WP-Safety

iFolders – Ultimate Folder Organizer for Media Library, Pages, Posts and Users Security & Risk Analysis

wordpress.org/plugins/ifolders

Take control of your media library, posts, pages, and other content with our folder manager. Organize your WordPress data into specific categories.

300 active installs v2.9.1 PHP 7.4+ WP 4.6+ Updated Dec 13, 2025
file-managermedia-foldermedia-librarymedia-library-categoriesmedia-library-folders
100
A · Safe
CVEs total1
Unpatched0
Last CVESep 5, 2023
Plugin page Download
Safety Verdict

Is iFolders – Ultimate Folder Organizer for Media Library, Pages, Posts and Users Safe to Use in 2026?

Generally Safe

Score 100/100

iFolders – Ultimate Folder Organizer for Media Library, Pages, Posts and Users has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Sep 5, 2023Updated 3mo ago
Risk Assessment

The static analysis of ifolders v2.9.1 reveals a generally strong security posture with excellent adherence to best practices. The plugin demonstrates a high percentage of SQL queries utilizing prepared statements and properly escaped output, which are critical for preventing common web vulnerabilities. The absence of known dangerous functions, external HTTP requests, and taint flows with unsanitized paths further contributes to its robust security. The low number of file operations and the presence of capability checks are also positive indicators.

However, a key area of concern is the complete lack of nonce checks across the entire attack surface. While there are no unprotected AJAX handlers or REST API routes, the absence of nonces on any potential entry points is a significant oversight that could leave the plugin vulnerable to Cross-Site Request Forgery (CSRF) attacks if any actions can be triggered without proper user intent verification. The vulnerability history, which includes a past medium-severity Cross-Site Scripting (XSS) vulnerability, reinforces the importance of robust input validation and output escaping, although the current version shows good performance in output escaping.

In conclusion, ifolders v2.9.1 exhibits strong development practices regarding SQL security and output sanitization. The absence of critical or high-severity issues in the code analysis and the lack of unpatched CVEs are commendable. The primary weakness lies in the complete omission of nonce checks, which represents a potential CSRF risk. Addressing this single point would significantly enhance the plugin's overall security. The past XSS vulnerability, while patched, serves as a reminder to maintain vigilance.

Key Concerns

  • Missing nonce checks on entry points
Vulnerabilities
1

iFolders – Ultimate Folder Organizer for Media Library, Pages, Posts and Users Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2023-41949medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

iFolders <= 1.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

Sep 5, 2023 Patched in 1.5.1 (140d)
Code Analysis
Analyzed Mar 16, 2026

iFolders – Ultimate Folder Organizer for Media Library, Pages, Posts and Users Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
126 prepared
Unescaped Output
1
73 escaped
Nonce Checks
0
Capability Checks
12
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

98% prepared129 total queries

Output Escaping

99% escaped74 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
addAttachment (includes\System\Folders.php:229)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

iFolders – Ultimate Folder Organizer for Media Library, Pages, Posts and Users Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 28
actionadmin_initifolders.php:21
actioninitincludes\Blocks\GalleryBlock.php:10
actionadmin_noticesincludes\Fallbacks\plugin-exist.php:5
actionplugins_loadedincludes\Plugin.php:8
actionrest_api_initincludes\Rest\Routes.php:8
actioninitincludes\System\Feedback.php:10
actionadmin_footerincludes\System\Feedback.php:15
actioninitincludes\System\Folders.php:14
filtermedia_library_infinite_scrollingincludes\System\Folders.php:20
actionedit_attachmentincludes\System\Folders.php:24
filterattachment_fields_to_editincludes\System\Folders.php:25
filterwp_prepare_attachment_for_jsincludes\System\Folders.php:29
actionadmin_enqueue_scriptsincludes\System\Folders.php:32
actionfusion_enqueue_live_scriptsincludes\System\Folders.php:34
actionelementor/editor/before_enqueue_scriptsincludes\System\Folders.php:36
actionbrizy_editor_enqueue_scriptsincludes\System\Folders.php:38
actionwp_enqueue_scriptsincludes\System\Folders.php:40
actiondelete_postincludes\System\Folders.php:43
actionadd_attachmentincludes\System\Folders.php:44
filterposts_clausesincludes\System\Folders.php:45
filterpre_user_queryincludes\System\Folders.php:46
actionadmin_headincludes\System\Folders.php:70
actioninitincludes\System\Notice.php:8
actionadmin_noticesincludes\System\Notice.php:12
actionadmin_enqueue_scriptsincludes\System\Notice.php:13
actioninitincludes\System\Settings.php:13
actionadmin_menuincludes\System\Settings.php:17
actionin_admin_headerincludes\System\Settings.php:18
Maintenance & Trust

iFolders – Ultimate Folder Organizer for Media Library, Pages, Posts and Users Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 13, 2025
PHP min version7.4
Downloads18K

