366

noprivwp_ajax_wp_qiniu_create_floderswp-qiniu-ajax.php:410

authwp_ajax_wp_qiniu_create_floderwp-qiniu-ajax.php:416

noprivwp_ajax_wp_qiniu_deletewp-qiniu-ajax.php:473

authwp_ajax_wp_qiniu_delete_fileswp-qiniu-ajax.php:479

noprivwp_ajax_wp_qiniu_file_renamewp-qiniu-ajax.php:511

authwp_ajax_wp_qiniu_file_renamewp-qiniu-ajax.php:517

noprivwp_ajax_wp_qiniu_file_syncwp-qiniu-ajax.php:551

authwp_ajax_wp_qiniu_file_syncwp-qiniu-ajax.php:557

Shortcodes 9

[qiniuaudio] wp-qiniu-shortcodes-audiojs-grindplayer.php:39

[qiniuvideo] wp-qiniu-shortcodes-audiojs-grindplayer.php:111

[qiniufile] wp-qiniu-shortcodes-audiojs-grindplayer.php:134

[qiniuaudio] wp-qiniu-shortcodes-ckplayer.php:46

[qiniuvideo] wp-qiniu-shortcodes-ckplayer.php:112

[qiniufile] wp-qiniu-shortcodes-ckplayer.php:136

[qiniuaudio] wp-qiniu-shortcodes.php:53

[qiniuvideo] wp-qiniu-shortcodes.php:153

[qiniufile] wp-qiniu-shortcodes.php:184

WordPress Hooks 14

filtercron_scheduleswp-qiniu-backup.php:4

actionwp_qiniu_backup_corn_task_databasewp-qiniu-backup.php:23

actionwp_qiniu_backup_corn_task_wwwwp-qiniu-backup.php:24

actionwp_qiniu_backup_corn_task_clear_fileswp-qiniu-backup.php:81

actionadmin_enqueue_scriptswp-qiniu-file-manage.php:166

filtermedia_upload_tabswp-qiniu-insert-to-content.php:10

actionmedia_upload_file_from_qiniuwp-qiniu-insert-to-content.php:19

actionadmin_initwp-qiniu-insert-to-content.php:25

filterthe_postswp-qiniu-shortcodes-audiojs-grindplayer.php:68

filterthe_postswp-qiniu-shortcodes-ckplayer.php:64

filterthe_postswp-qiniu-shortcodes.php:95

filterhttp_request_timeoutwp-qiniu.php:85

actionadmin_menuwp-qiniu.php:91

actionadmin_initwp-qiniu.php:167

Scheduled Events 1

wp_qiniu_backup_corn_task_clear_files

Maintenance & Trust

WP-QINIU （WordPress连接到七牛云存储） Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedOct 25, 2018

PHP min version

Downloads16K

Community Trust

Rating100/100

Number of ratings2

Active installs60

Alternatives

WP-QINIU （WordPress连接到七牛云存储） Alternatives

b2-sync

A WordPress plugin for Backblaze b2 cloud to sync assets files from wp-content/uploads onto a Backblaze B2 bucket

0 No CVEs

DSmirror

dsmirror

DSmirror (datasource mirror) data replication tool for Wordpress. Sync data to/from WP database with minimal requirements.

0 No CVEs

Flotiq Sync

flotiq-sync

100

Use this WordPress plugin to easily connect your WordPress instance to Flotiq and synchronize your data.

0 No CVEs

MediaMoo For Spaces

mediamoo-for-spaces

100

MediaMoo For Spaces, syncs your media library with DigitalOcean Spaces automatically.

0 No CVEs

All-in-One WP Migration and Backup

all-in-one-wp-migration

Trusted by 60M+ sites: The gold standard for WordPress migration and backup. Migrate, backup, and restore your WordPress site with one click.

5.0M 13 CVEs

Developer Profile

WP-QINIU （WordPress连接到七牛云存储） Developer Profile

wishinlife

1 plugin · 60 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP-QINIU （WordPress连接到七牛云存储）

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-qiniu/css/wp-qiniu-upload-file.css/wp-content/plugins/wp-qiniu/js/wp-qiniu-upload-file.js/wp-content/plugins/wp-qiniu/css/wp-qiniu-file-manage.css/wp-content/plugins/wp-qiniu/js/wp-qiniu-file-manage.js/wp-content/plugins/wp-qiniu/css/wp-qiniu-setting.css/wp-content/plugins/wp-qiniu/js/wp-qiniu-setting.js/wp-content/plugins/wp-qiniu/js/qiniu.js

Script Paths

/wp-content/plugins/wp-qiniu/js/qiniu.js

Version Parameters

wp-qiniu/css/wp-qiniu-upload-file.css?ver=wp-qiniu/js/wp-qiniu-upload-file.js?ver=wp-qiniu/css/wp-qiniu-file-manage.css?ver=wp-qiniu/js/wp-qiniu-file-manage.js?ver=wp-qiniu/css/wp-qiniu-setting.css?ver=wp-qiniu/js/wp-qiniu-setting.js?ver=wp-qiniu/js/qiniu.js?ver=

HTML / DOM Fingerprints

CSS Classes

wp-qiniu-upload-btnwp-qiniu-file-manage-headerwp-qiniu-setting-tabwp-qiniu-logo

HTML Comments

+5 more

Data Attributes

data-qiniu-keydata-qiniu-tokendata-qiniu-domaindata-qiniu-bucket

JS Globals

wp_qiniu_upload_configwp_qiniu_file_manage_configQiniu

REST Endpoints

/wp-json/wp-qiniu/v1/upload/wp-json/wp-qiniu/v1/file-list/wp-json/wp-qiniu/v1/file-delete/wp-json/wp-qiniu/v1/bucket-list

Shortcode Output

[wp_qiniu_list][wp_qiniu_upload]

FAQ

WP-QINIU （WordPress连接到七牛云存储） Security & Risk Analysis

Is WP-QINIU （WordPress连接到七牛云存储） Safe to Use in 2026?

Generally Safe

Key Concerns

WP-QINIU （WordPress连接到七牛云存储） Security Vulnerabilities

WP-QINIU （WordPress连接到七牛云存储） Code Analysis

SQL Query Safety

Output Escaping

Data Flow Analysis

WP-QINIU （WordPress连接到七牛云存储） Attack Surface

AJAX Handlers 17

Shortcodes 9

Scheduled Events 1

WP-QINIU （WordPress连接到七牛云存储） Maintenance & Trust

Maintenance Signals

Community Trust

WP-QINIU （WordPress连接到七牛云存储） Alternatives

b2-sync

DSmirror

Flotiq Sync

MediaMoo For Spaces

All-in-One WP Migration and Backup

WP-QINIU （WordPress连接到七牛云存储） Developer Profile

How We Detect WP-QINIU （WordPress连接到七牛云存储）

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about WP-QINIU （WordPress连接到七牛云存储）