WP-Safety

All In One Media Library Manager Security & Risk Analysis

wordpress.org/plugins/aio-media-library-manager

Organize your media mess! Use Folders, Drag & Drop for WordPress. Download AIO Media Library Manager.

0 active installs v1.0.0 PHP 5.2.4+ WP 6.0+ Updated Jul 2, 2024
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is All In One Media Library Manager Safe to Use in 2026?

Generally Safe

Score 92/100

All In One Media Library Manager has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The aio-media-library-manager plugin v1.0.0 exhibits a significant security concern due to its reliance on unprotected AJAX handlers. While the plugin demonstrates good practices in other areas, such as using prepared statements for all SQL queries and properly escaping a high percentage of its output, the six identified AJAX handlers lack any form of authentication or capability checks. This creates a substantial attack surface where any unauthenticated user could potentially trigger these functions, leading to unintended actions or information disclosure. Fortunately, the static analysis did not reveal any critical or high severity taint flows, dangerous functions, or file operations, and there is no known vulnerability history. This suggests a lack of actively exploited vulnerabilities, but the unprotected AJAX handlers represent a clear and present risk that needs immediate attention.

Key Concerns

  • Unprotected AJAX handlers
  • Large attack surface without auth
Vulnerabilities
None known

All In One Media Library Manager Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

All In One Media Library Manager Release Timeline

No version history available.
Code Analysis
Analyzed Mar 17, 2026

All In One Media Library Manager Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
6 prepared
Unescaped Output
3
41 escaped
Nonce Checks
7
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared6 total queries

Output Escaping

93% escaped44 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

3 flows
AiomlSmack_save_folder_to_database_callback (aio-media-library-manager.php:269)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

All In One Media Library Manager Attack Surface

Entry Points6
Unprotected6

AJAX Handlers 6

authwp_ajax_AiomlSmack_save_folder_to_databaseaio-media-library-manager.php:268
authwp_ajax_AiomlSmack_fetch_folders_from_databaseaio-media-library-manager.php:360
authwp_ajax_AiomlSmack_delete_folder_from_databaseaio-media-library-manager.php:447
authwp_ajax_AiomlSmackupdate_folder_in_databaseaio-media-library-manager.php:619
authwp_ajax_AiomlSmackfolder_DragDrop_databaseaio-media-library-manager.php:678
authwp_ajax_AiomlSmack_move_attachments_to_categoryaio-media-library-manager.php:720
WordPress Hooks 21
actionadd_attachmentaio-media-library-manager.php:48
actionmuplugins_loadedaio-media-library-manager.php:160
actionplugins_loadedaio-media-library-manager.php:162
actioninitaio-media-library-manager.php:178
actionadmin_enqueue_scriptsaio-media-library-manager.php:264
actionedit_attachmentinc\AiomlSmack_Attachment_Taxonomies_Hooks.php:32
actionadd_attachmentinc\AiomlSmack_Attachment_Taxonomies_Hooks.php:33
actionrestrict_manage_postsinc\AiomlSmack_Attachment_Taxonomies_Hooks.php:34
actionwp_enqueue_mediainc\AiomlSmack_Attachment_Taxonomies_Hooks.php:35
actionwp_enqueue_mediainc\AiomlSmack_Attachment_Taxonomies_Hooks.php:36
filterwp_prepare_attachment_for_jsinc\AiomlSmack_Attachment_Taxonomies_Hooks.php:37
filterattachment_fields_to_editinc\AiomlSmack_Attachment_Taxonomies_Hooks.php:38
filterrest_request_before_callbacksinc\AiomlSmack_Attachment_Taxonomies_Hooks.php:42
actionrest_after_insert_attachmentinc\AiomlSmack_Attachment_Taxonomies_Hooks.php:43
filtermap_meta_capinc\AiomlSmack_Attachment_Taxonomies_Hooks.php:46
filtershortcode_atts_galleryinc\AiomlSmack_Attachment_Taxonomies_Hooks.php:49
actionedit_attachmentinc\AiomlSmack_Attachment_Taxonomies_Hooks.php:52
actionadd_attachmentinc\AiomlSmack_Attachment_Taxonomies_Hooks.php:53
actionrest_api_initinc\AiomlSmack_Attachment_Taxonomies_Hooks.php:54
actionadmin_initinc\AiomlSmack_Attachment_Taxonomies_Hooks.php:55
actionadmin_initinc\AiomlSmack_Attachment_Taxonomies_Hooks.php:56
Maintenance & Trust

All In One Media Library Manager Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8
Last updatedJul 2, 2024
PHP min version5.2.4
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

All In One Media Library Manager Alternatives

No alternatives data available yet.

Developer Profile

All In One Media Library Manager Developer Profile

Smackcoders Inc.,

23 plugins · 40K total installs

71
trust score
Avg Security Score
88/100
Avg Patch Time
946 days
View full developer profile
Detection Fingerprints

How We Detect All In One Media Library Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/aio-media-library-manager/inc/assets/jstreeStyle.min.css

HTML / DOM Fingerprints

CSS Classes
attachment_category
Data Attributes
data-attachment_id
JS Globals
AiomlSmack_Attachment_Taxonomies
FAQ

Frequently Asked Questions about All In One Media Library Manager