[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fXQGls3fBgV0fLZZYTFPmOd5Faknem4NibzgBja7czz8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":75,"crawl_stats":38,"alternatives":82,"analysis":183,"fingerprints":694},"media-hygiene","Media Hygiene: Remove or Delete Unused Images and More!","4.0.1","slui","https:\u002F\u002Fprofiles.wordpress.org\u002Fslui\u002F","\u003Cp>The Media Hygiene plugin removes unused media from the WordPress library to free up space, reduce clutter, and improve server performance. With features like bulk delete and deep folder scanning, it’s a must-have for finding and deleting unused images and media.\u003C\u002Fp>\n\u003Ch3>Introducing Media Hygiene\u003C\u002Fh3>\n\u003Cp>Introducing the Media Hygiene plugin – the ideal solution for optimizing your WordPress media library! With this powerful plugin, you can quickly and easily remove all unused images, reducing clutter, and freeing up valuable server space. This plugin is a must-have for anyone looking to delete unused images in WordPress or remove unused images from the media library.\u003C\u002Fp>\n\u003Cp>Media Hygiene is fully compatible with major WordPress builders, including plugins like WooCommerce, custom fields and posts plugin, sliders, SEO, and more – making it versatile and convenient for all types of WordPress users. Unique features like “One shot delete” and “One-shot download” allow you to bulk delete media and download all images from the WordPress media library make it easy to keep your media library organized and up-to-date.\u003C\u002Fp>\n\u003Cp>Making offsite backups? Reduce the time and cost of disk space with a smaller backup file size.\u003C\u002Fp>\n\u003Cp>Say goodbye to a cluttered and disorganized WordPress media library, and hello to a cleaner, more efficient WordPress site! Whether you’re an agency, blogger, photographer, or business owner, Media Hygiene is the perfect tool for keeping your media library in tip-top shape.\u003C\u002Fp>\n\u003Cp>Get it now and keep your WordPress site super clean!\u003C\u002Fp>\n\u003Ch3>Some use cases for website owners\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>Unable to keep track of unused media files in the media library.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Uploading the same images in different sizes to figure out optimal size and forgetting which one was actually used.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Switching out an image in a post with another and can’t find it media library file.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Updating the logo with a new version and don’t want the old one to be indexed by Google.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Images included with purchased theme but never deleted after site was launched.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>After a website was redesigned or rebranded, there may a number of old images or media files no longer in use.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Before migrating to a new hosting provider, cleaning up the media library may make it a smoother and faster migration process.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Getting a warning from your hosting provider that you are hitting the storage limit, make your backups smaller.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>You have guest posts or contributors who may have left behind a number of images.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Changing your product listings or discontinuing products in e-commerce sites may mean images are left unused.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>After trying out a theme, deactivation of theme may leave behind media files.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>How is it Different?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmediahygiene.com\" rel=\"nofollow ugc\">Media Hygiene Pro\u003C\u002Fa> scans the entire website using a number of different techniques. One way is to “visualize images\u002Fmedia in page source code” to confirm the existence of a media file even when builders\u002Fplugins\u002Fthemes use specialized custom posts to display their widgets on-screen.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>File Types:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Media Hygiene will recognize most if not all major file types stored in the WordPress media library. This includes but not limited to PDF, jpg, png, gif, mp4, mp3, csv, zip, rar, and txt files. We also cover alternative extension spelling such as jpeg.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Standard Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>Dashboard – shows list of all unused media by occupied space and by type.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Notifications – get email notifications when new files have been uploaded and not scanned on a specific schedule (daily, weekly, bi-weekly, monthly, quarterly)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Site builder compatibility – works with all major site builders such as Elementor (see list below).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Whitelist – keep files safe from deletion. Perfect for files linked to from off-site sources.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Filtering – files by name and date.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Backup – download unused media file individually or by page.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Delete – remove files individually or by page.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Scan – scanning process for all media files not linked to any page\u002Fpost or other theme settings.