WP-Safety

Cloudinary – Deliver Images and Videos at Scale Security & Risk Analysis

wordpress.org/plugins/cloudinary-image-management-and-manipulation-in-the-cloud-cdn

Boost the performance of your WordPress site by optimizing your images and videos with the Cloudinary WordPress Plugin. WordPress developers, content …

5K active installs v3.3.2 PHP 7.4+ WP 4.7+ Updated Feb 23, 2026
core-web-vitalsimage-optimizerperformanceresizevideo
78
B · Generally Safe
CVEs total1
Unpatched1
Last CVEJan 22, 2026
Plugin page Download
Safety Verdict

Is Cloudinary – Deliver Images and Videos at Scale Safe to Use in 2026?

Mostly Safe

Score 78/100

Cloudinary – Deliver Images and Videos at Scale is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Jan 22, 2026Updated 1mo ago
Risk Assessment

The Cloudinary Image Management and Manipulation plugin exhibits a generally good security posture, with a strong emphasis on output escaping and the use of prepared statements for SQL queries. The plugin's attack surface is minimal, with no identified unprotected entry points from AJAX handlers, REST API routes, or shortcodes. Furthermore, the taint analysis shows no critical or high-severity unsanitized flows, suggesting a reasonable effort to prevent common injection vulnerabilities.

However, the presence of one unpatched medium-severity vulnerability (CVE) dating from 2026 is a significant concern. This indicates a past issue that has not been addressed, potentially leaving users exposed. While the code analysis reveals no immediate critical risks like dangerous functions or unsanitized taint flows, the historical vulnerability pattern of 'Missing Authorization' combined with the single unpatched CVE suggests a potential blind spot in the plugin's security implementation. The plugin demonstrates good practices in output escaping and SQL query handling, but the lack of patching for known vulnerabilities is a notable weakness that requires immediate attention.

Key Concerns

  • Unpatched CVE detected
  • Vulnerability history of Missing Authorization
Vulnerabilities
1

Cloudinary – Deliver Images and Videos at Scale Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-24560medium · 4.3Missing Authorization

Cloudinary <= 3.3.0 - Missing Authorization

Jan 22, 2026Unpatched
Code Analysis
Analyzed Mar 16, 2026

Cloudinary – Deliver Images and Videos at Scale Code Analysis

Dangerous Functions
0
Raw SQL Queries
22
33 prepared
Unescaped Output
8
175 escaped
Nonce Checks
5
Capability Checks
3
File Operations
18
External Requests
11
Bundled Libraries
0

