Does MediaPress have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is MediaPress compatible with WordPress 6.9.0?

According to WordPress.org data, MediaPress 1.6.3 has been tested up to WordPress 6.9.0. Check the plugin's changelog for the latest compatibility information.

How often is MediaPress updated?

MediaPress was last updated on Dec 31, 2025. Frequent updates are generally a positive security signal.

What is MediaPress's security score?

MediaPress has a WP-Safety security score of 95/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

MediaPress Security & Risk Analysis

wordpress.org/plugins/mediapress

MediaPress is the most advanced and feature rich media gallery plugin for BuddyPress & WordPress.

4K active installs v1.6.3 PHP + WP 5.0+ Updated Dec 31, 2025

buddypressbuddypress-gallerybuddypress-photo-gallerymediavideo-gallery

A · Safe

CVEs total3

Unpatched0

Last CVEJan 7, 2026

Plugin page Download

Safety Verdict

Is MediaPress Safe to Use in 2026?

Generally Safe

Score 95/100

MediaPress has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

3 known CVEsLast CVE: Jan 7, 2026Updated 4mo ago

Risk Assessment

Mediapress v1.6.3 presents a mixed security posture. While the plugin demonstrates good practices such as the extensive use of prepared statements for SQL queries and a significant number of nonce checks, there are notable areas of concern. The static analysis reveals a considerable attack surface, with 10 out of 32 entry points lacking authentication checks. This immediately raises a red flag for potential unauthorized access or manipulation. Furthermore, the taint analysis, while not revealing critical or high severity issues in this specific scan, did identify flows with unsanitized paths, hinting at potential vulnerabilities that might not be immediately apparent but could be exploited under specific conditions. The historical vulnerability data is also a cause for concern. The presence of 3 past CVEs, including a high severity one and two medium severity ones, with common types like XSS and PHP Remote File Inclusion, suggests a pattern of exploitable weaknesses. While there are no currently unpatched CVEs, the history indicates a recurring susceptibility to certain vulnerability classes that require careful attention and robust remediation efforts.

Key Concerns

Unprotected AJAX handlers present
Unsanitized paths in taint flows
History of High severity CVEs
History of Medium severity CVEs
Output escaping only 44% properly

Vulnerabilities

3 published

MediaPress Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

2 CVEs in 2026

2026

Patched Has unpatched

Severity Breakdown

High

Medium

3 total CVEs

CVE-2026-22519medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MediaPress <= 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 7, 2026 Patched in 1.6.3 (8d)

CVE-2025-14552medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MediaPress <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin's Shortcode

Jan 5, 2026 Patched in 1.6.2 (1d)

CVE-2025-58608high · 8.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

MediaPress <= 1.5.9.1 - Authenticated (Contributor+) Local File Inclusion

Sep 3, 2025 Patched in 1.6.0 (9d)