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Support – only through WordPress repository.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Changelog\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fmediahygiene.com\u002Fchangelog\u002F\" rel=\"nofollow ugc\">Check latest here\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fmediahygiene.com\u002Fcompatibilities\u002F\" rel=\"nofollow ugc\">Compatibility\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>Please check our website to see a completely list of compatible plugins\u002Fthemes.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Gutenberg – Standard\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Elementor Basic – Standard\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Bricks (builder)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Divi (builder)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>WP Bakery Page Builder (builder)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Beaver Builder (builder)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Visual Composer (builder)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Avada (theme)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Enfold (theme)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Flatsome (theme)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>More to come…\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fmediahygiene.com\" rel=\"nofollow ugc\">Pro\u003C\u002Fa>\u003C\u002Fstrong> (available now)\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>Customer Support – directly from the plugin – Pro\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Faster scanning through the use of WP-CLI (WordPress command line interface)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Unique scanning process for multiple page builders with one click\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Advanced Filtering – Pro\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Media Filter by Year\u003C\u002Fli>\n\u003Cli>Media Filter by Type (jpg, png, gif, wmv, mp4, etc.)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>One Shot Download (all files)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>One Shot Removal (all files)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Folder Scan (sub-folder scanning coming soon!)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Woocommerce\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Custom Post Types\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>SEO Plugins\u003C\u002Fp>\n\u003Cul>\n\u003Cli>All in One\u003C\u002Fli>\n\u003Cli>Yoast\u003C\u002Fli>\n\u003Cli>SEO Press\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Custom Fields Plugins – Pro\u003C\u002Fp>\n\u003Cul>\n\u003Cli>ACF\u003C\u002Fli>\n\u003Cli>Pods\u003C\u002Fli>\n\u003Cli>Custom Field Suite\u003C\u002Fli>\n\u003Cli>Custom Post Suits\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Sliders\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Meta Slider\u003C\u002Fli>\n\u003Cli>Slider Revolution\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fmediahygiene.com\" rel=\"nofollow ugc\">Pro\u003C\u002Fa>\u003C\u002Fstrong> (coming soon)\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>Custom Fields Plugins – Pro\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Jet Engine (coming soon)\u003C\u002Fli>\n\u003Cli>Meta Box (coming soon)\u003C\u002Fli>\n\u003Cli>CPT UI (coming soon)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Remote server backup and restore – Pro (coming soon)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Scheduled Scans – Pro (coming soon)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Custom Email Notifications – Pro (coming soon)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>WPML \u002F Weglot \u002F TranslatePress (coming soon)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","The Media Hygiene plugin removes unused media from the WordPress library to free up space, reduce clutter, and improve server performance.",5000,43350,80,30,"2025-05-01T11:25:00.000Z","6.8.5","5.3","7.4",[20,21,22,23,24],"clean","delete","images","remove","unused-media","https:\u002F\u002Fmediahygiene.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmedia-hygiene.4.0.1.zip",97,3,0,"2025-06-19 00:00:00","2026-03-15T15:16:48.613Z",[33,49,62],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2025-49979","media-hygiene-missing-authorization-2","Media Hygiene \u003C= 4.0.2 - Missing Authorization","The Media Hygiene: Remove or Delete Unused Images and More! plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 4.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.",null,"\u003C=4.0.2","4.0.3","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2026-03-31 19:36:26",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd105cae2-2442-4726-bbe8-2edbd1e7a28c?source=api-prod",286,{"id":50,"url_slug":51,"title":52,"description":53,"plugin_slug":4,"theme_slug":38,"affected_versions":54,"patched_in_version":6,"severity":41,"cvss_score":55,"cvss_vector":56,"vuln_type":44,"published_date":57,"updated_date":58,"references":59,"days_to_patch":61},"CVE-2025-47469","media-hygiene-missing-authorization","Media Hygiene \u003C= 4.0.0 - Missing Authorization","The Media Hygiene plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions like fn_wmh_fetch_statistics_data() in versions up to, and including, 4.0.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve data and update settings.","\u003C=4.0.0",5.