WP-Safety

Media Cleaner: Clean your WordPress! Security & Risk Analysis

wordpress.org/plugins/media-cleaner

Clean your WordPress! Eliminate unused and broken media files. For a faster, and better website.

90K active installs v7.0.7 PHP 7.4+ WP 6.0+ Updated Apr 15, 2026
cleanfilesimageslibrarymedia
100
A · Safe
CVEs total1
Unpatched0
Last CVEApr 29, 2024
Plugin page Download
Safety Verdict

Is Media Cleaner: Clean your WordPress! Safe to Use in 2026?

Generally Safe

Score 100/100

Media Cleaner: Clean your WordPress! has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Apr 29, 2024Updated 1mo ago
Risk Assessment

The media-cleaner plugin v7.0.5 exhibits a generally good security posture due to a limited attack surface and a strong emphasis on prepared statements and output escaping. The absence of AJAX handlers, REST API routes, shortcodes, and cron events without proper authentication checks significantly reduces the potential for external exploitation. Furthermore, the plugin effectively uses nonce and capability checks for its known entry points.

However, a critical concern arises from the presence of the `unserialize` function, which is inherently risky if used with untrusted input. While taint analysis did not reveal any immediate critical or high severity flows with unsanitized paths, this function represents a potential avenue for attack if user-controlled data is ever passed to it without proper sanitization or validation. The vulnerability history, though minor, shows a past medium-severity vulnerability related to sensitive information logging, suggesting a need for continued vigilance regarding input handling and logging practices.

In conclusion, media-cleaner v7.0.5 is well-defended in terms of its attack surface and common WordPress security practices. The primary area for improvement lies in scrutinizing the usage of `unserialize` and ensuring robust input validation and sanitization around any data that might be processed by it. The historical vulnerability, though resolved, serves as a reminder to maintain rigorous security testing.

Key Concerns

  • Presence of unserialize function
  • Past medium severity vulnerability
Vulnerabilities
1 published

Media Cleaner: Clean your WordPress! Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-33922medium · 5.3Insertion of Sensitive Information into Log File

Media Cleaner: Clean your WordPress! <= 6.7.2 - Unauthenticated Information Exposure

Apr 29, 2024 Patched in 6.7.3 (9d)
Version History

Media Cleaner: Clean your WordPress! Release Timeline

v7.0.7Current
v7.0.6
v7.0.5
v7.0.4
v7.0.3
v7.0.2
v7.0.1
v7.0.0
v6.9.9
v6.9.8
v6.9.7
v6.9.6
v6.9.5
v6.9.4
v6.9.3
v6.9.2
v6.9.1
v6.9.0
v6.8.9
v6.8.8
Code Analysis
Analyzed Mar 16, 2026

Media Cleaner: Clean your WordPress! Code Analysis

Dangerous Functions
1
Raw SQL Queries
32
122 prepared
Unescaped Output
9
37 escaped
Nonce Checks
1
Capability Checks
10
File Operations
14
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$decoded = @unserialize( $meta );classes\parsers\common.php:165

