WP-Safety

Media Author Security & Risk Analysis

wordpress.org/plugins/media-author

Allows you to change the author of a piece of media

100 active installs v1.0.4 PHP + WP 2.8.6+ Updated Jan 19, 2013
attachmentauthormediapost
63
C · Use Caution
CVEs total1
Unpatched1
Last CVESep 5, 2025
Plugin page Download
Safety Verdict

Is Media Author Safe to Use in 2026?

Use With Caution

Score 63/100

Media Author has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Sep 5, 2025Updated 13yr ago
Risk Assessment

The static analysis of the 'media-author' plugin v1.0.4 reveals a generally strong security posture, with no identified dangerous functions, all SQL queries using prepared statements, and all output being properly escaped. The absence of an attack surface and taint analysis findings further suggests that the core code implementation is robust against common code-level vulnerabilities. However, the plugin has a history of known vulnerabilities, with one currently unpatched medium-severity CVE related to Missing Authorization. This indicates a recurring pattern where authorization checks might be insufficient or absent in certain scenarios, which could be exploited by authenticated users.

Key Concerns

  • Currently unpatched medium severity CVE
  • Potential for missing authorization in historical vulns
Vulnerabilities
1 published

Media Author Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-58841medium · 4.3Missing Authorization

Media Author <= 1.0.4 - Missing Authorization

Sep 5, 2025Unpatched
Version History

Media Author Release Timeline

v1.0.4Current1 CVE
CVE-2025-58841
v1.0.31 CVE
CVE-2025-58841
v1.0.21 CVE
CVE-2025-58841
v1.0.11 CVE
CVE-2025-58841
v1.01 CVE
CVE-2025-58841
Code Analysis
Analyzed Mar 16, 2026

Media Author Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0
Attack Surface

Media Author Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 2
filterattachment_fields_to_savemedia_author.php:93
filterattachment_fields_to_editmedia_author.php:94
Maintenance & Trust

Media Author Maintenance & Trust

Maintenance Signals

WordPress version tested3.4.2
Last updatedJan 19, 2013
PHP min version
Downloads5K

Community Trust

Rating100/100
Number of ratings2
Active installs100
Alternatives

Media Author Alternatives

DX Delete Attached Media

DX Delete Attached Media

dx-delete-attached-media

B
84

Automatically deletes attached media from posts and custom post types added via the Media button.

4K 2 CVEs
Autoremove Attachments

Autoremove Attachments

autoremove-attachments

A
85

Remove child attachments when parent post, page or custom post type is deleted.

3K No CVEs
Bulk Change Media Author

Bulk Change Media Author

bulk-change-media-author

A
85

Bulk change author for multiple media files, using the default WP Media Library.

2K No CVEs
LH Add Media From Url

LH Add Media From Url

lh-add-media-from-url

A
91

Upload files from an url to wordpress media library, either enter file urls in an onsite input box or click a bookmarklet.

2K 2 CVEs
Fix Media Library

Fix Media Library

wow-media-library-fix

C
63

Fix Media Library inconsistency between database and wp-content/uploads folder contents. Unused image files, broken media library entries, missing att &hellip;

2K 1 unpatched
Developer Profile

Media Author Developer Profile

John Luetke

3 plugins · 120 total installs

79
trust score
Avg Security Score
78/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Media Author

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Media Author