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:L\u002FI:L\u002FA:N","2025-05-07 00:00:00","2025-05-12 19:45:18",[60],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F0aa925c8-7c65-45a4-95ca-a37290d74e86?source=api-prod",6,{"id":63,"url_slug":64,"title":65,"description":66,"plugin_slug":4,"theme_slug":38,"affected_versions":67,"patched_in_version":68,"severity":41,"cvss_score":42,"cvss_vector":69,"vuln_type":44,"published_date":70,"updated_date":71,"references":72,"days_to_patch":74},"CVE-2024-5855","media-hygiene-missing-authorization-to-authenticated-subscriber-arbitrary-attachment-deletion","Media Hygiene \u003C= 3.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Deletion","The Media Hygiene: Remove or Delete Unused Images and More! plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the bulk_action_delete and delete_single_image_call AJAX actions in all versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary attachments. A nonce check was added in version 3.0.1, however, it wasn't until version 3.0.2 that a capability check was added.","\u003C=3.0.1","3.0.2","CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:N\u002FA:L","2024-07-08 00:00:00","2024-07-09 02:03:12",[73],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F44b02690-462a-458b-88c9-89acc9c209cb?source=api-prod",1,{"slug":7,"display_name":76,"profile_url":8,"plugin_count":61,"total_installs":77,"avg_security_score":78,"avg_patch_time_days":79,"trust_score":80,"computed_at":81},"Jay Versluis",15050,92,98,73,"2026-04-04T21:03:01.514Z",[83,105,125,144,164],{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":91,"downloaded":92,"rating":93,"num_ratings":28,"last_updated":94,"tested_up_to":95,"requires_at_least":96,"requires_php":97,"tags":98,"homepage":103,"download_link":104,"security_score":78,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"remove-broken-images","Remove Broken Images","1.5.0-beta-1","Room 34 Creative Services, LLC","https:\u002F\u002Fprofiles.wordpress.org\u002Froom34\u002F","\u003Cp>This is an extremely simple plugin that uses jQuery to remove broken images from displaying on your pages.\u003C\u002Fp>\n\u003Cp>Note that version 1 does \u003Cem>not\u003C\u002Fem> alter any content in the database, nor does it remove the image tags from the initial HTML output of the page, so it doesn’t stop 404 errors, nor does it benefit SEO or PageSpeed scores. It does, however, prevent the dreaded “broken image” icon from appearing in your pages, and in most cases it will remove the blank space some browsers allocate for images as they are loading.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Coming in version 2:\u003C\u002Fstrong> We’ll be adding an admin tool to let you see a list of posts and pages containing broken images, along with a tool to automatically remove their \u003Ccode>img\u003C\u002Fcode> tags from the database.\u003C\u002Fp>\n","Very simply, uses JavaScript to remove broken images from page display.",1000,14107,100,"2024-10-04T16:04:00.000Z","6.7.5","4.9","",[99,100,101,102,23],"broken-images","deleted-images","media-library","missing-images","https:\u002F\u002Froom34.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fremove-broken-images.1.5.0.zip",{"slug":106,"name":107,"version":108,"author":109,"author_profile":110,"description":111,"short_description":112,"active_installs":91,"downloaded":113,"rating":93,"num_ratings":61,"last_updated":114,"tested_up_to":115,"requires_at_least":116,"requires_php":18,"tags":117,"homepage":123,"download_link":124,"security_score":78,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"wc-delete-product-images","Delete product images for WooCommerce","2.0","Eduard Doloc","https:\u002F\u002Fprofiles.wordpress.org\u002Frwky\u002F","\u003Cp>This small and lightweight plugin deletes all product images automatically when the product is deleted (from trash).\u003C\u002Fp>\n\u003Cp>The plugin uses the “before_delete_post” action and runs a delete (wp_delete_post) for the product ID that is being deleted, this is done automatically and works with any number of products (server performance limited)\u003C\u002Fp>\n\u003Cp>Contributions are welcomed on \u003Ccode>https:\u002F\u002Fgithub.com\u002Frwkyyy\u002Fdelete-product-images-for-wc\u003C\u002Fcode>\u003C\u002Fp>\n","Removes product assigned images (featured and gallery only) on product delete.",9072,"2025-01-29T09:18:00.000Z","6.5.8","4.7",[118,119,120,121,122],"product-images-delete","product-images-remove","remove-product-images-automatically","woocommerce-product-images-delete","woocommerce-product-images-remove","https:\u002F\u002Fuprise.ro","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwc-delete-product-images.zip",{"slug":126,"name":127,"version":128,"author":129,"author_profile":130,"description":131,"short_description":132,"active_installs":133,"downloaded":134,"rating":29,"num_ratings":29,"last_updated":135,"tested_up_to":136,"requires_at_least":137,"requires_php":97,"tags":138,"homepage":141,"download_link":142,"security_score":143,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"clean-wp-dashboard","Clean WP Dashboard","1.0","sant0sk1","https:\u002F\u002Fprofiles.wordpress.org\u002Fsant0sk1\u002F","\u003Cp>Adds an options page for an Administrator to choose which default WordPress dashboard widgets are available.