WP-Safety

Categorify – WordPress Media Library Category & File Manager Security & Risk Analysis

wordpress.org/plugins/categorify

Organize your WordPress media files in categories via drag and drop.

1K active installs v1.0.7.5 PHP + WP 6.0.0+ Updated Feb 12, 2024
media-foldersmedia-library-categoriesmedia-library-categorymedia-library-foldermedia-library-folders
59
C · Use Caution
CVEs total11
Unpatched1
Last CVESep 8, 2025
Plugin page Download
Safety Verdict

Is Categorify – WordPress Media Library Category & File Manager Safe to Use in 2026?

Use With Caution

Score 59/100

Categorify – WordPress Media Library Category & File Manager has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

11 known CVEs 1 unpatched Last CVE: Sep 8, 2025Updated 2yr ago
Risk Assessment

The 'categorify' plugin v1.0.7.5 presents a mixed security posture. While it demonstrates good practices in output escaping and utilizes prepared statements for most SQL queries, significant concerns arise from its attack surface and past vulnerability history. The presence of an unprotected AJAX handler is a direct security risk, as it can be triggered by unauthenticated users, potentially leading to unauthorized actions. Furthermore, the taint analysis reveals three flows with unsanitized paths, two of which are rated as high severity, indicating potential for data manipulation or injection vulnerabilities. The plugin's history of 11 known CVEs, with one still unpatched, and a prevalence of Cross-Site Request Forgery and Missing Authorization issues, strongly suggests a pattern of recurring security weaknesses. While the plugin has strengths in output handling and SQL query safety, these are overshadowed by the direct risks from unprotected entry points, taint flow issues, and a history of unaddressed vulnerabilities.

Key Concerns

  • Unprotected AJAX handler
  • High severity taint flows
  • Unpatched CVE
  • History of CSRF and Missing Authorization
  • Bundled Freemius library (potential for outdatedness)
Vulnerabilities
11

Categorify – WordPress Media Library Category & File Manager Security Vulnerabilities

CVEs by Year

10 CVEs in 2024
2024
1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
11

11 total CVEs

CVE-2025-59005medium · 4.3Missing Authorization

Categorify <= 1.0.7.5 - Missing Authorization

Sep 8, 2025Unpatched
CVE-2024-1907medium · 4.3Cross-Site Request Forgery (CSRF)

Categorify <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxDeleteCategory

Feb 26, 2024 Patched in 1.0.7.5 (155d)
CVE-2024-0385medium · 4.3Missing Authorization

Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxAddCategory

Feb 26, 2024 Patched in 1.0.7.5 (155d)
CVE-2024-1653medium · 4.3Missing Authorization

Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxUpdateFolderPosition

Feb 26, 2024 Patched in 1.0.7.5 (155d)
CVE-2024-1909medium · 4.3Cross-Site Request Forgery (CSRF)

Categorify <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxRenameCategory

Feb 26, 2024 Patched in 1.0.7.5 (155d)
CVE-2024-1912medium · 4.3Cross-Site Request Forgery (CSRF)

Categorify <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxUpdateFolderPosition

Feb 26, 2024 Patched in 1.0.7.5 (155d)
CVE-2024-1906medium · 4.3Cross-Site Request Forgery (CSRF)

Categorify <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxAddCategory

Feb 26, 2024 Patched in 1.0.7.5 (155d)
CVE-2024-1652medium · 4.3Missing Authorization

Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxClearCategory

Feb 26, 2024 Patched in 1.0.7.5 (155d)
CVE-2024-1910medium · 4.3Cross-Site Request Forgery (CSRF)

Categorify <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxClearCategory

Feb 26, 2024 Patched in 1.0.7.5 (155d)
CVE-2024-1649medium · 4.3Missing Authorization

Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxDeleteCategory

Feb 26, 2024 Patched in 1.0.7.5 (155d)
CVE-2024-1650medium · 4.3Missing Authorization

Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxRenameCategory

Feb 26, 2024 Patched in 1.0.7.5 (155d)
Code Analysis
Analyzed Mar 16, 2026

Categorify – WordPress Media Library Category & File Manager Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
4 prepared
Unescaped Output
1
81 escaped
Nonce Checks
13
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

80% prepared5 total queries

Output Escaping

99% escaped82 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths
categorifyAjaxClearCategory (inc\sidebar.php:443)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Categorify – WordPress Media Library Category & File Manager Attack Surface

