WP-Safety

HoatzinMedia — Library Cleaner & Storage Optimizer Security & Risk Analysis

wordpress.org/plugins/hoatzinmedia-library-cleaner

Smart media cleaner: detect unused files, duplicates and large attachments; optimize storage safely.

0 active installs v1.0.0 PHP 7.4+ WP 5.8+ Updated Apr 5, 2026
cleanupmediaoptimizationperformancestorage
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is HoatzinMedia — Library Cleaner & Storage Optimizer Safe to Use in 2026?

Generally Safe

Score 100/100

HoatzinMedia — Library Cleaner & Storage Optimizer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "hoatzinmedia-library-cleaner" v1.0.0 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of dangerous functions, raw SQL queries, file operations, and external HTTP requests is commendable. Furthermore, 100% of SQL queries utilize prepared statements, and all output is properly escaped, significantly mitigating common web application vulnerabilities. The plugin also demonstrates good practice with 8 nonce checks and 13 capability checks, indicating an effort to secure its functionalities.

However, a notable concern is the presence of 22 REST API routes, of which 15 lack proper permission callbacks. This represents a significant attack surface that could be exploited by unauthenticated or low-privileged users to trigger unintended actions. The lack of taint analysis results (0 flows analyzed) prevents a deeper understanding of potential data manipulation vulnerabilities, but the absence of unsanitized paths is a positive sign. The plugin's vulnerability history, being entirely clear of CVEs, suggests a history of security consciousness or limited exposure to discovered vulnerabilities, though this can also be due to a lack of rigorous historical auditing.

In conclusion, while the plugin demonstrates solid foundational security practices in critical areas like SQL and output handling, the large number of unprotected REST API endpoints is a significant weakness that requires immediate attention. This oversight could potentially overshadow the plugin's otherwise good security hygiene. Addressing the unprotected REST API routes should be the priority to improve its overall security.

Key Concerns

  • 15 REST API routes without permission callbacks
Vulnerabilities
None known

HoatzinMedia — Library Cleaner & Storage Optimizer Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

HoatzinMedia — Library Cleaner & Storage Optimizer Release Timeline

v1.0.0Current
Code Analysis
Analyzed Apr 16, 2026

HoatzinMedia — Library Cleaner & Storage Optimizer Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
0
79 escaped
Nonce Checks
8
Capability Checks
13
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared1 total queries

Output Escaping

100% escaped79 total outputs
Attack Surface
15 unprotected

HoatzinMedia — Library Cleaner & Storage Optimizer Attack Surface

Entry Points22
Unprotected15

REST API Routes 22

GET/wp-json/hoatzinmedia/v1/dashboardincludes/Rest/class-dashboard-controller.php:27
GET/wp-json/hoatzinmedia/v1/duplicatesincludes/Rest/class-duplicates-controller.php:25
GET/wp-json/hoatzinmedia/v1/image-formats/libraryincludes/Rest/class-image-formats-controller.php:28
GET/wp-json/hoatzinmedia/v1/image-formats/library/idsincludes/Rest/class-image-formats-controller.php:47
GET/wp-json/hoatzinmedia/v1/image-formats/convertincludes/Rest/class-image-formats-controller.php:59
GET/wp-json/hoatzinmedia/v1/image-formats/backgroundincludes/Rest/class-image-formats-controller.php:76
GET/wp-json/hoatzinmedia/v1/image-formats/background/statusincludes/Rest/class-image-formats-controller.php:92
GET/wp-json/hoatzinmedia/v1/image-formats/background/cancelincludes/Rest/class-image-formats-controller.php:108
GET/wp-json/hoatzinmedia/v1/large-filesincludes/Rest/class-large-files-controller.php:25
GET/wp-json/hoatzinmedia/v1/modulesincludes/Rest/class-modules-controller.php:33
GET/wp-json/hoatzinmedia/v1/regenerate/libraryincludes/Rest/class-regenerate-controller.php:26
GET/wp-json/hoatzinmedia/v1/regenerate/library/idsincludes/Rest/class-regenerate-controller.php:45
GET/wp-json/hoatzinmedia/v1/regenerate/sizesincludes/Rest/class-regenerate-controller.php:57
GET/wp-json/hoatzinmedia/v1/regenerateincludes/Rest/class-regenerate-controller.php:69
GET/wp-json/hoatzinmedia/v1/regenerate/backgroundincludes/Rest/class-regenerate-controller.php:84
GET/wp-json/hoatzinmedia/v1/regenerate/background/statusincludes/Rest/class-regenerate-controller.php:99
GET/wp-json/hoatzinmedia/v1/regenerate/background/cancelincludes/Rest/class-regenerate-controller.php:115
GET/wp-json/hoatzinmedia/v1/statusincludes/Rest/class-rest-controller.php:33
POST/wp-json/hoatzinmedia/v1/scanincludes/Rest/class-scan-controller.php:27
GET/wp-json/hoatzinmedia/v1/settingsincludes/Rest/class-settings-controller.php:36
GET/wp-json/hoatzinmedia/v1/unused-resultsincludes/Rest/class-unused-results-controller.php:25
POST/wp-json/hoatzinmedia/v1/delete-unusedincludes/Rest/class-unused-results-controller.php:45
WordPress Hooks 21
actionadmin_menuincludes/Admin/class-admin.php:34
actionadmin_enqueue_scriptsincludes/Admin/class-admin.php:35
actionadmin_initincludes/Admin/class-admin.php:36
actionadmin_enqueue_scriptsincludes/Admin/class-media-library-ui.php:17
actionrest_api_initincludes/Rest/class-dashboard-controller.php:15
actionrest_api_initincludes/Rest/class-duplicates-controller.php:13
actionrest_api_initincludes/Rest/class-image-formats-controller.php:15
actionhoatzinmedia_convert_job_runincludes/Rest/class-image-formats-controller.php:16
actionrest_api_initincludes/Rest/class-large-files-controller.php:13
actionrest_api_initincludes/Rest/class-modules-controller.php:16
actionrest_api_initincludes/Rest/class-regenerate-controller.php:13
actionhoatzinmedia_regenerate_job_runincludes/Rest/class-regenerate-controller.php:14
actionrest_api_initincludes/Rest/class-rest-controller.php:16
actionrest_api_initincludes/Rest/class-scan-controller.php:15
actionrest_api_initincludes/Rest/class-settings-controller.php:19
actionrest_api_initincludes/Rest/class-unused-results-controller.php:13
filtercron_schedulesincludes/Service/class-scheduler.php:29
actionhoatzinmedia_scheduled_scanincludes/Service/class-scheduler.php:30
actionadmin_initincludes/class-plugin.php:40
actioninitincludes/class-plugin.php:50
actionadd_attachmentincludes/class-plugin.php:68

