WP-Safety

Tags for Media Library Security & Risk Analysis

wordpress.org/plugins/nggtags-for-wp-media-library

Features for using taxonomy tags with Media Library. Also converts NextGEN Gallery images to WordPress Media Library images.

10 active installs v1.2.3.7.2 PHP + WP 4.6+ Updated Mar 31, 2018
convertormedia-librarynextgen-gallerynggtagstaxonomy-tags
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Tags for Media Library Safe to Use in 2026?

Generally Safe

Score 85/100

Tags for Media Library has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The "nggtags-for-wp-media-library" v1.2.3.7.2 plugin exhibits a mixed security posture. On the positive side, it demonstrates strong practices regarding database interactions, with all SQL queries utilizing prepared statements, and it has no recorded vulnerability history, indicating a generally stable and secure past.

However, there are significant concerns related to its attack surface and data handling. A substantial number of AJAX handlers (7 out of 7) lack authentication checks, creating potential entry points for unauthorized actions. Furthermore, the taint analysis revealed two high-severity flows with unsanitized paths, which could lead to injection vulnerabilities if user-supplied data is not properly validated before being used in sensitive operations. The presence of the `unserialize` function also raises a red flag, as it can be a vector for remote code execution if used with untrusted input.

While the lack of historical CVEs is reassuring, the current code analysis highlights areas that require immediate attention. The unprotected AJAX endpoints and the high-severity taint flows are the most critical risks. The limited use of output escaping also presents a potential for cross-site scripting (XSS) vulnerabilities. Overall, the plugin has some foundational security strengths but suffers from critical vulnerabilities in its attack surface and data sanitization that need to be addressed.

Key Concerns

  • AJAX handlers without auth checks
  • High severity taint flows
  • Dangerous function: unserialize
  • Low output escaping percentage
  • Low nonce checks compared to entry points
Vulnerabilities
None known

Tags for Media Library Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Tags for Media Library Release Timeline

v1.2.3.7.2Current
v1.2.3.7
v1.2.3.6.3
v1.2.3.6.2
v1.2.3.6.1
v1.2.3.6
v1.2.3.5.1
v1.2.3.5
v1.2.3.4.1
v1.2.3.4
v1.2.3.3.1
v1.2.3.3
v1.2.3.2
v1.2.3.1
v1.2.3
v1.2.1
v1.2
v1.1.1.8
v1.1.1.7
v1.1.1.6
Code Analysis
Analyzed Apr 16, 2026

Tags for Media Library Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
63 prepared
Unescaped Output
98
23 escaped
Nonce Checks
3
Capability Checks
10
File Operations
1
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserializeforeach ( unserialize( $result->sortorder ) as $gallery ) {update-to-wp-media-library.php:420

SQL Query Safety

100% prepared63 total queries

Output Escaping

19% escaped121 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths
<nggtags-for-wp-media-library> (nggtags-for-wp-media-library.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
7 unprotected

Tags for Media Library Attack Surface

Entry Points13
Unprotected7

AJAX Handlers 7

authwp_ajax_nggml_update_screen_optionsnggtags-for-wp-media-library.php:1162
authwp_ajax_nggml_get_imagenggtags-for-wp-media-library.php:1175
authwp_ajax_nggml_get_media_table_rowsnggtags-for-wp-media-library.php:1191
authwp_ajax_nggml_clear_options_from_databasenggtags-for-wp-media-library.php:1208
authwp_ajax_nggml_searchnggtags-search-widget.php:728
noprivwp_ajax_nggml_searchnggtags-search-widget.php:732
authwp_ajax_update_for_nggtags_on_media_libraryupdate-to-wp-media-library.php:180