\u003C\u002Fp>\n","Easily remove any\u002Fall of the default WordPress dashboard widgets",200,9024,"2009-04-23T13:50:00.000Z","2.7.1","2.7",[20,139,140,21,23],"dashboard","default","http:\u002F\u002Fgithub.com\u002Fsant0sk1\u002Fclean-wp-dashboard","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclean-wp-dashboard.zip",85,{"slug":145,"name":146,"version":147,"author":148,"author_profile":149,"description":150,"short_description":151,"active_installs":152,"downloaded":153,"rating":93,"num_ratings":74,"last_updated":154,"tested_up_to":155,"requires_at_least":116,"requires_php":156,"tags":157,"homepage":97,"download_link":163,"security_score":93,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"smart-bulk-content-remover","Smart Bulk Delete & Content Cleaner for WordPress","1.1","Kirtikumar Solanki","https:\u002F\u002Fprofiles.wordpress.org\u002Fsolankisoftware\u002F","\u003Cp>\u003Cstrong>Smart Bulk Delete & Content Cleaner for WordPress\u003C\u002Fstrong> is a powerful and user-friendly tool to manage and clean up your WordPress website in just a few clicks.\u003C\u002Fp>\n\u003Cp>No more manually selecting and deleting one item at a time — this plugin gives you a \u003Cstrong>fast, flexible, and safe bulk deletion interface\u003C\u002Fstrong> to remove unwanted content such as old posts, draft pages, unused media, spam comments, and even custom post types like products, portfolios, events, or reviews.\u003C\u002Fp>\n\u003Cp>Whether you’re a blogger, developer, or site administrator, Smart Bulk Content Remover helps keep your WordPress site lean and organized without risking accidental data loss.\u003C\u002Fp>\n\u003Ch3>🚀 Why Use Smart Bulk Delete & Content Cleaner for WordPress?\u003C\u002Fh3>\n\u003Cp>Over time, every WordPress website accumulates clutter — outdated posts, temporary drafts, test pages, old media files, and spam comments. These not only make your site harder to manage but can also affect \u003Cstrong>database performance and backup size\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>With Smart Bulk Delete & Content Cleaner for WordPress, you can:\u003Cbr \u002F>\n* Clean up thousands of items in a few clicks.\u003Cbr \u002F>\n* Target specific content using advanced filters.\u003Cbr \u002F>\n* Choose between \u003Cstrong>Trash\u003C\u002Fstrong> or \u003Cstrong>Permanent Delete\u003C\u002Fstrong>.\u003Cbr \u002F>\n* Quickly review what’s being deleted before confirming.\u003Cbr \u002F>\n* Keep your database optimized and your dashboard tidy.\u003C\u002Fp>\n\u003Ch3>🧹 What You Can Delete\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Posts\u003C\u002Fstrong> – Delete posts by type, author, status, or date.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Pages\u003C\u002Fstrong> – Remove outdated or test pages in bulk.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Post Types\u003C\u002Fstrong> – Works with WooCommerce products, events, portfolios, news, books, and any other custom type.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Media Files\u003C\u002Fstrong> – Delete unused images or unattached uploads. Includes statistics for total files, attached\u002Funattached, and total size before deletion.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Comments\u003C\u002Fstrong> – Bulk remove spam, pending, or trashed comments sitewide.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>⚙️ Advanced Filters & Options\u003C\u002Fh3>\n\u003Cp>Every section includes flexible filters to give you complete control over what’s removed:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Filter by \u003Cstrong>Post Type\u003C\u002Fstrong>, \u003Cstrong>Status\u003C\u002Fstrong>, \u003Cstrong>Author\u003C\u002Fstrong>, or \u003Cstrong>Date Range\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Search posts by \u003Cstrong>Title\u003C\u002Fstrong> or \u003Cstrong>Content keywords\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Media filters include \u003Cstrong>Date Range\u003C\u002Fstrong>, \u003Cstrong>Month\u003C\u002Fstrong>, \u003Cstrong>Year\u003C\u002Fstrong>, and \u003Cstrong>Author\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Choose between \u003Cstrong>Move to Trash\u003C\u002Fstrong> or \u003Cstrong>Permanently Delete\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Select specific items or use \u003Cstrong>Select All\u003C\u002Fstrong> for mass cleanup.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🧠 Safe, Simple & Efficient\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Non-destructive by default\u003C\u002Fstrong> – content moves to Trash unless you choose “Permanent Delete.”\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Restore accidentally deleted content\u003C\u002Fstrong> from Trash easily.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight\u003C\u002Fstrong> and optimized – minimal database overhead.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Responsive design\u003C\u002Fstrong> – works beautifully on desktop, tablet, and mobile.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Native WordPress UI\u003C\u002Fstrong> for a seamless experience.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>💡 Ideal For\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Bloggers\u003C\u002Fstrong> who want to delete old drafts or outdated posts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Site administrators\u003C\u002Fstrong> managing large WordPress sites.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce store owners\u003C\u002Fstrong> cleaning up old or test products.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developers and testers\u003C\u002Fstrong> who frequently reset content during testing.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Agencies\u003C\u002Fstrong> maintaining multiple client websites.