Does Yctvn Media Offload for Cloudflare R2 have any unpatched vulnerabilities?

No. All known vulnerabilities in Yctvn Media Offload for Cloudflare R2 have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Yctvn Media Offload for Cloudflare R2 compatible with WordPress 6.8.5?

According to WordPress.org data, Yctvn Media Offload for Cloudflare R2 1.0.2 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Yctvn Media Offload for Cloudflare R2 compatible with PHP 8.0+?

Yctvn Media Offload for Cloudflare R2 requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Yctvn Media Offload for Cloudflare R2 updated?

Yctvn Media Offload for Cloudflare R2 was last updated on Oct 5, 2025. Frequent updates are generally a positive security signal.

What is Yctvn Media Offload for Cloudflare R2's security score?

Yctvn Media Offload for Cloudflare R2 has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Yctvn Media Offload for Cloudflare R2 Security & Risk Analysis

wordpress.org/plugins/yctvn-media-offload-cloudflare-r2

Automatically offload your WordPress media library to Cloudflare R2 Storage for improved performance and reduced hosting costs.

100 active installs v1.0.2 PHP 8.0+ WP 5.0+ Updated Oct 5, 2025

cdncloudflaremediaobject-storagestorage

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Yctvn Media Offload for Cloudflare R2 Safe to Use in 2026?

Generally Safe

Score 100/100

Yctvn Media Offload for Cloudflare R2 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago

Risk Assessment

The "yctvn-media-offload-cloudflare-r2" plugin v1.0.2 exhibits a generally positive security posture, with a strong emphasis on secure coding practices. The high percentage of prepared SQL statements and properly escaped outputs indicate a developer familiar with common web security vulnerabilities. The plugin also demonstrates good practice with a substantial number of nonce and capability checks. However, there are notable areas of concern that elevate its risk profile. The presence of two AJAX handlers without any authentication checks creates a significant attack vector. Furthermore, the taint analysis reveals two flows with unsanitized paths, one of which is categorized as high severity. These unsanitized paths could potentially lead to injection vulnerabilities if not properly handled. The plugin's lack of any recorded historical vulnerabilities is a positive indicator, suggesting a generally secure development history, but it does not negate the immediate risks identified in the current code analysis. In conclusion, while the plugin has strengths in its implementation of secure coding standards, the unprotected AJAX endpoints and high-severity taint flows present critical security risks that require immediate attention.

Key Concerns

AJAX handlers without authentication
Taint flows with unsanitized paths (high severity)

Vulnerabilities

None known

Yctvn Media Offload for Cloudflare R2 Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Yctvn Media Offload for Cloudflare R2 Code Analysis

Dangerous Functions

Raw SQL Queries

14 prepared

Unescaped Output

75 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

67% prepared21 total queries

Output Escaping

91% escaped82 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

6 flows2 with unsanitized paths

render_settings_page (includes\class-yctvn-admin.php:204)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Yctvn Media Offload for Cloudflare R2 Attack Surface

Entry Points9

Unprotected2

AJAX Handlers 9

authwp_ajax_yctvn_media_offload_save_settingsincludes\class-yctvn-admin.php:66

authwp_ajax_yctvn_media_offload_test_connectionincludes\class-yctvn-admin.php:67

authwp_ajax_yctvn_media_offload_run_auto_syncincludes\class-yctvn-admin.php:68

authwp_ajax_yctvn_media_offload_fix_all_thumbnailsincludes\class-yctvn-admin.php:69

authwp_ajax_yctvn_media_offload_bulk_sync_batchincludes\class-yctvn-admin.php:70

authwp_ajax_yctvn_media_offload_get_sync_countincludes\class-yctvn-admin.php:71

authwp_ajax_yctvn_media_offload_bulk_syncincludes\class-yctvn-bulk-sync.php:62

authwp_ajax_yctvn_media_offload_fix_single_thumbnailincludes\class-yctvn-fix-thumbnails.php:40

authwp_ajax_yctvn_media_offload_fix_batch_thumbnailsincludes\class-yctvn-fix-thumbnails.php:41

