Does Luvre – WordPress Media Library Folders have any unpatched vulnerabilities?

No. All known vulnerabilities in Luvre – WordPress Media Library Folders have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Luvre – WordPress Media Library Folders compatible with WordPress 6.9.4?

According to WordPress.org data, Luvre – WordPress Media Library Folders 1.0.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Luvre – WordPress Media Library Folders compatible with PHP 7.2+?

Luvre – WordPress Media Library Folders requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Luvre – WordPress Media Library Folders updated?

Luvre – WordPress Media Library Folders was last updated on Feb 6, 2026. Frequent updates are generally a positive security signal.

What is Luvre – WordPress Media Library Folders's security score?

Luvre – WordPress Media Library Folders has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Luvre – WordPress Media Library Folders Security & Risk Analysis

wordpress.org/plugins/luvre

Luvre helps you organize your WordPress media library images, posts, pages, and custom post types into folders for better management and efficiency.

0 active installs v1.0.1 PHP 7.2+ WP 5.2+ Updated Feb 6, 2026

file-managerfolderlibrary-foldermedia-library

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Luvre – WordPress Media Library Folders Safe to Use in 2026?

Generally Safe

Score 100/100

Luvre – WordPress Media Library Folders has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The 'luvre' plugin v1.0.1 exhibits a mixed security posture. On the positive side, it demonstrates excellent practices in output escaping, ensuring that all 160 outputs are properly escaped, mitigating Cross-Site Scripting (XSS) risks. Furthermore, the plugin extensively uses prepared statements for SQL queries (89%) and includes a reasonable number of nonce and capability checks (7 and 3 respectively). Its vulnerability history is clean, with no recorded CVEs, suggesting a generally well-maintained codebase or a lack of past high-profile security issues.

However, significant concerns arise from the static analysis. The presence of one AJAX handler without any authentication checks creates a substantial attack vector. This unprotected entry point could be exploited by unauthenticated users to trigger potentially harmful actions within the plugin. Additionally, the use of the `unserialize` function, while not directly tied to an exploit in the taint analysis, is a known risk for introducing deserialization vulnerabilities if the input source is not rigorously validated. The taint analysis, though limited to two flows, did not reveal any unsanitized paths, which is a positive sign for the analyzed data.

In conclusion, while 'luvre' v1.0.1 has strengths in output sanitization and SQL query preparation, the single unprotected AJAX handler represents a critical security flaw that must be addressed. The `unserialize` function also warrants careful consideration and input validation. The lack of historical vulnerabilities is encouraging, but does not negate the immediate risks identified in the current codebase.

Key Concerns

Unprotected AJAX handler
Dangerous function: unserialize

Vulnerabilities

None known

Luvre – WordPress Media Library Folders Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Luvre – WordPress Media Library Folders Code Analysis

Dangerous Functions

Raw SQL Queries

85 prepared

Unescaped Output

160 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$options = unserialize( $options );includes\Classes\Helpers.php:177

SQL Query Safety

89% prepared96 total queries

Output Escaping

100% escaped160 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

importData (includes\Controller\SettingsController.php:101)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Luvre – WordPress Media Library Folders Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_tb_load_editorincludes\Support\PageBuilders.php:212

WordPress Hooks 64

actioninitblocks\init.php:13

actionrest_api_initblocks\init.php:14

filterblock_categories_allblocks\init.php:15

actionenqueue_block_editor_assetsblocks\init.php:16

actionadmin_menuincludes\Admin\Settings.php:22

actionin_admin_headerincludes\Admin\Settings.php:23

actionadmin_enqueue_scriptsincludes\Admin\Settings.php:24

actionpre_get_postsincludes\Classes\Core.php:46

actionrestrict_manage_postsincludes\Classes\Core.php:47

filterpost-upload-uiincludes\Classes\Core.php:48

actionadd_attachmentincludes\Classes\Core.php:49

actiondelete_attachmentincludes\Classes\Core.php:50

actioncurrent_screenincludes\Classes\Core.php:51

actionadmin_initincludes\Classes\Core.php:52

actionadmin_noticesincludes\Classes\Core.php:53

actionall_admin_noticesincludes\Classes\Core.php:54

actionadmin_enqueue_scriptsincludes\Classes\Core.php:55

actionwp_enqueue_scriptsincludes\Classes\Core.php:56

actionadmin_enqueue_scriptsincludes\Classes\Core.php:66

filterscript_loader_tagincludes\Classes\Core.php:67

actioncurrent_screenincludes\Classes\Core.php:70

actionadmin_enqueue_scriptsincludes\Classes\Core.php:75

actionadmin_footerincludes\Classes\Core.php:77

filterupload_mimesincludes\Classes\Modules\ModuleSvg.php:14

filterwp_check_filetype_and_extincludes\Classes\Modules\ModuleSvg.php:15

filterwp_handle_upload_prefilterincludes\Classes\Modules\ModuleSvg.php:16

filterluvre_folder_created_byincludes\Classes\Modules\ModuleUser.php:19

filterluvre_folder_created_byincludes\Controller\PublicApiController.php:26

filterluvre_folder_include_attachment_infoincludes\Controller\PublicApiController.php:35

filterluvre_skip_post_typeincludes\Controller\PublicApiController.php:38

filterluvre_folder_get_all_foldersincludes\Controller\PublicApiController.php:42

filterluvre_folder_set_attachment_dataincludes\Controller\PublicApiController.php:47

filterluvre_folder_set_attachment_dataincludes\Controller\PublicApiController.php:72

filterluvre_folder_include_attachment_infoincludes\Controller\PublicApiController.php:76

filterluvre_folder_generate_childrensincludes\Controller\PublicApiController.php:79