SQL Query Safety

60% prepared55 total queries

Output Escaping

96% escaped183 total outputs
Attack Surface

Cloudinary – Deliver Images and Videos at Scale Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_cloudinary-down-syncphp\class-media.php:3161
WordPress Hooks 265
actionadmin_noticescloudinary.php:46
filterupdate_post_metadataphp\cache\class-cache-point.php:117
filterget_post_metadataphp\cache\class-cache-point.php:118
filterdelete_post_metadataphp\cache\class-cache-point.php:119
actionshutdownphp\cache\class-cache-point.php:120
actionwp_resource_hintsphp\cache\class-cache-point.php:121
actioncloudinary_init_settingsphp\class-admin.php:87
actionadmin_initphp\class-admin.php:88
actionadmin_menuphp\class-admin.php:89
filtercloudinary_api_rest_endpointsphp\class-admin.php:90
actionshutdownphp\class-admin.php:97
actioncloudinary_connectedphp\class-assets.php:125
filtercloudinary_admin_pagesphp\class-assets.php:126
filtercloudinary_is_content_dirphp\class-assets.php:149
filtercloudinary_is_mediaphp\class-assets.php:150
filterget_attached_filephp\class-assets.php:151
filtercloudinary_sync_base_structphp\class-assets.php:152
filterintermediate_image_sizes_advancedphp\class-assets.php:153
filtercloudinary_can_sync_assetphp\class-assets.php:154
filtercloudinary_local_urlphp\class-assets.php:155
filtercloudinary_is_folder_syncedphp\class-assets.php:156
filtercloudinary_asset_statephp\class-assets.php:157
filtercloudinary_set_usable_assetphp\class-assets.php:158
actioncloudinary_readyphp\class-assets.php:160
actioncloudinary_thread_queue_details_queryphp\class-assets.php:161
actioncloudinary_build_queue_queryphp\class-assets.php:162
actioncloudinary_string_replacephp\class-assets.php:163
actionshutdownphp\class-assets.php:164
actionadmin_bar_menuphp\class-assets.php:165
actionwp_enqueue_scriptsphp\class-assets.php:166
actioncloudinary_delete_assetphp\class-assets.php:167
actionshutdownphp\class-cache.php:118
filtertemplate_includephp\class-cache.php:226
actionadmin_initphp\class-cache.php:227
filtercloudinary_api_rest_endpointsphp\class-cache.php:229
actionhttp_request_argsphp\class-cache.php:230
actioncloudinary_cache_init_cache_pointsphp\class-cache.php:825
actioncloudinary_cache_init_cache_pointsphp\class-cache.php:877
actioncloudinary_cache_init_cache_pointsphp\class-cache.php:929
actioncloudinary_cache_init_cache_pointsphp\class-cache.php:981
filterpre_update_option_cloudinary_connectphp\class-connect.php:104
actionupdate_option_cloudinary_connectphp\class-connect.php:105
actioncloudinary_statusphp\class-connect.php:106
actioncloudinary_version_upgradephp\class-connect.php:107
filtercloudinary_setting_get_valuephp\class-connect.php:108
filtercloudinary_admin_pagesphp\class-connect.php:109
filtercloudinary_api_rest_endpointsphp\class-connect.php:110
actioncloudinary_readyphp\class-connect.php:486
filtercloudinary_admin_pagesphp\class-cron.php:90
filtercloudinary_api_rest_endpointsphp\class-cron.php:144
actioncloudinary_init_settingsphp\class-cron.php:145
actionshutdownphp\class-cron.php:168
filtercloudinary_admin_pagesphp\class-dashboard.php:31
actioninitphp\class-deactivation.php:64
actioncurrent_screenphp\class-deactivation.php:65
actioncloudinary_init_settingsphp\class-deactivation.php:66
filtercloudinary_api_rest_endpointsphp\class-deactivation.php:77
actioncloudinary_cleanup_eventphp\class-deactivation.php:78
actionadmin_head-plugins.phpphp\class-deactivation.php:93
actionadmin_enqueue_scriptsphp\class-deactivation.php:94
actioncloudinary_admin_pagesphp\class-delivery-feature.php:96
actioncloudinary_init_settingsphp\class-delivery-feature.php:97
actionwp_print_scriptsphp\class-delivery-feature.php:126
actioncloudinary_connectedphp\class-delivery.php:129
filtercloudinary_filter_out_localphp\class-delivery.php:138
actionupdate_option_cloudinary_media_displayphp\class-delivery.php:139
