WP-Safety

Genesis Media Project Security & Risk Analysis

wordpress.org/plugins/genesis-media-project

Genesis Media Project is the premier media plugin for Genesis. Currently the plugin adds video support to the Genesis Framework and includes a Video T …

20 active installs v0.9.0.2 PHP + WP 3.3+ Updated Unknown
genesisgenesiswpmenustudiopress
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Genesis Media Project Safe to Use in 2026?

Generally Safe

Score 100/100

Genesis Media Project has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The "genesis-media-project" plugin v0.9.0.2 exhibits a mixed security posture. While it demonstrates good practices by exclusively using prepared statements for SQL queries and having no known vulnerabilities in its history, significant concerns arise from its attack surface and code signals. The plugin has a total of 4 entry points, with a concerning 3 of these being unprotected AJAX handlers. This lack of authentication on a majority of its exposed functionalities presents a substantial risk.

The code analysis further reveals the use of dangerous functions like `create_function` and `unserialize`, which can be exploited if user-supplied data is involved. Although taint analysis did not reveal critical or high severity issues, the presence of 3 flows with unsanitized paths indicates potential avenues for attacks. The extremely low percentage of properly escaped output (4%) is another major red flag, suggesting a high likelihood of cross-site scripting (XSS) vulnerabilities.

Overall, the absence of a vulnerability history might indicate a lack of past exploitation or discovery, but the identified weaknesses in the current version, particularly the unprotected AJAX handlers and poor output escaping, necessitate urgent attention. The plugin has potential strengths in its SQL handling and lack of CVEs, but these are overshadowed by significant and readily exploitable flaws in its exposed interfaces and data handling.

Key Concerns

  • Unprotected AJAX handlers
  • Low output escaping percentage
  • Use of dangerous function: unserialize
  • Use of dangerous function: create_function
  • Flows with unsanitized paths
  • Limited nonce checks
Vulnerabilities
None known

Genesis Media Project Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Genesis Media Project Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
0 prepared
Unescaped Output
200
8 escaped
Nonce Checks
1
Capability Checks
2
File Operations
0
External Requests
5
Bundled Libraries
0

Dangerous Functions Found

create_functionadd_action('widgets_init', create_function('', "register_widget('gmp_Video_Tabs');"));modules\tab-slider\widgets\tab-slider.php:9
unserialize$output = unserialize(curl_exec($ch));modules\video\video-thumbnail.php:42

Output Escaping

4% escaped208 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths
cmb_editor_footer_scripts (classes\meta-box-builder\init.php:510)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Genesis Media Project Attack Surface

Entry Points4
Unprotected3

AJAX Handlers 3

noprivwp_ajax_gmpAjaxVideoTabmodules\tab-slider\admin.php:109
authwp_ajax_gmpAjaxVideoTabmodules\tab-slider\admin.php:110
authwp_ajax_gmp_video_thumbnailsmodules\video\video-thumbnail.php:433

