Does Media Picker for Immich have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Media Picker for Immich compatible with WordPress 6.9.4?

According to WordPress.org data, Media Picker for Immich 0.1.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Media Picker for Immich compatible with PHP 8.0+?

Media Picker for Immich requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Media Picker for Immich updated?

Media Picker for Immich was last updated on Apr 12, 2026. Frequent updates are generally a positive security signal.

What is Media Picker for Immich's security score?

Media Picker for Immich has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Media Picker for Immich Security & Risk Analysis

wordpress.org/plugins/media-picker-for-immich

Use photos and videos from your Immich server in WordPress without copying files, or import them into the media library.

0 active installs v0.1.0 PHP 8.0+ WP 6.4+ Updated Apr 12, 2026

galleryimmichmediaphotosself-hosted

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Media Picker for Immich Safe to Use in 2026?

Generally Safe

Score 100/100

Media Picker for Immich has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The media-picker-for-immich plugin, version 0.1.0, exhibits a concerning security posture due to a significant number of unprotected AJAX handlers. While the plugin demonstrates good practices in other areas, such as 100% prepared SQL statements and a high percentage of properly escaped output, the presence of 7 AJAX handlers without any authentication or capability checks presents a substantial attack surface. This means any user, regardless of their WordPress role, could potentially trigger these actions. The taint analysis, while not revealing critical or high-severity issues, did find 4 flows with unsanitized paths, which is a red flag even if no immediate critical exploit was identified. The lack of any recorded vulnerabilities in its history might suggest it hasn't been widely targeted or has been fortunate, rather than inherently secure, especially given the identified code weaknesses. Overall, the plugin has strengths in its handling of database queries and output escaping, but the unprotected AJAX endpoints are a critical weakness that demands immediate attention.

Key Concerns

7 AJAX handlers without auth checks
4 flows with unsanitized paths

Vulnerabilities

None known

Media Picker for Immich Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Media Picker for Immich Release Timeline

v0.1.0Current

Code Analysis

Analyzed Apr 16, 2026

Media Picker for Immich Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

30 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

94% escaped32 total outputs

Data Flows · Security

4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths

handle_proxy_request (media-picker-for-immich.php:282)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

7 unprotected

Media Picker for Immich Attack Surface

Entry Points7

Unprotected7

AJAX Handlers 7

authwp_ajax_immich_browsemedia-picker-for-immich.php:34

authwp_ajax_immich_searchmedia-picker-for-immich.php:35

authwp_ajax_immich_peoplemedia-picker-for-immich.php:36

authwp_ajax_immich_thumbnailmedia-picker-for-immich.php:37

authwp_ajax_immich_importmedia-picker-for-immich.php:38

authwp_ajax_immich_usemedia-picker-for-immich.php:39

authwp_ajax_immich_used_assetsmedia-picker-for-immich.php:40

WordPress Hooks 14

actionadmin_menumedia-picker-for-immich.php:28

actionadmin_initmedia-picker-for-immich.php:29

actionshow_user_profilemedia-picker-for-immich.php:30

actionedit_user_profilemedia-picker-for-immich.php:31

actionpersonal_options_updatemedia-picker-for-immich.php:32

actionedit_user_profile_updatemedia-picker-for-immich.php:33

actionwp_enqueue_mediamedia-picker-for-immich.php:41

actionwp_enqueue_scriptsmedia-picker-for-immich.php:42

actioninitmedia-picker-for-immich.php:43

filterwp_get_attachment_urlmedia-picker-for-immich.php:44

filterimage_downsizemedia-picker-for-immich.php:45

filterthe_contentmedia-picker-for-immich.php:46

actionimmich_cache_gcmedia-picker-for-immich.php:47

actionplugins_loadedmedia-picker-for-immich.php:1164

Scheduled Events 1

immich_cache_gc

Maintenance & Trust

Media Picker for Immich Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 12, 2026

PHP min version8.0

Downloads41

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Media Picker for Immich Alternatives

Gallery for Immich

gallery-for-immich

100

Display your Immich photo albums and galleries in WordPress using simple shortcodes.

60 No CVEs

WPJaipho Mobile Gallery

wpjaipho

WPJaipho extends native Wordpress image gallery, NextGEN 1.x and NextCellent Gallery with optimized support for mobile users

60 No CVEs

Photalika

photalika

100

Seamlessly integrate your WordPress website with Photalika, a powerful cloud platform for managing, storing, and showcasing your photos and media.

0 No CVEs

Smash Balloon Social Photo Feed – Easy Social Feeds Plugin

instagram-feed

Formerly "Instagram Feed". Display clean, customizable, and responsive Instagram feeds from multiple accounts. Supports Instagram oEmbeds.

1.0M 4 CVEs

Instant Images – One-click Image Uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy

instant-images

One-click uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy directly to your WordPress media library.

200K 3 CVEs

Developer Profile

Media Picker for Immich Developer Profile

Donncha O Caoimh (a11n)

13 plugins · 32K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

4657 days

View full developer profile

Detection Fingerprints

How We Detect Media Picker for Immich

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/media-picker-for-immich/build/index.css/wp-content/plugins/media-picker-for-immich/build/index.js/wp-content/plugins/media-picker-for-immich/build/immich-assets.js

Script Paths

/wp-content/plugins/media-picker-for-immich/build/index.js/wp-content/plugins/media-picker-for-immich/build/immich-assets.js

Version Parameters

media-picker-for-immich/build/index.css?ver=media-picker-for-immich/build/index.js?ver=media-picker-for-immich/build/immich-assets.js?ver=

HTML / DOM Fingerprints

CSS Classes

immich-media-picker-wrapper

Data Attributes

data-immich-api-keydata-immich-api-urldata-immich-media-picker-options

JS Globals

immichMediaPickerConfigimmichAssets

REST Endpoints

/wp-json/immich/v1/browse/wp-json/immich/v1/search/wp-json/immich/v1/people/wp-json/immich/v1/thumbnail/wp-json/immich/v1/import/wp-json/immich/v1/use/wp-json/immich/v1/used_assets

FAQ