Scheduled Events 2

hoatzinmedia_convert_job_run
hoatzinmedia_regenerate_job_run
Maintenance & Trust

HoatzinMedia — Library Cleaner & Storage Optimizer Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 5, 2026
PHP min version7.4
Downloads0

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

HoatzinMedia — Library Cleaner & Storage Optimizer Alternatives

Delete Duplicate Posts

Delete Duplicate Posts

delete-duplicate-posts

A
99

Get rid of duplicate posts and pages (any post type) on your blog with manual or automatic modes.

20K 2 CVEs
Freesoul Deactivate Plugins – Disable plugins on individual WordPress pages

Freesoul Deactivate Plugins – Disable plugins on individual WordPress pages

freesoul-deactivate-plugins

A
99

Load plugins only where you need them. No bloat, no conflicts, more speed. Deactivate plugins where they don't add anything useful.

9K 2 CVEs
RationalCleanup

RationalCleanup

rationalcleanup

A
100

Clean up legacy WordPress bloat, improve security, and optimize performance with toggleable, opinionated defaults.

200 No CVEs
Hungry Resource Monitor

Hungry Resource Monitor

hungry-resource-monitor

A
100

Monitor memory, CPU, and resource usage. Detect bloat from plugins, themes, and database. Weekly reports and optimization tips.

100 No CVEs
Unused Media Checker

Unused Media Checker

unused-media-checker

A
100

Identify, inspect and delete unused media files in your media library, including integrations for Advanced Ads and Photo Gallery (10Web).

100 No CVEs
Developer Profile

HoatzinMedia — Library Cleaner & Storage Optimizer Developer Profile

YH Sajib

2 plugins · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect HoatzinMedia — Library Cleaner & Storage Optimizer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/hoatzinmedia-library-cleaner/assets/css/admin.min.css/wp-content/plugins/hoatzinmedia-library-cleaner/assets/css/admin.css/wp-content/plugins/hoatzinmedia-library-cleaner/assets/js/admin.min.js/wp-content/plugins/hoatzinmedia-library-cleaner/assets/js/admin.js
Script Paths
/wp-content/plugins/hoatzinmedia-library-cleaner/assets/js/admin.min.js/wp-content/plugins/hoatzinmedia-library-cleaner/assets/js/admin.js
Version Parameters
hoatzinmedia-library-cleaner/assets/css/admin.min.css?ver=hoatzinmedia-library-cleaner/assets/css/admin.css?ver=hoatzinmedia-library-cleaner/assets/js/admin.min.js?ver=hoatzinmedia-library-cleaner/assets/js/admin.js?ver=

HTML / DOM Fingerprints

JS Globals
HOATZINMEDIA_VERSION
FAQ

Frequently Asked Questions about HoatzinMedia — Library Cleaner & Storage Optimizer