Version History

MediaPress Release Timeline

v1.6.3Current

v1.6.21 CVE

CVE-2026-22519

v1.6.12 CVEs

CVE-2026-22519 CVE-2025-14552

v1.6.02 CVEs

CVE-2026-22519 CVE-2025-14552

v1.5.9.13 CVEs

CVE-2026-22519 CVE-2025-58608 CVE-2025-14552

v1.5.93 CVEs

CVE-2026-22519 CVE-2025-58608 CVE-2025-14552

v1.5.83 CVEs

CVE-2026-22519 CVE-2025-58608 CVE-2025-14552

v1.5.73 CVEs

CVE-2026-22519 CVE-2025-58608 CVE-2025-14552

v1.5.63 CVEs

CVE-2026-22519 CVE-2025-58608 CVE-2025-14552

v1.5.53 CVEs

CVE-2026-22519 CVE-2025-58608 CVE-2025-14552

v1.5.43 CVEs

CVE-2026-22519 CVE-2025-58608 CVE-2025-14552

v1.5.33 CVEs

CVE-2026-22519 CVE-2025-58608 CVE-2025-14552

v1.5.23 CVEs

CVE-2026-22519 CVE-2025-58608 CVE-2025-14552

v1.5.13 CVEs

CVE-2026-22519 CVE-2025-58608 CVE-2025-14552

v1.5.03 CVEs

CVE-2026-22519 CVE-2025-58608 CVE-2025-14552

v1.4.93 CVEs

CVE-2026-22519 CVE-2025-58608 CVE-2025-14552

v1.4.83 CVEs

CVE-2026-22519 CVE-2025-58608 CVE-2025-14552

v1.4.73 CVEs

CVE-2026-22519 CVE-2025-58608 CVE-2025-14552

v1.4.63 CVEs

CVE-2026-22519 CVE-2025-58608 CVE-2025-14552

v1.4.53 CVEs

CVE-2026-22519 CVE-2025-58608 CVE-2025-14552

Code Analysis

Analyzed Mar 16, 2026

MediaPress Code Analysis

Dangerous Functions

Raw SQL Queries

65 prepared

Unescaped Output

395

307 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

89% prepared73 total queries

Output Escaping

44% escaped702 total outputs

Data Flows · Security

3 unsanitized

Data Flow Analysis

14 flows3 with unsanitized paths

mpp_directory_gallery_search_form (core\gallery\mpp-gallery-template-tags.php:1011)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

10 unprotected

MediaPress Attack Surface

Entry Points32

Unprotected10

AJAX Handlers 26

authwp_ajax_post_updatecore\ajax\class-mpp-ajax-activity-post-handler.php:48

authwp_ajax_mpp_add_commentcore\ajax\class-mpp-ajax-comment-helper.php:52

authwp_ajax_mpp_add_replycore\ajax\class-mpp-ajax-comment-helper.php:53

authwp_ajax_mpp_publish_gallery_mediacore\ajax\class-mpp-ajax-gallery-action-handler.php:63

authwp_ajax_mpp_hide_unpublished_mediacore\ajax\class-mpp-ajax-gallery-action-handler.php:64

authwp_ajax_mpp_delete_mediacore\ajax\class-mpp-ajax-gallery-action-handler.php:67

authwp_ajax_mpp_reorder_mediacore\ajax\class-mpp-ajax-gallery-action-handler.php:69

authwp_ajax_mpp_bulk_update_mediacore\ajax\class-mpp-ajax-gallery-action-handler.php:70

authwp_ajax_mpp_delete_gallery_covercore\ajax\class-mpp-ajax-gallery-action-handler.php:71

authwp_ajax_mpp_update_gallery_detailscore\ajax\class-mpp-ajax-gallery-action-handler.php:72

authwp_ajax_mpp_reload_bulk_editcore\ajax\class-mpp-ajax-gallery-action-handler.php:73

authwp_ajax_mpp_reload_add_mediacore\ajax\class-mpp-ajax-gallery-action-handler.php:74

authwp_ajax_mpp_filtercore\ajax\class-mpp-ajax-gallery-dir-loader.php:50

noprivwp_ajax_mpp_filtercore\ajax\class-mpp-ajax-gallery-dir-loader.php:51

authwp_ajax_mpp_fetch_activity_mediacore\ajax\class-mpp-ajax-lightbox-helper.php:47

noprivwp_ajax_mpp_fetch_activity_mediacore\ajax\class-mpp-ajax-lightbox-helper.php:48

authwp_ajax_mpp_fetch_gallery_mediacore\ajax\class-mpp-ajax-lightbox-helper.php:50

noprivwp_ajax_mpp_fetch_gallery_mediacore\ajax\class-mpp-ajax-lightbox-helper.php:51

authwp_ajax_mpp_lightbox_fetch_mediacore\ajax\class-mpp-ajax-lightbox-helper.php:53

noprivwp_ajax_mpp_lightbox_fetch_mediacore\ajax\class-mpp-ajax-lightbox-helper.php:54

authwp_ajax_mpp_update_lightbox_mediacore\ajax\class-mpp-ajax-lightbox-helper.php:55

authwp_ajax_mpp_reload_lightbox_mediacore\ajax\class-mpp-ajax-lightbox-helper.php:57

noprivwp_ajax_mpp_reload_lightbox_mediacore\ajax\class-mpp-ajax-lightbox-helper.php:58

authwp_ajax_mpp_add_remote_mediacore\ajax\class-mpp-ajax-remote-media-handler.php:46