Community Trust

Rating92/100
Number of ratings11
Active installs300
Alternatives

iFolders – Ultimate Folder Organizer for Media Library, Pages, Posts and Users Alternatives

MediaCommander – Bring Folders to Media, Posts, and Pages

MediaCommander – Bring Folders to Media, Posts, and Pages

mediacommander

A
99

Take control of your data with our folder manager - organize your WordPress media library, posts, and pages into specific categories with ease.

40 1 CVE
FileBird – WordPress Media Library Folders & File Manager

FileBird – WordPress Media Library Folders & File Manager

filebird

A
89

Organize thousands of WordPress media files in folders / categories with ease.

200K 10 CVEs
Real Media Library: Media Library Folder & File Manager

Real Media Library: Media Library Folder & File Manager

real-media-library-lite

A
97

Organize uploaded media in folders, collections and galleries: A file manager for WordPress. Media management made easy with Real Media Library! (Alte &hellip;

100K 4 CVEs
Categorify – WordPress Media Library Category & File Manager

Categorify – WordPress Media Library Category & File Manager

categorify

C
59

Organize your WordPress media files in categories via drag and drop.

1K 1 unpatched
Easy Folders – WordPress Media Library Folders, File Manager

Easy Folders – WordPress Media Library Folders, File Manager

easy-folders

A
85

🔥 Easily arrange WordPress media files, pages & posts into folders or categories.

40 No CVEs
Developer Profile

iFolders – Ultimate Folder Organizer for Media Library, Pages, Posts and Users Developer Profile

Avirtum

6 plugins · 11K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
324 days
View full developer profile
Detection Fingerprints

How We Detect iFolders – Ultimate Folder Organizer for Media Library, Pages, Posts and Users

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ifolders/assets/css/feedback.css/wp-content/plugins/ifolders/assets/js/feedback.js/wp-content/plugins/ifolders/assets/vendor/cookie/cookie.js/wp-content/plugins/ifolders/assets/vendor/url/url.js/wp-content/plugins/ifolders/assets/vendor/overlayscrollbars/overlayscrollbars.css/wp-content/plugins/ifolders/assets/vendor/overlayscrollbars/overlayscrollbars.js/wp-content/plugins/ifolders/assets/css/colorpicker.css/wp-content/plugins/ifolders/assets/js/colorpicker.js+12 more
Script Paths
/wp-content/plugins/ifolders/assets/js/feedback.js/wp-content/plugins/ifolders/assets/vendor/cookie/cookie.js/wp-content/plugins/ifolders/assets/vendor/url/url.js/wp-content/plugins/ifolders/assets/vendor/overlayscrollbars/overlayscrollbars.js/wp-content/plugins/ifolders/assets/js/colorpicker.js/wp-content/plugins/ifolders/assets/js/notify.js+8 more
Version Parameters
ifolders-feedback?ver=ifolders-cookie?ver=ifolders-url?ver=ifolders-overlayscrollbars?ver=ifolders-colorpicker?ver=ifolders-notify?ver=ifolders-tree?ver=ifolders-folders?ver=ifolders-folders.min?ver=ifolders-pages?ver=ifolders-users?ver=ifolders-attachment?ver=ifolders-attachment.min?ver=ifolders/folders/plugin.min?ver=

HTML / DOM Fingerprints

CSS Classes
ifolders-feedback-widget
HTML Comments
<!-- iFolders Replace Media --><!-- iFolders Replace Media -->
Data Attributes
data-attachment-id
JS Globals
ifolders_feedback_globalsIFOLDERS
REST Endpoints
/wp-json/ifolders/v1/wp-json/ifolders/public/v1
Shortcode Output
[ifolders]
FAQ

Frequently Asked Questions about iFolders – Ultimate Folder Organizer for Media Library, Pages, Posts and Users