WordPress Hooks 24

actionadmin_menuincludes\class-yctvn-admin.php:63

actionadmin_initincludes\class-yctvn-admin.php:64

actionadmin_enqueue_scriptsincludes\class-yctvn-admin.php:65

filterbulk_actions-uploadincludes\class-yctvn-admin.php:74

filterhandle_bulk_actions-uploadincludes\class-yctvn-admin.php:75

actionadmin_noticesincludes\class-yctvn-admin.php:76

filtermedia_row_actionsincludes\class-yctvn-fix-thumbnails.php:44

filterwp_get_attachment_urlincludes\class-yctvn-url-rewriter.php:54

filterwp_calculate_image_srcsetincludes\class-yctvn-url-rewriter.php:55

filterwp_get_attachment_image_srcincludes\class-yctvn-url-rewriter.php:56

filterwp_get_attachment_image_attributesincludes\class-yctvn-url-rewriter.php:57

filterthe_contentincludes\class-yctvn-url-rewriter.php:58

filterwp_prepare_attachment_for_jsincludes\class-yctvn-url-rewriter.php:61

filterwp_get_attachment_image_srcincludes\class-yctvn-url-rewriter.php:62

actioninityctvn-media-offload.php:69

filterwp_generate_attachment_metadatayctvn-media-offload.php:147

filterwp_update_attachment_metadatayctvn-media-offload.php:148

actiondelete_attachmentyctvn-media-offload.php:152

actionyctvn_media_offload_settings_updatedyctvn-media-offload.php:155

actionyctvn_media_offload_auto_sync_cronyctvn-media-offload.php:161

filtercron_schedulesyctvn-media-offload.php:293

filterwp_generate_attachment_metadatayctvn-media-offload.php:399

filterwp_update_attachment_metadatayctvn-media-offload.php:400

actionplugins_loadedyctvn-media-offload.php:479

Scheduled Events 1

yctvn_media_offload_auto_sync_cron

Maintenance & Trust

Yctvn Media Offload for Cloudflare R2 Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedOct 5, 2025

PHP min version8.0

Downloads854

Community Trust

Rating100/100

Number of ratings3

Active installs100

Alternatives

Yctvn Media Offload for Cloudflare R2 Alternatives

Articla media offload lite for oracle cloud infrastructure

articla-media-offload-lite-for-oracle-cloud-infrastructure

100

Offload your Media Library to Oracle Cloud (OCI) via S3. Supports private and public buckets.

0 No CVEs

Advanced Media Offloader

advanced-media-offloader

100

Save server space & speed up your site by automatically offloading media to Amazon S3, Cloudflare R2 & more.

3K No CVEs

Microsoft Azure Storage for WordPress

windows-azure-storage

Use the Microsoft Azure Storage service to host your website's media files.

2K 1 CVE

Upcasted S3 Offload – AWS S3, DigitalOcean Spaces, Backblaze, MinIO Storage Integration

upcasted-s3-offload

Easily migrate and manage WordPress Media Library files to AWS S3 or S3-compatible storage providers. Boost performance and reduce hosting costs.

200 1 CVE

Filestack WP Upload

filestack-upload

Upload files directly to the cloud with support for multiple sources including local, Facebook, Dropbox, Google Drive, and more.

70 1 CVE

Developer Profile

Yctvn Media Offload for Cloudflare R2 Developer Profile

Kangta

1 plugin · 100 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Yctvn Media Offload for Cloudflare R2

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/yctvn-media-offload-cloudflare-r2/assets/css/admin.css/wp-content/plugins/yctvn-media-offload-cloudflare-r2/assets/js/admin.js/wp-content/plugins/yctvn-media-offload-cloudflare-r2/assets/js/settings.js

Script Paths

/wp-content/plugins/yctvn-media-offload-cloudflare-r2/assets/js/admin.js/wp-content/plugins/yctvn-media-offload-cloudflare-r2/assets/js/settings.js

Version Parameters

yctvn-media-offload-cloudflare-r2/assets/css/admin.css?ver=yctvn-media-offload-cloudflare-r2/assets/js/admin.js?ver=yctvn-media-offload-cloudflare-r2/assets/js/settings.js?ver=

HTML / DOM Fingerprints

CSS Classes

yctvn-media-offload-admin-noticeyctvn-media-offload-settings

HTML Comments

Data Attributes

data-setting-namedata-setting-value

JS Globals

yctvnMediaOffloadSettings

REST Endpoints

/wp-json/yctvn-media-offload/v1/settings

FAQ