Cleanup Orphan Images Security & Risk Analysis
wordpress.org/plugins/cleanup-orphan-imagesFinds and deletes orphan media files from the uploads directory that are not registered in WordPress.
Is Cleanup Orphan Images Safe to Use in 2026?
Generally Safe
Score 100/100Cleanup Orphan Images has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The cleanup-orphan-images plugin v1.8.0 exhibits a generally good security posture, adhering to several best practices. The static analysis reveals no critical vulnerabilities such as dangerous functions, unsanitized paths in taint analysis, or file operations that could be exploited. The plugin also correctly escapes all output and implements nonce and capability checks on its entry points, indicating a deliberate effort to prevent common WordPress security issues. The absence of any recorded CVEs in its history further suggests a commitment to security or simply a lack of past exploitation. However, a significant concern arises from the plugin's handling of SQL queries, where 100% are executed without prepared statements. This is a substantial risk that could lead to SQL injection vulnerabilities, especially if user input is directly incorporated into these queries without proper sanitization. While the plugin demonstrates strengths in output escaping and authorization checks, the lack of prepared statements for all SQL queries is a critical weakness that requires immediate attention.
Key Concerns
- 100% of SQL queries use raw SQL
Cleanup Orphan Images Security Vulnerabilities
Cleanup Orphan Images Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
Cleanup Orphan Images Attack Surface
AJAX Handlers 1
WordPress Hooks 3
Maintenance & Trust
Cleanup Orphan Images Maintenance & Trust
Maintenance Signals
Community Trust
Cleanup Orphan Images Alternatives
Media Sweep – WordPress Media Cleaner
media-sweep
Clean up your WordPress Media Library by finding and removing unused files. Safely scan, preview, and sweep away orphaned media to keep your site fast …
Thumbnail Manager
thumbnail-manager
Clean up unused thumbnails with progress; find orphan -WxH files; disable sizes for future uploads.
qCleanup
q-cleanup
This plugin allows you to delete unused and leftover files from upload dir. In one click you can rid of all unwanted files and reduce space usage.
Media Cleaner: Clean your WordPress!
media-cleaner
Clean your WordPress! Eliminate unused and broken media files. For a faster, and better website.
Clean Image Filenames
clean-image-filenames
This plugin automatically converts language accent characters to non-accent characters in filenames when uploading to the media library.
Cleanup Orphan Images Developer Profile
2 plugins · 20 total installs
How We Detect Cleanup Orphan Images
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/cleanup-orphan-images/admin.jsadmin.jsHTML / DOM Fingerprints
orphan-scanner-wrap<!-- phpcs:ignore WordPress.Files.FileName.InvalidClassFileName --><!-- Exit if accessed directly. --><!-- Add Settings link on Plugins page. --><!-- phpcs:ignore WordPress.Security.NonceVerification.Recommended -- Read-only notice display, no state change. -->+5 morename="orphan_files_to_delete[]"id="cb-select-all-orphans"cleanup_images