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>✅ Key Features at a Glance\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Bulk delete \u003Cstrong>posts, pages, media, comments, and any custom post types\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Advanced \u003Cstrong>filters\u003C\u002Fstrong>: author, status, date range, search, and more.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Media statistics\u003C\u002Fstrong>: see totals, sizes, and attached\u002Funattached counts.\u003C\u002Fli>\n\u003Cli>Option to \u003Cstrong>move to Trash or permanently delete\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight, fast, and responsive\u003C\u002Fstrong> admin interface.\u003C\u002Fli>\n\u003Cli>Compatible with \u003Cstrong>WordPress Multisite\u003C\u002Fstrong> (per-site use).\u003C\u002Fli>\n\u003Cli>Works seamlessly with \u003Cstrong>WooCommerce, Easy Digital Downloads, and other CPTs\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔒 Safety & Performance\u003C\u002Fh3>\n\u003Cp>Smart Bulk Delete & Content Cleaner for WordPress is designed for \u003Cstrong>safety first\u003C\u002Fstrong>:\u003Cbr \u002F>\n* Uses built-in WordPress delete APIs.\u003Cbr \u002F>\n* Verifies user capabilities before deleting.\u003Cbr \u002F>\n* Respects post meta and attachment relationships.\u003Cbr \u002F>\n* Ensures consistent database integrity.\u003C\u002Fp>\n\u003Cp>You can confidently use it on production sites — the default Trash behavior ensures you can recover any mistakenly deleted content.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Developed by \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fsolankisoftware\u002F\" rel=\"nofollow ugc\">Kirtikumar Solanki\u003C\u002Fa>.\u003Cbr \u002F>\nDonations welcome via \u003Ca href=\"https:\u002F\u002Fpaypal.me\u002Fkirtikumar89\" rel=\"nofollow ugc\">PayPal\u003C\u002Fa>.\u003C\u002Fp>\n","Safely bulk delete posts, pages, media, and comments with flexible filters and a clean interface.",60,966,"2026-01-31T07:00:00.000Z","6.9.4","7.0",[158,159,160,161,162],"bulk-delete","delete-pages","delete-posts","media-cleaner","remove-comments","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsmart-bulk-content-remover.1.1.zip",{"slug":165,"name":166,"version":167,"author":168,"author_profile":169,"description":170,"short_description":171,"active_installs":172,"downloaded":173,"rating":29,"num_ratings":29,"last_updated":174,"tested_up_to":16,"requires_at_least":175,"requires_php":97,"tags":176,"homepage":181,"download_link":182,"security_score":93,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"auto-generated-images-remover","Auto Generated Images Remover","1.1.2","socialeum","https:\u002F\u002Fprofiles.wordpress.org\u002Fsocialeum\u002F","\u003Cp>Scan and delete unwanted auto-generated WordPress images and save huge diskspace. Delete thumbnail sizes (started or ended with 150px, 280px 300px or 1024px) and move them to a trash folder inside your uploads directory. Preview and restore images from the trash.\u003C\u002Fp>\n\u003Cp>Whenever you upload an image, WordPress creates three additional resized versions of that image. This increases your hosting inodes and unnecessarily occupies disk space.\u003C\u002Fp>\n","Short Description: Scan and remove auto-generated WordPress image thumbnails safely.",40,528,"2025-09-30T06:01:00.000Z","5.0",[177,22,178,179,180],"cleanup","media","remover","thumbnails","https:\u002F\u002Fwordpress.com\u002Fauto-generated-images-remover","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauto-generated-images-remover.1.1.2.zip",{"attackSurface":184,"codeSignals":364,"taintFlows":510,"riskAssessment":679,"analyzedAt":693},{"hooks":185,"ajaxHandlers":239,"restRoutes":352,"shortcodes":353,"cronEvents":354,"entryPointCount":363,"unprotectedCount":74},[186,192,197,202,207,211,215,219,223,227,231,235],{"type":187,"name":188,"callback":189,"file":190,"line":191},"action","admin_post_create_page_unused_media_zip_action","fn_wmh_create_page_unused_media_zip_action","includes\\wmh-download-unused-media.php",21,{"type":187,"name":193,"callback":194,"file":195,"line":196},"admin_menu","fn_add_menu_to_admin","includes\\wmh-general.php",29,{"type":187,"name":198,"callback":199,"file":200,"line":201},"init","fn_mh_schedule_cron_jobs","includes\\wmh-my-cron-job.php",36,{"type":203,"name":204,"callback":205,"file":200,"line":206},"filter","cron_schedules","fn_mh_add_cron_interval",37,{"type":187,"name":208,"callback":209,"file":200,"line":210},"fn_mh_daily_cron_job","fn_mh_daily_cron_job_callback",63,{"type":187,"name":212,"callback":213,"file":200,"line":214},"fn_mh_weekly_cron_job","fn_mh_weekly_cron_job_callback",76,{"type":187,"name":216,"callback":217,"file":200,"line":218},"fn_mh_biweekly_cron_job","fn_mh_biweekly_cron_job_callback",89,{"type":187,"name":220,"callback":221,"file":200,"line":222},"fn_mh_monthly_cron_job","fn_mh_monthly_cron_job_callback",102,{"type":187,"name":224,"callback":225,"file":200,"line":226},"fn_mh_quarterly_cron_job","fn_mh_quarterly_cron_job_callback",115,{"type":187,"name":198,"callback":228,"file":229,"line":230},"fn_wmh_update_plugin_for_free","media-hygiene.php",31,{"type":187,"name":232,"callback":233,"file":229,"line":234},"admin_footer","fn_wmh_deactivation_plugin_feedback_popup",33,{"type":187,"name":236,"callback":237,"file":229,"line":238},"admin_enqueue_scripts","fn_wmh_enqueue_scripts",35,[240,246,250,254,258,263,266,271,276,280,284,287,290,294,298,302,306,310,313,317,321,325,328,332,336,340,344,349],{"action":241,"nopriv":242,"callback":243,"hasNonce":244,"hasCapCheck":244,"file":245,"line":238},"fetch_statistics_data",false,"fn_wmh_fetch_statistics_data",true,"includes\\wmh-dashboard.php",{"action":247,"nopriv":242,"callback":248,"hasNonce":244,"hasCapCheck":244,"file":245