WP-Safety

Advanced Media Manager Security & Risk Analysis

wordpress.org/plugins/advanced-media-manager

Automatically copies wp media files to Amazon S3 or DigitalOcean.

10 active installs v2.0 PHP 5.2.4+ WP 5.0+ Updated Feb 22, 2023
amazon-s3cdndigitaloceans3
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Advanced Media Manager Safe to Use in 2026?

Generally Safe

Score 85/100

Advanced Media Manager has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The "advanced-media-manager" v2.0 plugin exhibits a concerning security posture primarily due to its extensive unprotected attack surface. All 18 identified AJAX handlers lack authentication checks, presenting a significant risk of unauthorized access and manipulation of media management functionalities. The presence of dangerous functions like 'exec' and 'unserialize' within this unprotected code is particularly alarming, as it could allow for remote code execution or object injection if these functions are triggered with untrusted input.

While the static analysis did not reveal any exploitable taint flows and the plugin has no recorded vulnerability history, this does not negate the immediate risks identified. The low percentage of SQL queries using prepared statements (18%) and the moderate output escaping (65%) further indicate potential vulnerabilities to SQL injection and cross-site scripting (XSS) respectively, especially when combined with the unprotected entry points.

In conclusion, the plugin's strengths lie in its lack of recorded historical vulnerabilities and the absence of critical taint flows. However, these are overshadowed by critical weaknesses in its static analysis, specifically the large number of unprotected AJAX handlers and the use of dangerous functions without proper security measures. The lack of nonce and capability checks on these entry points creates a high-risk environment for this plugin.

Key Concerns

  • Unprotected AJAX handlers
  • Dangerous functions (exec, unserialize) found
  • Low percentage of prepared SQL statements
  • Moderate output escaping
  • Missing nonce checks on AJAX
  • Missing capability checks on AJAX
  • Bundled library (Guzzle) potential for outdatedness
Vulnerabilities
None known

Advanced Media Manager Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Advanced Media Manager Code Analysis

Dangerous Functions
3
Raw SQL Queries
85
19 prepared
Unescaped Output
24
44 escaped
Nonce Checks
0
Capability Checks
0
File Operations
17
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

exec@exec(escapeshellarg(PHP_BINARY) .' '.escapeshellarg($this->target).' self-update --'.$channel.' --scomposer-setup.php:717
unserialize$buckets = unserialize($bucket_list);controllers\service-provider.php:496
unserialize$buckets = unserialize($bucket_list);controllers\service-provider.php:501

Bundled Libraries

Guzzle

SQL Query Safety

18% prepared104 total queries

Output Escaping

65% escaped68 total outputs
Attack Surface
18 unprotected

Advanced Media Manager Attack Surface

Entry Points18
Unprotected18

AJAX Handlers 18

authwp_ajax_get_service_providercontrollers\service-provider.php:51
authwp_ajax_remove_service_providercontrollers\service-provider.php:55
authwp_ajax_get_bucket_detailscontrollers\service-provider.php:59
authwp_ajax_storage_settings_detailscontrollers\service-provider.php:63
authwp_ajax_sync_media_detailscontrollers\service-provider.php:67
authwp_ajax_sync_process_detailscontrollers\service-provider.php:71
authwp_ajax_get_actual_component_detailscontrollers\service-provider.php:75
authwp_ajax_displaycurrentpagecontrollers\service-provider.php:79
authwp_ajax_displaycurrenttabcontrollers\service-provider.php:83
authwp_ajax_setting_tabscontrollers\service-provider.php:87
authwp_ajax_csv_optionsmedia-manager-install.php:50
authwp_ajax_check_currentmenumedia-manager-install.php:54
authwp_ajax_cloud_image_listmedia-manager-install.php:58
authwp_ajax_delete_image_optionmedia-manager-install.php:62
authwp_ajax_get_cloud_media_detailsmedia-manager-install.php:66
authwp_ajax_download_media_detailsmedia-manager-install.php:70
authwp_ajax_download_single_media_detailsmedia-manager-install.php:74
authwp_ajax_search_cloud_media_detailsmedia-manager-install.php:78
WordPress Hooks 12
actioninitadvanced-media-manager.php:72
actioninitadvanced-media-manager.php:80
actionadmin_menuadvanced-media-manager.php:108
actionadmin_menuadvanced-media-manager.php:116
filteradd_attachmentadvanced-media-manager.php:139
filterwp_get_attachment_urladvanced-media-manager.php:143
filterdelete_attachmentadvanced-media-manager.php:147
actionadmin_enqueue_scriptsadvanced-media-manager.php:187
actionplugins_loadedadvanced-media-manager.php:284
actionadmin_initadvanced-media-manager.php:288
filtermanage_media_columnsadvanced-media-manager.php:292
actionmanage_media_custom_columnadvanced-media-manager.php:293
Maintenance & Trust

Advanced Media Manager Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10
Last updatedFeb 22, 2023
PHP min version5.2.4
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Advanced Media Manager Alternatives

WP Offload Media Lite for Amazon S3, DigitalOcean Spaces, and Google Cloud Storage

WP Offload Media Lite for Amazon S3, DigitalOcean Spaces, and Google Cloud Storage

amazon-s3-and-cloudfront

A
100

Copies files to Amazon S3, DigitalOcean Spaces or Google Cloud Storage as they are uploaded to the Media Library. Optionally configure Amazon CloudFro …

30K 1 CVE
Block Uploading Images for WP Offload Media

Block Uploading Images for WP Offload Media

wp-offload-s3-filter-image-file-types

A
85

Stops images from uploading directly to your choice of CDN storage service.

60 No CVEs
Swift Offload

Swift Offload

swift-offload

A
100

Offload WordPress media to Amazon S3, Wasabi, DigitalOcean Spaces, or MinIO. Serve files via CloudFront CDN for faster delivery.

0 No CVEs
Media Cloud for Bunny CDN, Amazon S3, Cloudflare R2, Google Cloud Storage, DigitalOcean and more

Media Cloud for Bunny CDN, Amazon S3, Cloudflare R2, Google Cloud Storage, DigitalOcean and more

ilab-media-tools

A
92

Automatically store media on Amazon S3, Cloudflare R2, Google Cloud Storage, DigitalOcean Spaces + others. Serve CSS/JS assets through CDNs.

7K 1 CVE
Upcasted S3 Offload – AWS S3, DigitalOcean Spaces, Backblaze, MinIO Storage Integration

Upcasted S3 Offload – AWS S3, DigitalOcean Spaces, Backblaze, MinIO Storage Integration

upcasted-s3-offload

A
99

Easily migrate and manage WordPress Media Library files to AWS S3 or S3-compatible storage providers. Boost performance and reduce hosting costs.

200 1 CVE
Developer Profile

Advanced Media Manager Developer Profile

Smackcoders Inc.,

20 plugins · 40K total installs

71
trust score
Avg Security Score
89/100
Avg Patch Time
958 days
View full developer profile
Detection Fingerprints

How We Detect Advanced Media Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/advanced-media-manager/assets/js/deps/bootstrap.min.js/wp-content/plugins/advanced-media-manager/assets/css/main.min.css/wp-content/plugins/advanced-media-manager/assets/js/amm-admin.js
Version Parameters
advanced-media-manager/style.css?ver=advanced-media-manager/assets/css/main.min.css?ver=advanced-media-manager/assets/js/amm-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
wp-csv-importer-admin
Data Attributes
data-media-service-provider
JS Globals
SmackAWS
FAQ

Frequently Asked Questions about Advanced Media Manager