authwp_ajax_mpp_add_mediacore\ajax\mpp-ajax.php:58

authwp_ajax_mpp_upload_covercore\ajax\mpp-ajax.php:59

Shortcodes 6

[mpp-create-gallery] core\shortcodes\mpp-shortcode-create-gallery.php:36

[mpp-list-gallery] core\shortcodes\mpp-shortcode-gallery-list.php:140

[mpp-show-gallery] core\shortcodes\mpp-shortcode-gallery-list.php:289

[mpp-list-media] core\shortcodes\mpp-shortcode-media-list.php:171

[mpp-media] core\shortcodes\mpp-shortcode-media-list.php:177

[mpp-uploader] core\shortcodes\mpp-shortcode-media-uploader.php:95

WordPress Hooks 181

actionpre_get_postsadmin\class-mpp-admin-gallery-list-helper.php:48

filterpost_row_actionsadmin\class-mpp-admin-gallery-list-helper.php:51

actionadmin_headadmin\class-mpp-admin-gallery-list-helper.php:53

actionadmin_initadmin\class-mpp-admin-post-helper.php:50

actionadmin_initadmin\class-mpp-admin-post-helper.php:52

actionadmin_menuadmin\class-mpp-admin-post-helper.php:53

actionadmin_enqueue_scriptsadmin\class-mpp-admin-post-helper.php:55

actionadmin_enqueue_scriptsadmin\class-mpp-admin-post-helper.php:57

actionpost_submitbox_misc_actionsadmin\class-mpp-admin-post-helper.php:62

actionedit_form_after_titleadmin\class-mpp-admin-post-helper.php:64

filtermpp_localizable_dataadmin\class-mpp-admin-post-helper.php:68

actionadd_meta_boxesadmin\class-mpp-admin-post-helper.php:186

filterposts_clausesadmin\mpp-admin-functions.php:87

actionmpp_loadedadmin\mpp-admin-loader.php:45

filteruser_row_actionsadmin\mpp-admin-misc.php:37

actionadmin_initadmin\mpp-admin.php:129

actionadmin_initadmin\mpp-admin.php:130

actionadmin_initadmin\mpp-admin.php:132

actionadmin_menuadmin\mpp-admin.php:134

actionadmin_noticesadmin\mpp-admin.php:135

actionadmin_enqueue_scriptsadmin\mpp-settings-manager\core\class-mpp-admin-settings-helper.php:56

filterattachment_fields_to_editadmin\tools\class-mpp-media-debugger.php:15

actionadmin_menuadmin\tools\debug\mpp-admin-debug-helper.php:17

filterbp_get_activity_css_classcore\ajax\class-mpp-ajax-activity-post-handler.php:125

filtermpp_do_not_record_add_media_activitycore\ajax\mpp-ajax.php:482

actionparse_querycore\api\mpp-actions-api.php:47

actionwpcore\api\mpp-actions-api.php:48

actionafter_setup_themecore\api\mpp-actions-api.php:50

actioninitcore\api\mpp-actions-api.php:51

actioninitcore\api\mpp-actions-api.php:52

actionwp_enqueue_scriptscore\api\mpp-actions-api.php:53

actionadmin_enqueue_scriptscore\api\mpp-actions-api.php:54

actionadmin_bar_menucore\api\mpp-actions-api.php:55

actiontemplate_redirectcore\api\mpp-actions-api.php:56

actionwidgets_initcore\api\mpp-actions-api.php:57

actionmpp_template_redirectcore\api\mpp-actions-api.php:60

actionmpp_template_redirectcore\api\mpp-actions-api.php:61

actionbefore_delete_postcore\class-mpp-deletion-actions-mapper.php:42

actiondelete_attachmentcore\class-mpp-deletion-actions-mapper.php:44

actiondeleted_postcore\class-mpp-deletion-actions-mapper.php:50

filtermpp_cleanup_single_media_on_deletecore\class-mpp-deletion-actions-mapper.php:52