Shortcodes 1

[gmp_slideshow] modules\tab-slider\output.php:141
WordPress Hooks 45
actionadmin_menuclasses\admin-builder\admin-builder.php:45
actiongenesis_settings_sanitizer_initclasses\admin-builder\admin-builder.php:124
actionadmin_headclasses\admin-builder\admin-builder.php:411
actionadmin_enqueue_scriptsclasses\admin-builder\admin-builder.php:412
actionadmin_headclasses\admin-builder\admin-builder.php:442
filtercmb_meta_boxesclasses\meta-box-builder\example-functions.php:4
actioninitclasses\meta-box-builder\example-functions.php:186
actionadmin_headclasses\meta-box-builder\init.php:85
actionadmin_menuclasses\meta-box-builder\init.php:88
actionsave_postclasses\meta-box-builder\init.php:89
filtercmb_show_onclasses\meta-box-builder\init.php:91
filtercmb_show_onclasses\meta-box-builder\init.php:92
actionadmin_headclasses\meta-box-builder\init.php:488
actionadmin_enqueue_scriptsclasses\meta-box-builder\init.php:491
actionadmin_initclasses\meta-box-builder\init.php:507
actionadmin_headclasses\meta-box-builder\init.php:508
actionadmin_print_footer_scriptsclasses\meta-box-builder\init.php:534
filterget_media_item_argsclasses\meta-box-builder\init.php:572
actionplugins_loadedclasses\module-loader\module-loader.php:46
filterntg_settings_builderclasses\module-loader\module-loader.php:75
actiongenesis_initclasses\module-loader\module-loader.php:76
actioninitclasses\module-loader\module-loader.php:82
actionafter_setup_themeclasses\module-loader\module-loader.php:208
actionafter_setup_themeclasses\module-loader\module-loader.php:215
actiongmp_initclasses\module-loader\module-loader.php:245
actionadmin_menuclasses\module-loader\module-loader.php:323
actionadmin_menuclasses\module-loader\module-loader.php:326
actioninitclasses\post-types-taxonomies\ntg_Post_Type_Taxonomies.php:39
actioninitclasses\post-types-taxonomies\ntg_Post_Type_Taxonomies.php:43
filterntg_settings_buildermodules\tab-slider\admin.php:4
filterntg_module_loadermodules\tab-slider\module.php:4
actionwp_enqueue_scriptsmodules\tab-slider\output.php:5
actionwidgets_initmodules\tab-slider\widgets\tab-slider.php:9
filtercmb_meta_boxesmodules\video\meta-boxes.php:4
filterntg_module_loadermodules\video\module.php:4
actionwp_enqueue_scriptsmodules\video\output.php:6
filterthe_contentmodules\video\output.php:259
actionadmin_initmodules\video\video-thumbnail.php:368
actionadmin_headmodules\video\video-thumbnail.php:407
actionnew_to_publishmodules\video\video-thumbnail.php:457
actiondraft_to_publishmodules\video\video-thumbnail.php:458
actionpending_to_publishmodules\video\video-thumbnail.php:459
actionfuture_to_publishmodules\video\video-thumbnail.php:460
actionadmin_initplugin.php:31
filtercontent_widthplugin.php:108
Maintenance & Trust

Genesis Media Project Maintenance & Trust

Maintenance Signals

WordPress version tested3.3.2
Last updatedUnknown
PHP min version
Downloads8K

Community Trust

Rating40/100
Number of ratings1
Active installs20
Alternatives

Genesis Media Project Alternatives

Genesis Simple Menus

Genesis Simple Menus

genesis-simple-menus

A
100

With Genesis, Simple Menus allows you to select a WP menu for secondary navigation on posts, pages, categories, tags or custom taxonomies.

2K No CVEs
Genesis Nav Menu Amplified

Genesis Nav Menu Amplified

genesis-nav-menu-amplified

A
85

Genesis Menu options with custom menu, categories, pages, and primary/secondary nav extras.

50 No CVEs
Genesis eNews Extended

Genesis eNews Extended

genesis-enews-extended

A
100

Creates a new widget to easily add mailing lists integration to a Genesis website. Works with FeedBurner, MailChimp, AWeber, FeedBlitz, ConvertKit and …

40K No CVEs
Genesis Simple Hooks

Genesis Simple Hooks

genesis-simple-hooks

A
100

This plugin creates a new Genesis settings page that allows you to insert code (HTML, Shortcodes, and PHP), and attach it to any of the 50+ action hoo …

20K No CVEs
Genesis Connect for WooCommerce

Genesis Connect for WooCommerce

genesis-connect-woocommerce

A
100

This plugin allows you to seamlessly integrate WooCommerce with the Genesis Framework and Genesis child themes.

10K No CVEs
Developer Profile

Genesis Media Project Developer Profile

Nick the Geek

6 plugins · 3K total installs

86
trust score
Avg Security Score
88/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Genesis Media Project

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes
gmp-video-embed
HTML Comments
<!-- Video Thumbnails Settings -->
Data Attributes
data-gmp-video-iddata-gmp-video-type
JS Globals
gmp_post_idgmp_post_url
Shortcode Output
[gmp_video_embed][gmp_video_thumbnail]
FAQ

Frequently Asked Questions about Genesis Media Project