,"line":249},"wmh_aap_action","fn_wmh_aap_action",38,{"action":251,"nopriv":242,"callback":252,"hasNonce":244,"hasCapCheck":244,"file":245,"line":253},"wmh_aap_close_notice_permanently_action","fn_wmh_aap_close_notice_permanently_action",41,{"action":255,"nopriv":242,"callback":256,"hasNonce":244,"hasCapCheck":244,"file":245,"line":257},"database_update_wmh_by_version","fn_wmh_database_update_wmh_by_version",44,{"action":259,"nopriv":242,"callback":260,"hasNonce":242,"hasCapCheck":242,"file":261,"line":262},"get_deleted_media_list","fn_wmh_get_deleted_media_list","includes\\wmh-deleted-media.php",27,{"action":264,"nopriv":242,"callback":265,"hasNonce":244,"hasCapCheck":244,"file":261,"line":196},"deleted_media_list_action","fn_wmh_deleted_media_list_action",{"action":267,"nopriv":242,"callback":268,"hasNonce":244,"hasCapCheck":244,"file":269,"line":270},"clear_error_log_action","fn_wmh_clear_error_log_action","includes\\wmh-error-log.php",18,{"action":272,"nopriv":242,"callback":273,"hasNonce":244,"hasCapCheck":244,"file":274,"line":275},"wmh_customer_feedback","fn_wmh_customer_feedback","includes\\wmh-plugin-feedback.php",11,{"action":277,"nopriv":242,"callback":278,"hasNonce":244,"hasCapCheck":244,"file":279,"line":206},"scan_unused_images","fn_wmh_scan_unused_images","includes\\wmh-scan.php",{"action":281,"nopriv":242,"callback":282,"hasNonce":244,"hasCapCheck":244,"file":279,"line":283},"fetch_data_from_database","fn_wmh_fetch_data_from_database",39,{"action":285,"nopriv":242,"callback":286,"hasNonce":244,"hasCapCheck":244,"file":279,"line":253},"scanning_data","fn_wmh_scanning_data",{"action":288,"nopriv":242,"callback":289,"hasNonce":244,"hasCapCheck":244,"file":279,"line":257},"row_action_trash","fn_wmh_row_action_trash",{"action":291,"nopriv":242,"callback":292,"hasNonce":244,"hasCapCheck":244,"file":279,"line":293},"whitelist_single_image_call","fn_wmh_whitelist_single_image_call",50,{"action":295,"nopriv":242,"callback":296,"hasNonce":244,"hasCapCheck":244,"file":279,"line":297},"blacklist_single_image_call","fn_wmh_blacklist_single_image_call",52,{"action":299,"nopriv":242,"callback":300,"hasNonce":244,"hasCapCheck":244,"file":279,"line":301},"filter_data_ajax_call","fn_wmh_filter_data_ajax_call",54,{"action":303,"nopriv":242,"callback":304,"hasNonce":244,"hasCapCheck":244,"file":279,"line":305},"bulk_action_trash","fn_wmh_bulk_action_trash",56,{"action":307,"nopriv":242,"callback":308,"hasNonce":244,"hasCapCheck":244,"file":279,"line":309},"bulk_action_to_whitelist","fn_wmh_bulk_action_to_whitelist",58,{"action":311,"nopriv":242,"callback":312,"hasNonce":244,"hasCapCheck":244,"file":279,"line":152},"bulk_action_to_blacklist","fn_wmh_bulk_action_to_blacklist",{"action":314,"nopriv":242,"callback":315,"hasNonce":244,"hasCapCheck":244,"file":279,"line":316},"trash_page_media","fn_wmh_trash_page_media",66,{"action":318,"nopriv":242,"callback":319,"hasNonce":244,"hasCapCheck":244,"file":279,"line":320},"bulk_action_trash_to_restore","fn_wmh_bulk_action_trash_to_restore",69,{"action":322,"nopriv":242,"callback":323,"hasNonce":244,"hasCapCheck":244,"file":279,"line":324},"restore_single_image_call","fn_wmh_restore_single_image_call",71,{"action":326,"nopriv":242,"callback":327,"hasNonce":244,"hasCapCheck":244,"file":279,"line":80},"wmh_bulk_restore","fn_wmh_bulk_restore",{"action":329,"nopriv":242,"callback":330,"hasNonce":244,"hasCapCheck":244,"file":279,"line":331},"delete_permanently_single_image_call","fn_wmh_delete_permanently_single_image_call",75,{"action":333,"nopriv":242,"callback":334,"hasNonce":244,"hasCapCheck":244,"file":279,"line":335},"bulk_action_delete","fn_wmh_bulk_action_delete",77,{"action":337,"nopriv":242,"callback":338,"hasNonce":244,"hasCapCheck":244,"file":279,"line":339},"wmh_delete_permanently","fn_wmh_delete_permanently",79,{"action":341,"nopriv":242,"callback":342,"hasNonce":244,"hasCapCheck":244,"file":279,"line":343},"fetch_data_from_elementor","fn_wmh_fetch_data_from_elementor",81,{"action":345,"nopriv":242,"callback":346,"hasNonce":244,"hasCapCheck":244,"file":347,"line":348},"save_scan_settings_call","fn_wmh_save_scan_settings_call","includes\\wmh-settings.php",16,{"action":350,"nopriv":242,"callback":351,"hasNonce":244,"hasCapCheck":244,"file":347,"line":270},"send_data_to_server_action","fn_wmh_send_data_to_server_action",[],[],[355,356,357,359,361],{"hook":208,"callback":208,"file":200,"line":305},{"hook":212,"callback":212,"file":200,"line":320},{"hook":216,"callback":216,"file":200,"line":358},82,{"hook":220,"callback":220,"file":200,"line":360},95,{"hook":224,"callback":224,"file":200,"line":362},108,28,{"dangerousFunctions":365,"sqlUsage":366,"outputEscaping":424,"fileOperations":507,"externalRequests":508,"nonceChecks":363,"capabilityChecks":363,"bundledLibraries":509},[],{"prepared":143,"raw":196,"locations":367},[368,371,373,375,378,380,382,384,386,388,390,392,395,398,399,401,402,403,405,407,409,411,413,416,417,419,420,421,422],{"file":245,"line":369,"context":370},477,"$wpdb->query() with variable interpolation",{"file":245,"line":372,"context":370},492,{"file":245,"line":374,"context":370},507,{"file":195,"line":376,"context":377},380,"$wpdb->get_row() with variable interpolation",{"file":279,"line":379,"context":370},297,{"file":279,"line":381,"context":370},298,{"file":279,"line":383,"context":370},299,{"file":279,"line":385,"context":370},300,{"file":279,"line":387,"context":370},301,{"file":279,"line":389,"context":370},1026,{"file":279,"line":391,"context":370},1027,{"file":393,"line":249,"context":394},"templates\\admin\\wmh-button-view.php","$wpdb->get_var() with variable