WP-Safety

Media Library File Download Security & Risk Analysis

wordpress.org/plugins/media-download

A lightweight plugin that adds one-click download and export functionality to your Media Library.

1K active installs v1.4 PHP 7.4+ WP 4.7+ Updated Mar 29, 2023
download-imagedownload-media-libraryeasy-file-downloadexport-media-librarymedia-library
63
C · Use Caution
CVEs total1
Unpatched1
Last CVEOct 27, 2025
Download
Safety Verdict

Is Media Library File Download Safe to Use in 2026?

Use With Caution

Score 63/100

Media Library File Download has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Oct 27, 2025Updated 3yr ago
Risk Assessment

The media-download plugin v1.4 exhibits a generally good security posture based on static analysis, with no identified critical or high-severity vulnerabilities in code signals or taint analysis. The plugin demonstrates strong practices by utilizing prepared statements for all SQL queries, a high percentage of properly escaped output, and implementing capability checks for most operations. The limited attack surface of zero AJAX handlers, REST API routes, shortcodes, and cron events further contributes to a reduced risk profile. However, the presence of one unpatched medium-severity CVE, identified as Cross-Site Request Forgery (CSRF), introduces a significant concern. The historical vulnerability pattern indicates a recurring issue with CSRF, suggesting potential weaknesses in how user actions are validated and secured against unauthorized execution, even if the current analysis doesn't reveal specific exploitable flaws in this version's code.

Key Concerns

  • Unpatched Medium CVE (CSRF)
  • Bundled Freemius v1.0 library
Vulnerabilities
1

Media Library File Download Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-62103medium · 4.3Cross-Site Request Forgery (CSRF)

Media Library File Download <= 1.4 - Cross-Site Request Forgery

Oct 27, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

Media Library File Download Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
10 escaped
Nonce Checks
1
Capability Checks
8
File Operations
4
External Requests
0
Bundled Libraries
1

Bundled Libraries

Freemius1.0

Output Escaping

91% escaped11 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
handle_download_request (class-media-download.php:358)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Media Library File Download Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 8
actionadmin_initclass-media-download.php:9
actionadmin_bar_menuclass-media-download.php:10
actionprint_media_templatesclass-media-download.php:35
actionadmin_action_mlfd_single_download_actionclass-media-download.php:36
actionattachment_submitbox_misc_actionsclass-media-download.php:37
actionadmin_noticesclass-media-download.php:38
actionadmin_enqueue_scriptsclass-media-download.php:77
actionadmin_head-upload.phpclass-media-download.php:150
Maintenance & Trust

Media Library File Download Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9
Last updatedMar 29, 2023
PHP min version7.4
Downloads21K

Community Trust

Rating86/100
Number of ratings7
Active installs1K
Alternatives

Media Library File Download Alternatives

Export Media Library

Export Media Library

export-media-library

A
85

Allows users to export media library files as a compressed zip archive. Links Website Support

40K No CVEs
Media Library Organizer – WordPress Media Library Folders & File Manager

Media Library Organizer – WordPress Media Library Folders & File Manager

media-library-organizer

A
100

Create unlimited Media Library folders and subfolders to organize your files. Export Media Library folders, set default attributes & more.

10K No CVEs
Download Media Library

Download Media Library

download-media-library

C
60

Download the files from the Media Library in ZIP format.

1K 1 unpatched
FileBird – WordPress Media Library Folders & File Manager

FileBird – WordPress Media Library Folders & File Manager

filebird

A
89

Organize thousands of WordPress media files in folders / categories with ease.

200K 10 CVEs
Instant Images – One-click Image Uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy

Instant Images – One-click Image Uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy

instant-images

A
98

One-click uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy directly to your WordPress media library.

200K 3 CVEs
Developer Profile

Media Library File Download Developer Profile

wpmediadownload

1 plugin · 1K total installs

68
trust score
Avg Security Score
63/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Media Library File Download

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/media-download/media-download.css/wp-content/plugins/media-download/media-download.js
Script Paths
/wp-content/plugins/media-download/media-download.js
Version Parameters
media-download/media-download.css?ver=media-download/media-download.js?ver=

HTML / DOM Fingerprints

CSS Classes
notice-mldf
Data Attributes
data-action="mlfd-bulk-download"data-filename=""
JS Globals
AAGK
FAQ

Frequently Asked Questions about Media Library File Download