filtercomments_clausescore\comments\class-mpp-comments-helper.php:21

filtercomment_feed_wherecore\comments\class-mpp-comments-helper.php:22

filterwp_count_commentscore\comments\class-mpp-comments-helper.php:25

actionmpp_gallery_loop_startcore\common\class-mpp-gallery-query.php:532

filtercron_schedulescore\common\mpp-cron.php:15

actionmpp_cleanup_schedulecore\common\mpp-cron.php:57

actiontemplate_noticescore\common\mpp-feedback-functions.php:65

actionmpp_actionscore\common\mpp-feedback-functions.php:75

actionmpp_actionscore\gallery\mpp-gallery-actions.php:121

actionmpp_actionscore\gallery\mpp-gallery-actions.php:226

actionmpp_actionscore\gallery\mpp-gallery-actions.php:284

actionmpp_actionscore\gallery\mpp-gallery-actions.php:397

actionmpp_actionscore\gallery\mpp-gallery-actions.php:454

actionmpp_actionscore\gallery\mpp-gallery-actions.php:510

actionmpp_actionscore\gallery\mpp-gallery-actions.php:580

actionmpp_actionscore\gallery\mpp-gallery-actions.php:618

actionmpp_gallery_deletedcore\gallery\mpp-gallery-actions.php:643

actionmpp_gallery_updatedcore\gallery\mpp-gallery-actions.php:645

actionmpp_gallery_createdcore\gallery\mpp-gallery-actions.php:673

actionmpp_gallery_createdcore\gallery\mpp-gallery-actions.php:691

actionmpp_gallery_updatedcore\gallery\mpp-gallery-actions.php:692

actionmpp_before_gallery_deletecore\gallery\mpp-gallery-actions.php:693

filterpost_type_linkcore\gallery\mpp-gallery-hooks.php:41

filtermpp_get_gallery_titlecore\gallery\mpp-gallery-hooks.php:45

filtermpp_get_gallery_titlecore\gallery\mpp-gallery-hooks.php:46

filtermpp_get_gallery_titlecore\gallery\mpp-gallery-hooks.php:47

filtermpp_get_gallery_titlecore\gallery\mpp-gallery-hooks.php:48

filtermpp_get_gallery_descriptioncore\gallery\mpp-gallery-hooks.php:50

filtermpp_get_gallery_descriptioncore\gallery\mpp-gallery-hooks.php:51

filtermpp_get_gallery_descriptioncore\gallery\mpp-gallery-hooks.php:52

filtermpp_get_gallery_descriptioncore\gallery\mpp-gallery-hooks.php:53

filtermpp_get_gallery_descriptioncore\gallery\mpp-gallery-hooks.php:54

filtermpp_get_gallery_descriptioncore\gallery\mpp-gallery-hooks.php:55

actionmpp_actionscore\gallery\mpp-gallery-screen.php:23

actionbp_screenscore\gallery\mpp-gallery-screen.php:24

actionbp_template_contentcore\gallery\mpp-gallery-screen.php:77

actionbp_template_contentcore\gallery\mpp-gallery-screen.php:96

actionbp_template_contentcore\gallery\mpp-gallery-screen.php:107

actionbp_template_contentcore\gallery\mpp-gallery-screen.php:119

actionbp_template_contentcore\gallery\mpp-gallery-screen.php:136

actionbp_template_contentcore\gallery\mpp-gallery-screen.php:153

actionmpp_before_bulkedit_media_formcore\gallery\mpp-gallery-template.php:48

actionmpp_actionscore\media\mpp-media-actions.php:117

actionmpp_actionscore\media\mpp-media-actions.php:176

actionmpp_actionscore\media\mpp-media-actions.php:233

actionmpp_media_addedcore\media\mpp-media-actions.php:265

actionmpp_media_deletedcore\media\mpp-media-actions.php:282

actionmpp_media_updatedcore\media\mpp-media-actions.php:284

filterattachment_linkcore\media\mpp-media-hooks.php:39

filtermpp_get_media_titlecore\media\mpp-media-hooks.php:42

filtermpp_get_media_titlecore\media\mpp-media-hooks.php:43

filtermpp_get_media_titlecore\media\mpp-media-hooks.php:44

filtermpp_get_media_titlecore\media\mpp-media-hooks.php:45

filtermpp_get_media_descriptioncore\media\mpp-media-hooks.php:47

filtermpp_get_media_descriptioncore\media\mpp-media-hooks.php:48

filtermpp_get_media_descriptioncore\media\mpp-media-hooks.php:49

