WP-Safety

Media Downloader Security & Risk Analysis

wordpress.org/plugins/media-downloader

Lists MP3 files from a folder.

100 active installs v0.4.7.8 PHP + WP 5.0+ Updated Dec 3, 2025
audiomediamp3playerpodcast
98
A · Safe
CVEs total3
Unpatched0
Last CVEJan 27, 2025
Plugin page Download
Safety Verdict

Is Media Downloader Safe to Use in 2026?

Generally Safe

Score 98/100

Media Downloader has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Jan 27, 2025Updated 4mo ago
Risk Assessment

The "media-downloader" plugin version 0.4.7.8 exhibits a mixed security posture. While it boasts a limited attack surface and a high percentage of SQL queries using prepared statements, significant concerns arise from its code analysis. The presence of the `unserialize` function, coupled with a high number of file operations, indicates a potential for unserialization vulnerabilities if not handled with extreme caution. Furthermore, the taint analysis reveals flows with unsanitized paths, including one of high severity, suggesting that user-supplied data might be used in file operations or other sensitive contexts without adequate sanitization. The vulnerability history shows a past pattern of cross-site scripting (XSS) vulnerabilities, even though there are no currently unpatched CVEs. This suggests that while past issues have been addressed, the underlying coding practices may still be susceptible to similar flaws. The complete lack of nonce checks and capability checks across all identified entry points is a major weakness, leaving the plugin vulnerable to various forms of exploitation if an attacker can trigger these functions.

Key Concerns

  • High severity unsanitized taint flow
  • Dangerous function unserialize used
  • Missing nonce checks on entry points
  • Missing capability checks on entry points
  • Moderate unescaped output percentage
  • Past XSS vulnerabilities
Vulnerabilities
3

Media Downloader Security Vulnerabilities

CVEs by Year

1 CVE in 2014
2014
1 CVE in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2025-24684medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Media Downloader <= 0.4.7.5 - Reflected Cross-Site Scripting

Jan 27, 2025 Patched in 0.4.7.6 (30d)
CVE-2024-54322medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Media Downloader <= 0.4.7.4 - Reflected Cross-Site Scripting

Dec 11, 2024 Patched in 0.4.7.5 (9d)
CVE-2014-125090medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Media Downloader <= 0.1.992 - Reflected Cross-Site Scripting

Jan 23, 2014 Patched in 0.1.993 (3668d)
Code Analysis
Analyzed Mar 16, 2026

Media Downloader Code Analysis

Dangerous Functions
6
Raw SQL Queries
2
14 prepared
Unescaped Output
99
143 escaped
Nonce Checks
0
Capability Checks
0
File Operations
378
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserializereturn unserialize($result);getid3\extension.cache.dbm.php:238
unserializereturn unserialize(base64_decode($result));getid3\extension.cache.mysql.php:188
unserializereturn unserialize(base64_decode($result));getid3\extension.cache.mysqli.php:219
unserializereturn unserialize(base64_decode($result));getid3\extension.cache.sqlite3.php:202
unserialize$rows[] = unserialize(base64_decode($row));getid3\extension.cache.sqlite3.php:249
unserialize$return = unserialize( file_get_contents( $cachefile ) );media-downloader.php:969

SQL Query Safety

88% prepared16 total queries

Output Escaping

59% escaped242 total outputs
Data Flows
6 unsanitized

Data Flow Analysis

6 flows6 with unsanitized paths
<mediadownloader-css> (css\mediadownloader-css.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Media Downloader Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[mediadownloader] media-downloader.php:66
WordPress Hooks 18
actioninitblocks\mediadownloader.php:52
actionadmin_noticesmedia-downloader.php:14
actionadmin_initmedia-downloader.php:50
actionrest_api_initmedia-downloader.php:68
filterplugin_action_linksmedia-downloader.php:79
actioninitmedia-downloader.php:224
filterthe_contentmedia-downloader.php:1092
actionatom_entrymedia-downloader.php:1095
actionrss2_itemmedia-downloader.php:1097
filterwp_feed_cache_transient_lifetimemedia-downloader.php:1099
actionget_headermedia-downloader.php:1143
filterset-screen-optionmedia-downloader.php:1162
actioninitmedia-downloader.php:1164
actionadmin_initmedia-downloader.php:1166
actionadmin_menumedia-downloader.php:1190
actionadmin_initmedia-downloader.php:1233
filtermd_self_linkmedia-downloader.php:1260
filterfeed_linkmedia-downloader.php:1261
Maintenance & Trust

Media Downloader Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 3, 2025
PHP min version
Downloads22K

Community Trust

Rating86/100
Number of ratings4
Active installs100
Alternatives

Media Downloader Alternatives

Podcast Searcher by Clarify

Podcast Searcher by Clarify

podcast-searcher-by-clarify

A
85

The Clarify plugin allows you to make any audio or video embedded in your posts, pages, etc searchable via the standard WordPress search box.

10 No CVEs
MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar

MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar

mp3-music-player-by-sonaar

A
92

The most advanced Audio Player for Music & Podcast. For Elementor, Gutenberg, WooCommerce and more. Add unlimited players to any pages!

20K 13 CVEs
AudioIgniter Music Player

AudioIgniter Music Player

audioigniter

A
100

AudioIgniter lets you create music playlists and embed them in your WordPress posts, pages or custom post types and serve your audio content in style!

10K No CVEs
HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player

HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player

html5-audio-player

A
92

Maximize your WordPress site's potential with our versatile HTML5 Audio Player plugin. Seamlessly play .mp3, .wav, .ogg, and more audio files.

10K 6 CVEs
Music Player for Elementor – Audio Player & Podcast Player

Music Player for Elementor – Audio Player & Podcast Player

music-player-for-elementor

A
98

Audio Player for Elementor – the go-to plugin for adding MP3s, podcasts & playlists. Fully customizable, WooCommerce-ready, and mobile-friendly.

10K 2 CVEs
Developer Profile

Media Downloader Developer Profile

Ederson Peka

6 plugins · 540 total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
742 days
View full developer profile
Detection Fingerprints

How We Detect Media Downloader

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/media-downloader/css/style.css/wp-content/plugins/media-downloader/css/jquery-ui.css
Script Paths
/wp-content/plugins/media-downloader/js/jquery.min.js/wp-content/plugins/media-downloader/js/jquery-ui.min.js/wp-content/plugins/media-downloader/js/mediadownloader.js
Version Parameters
media-downloader/css/style.css?ver=media-downloader/css/jquery-ui.css?ver=media-downloader/js/jquery.min.js?ver=media-downloader/js/jquery-ui.min.js?ver=media-downloader/js/mediadownloader.js?ver=

HTML / DOM Fingerprints

CSS Classes
md-containermd-tablemd-header-rowmd-file-linkmd-download-link
HTML Comments
<!-- media-downloader shortcode --><!-- Media Downloader
Data Attributes
data-folder
JS Globals
md_mdmd_downloadmd_link
REST Endpoints
/wp-json/wp/v2/posts?mediadownloader/wp-json/wp/v2/pages?mediadownloader
Shortcode Output
[mediadownloader folder="
FAQ

Frequently Asked Questions about Media Downloader