actioncloudinary_flush_cachephp\class-delivery.php:140
actioncloudinary_unsync_assetphp\class-delivery.php:141
actionbefore_delete_postphp\class-delivery.php:142
actiondelete_attachmentphp\class-delivery.php:143
actioncloudinary_register_sync_typesphp\class-delivery.php:144
filterrest_request_before_callbacksphp\class-delivery.php:145
actionthe_postphp\class-delivery.php:146
filterwp_get_attachment_urlphp\class-delivery.php:158
filtercloudinary_skip_parse_elementphp\class-delivery.php:181
filtercontent_save_prephp\class-delivery.php:702
actionsave_postphp\class-delivery.php:703
actioncloudinary_string_replacephp\class-delivery.php:704
filterpost_thumbnail_htmlphp\class-delivery.php:705
filtercloudinary_current_post_idphp\class-delivery.php:707
filterthe_contentphp\class-delivery.php:708
actionwp_resource_hintsphp\class-delivery.php:709
filterwp_calculate_image_srcsetphp\class-delivery.php:840
actioncloudinary_connectedphp\class-extensions.php:46
filtercloudinary_api_rest_endpointsphp\class-extensions.php:53
actioncloudinary_init_settingsphp\class-extensions.php:54
actioninitphp\class-media.php:162
actioncloudinary_version_upgradephp\class-media.php:165
filtercloudinary_upload_sync_enabledphp\class-media.php:2121
filterwp_calculate_image_srcsetphp\class-media.php:3125
filterwp_get_attachment_urlphp\class-media.php:3126
filterwp_get_original_image_urlphp\class-media.php:3127
filterimage_downsizephp\class-media.php:3128
filterwp_calculate_image_srcset_metaphp\class-media.php:3129
actionbegin_fetch_post_thumbnail_htmlphp\class-media.php:3132
filterpost_thumbnail_htmlphp\class-media.php:3133
actionprint_media_templatesphp\class-media.php:3159
actionwp_enqueue_mediaphp\class-media.php:3160
filterupload_dirphp\class-media.php:3164
filtercloudinary_default_qf_transformations_imagephp\class-media.php:3171
filtercloudinary_default_freeform_transformations_imagephp\class-media.php:3172
filtermanage_media_columnsphp\class-media.php:3175
actionmanage_media_custom_columnphp\class-media.php:3176
filterintermediate_image_sizes_advancedphp\class-media.php:3179
filtercloudinary_resource_typephp\class-media.php:3182
actionrestrict_manage_postsphp\class-media.php:3184
actionpre_get_postsphp\class-media.php:3185
actioninitphp\class-meta-box.php:39
actionadd_meta_boxesphp\class-meta-box.php:48
actionplugins_loadedphp\class-plugin.php:275
actionadmin_enqueue_scriptsphp\class-plugin.php:276
actioninitphp\class-plugin.php:277
actioninitphp\class-plugin.php:279
actioninitphp\class-plugin.php:280
actionadmin_noticesphp\class-plugin.php:282
filterplugin_row_metaphp\class-plugin.php:283
actionadmin_print_footer_scriptsphp\class-plugin.php:284
actionwp_print_footer_scriptsphp\class-plugin.php:285
actioncloudinary_version_upgradephp\class-plugin.php:287
actioncloudinary_upgrade_assetphp\class-relate.php:48
filterfound_postsphp\class-relate.php:49
actioncloudinary_connectedphp\class-report.php:55
filtercloudinary_admin_pagesphp\class-report.php:56
actioncloudinary_settings_save_setting_reporting.enable_reportphp\class-report.php:63
filtermedia_row_actionsphp\class-report.php:64
filterpost_row_actionsphp\class-report.php:65
filterpage_row_actionsphp\class-report.php:66
filterhandle_bulk_actions-edit-postphp\class-report.php:67
filterhandle_bulk_actions-uploadphp\class-report.php:68
actionadd_meta_boxesphp\class-report.php:144
actionrest_api_initphp\class-rest-api.php:42
filtercloudinary_admin_sidebarphp\class-special-offer.php:36
filtermedia_send_to_editorphp\class-string-replace.php:74
filterthe_editor_contentphp\class-string-replace.php:75
filterwp_prepare_attachment_for_jsphp\class-string-replace.php:76
actionadmin_initphp\class-string-replace.php:77
actiontemplate_includephp\class-string-replace.php:84
actionparse_requestphp\class-string-replace.php:86
filterrest_pre_echo_responsephp\class-string-replace.php:103
