Does Advanced Media Offloader have any unpatched vulnerabilities?

No. All known vulnerabilities in Advanced Media Offloader have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Advanced Media Offloader compatible with WordPress 6.9.4?

According to WordPress.org data, Advanced Media Offloader 4.4.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Advanced Media Offloader compatible with PHP 8.1+?

Advanced Media Offloader requires PHP 8.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Advanced Media Offloader updated?

Advanced Media Offloader was last updated on Mar 11, 2026. Frequent updates are generally a positive security signal.

What is Advanced Media Offloader's security score?

Advanced Media Offloader has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Advanced Media Offloader Security & Risk Analysis

wordpress.org/plugins/advanced-media-offloader

Save server space & speed up your site by automatically offloading media to Amazon S3, Cloudflare R2 & more.

3K active installs v4.4.1 PHP 8.1+ WP 5.6+ Updated Mar 11, 2026

cloudflaremedia-libraryoffloads3storage

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Advanced Media Offloader Safe to Use in 2026?

Generally Safe

Score 100/100

Advanced Media Offloader has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 24d ago

Risk Assessment

The advanced-media-offloader v4.4.1 plugin demonstrates a generally good security posture with strong practices in place for SQL queries and capability checks. The absence of any known CVEs and recorded vulnerabilities is a significant positive indicator of its maintenance and security. However, the analysis reveals a notable concern regarding its attack surface. Specifically, there are two AJAX handlers that lack authentication checks, presenting a potential entry point for unauthorized actions. While the taint analysis did not uncover any critical or high severity issues, the presence of the `unserialize` function warrants caution. This function can be dangerous if used with user-supplied data, and although no immediate risks were found in this specific version's taint flows, it's a function that should always be handled with extreme care and robust validation. The plugin's reliance on prepared statements for all SQL queries and the good proportion of properly escaped outputs are strong security strengths.

Key Concerns

Unprotected AJAX handlers
Use of unserialize function

Vulnerabilities

None known

Advanced Media Offloader Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Advanced Media Offloader Code Analysis

Dangerous Functions

Raw SQL Queries

18 prepared

Unescaped Output

107 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserializereturn @unserialize($data, $options); // @phpcs:ignoreincludes\Abstracts\WP_Background_Processing\WP_Background_Process.php:830

Bundled Libraries

Guzzle

SQL Query Safety

100% prepared18 total queries

Output Escaping

64% escaped166 total outputs

Data Flows

All sanitized

Data Flow Analysis

3 flows

save_general_settings_ajax (includes\Admin\GeneralSettings.php:651)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Advanced Media Offloader Attack Surface

Entry Points9

Unprotected2

AJAX Handlers 9

authwp_ajax_advmo_test_connectionincludes\Admin\GeneralSettings.php:59

authwp_ajax_advmo_save_general_settingsincludes\Admin\GeneralSettings.php:60

authwp_ajax_advmo_save_credentialsincludes\Admin\GeneralSettings.php:61

authwp_ajax_advmo_get_provider_credentialsincludes\Admin\GeneralSettings.php:62

authwp_ajax_advmo_download_errors_csvincludes\Admin\MediaOverview.php:29

authwp_ajax_advmo_check_bulk_offload_progressincludes\BulkOffloadHandler.php:30

authwp_ajax_advmo_start_bulk_offloadincludes\BulkOffloadHandler.php:31

authwp_ajax_advmo_cancel_bulk_offloadincludes\BulkOffloadHandler.php:32

authwp_ajax_advmo_offload_single_attachmentincludes\Observers\AttachmentOffloadButtonObserver.php:38