filterluvre_folder_created_byincludes\Controller\PublicApiController.php:135

filterluvre_custom_post_typeincludes\Controller\PublicApiController.php:140

filterluvre_folder_created_byincludes\Controller\PublicApiController.php:172

filterluvre_folder_include_attachment_infoincludes\Controller\PublicApiController.php:241

filterluvre_folder_created_byincludes\Model\Folder.php:596

actionrest_api_initincludes\Rest\RestApi.php:14

actioninitincludes\Support\PageBuilders.php:15

actionwp_footerincludes\Support\PageBuilders.php:124

actionpbwp_editor_enqueue_stylesincludes\Support\PageBuilders.php:137

actionwpcomposer_editor_enqueue_stylesincludes\Support\PageBuilders.php:138

actionelementor/editor/before_enqueue_scriptsincludes\Support\PageBuilders.php:143

actionfl_before_sortable_enqueueincludes\Support\PageBuilders.php:148

actionbrizy_editor_enqueue_scriptsincludes\Support\PageBuilders.php:158

actioncornerstone_before_wp_editorincludes\Support\PageBuilders.php:163

actionet_fb_enqueue_assetsincludes\Support\PageBuilders.php:168

actiontcb_main_frame_enqueueincludes\Support\PageBuilders.php:178

actionfusion_builder_enqueue_live_scriptsincludes\Support\PageBuilders.php:183

actionoxygen_enqueue_ui_scriptsincludes\Support\PageBuilders.php:188

actiontatsu_builder_footerincludes\Support\PageBuilders.php:193

actiondokan_enqueue_scriptsincludes\Support\PageBuilders.php:198

actionbricks_after_footerincludes\Support\PageBuilders.php:224

actionfusion_enqueue_live_scriptsincludes\Support\PageBuilders.php:230

actionmfn_footer_enqueueincludes\Support\PageBuilders.php:236

actionlearnpress/addons/frontend_editor/enqueue_scriptsincludes\Support\PageBuilders.php:247

actionadmin_enqueue_scriptsincludes\Support\PageBuilders.php:254

actionadmin_print_footer_scripts-yootheme_customizerincludes\Support\PageBuilders.php:260

actionzionbuilder/editor/before_scriptsincludes\Support\PageBuilders.php:266

actionznpb_editor_after_load_scriptsincludes\Support\PageBuilders.php:270

actionplugins_loadedluvre.php:64

Maintenance & Trust

Luvre – WordPress Media Library Folders Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 6, 2026

PHP min version7.2

Downloads535

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Luvre – WordPress Media Library Folders Alternatives

FileBird – WordPress Media Library Folders & File Manager

filebird

Organize thousands of WordPress media files in folders / categories with ease.

200K 10 CVEs

Real Media Library: Media Library Folder & File Manager

real-media-library-lite

Organize uploaded media in folders, collections and galleries: A file manager for WordPress. Media management made easy with Real Media Library! (Alte …

100K 4 CVEs

iFolders – Ultimate Folder Organizer for Media Library, Pages, Posts and Users

ifolders

100

Take control of your media library, posts, pages, and other content with our folder manager. Organize your WordPress data into specific categories.

300 1 CVE

Easy Folders – WordPress Media Library Folders, File Manager

easy-folders

🔥 Easily arrange WordPress media files, pages & posts into folders or categories.

40 No CVEs

MediaCommander – Bring Folders to Media, Posts, and Pages

mediacommander

Take control of your data with our folder manager - organize your WordPress media library, posts, and pages into specific categories with ease.

40 1 CVE

Developer Profile

Luvre – WordPress Media Library Folders Developer Profile

GhozyLab

10 plugins · 21K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

847 days

View full developer profile

Detection Fingerprints

How We Detect Luvre – WordPress Media Library Folders

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/luvre/css/blockCss.bundle.css/wp-content/plugins/luvre/css/blockCssRtl.bundle.css/wp-content/plugins/luvre/css/frontendCss.bundle.css/wp-content/plugins/luvre/css/frontendCssRtl.bundle.css/wp-content/plugins/luvre/js/block.bundle.js/wp-content/plugins/luvre/js/frontend.bundle.js/wp-content/plugins/luvre/vendor/owlcarousel/owl.carousel.min.css/wp-content/plugins/luvre/vendor/owlcarousel/owl.theme.default.min.css+4 more

Script Paths

/wp-content/plugins/luvre/js/block.bundle.js/wp-content/plugins/luvre/js/frontend.bundle.js/wp-content/plugins/luvre/vendor/photobox/jquery.photobox.js/wp-content/plugins/luvre/vendor/swiper/swiper-bundle.min.js/wp-content/plugins/luvre/vendor/owlcarousel/owl.carousel.min.js

Version Parameters

luvre/css/blockCss.bundle.css?ver=luvre/css/blockCssRtl.bundle.css?ver=luvre/css/frontendCss.bundle.css?ver=luvre/css/frontendCssRtl.bundle.css?ver=luvre/js/block.bundle.js?ver=luvre/js/frontend.bundle.js?ver=luvre/vendor/owlcarousel/owl.carousel.min.css?ver=luvre/vendor/owlcarousel/owl.theme.default.min.css?ver=luvre/vendor/photobox/jquery.photobox.css?ver=luvre/vendor/photobox/jquery.photobox.js?ver=luvre/vendor/swiper/swiper-bundle.min.css?ver=luvre/vendor/swiper/swiper-bundle.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

luvre-block-editor-styleluvre-block-style

Data Attributes

data-block-type

JS Globals

LUVRE_VERSION

REST Endpoints

/wp-json/luvre/

FAQ