WP-Safety

Media Cleaner and Database Optimizer by ITPath Security & Risk Analysis

wordpress.org/plugins/itpathsolutions-media-cleaner-and-database-optimizer

The most powerful tool for clearing unused media from your website and optimizing your database to boost site performance

10 active installs v1.0.5 PHP 7.4+ WP 6.2+ Updated Jan 8, 2026
cleanupdatabasedatabase-optimizermediamedia-cleaner
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Media Cleaner and Database Optimizer by ITPath Safe to Use in 2026?

Generally Safe

Score 100/100

Media Cleaner and Database Optimizer by ITPath has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The "itpathsolutions-media-cleaner-and-database-optimizer" v1.0.5 plugin exhibits a concerning security posture primarily due to its unprotected entry points. While the code shows good practices in utilizing prepared statements for SQL queries and proper output escaping, the absence of authorization checks on all identified AJAX handlers and REST API routes presents a significant risk. This means that any unauthenticated user could potentially interact with these functionalities, leading to unauthorized actions or data exposure if the operations themselves are sensitive.

The static analysis reveals no critical or high-severity taint flows, and there is no known vulnerability history (CVEs), which are positive indicators. The plugin also demonstrates a good approach to handling SQL queries and output, mitigating common web application vulnerabilities. However, the large number of unprotected entry points (6 out of 6 total) heavily outweighs these strengths, creating a substantial attack surface that requires immediate attention. The presence of nonce checks on these handlers is a mitigating factor, but it does not substitute for proper capability checks.

Key Concerns

  • Unprotected AJAX handlers
  • Unprotected REST API routes
  • Large attack surface without auth
Vulnerabilities
None known

Media Cleaner and Database Optimizer by ITPath Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Media Cleaner and Database Optimizer by ITPath Release Timeline

v1.0.5Current
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0.0
Code Analysis
Analyzed Mar 16, 2026

Media Cleaner and Database Optimizer by ITPath Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
21 prepared
Unescaped Output
3
92 escaped
Nonce Checks
5
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

DataTables

SQL Query Safety

95% prepared22 total queries

Output Escaping

97% escaped95 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
aiowc_revision_cleaner (admin\class-aiowc-admin.php:605)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

Media Cleaner and Database Optimizer by ITPath Attack Surface

Entry Points6
Unprotected6

AJAX Handlers 5

authwp_ajax_aiowc_revision_cleanerincludes\class-aiowc.php:165
authwp_ajax_aiowc_delete_selected_pluginincludes\class-aiowc.php:166
authwp_ajax_aiowc_delete_selected_themeincludes\class-aiowc.php:167
authwp_ajax_single_attachment_deleteincludes\class-aiowc.php:168
authwp_ajax_multiple_attachment_deleteincludes\class-aiowc.php:169

REST API Routes 1

GET/wp-json/wp-site-health/v1/directory-sizesaiowc.php:89
WordPress Hooks 8
actionrest_api_initaiowc.php:88
actionplugins_loadedincludes\class-aiowc.php:146
actionadmin_enqueue_scriptsincludes\class-aiowc.php:161
actionadmin_enqueue_scriptsincludes\class-aiowc.php:162
actionadmin_menuincludes\class-aiowc.php:164
filterplugin_action_linksincludes\class-aiowc.php:170
actionwp_enqueue_scriptsincludes\class-aiowc.php:184
actionwp_enqueue_scriptsincludes\class-aiowc.php:185
Maintenance & Trust

Media Cleaner and Database Optimizer by ITPath Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 8, 2026
PHP min version7.4
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Media Cleaner and Database Optimizer by ITPath Alternatives

Unattached Media Manager

Unattached Media Manager

unattached-media-manager

A
100

Fix the WordPress Unattached media filter. Automatically attach used media files to their posts so you can safely clean up your library.

30 No CVEs
Oli Media Cleaner

Oli Media Cleaner

oli-media-cleaner

A
100

Scan and remove unused media files from your WordPress site to free up disk space.

10 No CVEs
Media Gallery Cleaner

Media Gallery Cleaner

media-gallery-cleaner

A
100

Scans your website and identifies unused media files for cleanup.

0 No CVEs
Optimize Database after Deleting Revisions

Optimize Database after Deleting Revisions

rvg-optimize-database

A
99

One-click database optimization with precise revision cleanup and flexible scheduling. Speeding up sites since 2011!

60K 3 CVEs
Search & Replace Everything by WPCode – Find and Replace Media, Text, Links, and More

Search & Replace Everything by WPCode – Find and Replace Media, Text, Links, and More

search-replace-wpcode

A
100

Search and Replace everything in WordPress. Easily find and replace media, images, text, links and more with a single click using a simple user interf …

20K No CVEs
Developer Profile

Media Cleaner and Database Optimizer by ITPath Developer Profile

IT Path Solutions

13 plugins · 11K total installs

80
trust score
Avg Security Score
89/100
Avg Patch Time
77 days
View full developer profile
Detection Fingerprints

How We Detect Media Cleaner and Database Optimizer by ITPath

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/itpathsolutions-media-cleaner-and-database-optimizer/admin/css/itpathsolutions-media-cleaner-and-database-optimizer-admin.css/wp-content/plugins/itpathsolutions-media-cleaner-and-database-optimizer/admin/js/itpathsolutions-media-cleaner-and-database-optimizer-admin.js/wp-content/plugins/itpathsolutions-media-cleaner-and-database-optimizer/public/css/itpathsolutions-media-cleaner-and-database-optimizer-public.css/wp-content/plugins/itpathsolutions-media-cleaner-and-database-optimizer/public/js/itpathsolutions-media-cleaner-and-database-optimizer-public.js
Version Parameters
itpathsolutions-media-cleaner-and-database-optimizer/admin/css/itpathsolutions-media-cleaner-and-database-optimizer-admin.css?ver=itpathsolutions-media-cleaner-and-database-optimizer/admin/js/itpathsolutions-media-cleaner-and-database-optimizer-admin.js?ver=itpathsolutions-media-cleaner-and-database-optimizer/public/css/itpathsolutions-media-cleaner-and-database-optimizer-public.css?ver=itpathsolutions-media-cleaner-and-database-optimizer/public/js/itpathsolutions-media-cleaner-and-database-optimizer-public.js?ver=

HTML / DOM Fingerprints

CSS Classes
aiowc-directory-sizes-wrapaiowc-directory-size-itemaiowc-raw-sizeaiowc-formatted-size
HTML Comments
<!-- wp-site-health/v1/directory-sizes --><!-- Media Cleaner and Database Optimizer by ITPath -->
JS Globals
aiowc_directory_sizes
REST Endpoints
/wp-json/wp-site-health/v1/directory-sizes
FAQ

Frequently Asked Questions about Media Cleaner and Database Optimizer by ITPath