SQL Query Safety

79% prepared154 total queries

Output Escaping

80% escaped46 total outputs
Attack Surface

Media Cleaner: Clean your WordPress! Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 38
actionadmin_menuclasses\admin.php:10
actionadmin_enqueue_scriptsclasses\admin.php:17
actionplugins_loadedclasses\core.php:43
actioninitclasses\core.php:44
actiondelete_attachmentclasses\core.php:45
actiontrashed_postclasses\core.php:46
actionwpmc_initialize_parsersclasses\core.php:107
filterwp_unique_filenameclasses\core.php:108
actionadmin_noticesclasses\init.php:7
actionwpmc_scan_postmetaclasses\parsers\attachments.php:7
actionwpmc_scan_onceclasses\parsers\common.php:10
actionwpmc_scan_widgetclasses\parsers\common.php:13
actionwpmc_scan_postmetaclasses\parsers\common.php:16
actionwpmc_scan_postclasses\parsers\common.php:19
actionwpmc_scan_widgetsclasses\parsers\maxmegamenu.php:7
actionwpmc_scan_postclasses\parsers\meow_gallery.php:3
actionwpmc_scan_widgetsclasses\parsers\metaslider.php:3
actionwpmc_scan_widgetsclasses\parsers\my-calendar.php:7
actionwpmc_scan_onceclasses\parsers\woocommerce.php:3
actionwpmc_scan_postmetaclasses\parsers\woocommerce.php:4
actionwpmc_scan_postmetaclasses\parsers\wpseo.php:3
actionrest_api_initclasses\rest.php:14
actionadmin_menuclasses\ui.php:38
actionadd_meta_boxesclasses\ui.php:39
filtermedia_row_actionsclasses\ui.php:40
actionadmin_noticescommon\admin.php:72
filterplugin_row_metacommon\admin.php:77
filteredd_sl_api_request_verify_sslcommon\admin.php:78
actioninitcommon\admin.php:96
actionadmin_menucommon\admin.php:153
filteradmin_footer_textcommon\admin.php:158
actionadmin_footercommon\admin.php:218
actionadmin_headcommon\admin.php:456
actionadmin_noticescommon\news.php:43
filtersafe_style_csscommon\news.php:44
actionadmin_noticescommon\ratings.php:33
filtersafe_style_csscommon\ratings.php:34
actionrest_api_initcommon\rest.php:14
Maintenance & Trust

Media Cleaner: Clean your WordPress! Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 15, 2026
PHP min version7.4
Downloads4.5M

Community Trust

Rating92/100
Number of ratings749
Active installs90K
Alternatives

Media Cleaner: Clean your WordPress! Alternatives

Media Sweep – WordPress Media Cleaner

Media Sweep – WordPress Media Cleaner

media-sweep

A
100

Clean up your WordPress Media Library by finding and removing unused files. Safely scan, preview, and sweep away orphaned media to keep your site fast &hellip;

500 No CVEs
Cleanup Orphan Images

Cleanup Orphan Images

cleanup-orphan-images

A
100

Finds and deletes orphan media files from the uploads directory that are not registered in WordPress.

50 No CVEs
PixRem – Unused Image Cleaner

PixRem – Unused Image Cleaner

pixrem

A
100

Find and delete unused images in your Media Library. Backup, restore, whitelist, and scan support for all major page builders.

20 No CVEs
MA Smart Image Cleaner

MA Smart Image Cleaner

ma-smart-image-cleaner

A
100

Safely find and clean unused images in your WordPress Media Library without breaking your website.

10 No CVEs
Media Cleaner for WP

Media Cleaner for WP

media-cleaner-for-wp

A
92

Media Cleaner for WordPress is an essential tool designed to streamline your WordPress media library. It efficiently removes unused media files.

10 No CVEs
Developer Profile

Media Cleaner: Clean your WordPress! Developer Profile

Jordy Meow

27 plugins · 361K total installs

73
trust score
Avg Security Score
92/100
Avg Patch Time
357 days
View full developer profile
Detection Fingerprints

How We Detect Media Cleaner: Clean your WordPress!

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/media-cleaner/app/index.js/wp-content/plugins/media-cleaner/app/vendor.js
Script Paths
wp-content/plugins/media-cleaner/app/vendor.jswp-content/plugins/media-cleaner/app/index.js
Version Parameters
media-cleaner/app/index.js?ver=media-cleaner/app/vendor.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpmc-admin-settings
Data Attributes
data-prefix="wpmc"data-domain="media-cleaner"data-api-urldata-is-prodata-rest-nonce
JS Globals
wpmc_media_cleaner
REST Endpoints
/wp-json/media-cleaner/v1/update_options/wp-json/media-cleaner/v1/reset_options/wp-json/media-cleaner/v1/all_settings/wp-json/media-cleaner/v1/count/wp-json/media-cleaner/v1/all_ids/wp-json/media-cleaner/v1/stats/wp-json/media-cleaner/v1/entries/wp-json/media-cleaner/v1/set_ignore/wp-json/media-cleaner/v1/delete/wp-json/media-cleaner/v1/force_trash_all/wp-json/media-cleaner/v1/recover/wp-json/media-cleaner/v1/reset_db/wp-json/media-cleaner/v1/repair/wp-json/media-cleaner/v1/reset_issues/wp-json/media-cleaner/v1/reset_issues_and_references
Shortcode Output
<div id="wpmc-admin-settings"></div>
FAQ

Frequently Asked Questions about Media Cleaner: Clean your WordPress!