WordPress Hooks 51

actionadmin_noticesadvanced-media-offloader.php:152

filtercron_schedulesincludes\Abstracts\WP_Background_Processing\WP_Background_Process.php:104

actionadmin_menuincludes\Admin\GeneralSettings.php:56

actionadmin_initincludes\Admin\GeneralSettings.php:57

actionadmin_enqueue_scriptsincludes\Admin\GeneralSettings.php:58

actionadmin_menuincludes\Admin\MediaOverview.php:27

actionadmin_initincludes\Admin\MediaOverview.php:28

actionadmin_footer_textincludes\Admin\Observers\AdminFooterTexts.php:27

filterupdate_footerincludes\Admin\Observers\AdminFooterTexts.php:28

actionin_admin_headerincludes\Admin\Observers\AdminHeader.php:27

actioncurrent_screenincludes\Admin\Observers\CurrentScreen.php:19

actioninitincludes\BulkOffloadHandler.php:29

actionadvmo_cleanup_orphaned_queueincludes\BulkOffloadHandler.php:33

filtercron_schedulesincludes\BulkOffloadHandler.php:53

actionadvmo_check_stalled_processesincludes\BulkOffloadHandler.php:54

actionadmin_enqueue_scriptsincludes\Observers\AttachmentDeleteLoadingObserver.php:14

actiondelete_attachmentincludes\Observers\AttachmentDeleteObserver.php:37

actionadmin_noticesincludes\Observers\AttachmentDeleteObserver.php:38

filterattachment_fields_to_editincludes\Observers\AttachmentOffloadButtonObserver.php:37

actionadmin_footerincludes\Observers\AttachmentOffloadButtonObserver.php:39

filterwp_update_attachment_metadataincludes\Observers\AttachmentUpdateObserver.php:26

filterwp_generate_attachment_metadataincludes\Observers\AttachmentUploadObserver.php:20

filterwp_get_attachment_urlincludes\Observers\AttachmentUrlObserver.php:35

filteradvmo_local_deletion_ruleincludes\Observers\EWWWCompatObserver.php:23

actionewww_image_optimizer_after_optimize_attachmentincludes\Observers\EWWWCompatObserver.php:24

actionadvmo_after_upload_to_cloudincludes\Observers\EWWWCompatObserver.php:25

filterwebp_allowed_urlsincludes\Observers\EWWWCompatObserver.php:26

filterewww_image_optimizer_skip_webp_rewriteincludes\Observers\EWWWCompatObserver.php:27

filteradvmo_attachment_delete_keysincludes\Observers\EWWWCompatObserver.php:28

actionadvmo_reoffload_attachmentincludes\Observers\EWWWCompatObserver.php:29

filterget_attached_fileincludes\Observers\GetAttachedFileObserver.php:23

filterget_attached_fileincludes\Observers\GetAttachedFileObserver.php:61

filterwp_calculate_image_srcset_metaincludes\Observers\ImageSrcsetMetaObserver.php:42

filterwp_calculate_image_srcsetincludes\Observers\ImageSrcsetObserver.php:44

filteradvmo_local_deletion_ruleincludes\Observers\ImagifyCompatObserver.php:23

actionimagify_after_optimizeincludes\Observers\ImagifyCompatObserver.php:24

filterimagify_webp_picture_process_imageincludes\Observers\ImagifyCompatObserver.php:25

filteradvmo_attachment_delete_keysincludes\Observers\ImagifyCompatObserver.php:26

actionadvmo_reoffload_attachmentincludes\Observers\ImagifyCompatObserver.php:27

actionrestrict_manage_postsincludes\Observers\MediaLibraryFilterObserver.php:45

actionpre_get_postsincludes\Observers\MediaLibraryFilterObserver.php:48

filterajax_query_attachments_argsincludes\Observers\MediaLibraryFilterObserver.php:51

actionadmin_enqueue_scriptsincludes\Observers\MediaLibraryFilterObserver.php:54

filterattachment_fields_to_editincludes\Observers\OffloadStatusObserver.php:52

filterwp_prepare_attachment_for_jsincludes\Observers\OffloadStatusObserver.php:55

actionadmin_enqueue_scriptsincludes\Observers\OffloadStatusObserver.php:58

filtermanage_media_columnsincludes\Observers\OffloadStatusObserver.php:61

actionmanage_media_custom_columnincludes\Observers\OffloadStatusObserver.php:62

filterwp_content_img_tagincludes\Observers\PostContentImageTagObserver.php:42

filterwp_update_attachment_metadataincludes\Observers\ThumbnailRegenerationObserver.php:30

filterwp_unique_filenameincludes\Observers\UniqueFilenameObserver.php:22

Scheduled Events 2

advmo_check_stalled_processes

advmo_cleanup_orphaned_queue

Maintenance & Trust

Advanced Media Offloader Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 11, 2026