interpolation",{"file":396,"line":397,"context":394},"templates\\admin\\wmh-media-hygiene-view.php",61,{"file":396,"line":210,"context":377},{"file":396,"line":400,"context":394},67,{"file":396,"line":320,"context":377},{"file":396,"line":214,"context":377},{"file":396,"line":404,"context":370},504,{"file":396,"line":406,"context":370},505,{"file":396,"line":408,"context":394},518,{"file":396,"line":410,"context":394},519,{"file":396,"line":412,"context":394},768,{"file":414,"line":415,"context":370},"uninstall.php",24,{"file":414,"line":363,"context":370},{"file":414,"line":418,"context":370},32,{"file":414,"line":201,"context":370},{"file":414,"line":172,"context":370},{"file":414,"line":257,"context":370},{"file":414,"line":423,"context":370},48,{"escaped":425,"rawEcho":253,"locations":426},386,[427,430,432,434,435,436,438,439,441,443,444,446,448,450,452,454,456,458,460,462,464,466,468,470,472,474,476,478,480,482,484,486,488,490,492,494,496,498,500,502,504],{"file":245,"line":428,"context":429},198,"raw output",{"file":245,"line":431,"context":429},421,{"file":245,"line":433,"context":429},663,{"file":261,"line":206,"context":429},{"file":261,"line":400,"context":429},{"file":269,"line":437,"context":429},45,{"file":274,"line":93,"context":429},{"file":279,"line":440,"context":429},164,{"file":279,"line":442,"context":429},182,{"file":279,"line":428,"context":429},{"file":279,"line":445,"context":429},206,{"file":279,"line":447,"context":429},264,{"file":279,"line":449,"context":429},475,{"file":279,"line":451,"context":429},1049,{"file":279,"line":453,"context":429},1159,{"file":279,"line":455,"context":429},1167,{"file":279,"line":457,"context":429},1258,{"file":279,"line":459,"context":429},1335,{"file":279,"line":461,"context":429},1344,{"file":279,"line":463,"context":429},1403,{"file":279,"line":465,"context":429},1412,{"file":279,"line":467,"context":429},1484,{"file":279,"line":469,"context":429},1539,{"file":279,"line":471,"context":429},1712,{"file":279,"line":473,"context":429},1767,{"file":279,"line":475,"context":429},1927,{"file":279,"line":477,"context":429},2015,{"file":279,"line":479,"context":429},2037,{"file":279,"line":481,"context":429},2040,{"file":279,"line":483,"context":429},2130,{"file":279,"line":485,"context":429},2175,{"file":279,"line":487,"context":429},2184,{"file":279,"line":489,"context":429},2251,{"file":279,"line":491,"context":429},2274,{"file":279,"line":493,"context":429},2277,{"file":279,"line":495,"context":429},2325,{"file":279,"line":497,"context":429},2361,{"file":279,"line":499,"context":429},2390,{"file":347,"line":501,"context":429},103,{"file":347,"line":503,"context":429},151,{"file":505,"line":506,"context":429},"templates\\admin\\wmh-dashboard-view.php",305,4,2,[],[511,528,541,557,569,579,591,601,619,629,637,647,657,668],{"entryPoint":512,"graph":513,"unsanitizedCount":74,"severity":41},"fn_wmh_search_box_html (templates\\admin\\wmh-media-hygiene-view.php:482)",{"nodes":514,"edges":526},[515,520],{"id":516,"type":517,"label":518,"file":396,"line":519},"n0","source","$_GET",484,{"id":521,"type":522,"label":523,"file":396,"line":524,"wp_function":525},"n1","sink","echo() [XSS]",490,"echo",[527],{"from":516,"to":521,"sanitized":242},{"entryPoint":529,"graph":530,"unsanitizedCount":29,"severity":540},"fn_wmh_create_page_unused_media_zip_action (includes\\wmh-download-unused-media.php:24)",{"nodes":531,"edges":538},[532,534],{"id":516,"type":517,"label":533,"file":190,"line":397},"$_POST",{"id":521,"type":522,"label":535,"file":190,"line":536,"wp_function":537},"header() [Header Injection]",106,"header",[539],{"from":516,"to":521,"sanitized":244},"low",{"entryPoint":542,"graph":543,"unsanitizedCount":29,"severity":540},"\u003Cwmh-download-unused-media> (includes\\wmh-download-unused-media.php:0)",{"nodes":544,"edges":554},[545,546,547,549],{"id":516,"type":517,"label":533,"file":190,"line":397},{"id":521,"type":522,"label":535,"file":190,"line":536,"wp_function":537},{"id":548,"type":517,"label":533,"file":190,"line":309},"n2",{"id":550,"type":522,"label":551,"file":190,"line":552,"wp_function":553},"n3","get_results() [SQLi]",122,"get_results",[555,556],{"from":516,"to":521,"sanitized":244},{"from":548,"to":550,"sanitized":244},{"entryPoint":558,"graph":559,"unsanitizedCount":29,"severity":540},"fn_wmh_scan_unused_images (includes\\wmh-scan.php:84)",{"nodes":560,"edges":567},[561,563],{"id":516,"type":517,"label":533,"file":279,"line":562},96,{"id":521,"type":522,"label":564,"file":279,"line":565,"wp_function":566},"update_option() [Settings Manipulation]",242,"update_option",[568],{"from":516,"to":521,"sanitized":244},{"entryPoint":570,"graph":571,"unsanitizedCount":29,"severity":540},"fn_wmh_trash_page_media (includes\\wmh-scan.php:1190)",{"nodes":572,"edges":577},[573,575],{"id":516,"type":517,"label":533,"file":279,"line":574},1215,{"id":521,"type":522,"label":551,"file":279,"line":576,"wp_function":553},1218,[578],{"from":516,"to":521,"sanitized":244},{"entryPoint":580,"graph":581,"unsanitizedCount":29,"severity":540},"fn_wmh_whitelist_single_image_call (includes\\wmh-scan.php:1291)",{"nodes":582,"edges":589},[583,585],{"id":516,"type":517,"label":533,"file":279,"line":584},1306,{"id":521,"type":522,"label":586,"file":279,"line":587,"wp_function":588},"get_row() [SQLi]",1309,"get_row",[590],{"from":516,"to":521,"sanitized":244},{"entryPoint":592,"graph":593,"unsanitizedCount":29,"severity":540},"fn_wmh_blacklist_single_image_call (includes\\wmh-scan.php:1357)",{"nodes":594,"edges":599},[595,597],{"id":516,"type":517,"label":533,"file":279,"line":596},1371,{"id":521,"type":522,"label":586,"file":279,"line":598,"wp_function":588},1374,[600],{"from":516,"to":521,"sanitized":244},{"entryPoint":602,"graph":603,"unsanitizedCount":29,"severity":540},"\u003Cwmh-scan> (includes\\wmh-scan.php:0)",{"nodes":604,"edges":615},[605,607,608,609,610,613],{"id":516,"type":517,"label":606,"file":279,"line":562},"$_POST (x10)",{"id":521,"type":522,"label":564,"file":279,"line":565,"wp_function":566},{"id":548,"type":517,"label":533,"file":279,"line":574},{"id":550,"type":522,"label":551,"file":279,"line":576,"wp_function":553},{"id":611,"type":517,"label":612,"file":279,"line":584},"n4","$_POST (x2)",{"id":614,"type":522,"label":586,"file":279,"line":587,"wp_function":588},"n5",[616,617,618],{"from":516,"to":521,"sanitized":244},{"from":548,"to":550,"sanitized":244},{"from":611,"to":614,"sanitized":244},{"entryPoint":620,"graph":621,"unsanitizedCount":29,"severity":540},"fn_wmh_send_data_to_server_action (includes\\wmh-settings.php:109)",{"nodes":622,"edges":627},[623,625],{"id":516,"type":517,"label":612,"file":347,"line":624},125,{"id":521,"type":522,"label":564,"file":347,"line":626,"wp_function":566},130,[628],{"from":516,"to":521,"sanitized":244},{"entryPoint":630,"graph":631,"unsanitizedCount":29,"severity":540},"\u003Cwmh-settings> (includes\\wmh-settings.php:0)",{"nodes":632,"edges":635},[633,634],{"id":516,"type":517,"label":612,"file":347,"line":624},{"id":521,"type":522,"label":564,"file":347,"line":626,"wp_function":566},[636],{"from":516,"to":521,"sanitized":244},{"entryPoint":638,"graph":639,"unsanitizedCount":29,"severity":540},"\u003Cwmh-button-view> (templates\\admin\\wmh-button-view.php:0)",{"nodes":640,"edges":645},[641,643],{"id":516,"type":517,"label":642,"file":393,"line":14},"$_GET (x2)",{"id":521,"type":522,"label":523,"file":393,"line":644,"wp_function":525},161,[646],{"from":516,"to":521,"sanitized":244},{"entryPoint":648,"graph":649,"unsanitizedCount":29,"severity":540},"\u003Cwmh-filter-view> (templates\\admin\\wmh-filter-view.php:0)",{"nodes":650,"edges":655},[651,654],{"id":516,"type":517,"label":518,"file":652,"line":653},"templates\\admin\\wmh-filter-view.php",9,{"id":521,"type":522,"label":523,"file":652,"line":324,"wp_function":525},[656],{"from":516,"to":521,"sanitized":244},{"entryPoint":658,"graph":659,"unsanitizedCount":74,"severity":667},"fn_wmh_filter_data (templates\\admin\\wmh-media-hygiene-view.php:605)",{"nodes":660,"edges":665},[661,663],{"id":516,"type":517,"label":518,"file":396,"line":662},617,{"id":521,"type":522,"label":551,"file":396,"line":664,"wp_function":553},727,[666],{"from":516,"to":521,"sanitized":242},"high",{"entryPoint":669,"graph":670,"unsanitizedCount":28,"severity":667},"\u003Cwmh-media-hygiene-view> (templates\\admin\\wmh-media-hygiene-view.php:0)",{"nodes":671,"edges":676},[672,673,674,675],{"id":516,"type":517,"label":518,"file":396,"line":519},{"id":521,"type":522,"label":523,"file":396,"line":524,"wp_function":525},{"id":548,"type":517,"label":642,"file":396,"line":662},{"id":550,"type":522,"label":551,"file":396,"line":664,"wp_function":553},[677,678],{"from":516,"to":521,"sanitized":242},{"from":548,"to":550,"sanitized":242},{"summary":680,"deductions":681},"The \"media-hygiene\" plugin v4.0.1 exhibits a mixed security posture. On the positive side, it demonstrates good practices such as extensive use of prepared statements for SQL queries and proper output escaping, with 75% and 90% respectively. The presence of nonces and capability checks on all identified AJAX handlers is also a strong security indicator. However, a significant concern arises from the discovery of one AJAX handler lacking authentication checks, creating a direct entry point for unauthorized actions. Furthermore, taint analysis revealed two high-severity flows with unsanitized paths, indicating potential for injection vulnerabilities if these flows are exposed to user input.\n\nThe vulnerability history of this plugin is a notable red flag. While the latest known vulnerability was in 2025, the fact that one out of three total CVEs remains unpatched is a critical issue. The prevalence of \"Missing Authorization\" as a common vulnerability type in its history suggests a recurring pattern of oversight in securing sensitive functionalities. This, combined with the static analysis finding of an unprotected AJAX handler, reinforces concerns about the plugin's authorization mechanisms. The plugin has strengths in areas like SQL and output sanitization, but the identified authorization flaws and unpatched vulnerability demand attention.",[682,685,688,690],{"reason":683,"points":684},"Unprotected AJAX handler found",8,{"reason":686,"points":687},"High severity taint flows with unsanitized paths",12,{"reason":689,"points":270},"Currently unpatched CVE",{"reason":691,"points":692},"History of missing authorization vulnerabilities",5,"2026-03-16T18:10:37.026Z",{"wat":695,"direct":704},{"assetPaths":696,"generatorPatterns":699,"scriptPaths":700,"versionParams":701},[697,698],"\u002Fwp-content\u002Fplugins\u002Fmedia-hygiene\u002Fassets\u002Fcss\u002Fwmh-custom-feedback.css","\u002Fwp-content\u002Fplugins\u002Fmedia-hygiene\u002Fassets\u002Fjs\u002Fwmh-custom-feedback.js",[],[698],[702,703],"media-hygiene\u002Fassets\u002Fcss\u002Fwmh-custom-feedback.css?ver=","media-hygiene\u002Fassets\u002Fjs\u002Fwmh-custom-feedback.js?ver=",{"cssClasses":705,"htmlComments":707,"htmlAttributes":710,"restEndpoints":713,"jsGlobals":714,"shortcodeOutput":716},[706],"wmh-modal",[708,709],"\u003C!-- wmh-plugin-feedback-view.php -->","\u003C!-- wmh-deactivation-plugin-feedback-popup -->",[711,712],"data-plugin-name=\"Media Hygiene\"","data-plugin-version=\"4.0.1\"",[],[715],"wmhFeedbackObj",[]]