filterupload_mimesphp\class-svg.php:246
filterext2typephp\class-svg.php:247
filterwp_check_filetype_and_extphp\class-svg.php:248
filtercloudinary_allowed_extensionsphp\class-svg.php:249
filtercloudinary_upload_optionsphp\class-svg.php:250
filtercloudinary_upload_argsphp\class-svg.php:251
filtercloudinary_convert_media_typesphp\class-svg.php:252
actioncloudinary_uploaded_assetphp\class-svg.php:255
filtercloudinary_admin_pagesphp\class-sync.php:138
filtercloudinary_media_statusphp\class-sync.php:1202
filterdisplay_media_statesphp\class-sync.php:1203
actionshutdownphp\class-sync.php:1205
filtercloudinary_setting_get_valuephp\class-sync.php:1220
filtercloudinary_get_signaturephp\class-sync.php:1221
actionadmin_initphp\class-sync.php:1223
actionrest_api_initphp\class-sync.php:1225
actioncloudinary_init_settingsphp\class-url.php:66
actionshutdownphp\class-utils.php:780
actioncloudinary_readyphp\connect\class-api.php:171
actionhttp_api_curlphp\connect\class-api.php:1003
actioncloudinary_init_settingsphp\delivery\class-bypass.php:66
filterhandle_bulk_actions-uploadphp\delivery\class-bypass.php:75
filtermedia_row_actionsphp\delivery\class-bypass.php:76
filterbulk_actions-uploadphp\delivery\class-bypass.php:77
actionattachment_submitbox_misc_actionsphp\delivery\class-bypass.php:78
filterwp_insert_attachment_dataphp\delivery\class-bypass.php:79
filtercloudinary_can_sync_assetphp\delivery\class-bypass.php:80
filtercloudinary_cache_media_assetphp\delivery\class-bypass.php:81
filtercloudinary_media_statusphp\delivery\class-bypass.php:82
filtercloudinary_image_tag-disabledphp\delivery\class-lazy-load.php:45
actionwpphp\delivery\class-lazy-load.php:52
filtercloudinary_lazy_load_bypassphp\delivery\class-lazy-load.php:53
actioncloudinary_init_deliveryphp\delivery\class-responsive-breakpoints.php:46
filtercloudinary_apply_breakpointsphp\delivery\class-responsive-breakpoints.php:47
filtercloudinary_sync_base_structphp\delivery\class-responsive-breakpoints.php:200
actionelementor/element/parse_cssphp\integrations\class-elementor.php:54
actioncloudinary_flush_cachephp\integrations\class-elementor.php:55
actionwpml_media_create_duplicate_attachmentphp\integrations\class-wpml.php:60
filterwp_generate_attachment_metadataphp\integrations\class-wpml.php:61
actioncloudinary_readyphp\integrations\class-wpml.php:62
filtercloudinary_media_contextphp\integrations\class-wpml.php:63
filtercloudinary_media_context_queryphp\integrations\class-wpml.php:64
filtercloudinary_media_context_thingsphp\integrations\class-wpml.php:65
filtercloudinary_home_urlphp\integrations\class-wpml.php:66
actioncloudinary_edit_asset_permalinkphp\integrations\class-wpml.php:67
filtercloudinary_contextualized_post_idphp\integrations\class-wpml.php:68
filterwpml_admin_language_switcher_itemsphp\integrations\class-wpml.php:69
actionshutdownphp\integrations\class-wpml.php:263
actionprint_media_templatesphp\media\class-filter.php:719
filterrest_prepare_attachmentphp\media\class-filter.php:744
filterwp_insert_post_dataphp\media\class-filter.php:813
filterwp_prepare_attachment_for_jsphp\media\class-filter.php:814
filtermedia_send_to_editorphp\media\class-filter.php:815
actionrest_api_initphp\media\class-filter.php:818
actionadmin_footerphp\media\class-filter.php:821
actionwp_footerphp\media\class-filter.php:822
filterrender_blockphp\media\class-filter.php:825
filterwp_update_attachment_metadataphp\media\class-filter.php:828
filterwp_image_file_matches_image_metaphp\media\class-filter.php:831
filtercloudinary_api_rest_endpointsphp\media\class-gallery.php:689
actionenqueue_block_editor_assetsphp\media\class-gallery.php:690
actionwp_enqueue_scriptsphp\media\class-gallery.php:691
actionadmin_enqueue_scriptsphp\media\class-gallery.php:692
filterrender_blockphp\media\class-gallery.php:693
filtercloudinary_admin_pagesphp\media\class-gallery.php:694