PHP min version8.1

Downloads36K

Community Trust

Rating94/100

Number of ratings42

Active installs3K

Alternatives

Advanced Media Offloader Alternatives

Media Cloud for Bunny CDN, Amazon S3, Cloudflare R2, Google Cloud Storage, DigitalOcean and more

ilab-media-tools

Automatically store media on Amazon S3, Cloudflare R2, Google Cloud Storage, DigitalOcean Spaces + others. Serve CSS/JS assets through CDNs.

7K 1 CVE

Upcasted S3 Offload – AWS S3, DigitalOcean Spaces, Backblaze, MinIO Storage Integration

upcasted-s3-offload

Easily migrate and manage WordPress Media Library files to AWS S3 or S3-compatible storage providers. Boost performance and reduce hosting costs.

200 1 CVE

ArvanCloud Object Storage

arvancloud-object-storage

100

ArvanCloud Storage for offload, backup and upload your WordPress files and databases directly to your ArvanCloud object storage bucket.

60 No CVEs

Swift Offload

swift-offload

100

Offload WordPress media to Amazon S3, Wasabi, DigitalOcean Spaces, or MinIO. Serve files via CloudFront CDN for faster delivery.

0 No CVEs

Infinite Uploads – Offload Media and Video to Cloud Storage

infinite-uploads

100

Move, encode, and serve all your video and other media files from the cloud to boost performance and save on storage.

800 No CVEs

Developer Profile

Advanced Media Offloader Developer Profile

Masoud Golchin

1 plugin · 3K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Advanced Media Offloader

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/advanced-media-offloader/css/admin.css/wp-content/plugins/advanced-media-offloader/css/frontend.css/wp-content/plugins/advanced-media-offloader/js/admin.js/wp-content/plugins/advanced-media-offloader/js/frontend.js

Script Paths

/wp-content/plugins/advanced-media-offloader/js/admin.js/wp-content/plugins/advanced-media-offloader/js/frontend.js

Version Parameters

advanced-media-offloader/css/admin.css?ver=advanced-media-offloader/css/frontend.css?ver=advanced-media-offloader/js/admin.js?ver=advanced-media-offloader/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

advmo-settings-pageadvmo-bulk-offload-page

HTML Comments

Data Attributes

data-advmo-media-iddata-advmo-offload-status

JS Globals

advmo_admin_paramsadvmo_frontend_params

REST Endpoints

/wp-json/advmo/v1/offload-status/wp-json/advmo/v1/offload-item

FAQ

Advanced Media Offloader Security & Risk Analysis

Is Advanced Media Offloader Safe to Use in 2026?

Generally Safe

Key Concerns

Advanced Media Offloader Security Vulnerabilities

Advanced Media Offloader Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Advanced Media Offloader Attack Surface

AJAX Handlers 9

Scheduled Events 2

Advanced Media Offloader Maintenance & Trust

Maintenance Signals

Community Trust

Advanced Media Offloader Alternatives

Media Cloud for Bunny CDN, Amazon S3, Cloudflare R2, Google Cloud Storage, DigitalOcean and more

Upcasted S3 Offload – AWS S3, DigitalOcean Spaces, Backblaze, MinIO Storage Integration

ArvanCloud Object Storage

Swift Offload

Infinite Uploads – Offload Media and Video to Cloud Storage

Advanced Media Offloader Developer Profile

How We Detect Advanced Media Offloader

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Advanced Media Offloader