Does Folderly have any unpatched vulnerabilities?

No. All known vulnerabilities in Folderly have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Folderly compatible with WordPress 6.9.4?

According to WordPress.org data, Folderly 0.3.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Folderly compatible with PHP 7.4+?

Folderly requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Folderly updated?

Folderly was last updated on Nov 29, 2025. Frequent updates are generally a positive security signal.

What is Folderly's security score?

Folderly has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Folderly Security & Risk Analysis

wordpress.org/plugins/folderly

Organize your WordPress media library with folders. Drag & drop media files into folders, manage images, videos & documents efficiently.

40 active installs v0.3.2 PHP 7.4+ WP 5.6+ Updated Nov 29, 2025

file-managerfoldersmedia-foldermedia-folderswordpress-media-folders

A · Safe

CVEs total1

Unpatched0

Last CVEOct 31, 2025

Plugin page Download

Safety Verdict

Is Folderly Safe to Use in 2026?

Generally Safe

Score 99/100

Folderly has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Oct 31, 2025Updated 4mo ago

Risk Assessment

The 'folderly' plugin version 0.3.2 exhibits a generally positive security posture based on static analysis. The absence of any identified attack surface entry points, dangerous functions, file operations, or external HTTP requests is a strong indicator of secure coding practices. Furthermore, the excellent output escaping practices (100% properly escaped) and a high percentage of SQL queries using prepared statements (67%) suggest a commitment to preventing common web vulnerabilities. The taint analysis also found no flows with unsanitized paths, which is highly encouraging.

However, the plugin's vulnerability history presents a notable concern. The presence of one known medium-severity vulnerability, specifically an 'Incorrect Authorization' type, and its recent discovery (2025-10-31) suggests a potential recurring weakness in access control mechanisms. While this vulnerability is currently patched, it highlights an area where diligent review and testing are crucial. The lack of nonce checks across the plugin is also a potential area for improvement, although this is mitigated by the very low overall attack surface reported.

Key Concerns

Medium severity vulnerability (Incorrect Authorization)
No nonce checks
Bundled Freemius v1.0 (potential for outdated library)

Vulnerabilities

Folderly Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-12038medium · 4.3Incorrect Authorization

Folderly <= 0.3 - Incorrect Authorization to Authenticated (Author+) Term Deletion

Oct 31, 2025 Patched in 0.3.1 (1d)

Code Analysis

Analyzed Mar 16, 2026

Folderly Code Analysis

Dangerous Functions

Raw SQL Queries

18 prepared

Unescaped Output

13 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

SQL Query Safety

67% prepared27 total queries

Output Escaping

100% escaped13 total outputs

Attack Surface

Folderly Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 19

actionadmin_body_classincludes\Admin\Admin.php:17

filtermanage_media_columnsincludes\Admin\Admin.php:19

actionmanage_media_custom_columnincludes\Admin\Admin.php:20

actioninitincludes\App.php:111

actionrest_api_initincludes\App.php:112

actionadmin_enqueue_scriptsincludes\Assets\Assets.php:21

actioninitincludes\PageBuilders\PageBuilders.php:22

actionrest_api_initincludes\Rest\ConfigRoute.php:43

actionrest_api_initincludes\Rest\ImportRoute.php:43

actionrest_api_initincludes\Rest\Rest.php:16

actioninitincludes\Taxonomy\Taxonomy.php:29

actionpre_get_postsincludes\Taxonomy\Taxonomy.php:30

actionadd_attachmentincludes\Taxonomy\Taxonomy.php:31

actionpre-upload-uiincludes\Taxonomy\Taxonomy.php:32

filterterms_clausesincludes\Taxonomy\Taxonomy.php:33

filterajax_query_attachments_argsincludes\Taxonomy\Taxonomy.php:34

filterrestrict_manage_postsincludes\Taxonomy\Taxonomy.php:35

filterupdate_post_term_count_statusesincludes\Taxonomy\Taxonomy.php:36

filterscript_loader_tagincludes\Utils\ViteAbstract.php:73

Maintenance & Trust

Folderly Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedNov 29, 2025

PHP min version7.4

Downloads2K

Community Trust

Rating100/100

Number of ratings1

Active installs40

Alternatives

Folderly Alternatives

FileBird – WordPress Media Library Folders & File Manager

filebird

Organize thousands of WordPress media files in folders / categories with ease.

200K 10 CVEs

Real Media Library: Media Library Folder & File Manager

real-media-library-lite

Organize uploaded media in folders, collections and galleries: A file manager for WordPress. Media management made easy with Real Media Library! (Alte …

100K 4 CVEs

Enhanced Media Library

enhanced-media-library

This plugin would be handy for those who need to manage a lot of media files.

70K 1 CVE

WP Media folders

wp-media-folders

WP Media Folders is a media management plugin that: Implement a real folder and media URL structure & Allow WP Media Folder plugin data import

3K No CVEs

Categorify – WordPress Media Library Category & File Manager

categorify

Organize your WordPress media files in categories via drag and drop.

1K 1 unpatched

Developer Profile

Folderly Developer Profile

wpfolderly

1 plugin · 40 total installs

trust score

Avg Security Score

99/100

Avg Patch Time

1 days

View full developer profile

Detection Fingerprints

How We Detect Folderly

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/folderly/assets/dist/style.css

Script Paths

/wp-content/plugins/folderly/assets/dist/main.js

Version Parameters

folderly/style.css?ver=main.js?ver=

HTML / DOM Fingerprints

CSS Classes

folderly-app

Data Attributes

data-folderly-app

JS Globals

folderly

REST Endpoints

/wp-json/folderly/v1

FAQ