filtermpp_get_media_descriptioncore\media\mpp-media-hooks.php:50

filtermpp_get_media_descriptioncore\media\mpp-media-hooks.php:51

filtermpp_get_media_descriptioncore\media\mpp-media-hooks.php:52

filtermpp_get_current_componentcore\mpp-hooks.php:41

filterwp_unique_post_slug_is_bad_attachment_slugcore\mpp-hooks.php:54

filterwp_unique_post_slug_is_bad_flat_slugcore\mpp-hooks.php:73

actionmpp_actionscore\mpp-hooks.php:98

actionpre_get_postscore\mpp-hooks.php:185

filteruser_has_capcore\mpp-hooks.php:204

filterbp_modify_page_titlecore\mpp-hooks.php:246

filterbody_classcore\mpp-hooks.php:316

filtercomments_opencore\mpp-hooks.php:350

actionmpp_setupcore\mpp-post-type.php:32

actionmpp_screenscore\mpp-theme-compat.php:28

actionbp_setup_theme_compatcore\mpp-theme-compat.php:40

filterbp_get_buddypress_templatecore\mpp-theme-compat.php:60

actionbp_template_include_reset_dummy_post_datacore\mpp-theme-compat.php:61

filterbp_replace_the_contentcore\mpp-theme-compat.php:62

filterbp_get_template_stackcore\mpp-theme-compat.php:141

filtersingle_templatecore\mpp-theme-compat.php:211

actionloop_startcore\mpp-theme-compat.php:218

filterthe_contentcore\mpp-theme-compat.php:220

filtermpp_replace_the_contentcore\mpp-theme-compat.php:274

filtermpp_get_current_component_idcore\users\mpp-user-hooks.php:22

actionwpmu_delete_usercore\users\mpp-user-hooks.php:39

actiondelete_usercore\users\mpp-user-hooks.php:40

actionmake_spam_usercore\users\mpp-user-hooks.php:41

actionmpp_gallery_deletedcore\users\mpp-user-hooks.php:71

actionmpp_gallery_createdcore\users\mpp-user-hooks.php:72

actionmpp_media_deletedcore\users\mpp-user-hooks.php:103

actionmpp_media_addedcore\users\mpp-user-hooks.php:104

actionmpp_widgets_initcore\widgets\mpp-widget-gallery.php:367

actionmpp_widgets_initcore\widgets\mpp-widget-media.php:391

actionplugins_loadedmediapress.php:375

actioninitmediapress.php:377

actionupdate_option_mpp-settingsmediapress.php:378

filterbp_activity_prefetch_object_datamodules\buddypress\activity\class-mpp-activity-media-cache-helper.php:29

filterupdate_user_metadatamodules\buddypress\activity\mpp-activity-actions.php:39

actionbp_activity_posted_updatemodules\buddypress\activity\mpp-activity-actions.php:51

actionbp_groups_posted_updatemodules\buddypress\activity\mpp-activity-actions.php:64

actionbp_register_activity_actionsmodules\buddypress\activity\mpp-activity-actions.php:98

filterbp_activity_get_permalinkmodules\buddypress\activity\mpp-activity-hooks.php:59

actionbp_activity_entry_contentmodules\buddypress\activity\mpp-activity-hooks.php:91

actionbp_activity_entry_contentmodules\buddypress\activity\mpp-activity-hooks.php:130

filtermpp_do_not_record_create_gallery_activitymodules\buddypress\activity\mpp-activity-hooks.php:163

filtermpp_get_context_gallerymodules\buddypress\activity\mpp-activity-hooks.php:201

actionbp_nouveau_includesmodules\buddypress\activity\mpp-activity-hooks.php:214

actionbp_after_activity_post_formmodules\buddypress\activity\mpp-activity-template.php:74

actionbp_after_activity_post_formmodules\buddypress\activity\mpp-activity-template.php:120

actiongroups_delete_groupmodules\buddypress\groups\mpp-bp-groups-actions.php:30

actionbp_before_group_settings_adminmodules\buddypress\groups\mpp-bp-groups-group-extension.php:111

actionbp_before_group_settings_creation_stepmodules\buddypress\groups\mpp-bp-groups-group-extension.php:112

actiongroups_group_settings_editedmodules\buddypress\groups\mpp-bp-groups-group-extension.php:130