Shortcodes 6

[nggtags] nggtags-for-wp-media-library.php:699
[nggallery] nggtags-for-wp-media-library.php:900
[slideshow] nggtags-for-wp-media-library.php:901
[singlepic] nggtags-for-wp-media-library.php:908
[album] nggtags-for-wp-media-library.php:934
[gallery] nggtags-for-wp-media-library.php:1067
WordPress Hooks 35
filterterms_to_editclass-wp-media-list-table-for-nggtags.php:418
actionadmin_noticesnggtags-for-wp-media-library-loader.php:37
actionadmin_noticesnggtags-for-wp-media-library-loader.php:53
actionadmin_initnggtags-for-wp-media-library.php:81
filterpre_update_optionnggtags-for-wp-media-library.php:436
actionupdated_optionnggtags-for-wp-media-library.php:442
actionwp_loadednggtags-for-wp-media-library.php:459
actionadmin_headnggtags-for-wp-media-library.php:463
actionadmin_initnggtags-for-wp-media-library.php:470
actionadmin_menunggtags-for-wp-media-library.php:502
actionload-media_page_tml_uploadnggtags-for-wp-media-library.php:517
filterplugin_action_linksnggtags-for-wp-media-library.php:521
actioninitnggtags-for-wp-media-library.php:530
actionwp_enqueue_scriptsnggtags-for-wp-media-library.php:588
actionwp_loadednggtags-for-wp-media-library.php:1065
filterposts_wherenggtags-for-wp-media-library.php:1121
filterpost_limits_requestnggtags-for-wp-media-library.php:1154
actionwp_enqueue_scriptsnggtags-for-wp-media-library.php:1239
filterwp_get_attachment_image_attributesnggtags-for-wp-media-library.php:1275
filterwp_get_attachment_linknggtags-for-wp-media-library.php:1279
actionwidgets_initnggtags-search-widget.php:510
actionadmin_enqueue_scriptsnggtags-search-widget.php:514
actionwp_enqueue_scriptsnggtags-search-widget.php:519
actionwp_footernggtags-search-widget.php:523
filterdo_parse_requestnggtags-search-widget.php:534
actionparse_querynggtags-search-widget.php:538
filterposts_wherenggtags-search-widget.php:545
filterpost_limitsnggtags-search-widget.php:720
actiontemplate_redirectnggtags-search-widget.php:738
actioninitupdate-to-wp-media-library.php:48
actionadmin_menuupdate-to-wp-media-library.php:80
filterposts_joinupload.php:244
filterposts_whereupload.php:260
filterposts_orderbyupload.php:316
actionadmin_footerupload.php:592
Maintenance & Trust

Tags for Media Library Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28
Last updatedMar 31, 2018
PHP min version
Downloads6K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

Tags for Media Library Alternatives

NextCellent Media Library Addon

NextCellent Media Library Addon

nextcellent-gallery-media-addon

A
85

This plugin adds a feature to NextCellent Gallery to add an image from the WP Media Library.

40 No CVEs
FileBird – WordPress Media Library Folders & File Manager

FileBird – WordPress Media Library Folders & File Manager

filebird

A
89

Organize thousands of WordPress media files in folders / categories with ease.

200K 10 CVEs
Instant Images – One-click Image Uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy

Instant Images – One-click Image Uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy

instant-images

A
98

One-click uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy directly to your WordPress media library.

200K 3 CVEs
Real Media Library: Media Library Folder & File Manager

Real Media Library: Media Library Folder & File Manager

real-media-library-lite

A
99

Organize uploaded media in folders, collections and galleries: A file manager for WordPress. Media management made easy with Real Media Library! (Alte &hellip;

100K 4 CVEs
Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager

Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager

folders

A
89

Create unlimited folders with the Folders WordPress plugin, organize & manage your Media Library files, Pages & Posts in folders 📁

90K 6 CVEs
Developer Profile

Tags for Media Library Developer Profile

Magenta Cuda

5 plugins · 50 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Tags for Media Library

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/nggtags-for-wp-media-library/css/nggtags-wp-media-library-admin.css/wp-content/plugins/nggtags-for-wp-media-library/css/nggtags-wp-media-library.css/wp-content/plugins/nggtags-for-wp-media-library/js/nggtags-wp-media-library.js/wp-content/plugins/nggtags-for-wp-media-library/js/nggtags-wp-media-library-admin.js
Script Paths
/wp-content/plugins/nggtags-for-wp-media-library/js/nggtags-wp-media-library.js/wp-content/plugins/nggtags-for-wp-media-library/js/nggtags-wp-media-library-admin.js
Version Parameters
nggtags-for-wp-media-library/css/nggtags-wp-media-library-admin.css?ver=nggtags-for-wp-media-library/css/nggtags-wp-media-library.css?ver=nggtags-for-wp-media-library/js/nggtags-wp-media-library.js?ver=nggtags-for-wp-media-library/js/nggtags-wp-media-library-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
nggtags-wp-media-library-adminnggtags-wp-media-library
HTML Comments
NextGEN Gallery's nggtags for WordPress's Media Library will not work with PHP versionPlease uninstall it or upgrade your PHP version toNextGEN Gallery's nggtags for WordPress's Media Library will not work with WordPress versionPlease uninstall it or upgrade your WordPress version to+23 more
Data Attributes
data-nggtags-wp-media-library-id
JS Globals
nggtags_wp_media_library_params
FAQ

Frequently Asked Questions about Tags for Media Library