WP-Safety

Cool Media Filter Security & Risk Analysis

wordpress.org/plugins/cool-media-filter

Adds the ability to use categories in the media library.

0 active installs v1.0.1 PHP + WP + Updated Jun 15, 2018
categoriescategorylibrarymediamedialibrary
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Cool Media Filter Safe to Use in 2026?

Generally Safe

Score 85/100

Cool Media Filter has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago
Risk Assessment

The "cool-media-filter" v1.0.1 plugin exhibits a mixed security posture. While it demonstrates good practices such as using prepared statements for a high percentage of its SQL queries and performing nonce checks, there are significant concerns related to its attack surface. The plugin has multiple AJAX handlers, two of which lack authentication checks. This presents a direct pathway for unauthenticated users to interact with potentially sensitive plugin functionality. Furthermore, the taint analysis reveals two flows with unsanitized paths, specifically identified as high severity. These flows, coupled with the unprotected AJAX endpoints, suggest a real risk of vulnerabilities such as cross-site scripting (XSS) or other injection attacks if user-supplied data is not properly validated and sanitized before being used in these critical code paths.

The plugin's vulnerability history is currently clean, with no recorded CVEs. This is a positive indicator, suggesting that historically, the plugin has been relatively secure or that any past issues were promptly addressed. However, the absence of past vulnerabilities does not guarantee future security, especially given the current findings from the static and taint analysis. The current risk is primarily driven by the identified code signals and taint flows, rather than historical issues.

In conclusion, "cool-media-filter" v1.0.1 has some strengths, particularly in its SQL query handling and nonce checks. However, the presence of unprotected AJAX endpoints and high-severity unsanitized taint flows represent critical weaknesses that significantly elevate the risk profile. These issues require immediate attention to prevent potential exploitation.

Key Concerns

  • AJAX handlers without auth checks
  • Taint flows with unsanitized paths (high severity)
  • Low output escaping percentage
Vulnerabilities
None known

Cool Media Filter Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Cool Media Filter Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
6 prepared
Unescaped Output
28
20 escaped
Nonce Checks
3
Capability Checks
5
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

86% prepared7 total queries

Output Escaping

42% escaped48 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
cmf_save_user_role (class-coolmediafilter.php:1284)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Cool Media Filter Attack Surface

Entry Points3
Unprotected2

AJAX Handlers 3

authwp_ajax_save-attachment-compatclass-coolmediafilter.php:97
authwp_ajax_category_accessclass-coolmediafilter.php:101
authwp_ajax_role_permissionclass-coolmediafilter.php:102
WordPress Hooks 19
actioninitclass-coolmediafilter.php:80
actioninitclass-coolmediafilter.php:81
filtershortcode_atts_galleryclass-coolmediafilter.php:83
actionadd_attachmentclass-coolmediafilter.php:86
actionedit_attachmentclass-coolmediafilter.php:87
actionrestrict_manage_postsclass-coolmediafilter.php:89
actionadmin_footer-upload.phpclass-coolmediafilter.php:90
actionload-upload.phpclass-coolmediafilter.php:92
actionajax_query_attachments_argsclass-coolmediafilter.php:94
actionadmin_enqueue_scriptsclass-coolmediafilter.php:95
actionattachment_fields_to_editclass-coolmediafilter.php:98
actionadmin_enqueue_scriptsclass-coolmediafilter.php:100
actionadmin_initclass-coolmediafilter.php:105
actionload-upload.phpclass-coolmediafilter.php:108
filterajax_query_attachments_argsclass-coolmediafilter.php:110
actionadmin_menuclass-coolmediafilter.php:112
actionadmin_post_new_user_roleclass-coolmediafilter.php:113
actionadmin_noticesclass-coolmediafilter.php:114
actionpre_get_postsclass-coolmediafilter.php:145
Maintenance & Trust

Cool Media Filter Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedJun 15, 2018
PHP min version
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Cool Media Filter Alternatives

Media Library Categories

Media Library Categories

wp-media-library-categories

A
99

Adds the ability to use categories in the media library.

20K 2 CVEs
Categorify – WordPress Media Library Category & File Manager

Categorify – WordPress Media Library Category & File Manager

categorify

C
59

Organize your WordPress media files in categories via drag and drop.

1K 1 unpatched
WP Media Categories

WP Media Categories

wp-media-categories

C
63

Add categories to media & attachments.

800 1 unpatched
Media Library Filter

Media Library Filter

media-library-filter

A
92

Filter the media in your library by the taxonomies and terms with which they are associated.

100 No CVEs
Viström Media Library Categories

Viström Media Library Categories

vistrom-media-library-categories

A
85

Categorize and filter your media library by categories, added support for bulk editing in both list-view and the grid-view.

20 No CVEs
Developer Profile

Cool Media Filter Developer Profile

Subrata Sarkar

3 plugins · 0 total installs

87
trust score
Avg Security Score
90/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Cool Media Filter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cool-media-filter/css/main.css/wp-content/plugins/cool-media-filter/js/media-filter.js
Script Paths
/wp-content/plugins/cool-media-filter/js/media-filter.js
Version Parameters
cool-media-filter/css/main.css?ver=cool-media-filter/js/media-filter.js?ver=

HTML / DOM Fingerprints

CSS Classes
cmf-attachment-category
Data Attributes
data-cmf-attachment-id
JS Globals
cool_media_filter_vars
FAQ

Frequently Asked Questions about Cool Media Filter