filterupload_mimesphp\media\class-gallery.php:710
filterwp_check_filetype_and_extphp\media\class-gallery.php:711
filtercloudinary_allowed_extensionsphp\media\class-gallery.php:712
filtercloudinary_is_deliverablephp\media\class-gallery.php:713
filterwp_get_attachment_urlphp\media\class-gallery.php:714
filterwp_generate_attachment_metadataphp\media\class-gallery.php:715
actionadd_meta_boxesphp\media\class-global-transformations.php:718
actionsave_postphp\media\class-global-transformations.php:719
actionsave_postphp\media\class-global-transformations.php:720
filteradmin_post_thumbnail_htmlphp\media\class-global-transformations.php:721
filtermanage_media_columnsphp\media\class-global-transformations.php:724
actionmanage_media_custom_columnphp\media\class-global-transformations.php:725
filtercloudinary_migrate_legacy_metaphp\media\class-upgrade.php:275
actionadmin_menuphp\media\class-upgrade.php:279
filterrender_blockphp\media\class-video.php:229
filterwp_video_shortcode_overridephp\media\class-video.php:638
filtercloudinary_default_qf_transformations_videophp\media\class-video.php:639
filtercloudinary_default_freeform_transformations_videophp\media\class-video.php:640
filterrender_block_dataphp\media\class-video.php:644
filterrender_blockphp\media\class-video.php:647
filtershortcode_atts_videophp\media\class-video.php:651
filterpre_do_shortcode_tagphp\media\class-video.php:661
actionenqueue_block_editor_assetsphp\media\class-video.php:702
actionadmin_enqueue_scriptsphp\media\class-video.php:704
actionwp_enqueue_scriptsphp\media\class-woocommercegallery.php:93
filtercloudinary_gallery_html_containerphp\media\class-woocommercegallery.php:95
filterwoocommerce_single_product_image_thumbnail_htmlphp\media\class-woocommercegallery.php:103
filtercloudinary_enqueue_gallery_scriptphp\media\class-woocommercegallery.php:106
actionshutdownphp\relate\class-relationship.php:141
actionshutdownphp\relate\class-relationship.php:142
actiondelete_attachmentphp\sync\class-delete-sync.php:42
filteruser_has_capphp\sync\class-delete-sync.php:43
filtercloudinary_api_rest_endpointsphp\sync\class-download-sync.php:57
filtercloudinary_apply_default_transformationsphp\sync\class-download-sync.php:250
filtercloudinary_api_rest_endpointsphp\sync\class-push-sync.php:85
actioncloudinary_run_queuephp\sync\class-push-sync.php:99
actioncloudinary_sync_itemsphp\sync\class-push-sync.php:100
actionshutdownphp\sync\class-push-sync.php:263
actioncloudinary_register_sync_typesphp\sync\class-storage.php:94
filtercloudinary_render_fieldphp\sync\class-storage.php:96
filtercloudinary_apply_default_transformationsphp\sync\class-storage.php:151
filtercloudinary_can_sync_assetphp\sync\class-storage.php:555
filterwp_unique_filenamephp\sync\class-storage.php:556
filterwp_get_attachment_metadataphp\sync\class-storage.php:557
filterwp_image_editorsphp\sync\class-storage.php:561
actioncloudinary_resume_queuephp\sync\class-sync-queue.php:189
actioncloudinary_settings_save_setting_auto_syncphp\sync\class-sync-queue.php:190
actionattachment_submitbox_misc_actionsphp\sync\class-unsync.php:77
filterhandle_bulk_actions-uploadphp\sync\class-unsync.php:78
filtermedia_row_actionsphp\sync\class-unsync.php:79
filterbulk_actions-uploadphp\sync\class-unsync.php:80
filterwp_unique_filenamephp\sync\class-unsync.php:234
filtercloudinary_on_demand_sync_enabledphp\sync\class-upload-sync.php:82
filterhandle_bulk_actions-uploadphp\sync\class-upload-sync.php:84
filtermedia_row_actionsphp\sync\class-upload-sync.php:86
filterbulk_actions-uploadphp\sync\class-upload-sync.php:89
filtercloudinary_doing_uploadphp\sync\class-upload-sync.php:306
filtercloudinary_is_folder_syncedphp\sync\class-upload-sync.php:308
filterwp_get_original_image_pathphp\sync\class-upload-sync.php:337
filtercloudinary_api_rest_endpointsphp\ui\class-state.php:70
actionadmin_initphp\ui\class-state.php:71

