Does MMWW have any unpatched vulnerabilities?

No. All known vulnerabilities in MMWW have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is MMWW compatible with WordPress 6.9.4?

According to WordPress.org data, MMWW 2.0.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is MMWW compatible with PHP 5.6+?

MMWW requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is MMWW updated?

MMWW was last updated on Jan 26, 2026. Frequent updates are generally a positive security signal.

What is MMWW's security score?

MMWW has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

MMWW Security & Risk Analysis

wordpress.org/plugins/mmww

Media Metadata Workflow Wizard: Integrate your media metadata workflow with WordPress's Media Library

200 active installs v2.0.0 PHP 5.6+ WP 4.6+ Updated Jan 26, 2026

audioexifimagesiptcmetadata

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is MMWW Safe to Use in 2026?

Generally Safe

Score 100/100

MMWW has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The plugin "mmww" v2.0.0 exhibits a strong security posture based on the provided static analysis. The complete absence of identified AJAX handlers, REST API routes, shortcodes, and cron events as entry points significantly reduces the attack surface. Furthermore, the analysis shows no dangerous functions, all SQL queries are properly prepared, and there are no critical or high severity taint flows. This indicates a conscious effort by the developers to implement secure coding practices.

However, there are areas for improvement. While the total number of outputs is moderate, the fact that 32% of them are not properly escaped presents a potential risk of Cross-Site Scripting (XSS) vulnerabilities, especially if user-supplied data is involved in these outputs. The presence of file operations without explicit details on their nature also warrants a closer look, though no specific vulnerabilities were flagged. The plugin's vulnerability history being completely clean is a positive sign, suggesting consistent security focus over time.

In conclusion, "mmww" v2.0.0 demonstrates a robust foundation of secure coding, particularly in its handling of the attack surface and database interactions. The primary concern lies with the unescaped output, which should be addressed to mitigate potential XSS risks. The absence of any historical vulnerabilities is a significant strength.

Key Concerns

Unescaped output present

Vulnerabilities

None known

MMWW Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

MMWW Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

13 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

68% escaped19 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

reread_before_form_populate (code\reread.php:132)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

MMWW Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 22

filterattachment_fields_to_editcode\audio_shortcode_34_support.php:9

filtermedia_send_to_editorcode\audio_shortcode_34_support.php:10

filtermedia_send_to_editorcode\audio_shortcode_35_support.php:9

actionadmin_menucode\mmww_admin.php:12

actionadmin_initcode\mmww_admin.php:13

filtermmww_filter_metadatacode\mmww_media_upload.php:14

filtermmww_filter_metadatacode\mmww_media_upload.php:15

filtermmww_format_metadatacode\mmww_media_upload.php:17

filterwp_generate_attachment_metadatacode\mmww_media_upload.php:23

filterwp_update_attachment_metadatacode\mmww_media_upload.php:24

filterwp_update_attachment_metadatacode\mmww_media_upload.php:25

filterupdate_attached_filecode\mmww_media_upload.php:28

filterwp_read_image_metadatacode\mmww_media_upload.php:30

filterwp_read_audio_metadatacode\mmww_media_upload.php:31

filterwp_read_video_metadatacode\mmww_media_upload.php:32

filterpost_mime_typescode\pdfextras.php:10

actiondbx_post_advancedcode\reread.php:16

actionedit_form_after_editorcode\reread.php:17

filtermedia_row_actionscode\reread.php:18

filterattachment_fields_to_editcode\reread.php:19

actionadmin_noticescode\reread.php:20

actioninitmmww.php:45

Maintenance & Trust

MMWW Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 26, 2026

PHP min version5.6

Downloads11K

Community Trust

Rating90/100

Number of ratings11

Active installs200

Alternatives

MMWW Alternatives

Remove exif and metadata

remove-exif-and-metadata

Automatically remove exif and metadata data after uploading. Just moment supported format: JPG and PNG. Using ImageMagick

200 No CVEs

Force use of ImageMagick image library

mhm-forceimagemagick

100

Forces WordPress to use the ImageMagick image library. This plugin is no longer maintained.

100 No CVEs

X3P0: Media Data

x3p0-media-data

100

Display image, audio, and video metadata fields—EXIF, ID3, and more—right inside the WordPress block editor, instantly and flexibly.

0 No CVEs

WP Strip Image Metadata

wp-strip-image-metadata

Strip image metadata on upload or via bulk action, and view image EXIF data.

1K No CVEs

EXIF Remover

exif-remover

100

Remove EXIF data from images on upload.

300 No CVEs

Developer Profile

MMWW Developer Profile

OllieJones

6 plugins · 60K total installs

100

trust score

Avg Security Score

100/100

Avg Patch Time

6 days

View full developer profile

Detection Fingerprints

How We Detect MMWW

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/mmww/code/pdfextras.php/wp-content/plugins/mmww/code/reread.php/wp-content/plugins/mmww/code/mmww_admin.php/wp-content/plugins/mmww/code/mmww_media_upload.php/wp-content/plugins/mmww/code/audio_shortcode_34_support.php/wp-content/plugins/mmww/code/audio_shortcode_35_support.php/wp-content/plugins/mmww/code/exif.php

HTML / DOM Fingerprints

CSS Classes

audio-player-mmww_attach_data_div

HTML Comments

+9 more

Data Attributes

data-link-urldata-mmww-datadata-mmww-attach-id

JS Globals

mmww_ajax_object

Shortcode Output

[audio [audio file|titles=[audio file|titles=[audio

FAQ