Entry Points12
Unprotected1

AJAX Handlers 12

authwp_ajax_save-attachment-compatinc\category.php:14
authwp_ajax_categorifyAjaxAddCategoryinc\sidebar.php:23
authwp_ajax_categorifyAjaxDeleteCategoryinc\sidebar.php:25
authwp_ajax_categorifyAjaxClearCategoryinc\sidebar.php:27
authwp_ajax_categorifyAjaxRenameCategoryinc\sidebar.php:29
authwp_ajax_categorifyAjaxUpdateSidebarWidthinc\sidebar.php:31
authwp_ajax_categorifyAjaxMoveMultipleMediainc\sidebar.php:33
authwp_ajax_categorifyAjaxGetTermsByMediainc\sidebar.php:35
authwp_ajax_categorifyAjaxMoveSingleMediainc\sidebar.php:37
authwp_ajax_categorifyAjaxCheckDeletingMediainc\sidebar.php:39
authwp_ajax_categorifyAjaxMoveCategoryinc\sidebar.php:41
authwp_ajax_categorifyAjaxUpdateFolderPositioninc\sidebar.php:43
WordPress Hooks 16
actionplugins_loadedcategorify.php:83
actionadd_attachmentinc\category.php:11
actionedit_attachmentinc\category.php:12
filterajax_query_attachments_argsinc\category.php:13
actionadmin_menuinc\settings\settings.php:9
filterrestrict_manage_postsinc\sidebar.php:8
filterposts_clausesinc\sidebar.php:9
actionadmin_enqueue_scriptsinc\sidebar.php:15
actionadmin_enqueue_scriptsinc\sidebar.php:17
actioninitinc\sidebar.php:19
actionadmin_footer-upload.phpinc\sidebar.php:21
filterpre-upload-uiinc\sidebar.php:47
filterwp_kses_allowed_htmlinc\sidebar.php:49
actionadmin_noticesinc\sidebar.php:55
actionelementor/editor/after_enqueue_scriptsinc\sidebar.php:59
actionelementor/editor/after_enqueue_scriptsinc\sidebar.php:60
Maintenance & Trust

Categorify – WordPress Media Library Category & File Manager Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8
Last updatedFeb 12, 2024
PHP min version
Downloads27K

Community Trust

Rating40/100
Number of ratings2
Active installs1K
Alternatives

Categorify – WordPress Media Library Category & File Manager Alternatives

FileBird – WordPress Media Library Folders & File Manager

FileBird – WordPress Media Library Folders & File Manager

filebird

A
89

Organize thousands of WordPress media files in folders / categories with ease.

200K 10 CVEs
Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types

Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types

wicked-folders

A
92

Organize your pages, posts, and custom post types into folders. Upgrade to pro for media library folders, WooCommerce integration, and more.

20K 22 CVEs
iFolders – Ultimate Folder Organizer for Media Library, Pages, Posts and Users

iFolders – Ultimate Folder Organizer for Media Library, Pages, Posts and Users

ifolders

A
100

Take control of your media library, posts, pages, and other content with our folder manager. Organize your WordPress data into specific categories.

300 1 CVE
MediaCommander – Bring Folders to Media, Posts, and Pages

MediaCommander – Bring Folders to Media, Posts, and Pages

mediacommander

A
99

Take control of your data with our folder manager - organize your WordPress media library, posts, and pages into specific categories with ease.

40 1 CVE
Real Media Library: Media Library Folder & File Manager

Real Media Library: Media Library Folder & File Manager

real-media-library-lite

A
97

Organize uploaded media in folders, collections and galleries: A file manager for WordPress. Media management made easy with Real Media Library! (Alte &hellip;

100K 4 CVEs
Developer Profile

Categorify – WordPress Media Library Category & File Manager Developer Profile

frenify

2 plugins · 1K total installs

59
trust score
Avg Security Score
72/100
Avg Patch Time
155 days
View full developer profile
Detection Fingerprints

How We Detect Categorify – WordPress Media Library Category & File Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/categorify/inc/settings/assets/css/magnific-popup.css/wp-content/plugins/categorify/inc/settings/assets/css/style.css/wp-content/plugins/categorify/inc/settings/assets/js/magnific-popup.js/wp-content/plugins/categorify/inc/settings/assets/js/init.js
Script Paths
inc/settings/assets/js/magnific-popup.jsinc/settings/assets/js/init.js
Version Parameters
categorify/1.0.7.5categorify/inc/settings/assets/css/magnific-popup.css?ver=categorify/inc/settings/assets/css/style.css?ver=categorify/inc/settings/assets/js/magnific-popup.js?ver=categorify/inc/settings/assets/js/init.js?ver=

HTML / DOM Fingerprints

CSS Classes
categorify-attachment-sidebar
HTML Comments
DO NOT REMOVE THIS IF, IT IS ESSENTIAL FOR THE `function_exists` CALL ABOVE TO PROPERLY WORK.include main plugin fileregister CATEGORIFY taxonomyget interface+14 more
Data Attributes
data-iddata-namedata-position
JS Globals
categorify_params
REST Endpoints
/wp-json/categorify/v1/categories/wp-json/categorify/v1/media
FAQ

Frequently Asked Questions about Categorify – WordPress Media Library Category & File Manager