actiongroups_create_groupmodules\buddypress\groups\mpp-bp-groups-group-extension.php:131

actiongroups_update_groupmodules\buddypress\groups\mpp-bp-groups-group-extension.php:132

filtermpp_get_current_component_idmodules\buddypress\groups\mpp-bp-groups-hooks.php:34

filtermpp_get_current_componentmodules\buddypress\groups\mpp-bp-groups-hooks.php:54

filtermpp_activity_action_media_uploadmodules\buddypress\groups\mpp-bp-groups-hooks.php:91

actionmpp_group_navmodules\buddypress\groups\mpp-bp-groups-hooks.php:116

filtermpp_user_can_edit_gallerymodules\buddypress\groups\mpp-bp-groups-hooks.php:146

filtermpp_user_can_delete_gallerymodules\buddypress\groups\mpp-bp-groups-hooks.php:148

filtermpp_user_can_edit_mediamodules\buddypress\groups\mpp-bp-groups-hooks.php:179

filtermpp_user_can_delete_mediamodules\buddypress\groups\mpp-bp-groups-hooks.php:180

filtermpp_main_gallery_query_argsmodules\buddypress\groups\mpp-bp-groups-hooks.php:200

actionbp_loadedmodules\buddypress\groups\mpp-bp-groups-loader.php:35

actionmpp_setupmodules\buddypress\groups\mpp-bp-groups-loader.php:57

filtermpp_get_editable_statusesmodules\buddypress\groups\mpp-bp-groups-loader.php:78

actionbp_loadedmodules\buddypress\mpp-bp-component.php:281

actionmpp_setupmodules\buddypress\mpp-bp-loader.php:55

actionbp_includemodules\buddypress\mpp-bp-loader.php:56

filtermpp_get_current_componentmodules\buddypress\mpp-bp-loader.php:58

filtermpp_get_current_component_idmodules\buddypress\mpp-bp-loader.php:59

actionbp_template_include_reset_dummy_post_datamodules\buddypress\mpp-bp-loader.php:60

actionbp_template_redirectmodules\buddypress\notifications\mpp-bp-notifications-helper.php:33

actionmpp_gallery_deletedmodules\buddypress\notifications\mpp-bp-notifications-helper.php:35

actionmpp_media_deletedmodules\buddypress\notifications\mpp-bp-notifications-helper.php:36

actionmpp_setupmpp-core-component.php:155

actionmpp_actionsmpp-core-component.php:157

actionbp_member_plugin_options_navmpp-core-component.php:160

actionmpp_group_navmpp-core-component.php:161

filterredirect_canonicalmpp-core-component.php:163

filtermpp_template_redirectmpp-core-component.php:164

actionmpp_setupmpp-init.php:234

actionmpp_setup_globalsmpp-init.php:312

Scheduled Events 1

mpp_cleanup_schedule

Maintenance & Trust

MediaPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.0

Last updatedDec 31, 2025

PHP min version

Downloads209K

Community Trust

Rating94/100

Number of ratings33

Active installs4K

Alternatives

MediaPress Alternatives

MediaPress Featured Content

mpp-featured-content

Let your users show their featured photos(or audio, video, doc) and featured galleries on their BuddyPress profile.

60 No CVEs

Mixed Media Gallery Blocks

simply-gallery-block

Create mixed media galleries with images, HTML5 video, YouTube, Vimeo, and VideoPress — all in one gallery by Simply Gallery.

40K 8 CVEs

rtMedia for WordPress, BuddyPress and bbPress

buddypress-media

Add albums, photo, audio/video upload, privacy, sharing, front-end uploads & more. All this works on mobile/tablets devices.

8K 14 CVEs

BP Attachments

bp-attachments

BP Attachments is a BuddyPress Add-on to manage your community members media.

1K No CVEs

BuddyPress Album

bp-album

Photo Albums for BuddyPress. Includes Posts to Activity Stream, Member Comments, and Gallery Privacy Controls.

