WP-Safety

Media Sweep – WordPress Media Cleaner Security & Risk Analysis

wordpress.org/plugins/media-sweep

Clean up your WordPress Media Library by finding and removing unused files. Safely scan, preview, and sweep away orphaned media to keep your site fast …

500 active installs v1.0.4 PHP 7.4+ WP 5.8+ Updated Jan 30, 2026
cleanupfilesimageslibrarymedia
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Media Sweep – WordPress Media Cleaner Safe to Use in 2026?

Generally Safe

Score 100/100

Media Sweep – WordPress Media Cleaner has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The media-sweep v1.0.4 plugin exhibits a strong security posture based on the provided static analysis and vulnerability history. The plugin has a very small attack surface, with only one AJAX handler, and importantly, it appears to have proper authentication checks in place for this entry point. The code demonstrates good development practices, with all identified output being properly escaped and a high percentage of SQL queries utilizing prepared statements. There are no critical or high severity taint analysis findings, and the plugin has no known historical vulnerabilities, suggesting a history of secure development.

While the plugin shows many positive security indicators, there are minor areas to note. The presence of file operations without further context could potentially be a concern if not handled with extreme care, although no specific vulnerabilities are indicated here. The single nonce check and capability check, while present, could be more robust if there were multiple complex operations. Overall, the plugin is currently assessed as highly secure, with its strengths in properly managed entry points, robust output escaping, and a clean vulnerability history significantly outweighing any potential minor concerns.

Vulnerabilities
None known

Media Sweep – WordPress Media Cleaner Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Media Sweep – WordPress Media Cleaner Code Analysis

Dangerous Functions
0
Raw SQL Queries
7
55 prepared
Unescaped Output
0
18 escaped
Nonce Checks
1
Capability Checks
1
File Operations
8
External Requests
0
Bundled Libraries
0

SQL Query Safety

89% prepared62 total queries

Output Escaping

100% escaped18 total outputs
Attack Surface

Media Sweep – WordPress Media Cleaner Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_mswp_dismiss_review_noticeincludes\admin\class-review-notice.php:30
WordPress Hooks 13
actionadmin_menuincludes\admin\class-admin-module.php:47
actionadmin_noticesincludes\admin\class-admin-module.php:50
actionadmin_noticesincludes\admin\class-admin-module.php:51
actionadmin_noticesincludes\admin\class-admin-module.php:52
filteradmin_footer_textincludes\admin\class-admin-module.php:55
filteradmin_body_classincludes\admin\class-admin-module.php:58
actionwp_enqueue_scriptsincludes\admin\class-admin-module.php:70
actionadmin_noticesincludes\admin\class-review-notice.php:27
actionplugins_loadedincludes\database\class-database-module.php:42
actionrest_api_initincludes\rest-api\class-rest-api-module.php:75
actioninitincludes\services\class-scheduler-service.php:60
actionmedia_sweep_settings_updatedincludes\services\class-scheduler-service.php:63
actionplugins_loadedmedia-sweep.php:40
Maintenance & Trust

Media Sweep – WordPress Media Cleaner Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 30, 2026
PHP min version7.4
Downloads3K

Community Trust

Rating74/100
Number of ratings6
Active installs500
Alternatives

Media Sweep – WordPress Media Cleaner Alternatives

Media Cleaner: Clean your WordPress!

Media Cleaner: Clean your WordPress!

media-cleaner

A
99

Clean your WordPress! Eliminate unused and broken media files. For a faster, and better website.

90K 1 CVE
Cleanup Orphan Images

Cleanup Orphan Images

cleanup-orphan-images

A
100

Finds and deletes orphan media files from the uploads directory that are not registered in WordPress.

20 No CVEs
OverWrite It

OverWrite It

overwrite-it

A
85

When you upload files, OverWrite It jumps into the scene to replace old file with uploading one.

10 No CVEs
qCleanup

qCleanup

q-cleanup

A
85

This plugin allows you to delete unused and leftover files from upload dir. In one click you can rid of all unwanted files and reduce space usage.

10 No CVEs
Media Sifter

Media Sifter

media-sifter

A
100

Find and remove unused/orphan media files safely. Dry-run scan, preview, and bulk-delete to reclaim storage.

0 No CVEs
Developer Profile

Media Sweep – WordPress Media Cleaner Developer Profile

WPCreatix

2 plugins · 900 total installs

99
trust score
Avg Security Score
99/100
Avg Patch Time
1 days
View full developer profile
Detection Fingerprints

How We Detect Media Sweep – WordPress Media Cleaner

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/media-sweep/build/index.js/wp-content/plugins/media-sweep/build/index.css
Script Paths
/wp-content/plugins/media-sweep/build/index.js
Version Parameters
media-sweep/build/index.js?ver=media-sweep/build/index.css?ver=

HTML / DOM Fingerprints

CSS Classes
mswp-adminmswp-page
HTML Comments
<!-- Capture all notices and hide them. WordPress Core looks for --><!-- .wp-header-end and appends notices after it if found. --><!-- https://github.com/WordPress/WordPress/blob/f6a37e7d39e2534d05b9e542045174498edfe536/wp-admin/js/common.js#L737 . -->
Data Attributes
id="mswp-admin"id="wp__notice-list"id="mswp-layout__notice-catcher"
JS Globals
mswpAdmin
FAQ

Frequently Asked Questions about Media Sweep – WordPress Media Cleaner