Scheduled Events 2

cloudinary_cleanup_event
cloudinary_resume_queue
Maintenance & Trust

Cloudinary – Deliver Images and Videos at Scale Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 23, 2026
PHP min version7.4
Downloads421K

Community Trust

Rating80/100
Number of ratings64
Active installs5K
Alternatives

Cloudinary – Deliver Images and Videos at Scale Alternatives

WP Fastest Cache – WordPress Cache Plugin

WP Fastest Cache – WordPress Cache Plugin

wp-fastest-cache

B
76

The simplest and fastest WP Cache system

1.0M 35 CVEs
Autoptimize

Autoptimize

autoptimize

B
77

Autoptimize speeds up your website by optimizing JS, CSS, images (incl. lazy-load), HTML and Google Fonts, asyncing JS, removing emoji cruft and more.

900K 10 CVEs
NitroPack – Performance, Page Speed & Cache Plugin for Core Web Vitals, CDN & Image Optimization

NitroPack – Performance, Page Speed & Cache Plugin for Core Web Vitals, CDN & Image Optimization

nitropack

A
91

Boost site speed and performance with an all-in-one cache and speed optimization plugin. Pass Core Web Vitals with CDN, image optimization, lazy loadi &hellip;

100K 6 CVEs
WP YouTube Lyte

WP YouTube Lyte

wp-youtube-lyte

A
98

High performance YouTube video, playlist and audio-only embeds which don't slow down your blog and offer optimal accessibility.

30K 2 CVEs
Kraken.io Image Optimizer

Kraken.io Image Optimizer

kraken-image-optimizer

B
77

This plugin allows you to optimize your WordPress images through the Kraken.io API, the world's most advanced image optimization and resizing API.

10K 1 unpatched
Developer Profile

Cloudinary – Deliver Images and Videos at Scale Developer Profile

Cloudinary

1 plugin · 5K total installs

79
trust score
Avg Security Score
78/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Cloudinary – Deliver Images and Videos at Scale

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cloudinary-image-management-and-manipulation-in-the-cloud-cdn/assets/css/frontend.css/wp-content/plugins/cloudinary-image-management-and-manipulation-in-the-cloud-cdn/assets/js/frontend.js
Script Paths
/wp-content/plugins/cloudinary-image-management-and-manipulation-in-the-cloud-cdn/assets/js/backend.js
Version Parameters
/wp-content/plugins/cloudinary-image-management-and-manipulation-in-the-cloud-cdn/assets/css/frontend.css?ver=/wp-content/plugins/cloudinary-image-management-and-manipulation-in-the-cloud-cdn/assets/js/frontend.js?ver=/wp-content/plugins/cloudinary-image-management-and-manipulation-in-the-cloud-cdn/assets/js/backend.js?ver=

HTML / DOM Fingerprints

CSS Classes
cld-main-settings-pagecld-settings-rowcld-input-wrappercld-textarea-wrappercld-select-wrappercld-toggle-switchcld-notice-dismisscld-admin-notice+2 more
HTML Comments
<!-- Cloudinary admin notices --><!-- This program is free software; you can redistribute it and/or modifyit under the terms of the GNU General Public License, version 2 or, atyour discretion, any later version, as published by the Free+9 more
Data Attributes
data-cld-notice-tokendata-cld-notice-duration
JS Globals
CloudinaryBackendcloudinaryConfig
REST Endpoints
/wp-json/cloudinary/v1/dismiss_notice/wp-json/cloudinary/v1/save_settings
FAQ

Frequently Asked Questions about Cloudinary – Deliver Images and Videos at Scale