70 No CVEs

Developer Profile

MediaPress Developer Profile

BuddyDev

15 plugins · 15K total installs

trust score

Avg Security Score

87/100

Avg Patch Time

17 days

View full developer profile

Detection Fingerprints

How We Detect MediaPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/mediapress/assets/css/frontend/gallery.css/wp-content/plugins/mediapress/assets/css/frontend/media.css/wp-content/plugins/mediapress/assets/css/frontend/members.css/wp-content/plugins/mediapress/assets/css/admin/admin.css/wp-content/plugins/mediapress/assets/css/admin/gallery-creation.css/wp-content/plugins/mediapress/assets/css/admin/media-upload.css/wp-content/plugins/mediapress/assets/css/admin/settings.css/wp-content/plugins/mediapress/assets/js/mediapress.js+12 more

Script Paths

/wp-content/plugins/mediapress/assets/js/mediapress.js/wp-content/plugins/mediapress/assets/js/mediapress-activity.js/wp-content/plugins/mediapress/assets/js/admin/gallery-creation.js/wp-content/plugins/mediapress/assets/js/admin/media-upload.js/wp-content/plugins/mediapress/assets/js/admin/media-manager.js/wp-content/plugins/mediapress/assets/js/admin/settings.js+7 more

Version Parameters

mediapress/assets/css/frontend/gallery.css?ver=mediapress/assets/css/frontend/media.css?ver=mediapress/assets/css/frontend/members.css?ver=mediapress/assets/css/admin/admin.css?ver=mediapress/assets/css/admin/gallery-creation.css?ver=mediapress/assets/css/admin/media-upload.css?ver=mediapress/assets/css/admin/settings.css?ver=mediapress/assets/js/mediapress.js?ver=mediapress/assets/js/mediapress-activity.js?ver=mediapress/assets/js/admin/gallery-creation.js?ver=mediapress/assets/js/admin/media-upload.js?ver=mediapress/assets/js/admin/media-manager.js?ver=mediapress/assets/js/admin/settings.js?ver=mediapress/assets/js/admin/common.js?ver=mediapress/assets/js/mediapress-gallery.js?ver=mediapress/assets/js/mediapress-media.js?ver=mediapress/assets/js/shortcodes/mpp-gallery.js?ver=mediapress/assets/js/shortcodes/mpp-media.js?ver=mediapress/assets/js/shortcodes/mpp-gallery-component.js?ver=mediapress/assets/js/shortcodes/mpp-media-component.js?ver=

HTML / DOM Fingerprints

CSS Classes

mpp-gallerympp-mediampp-gallery-widgetmpp-media-listmpp-gallery-gridmpp-media-gridmpp-upload-formmpp-gallery-creation-form+22 more

HTML Comments

+6 more

Data Attributes

data-mpp-gallery-iddata-mpp-media-iddata-mpp-gallery-typedata-mpp-media-typedata-mpp-componentdata-mpp-user-id+5 more

JS Globals

mediapressmpp

REST Endpoints

/wp-json/mediapress/v1/galleries/wp-json/mediapress/v1/media/wp-json/mediapress/v1/users/(?P<user_id>[\d]+)/galleries/wp-json/mediapress/v1/users/(?P<user_id>[\d]+)/media/wp-json/mediapress/v1/galleries/(?P<gallery_id>[\d]+)/media/wp-json/mediapress/v1/media/(?P<media_id>[\d]+)/wp-json/mediapress/v1/galleries/(?P<gallery_id>[\d]+)/wp-json/mediapress/v1/settings/wp-json/mediapress/v1/statuses/wp-json/mediapress/v1/types/wp-json/mediapress/v1/components

Shortcode Output

[mpp-gallery][mpp-media][mpp-gallery-component][mpp-media-component]

FAQ

MediaPress Security & Risk Analysis

Is MediaPress Safe to Use in 2026?

Generally Safe

Key Concerns

MediaPress Security Vulnerabilities

CVEs by Year

Severity Breakdown

MediaPress Release Timeline

MediaPress Code Analysis

SQL Query Safety

Output Escaping

Data Flow Analysis

MediaPress Attack Surface

AJAX Handlers 26

Shortcodes 6

Scheduled Events 1

MediaPress Maintenance & Trust

Maintenance Signals

Community Trust

MediaPress Alternatives

MediaPress Featured Content

Mixed Media Gallery Blocks

rtMedia for WordPress, BuddyPress and bbPress

BP Attachments

BuddyPress Album

MediaPress Developer Profile

How We Detect MediaPress

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about MediaPress