Does Oli Media Cleaner have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Oli Media Cleaner compatible with WordPress 6.9.4?

According to WordPress.org data, Oli Media Cleaner 1.5.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Oli Media Cleaner compatible with PHP 7.4+?

Oli Media Cleaner requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Oli Media Cleaner updated?

Oli Media Cleaner was last updated on Mar 30, 2026. Frequent updates are generally a positive security signal.

What is Oli Media Cleaner's security score?

Oli Media Cleaner has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Oli Media Cleaner Security & Risk Analysis

wordpress.org/plugins/oli-media-cleaner

Scan and remove unused media files from your WordPress site to free up disk space.

10 active installs v1.5.0 PHP 7.4+ WP 5.8+ Updated Mar 30, 2026

cleanupdisk-spacemediamedia-cleanerunused-images

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Oli Media Cleaner Safe to Use in 2026?

Generally Safe

Score 100/100

Oli Media Cleaner has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The oli-media-cleaner plugin v1.5.0 exhibits a concerning security posture primarily due to a large number of unprotected AJAX endpoints. While the plugin demonstrates good practices in its use of prepared statements for SQL queries and generally robust output escaping, the 16 AJAX handlers without authentication checks represent a significant attack surface. This means any unauthenticated user could potentially trigger functionality within these handlers, leading to unintended actions or information disclosure.

The taint analysis reveals a high severity flow with unsanitized paths, indicating a potential vulnerability where user-supplied input might not be properly validated before being used in a sensitive operation. Coupled with the presence of the `unserialize` function, which is inherently risky when dealing with untrusted input, this warrants careful investigation and immediate remediation.

The plugin's vulnerability history is clean, with no known CVEs. This is a positive indicator, suggesting the developers may be diligent in addressing security issues as they arise. However, the static analysis findings, particularly the unprotected AJAX endpoints and the identified taint flow, highlight existing weaknesses that could be exploited even without prior known vulnerabilities. The overall assessment is that while the plugin has strengths in some areas, the unprotected attack surface and the taint flow represent significant risks that need to be addressed.

Key Concerns

16 AJAX handlers without auth checks
High severity taint flow with unsanitized paths
Use of dangerous function: unserialize
1 total flow with unsanitized paths

Vulnerabilities

None known

Oli Media Cleaner Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Oli Media Cleaner Release Timeline

v1.5.0Current

Code Analysis

Analyzed Apr 16, 2026

Oli Media Cleaner Code Analysis

Dangerous Functions

Raw SQL Queries

39 prepared

Unescaped Output

114 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$data = @unserialize($val);includes/class-scanner.php:400

unserialize$data = @unserialize($val);includes/class-scanner.php:520

unserialize$data = @unserialize($val);includes/class-scanner.php:545

SQL Query Safety

100% prepared39 total queries

Output Escaping

99% escaped115 total outputs

Data Flows · Security

3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths

ajax_remove_whitelist_bulk (includes/class-admin.php:740)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

16 unprotected

Oli Media Cleaner Attack Surface

Entry Points16

Unprotected16

AJAX Handlers 16

authwp_ajax_olimc_start_scanincludes/class-admin.php:11

authwp_ajax_olimc_scan_batchincludes/class-admin.php:12

authwp_ajax_olimc_get_resultsincludes/class-admin.php:13

authwp_ajax_olimc_trash_singleincludes/class-admin.php:14

authwp_ajax_olimc_trash_bulkincludes/class-admin.php:15

authwp_ajax_olimc_trash_all_batchincludes/class-admin.php:16

authwp_ajax_olimc_delete_singleincludes/class-admin.php:17

authwp_ajax_olimc_delete_bulkincludes/class-admin.php:18

authwp_ajax_olimc_whitelist_singleincludes/class-admin.php:19

authwp_ajax_olimc_whitelist_bulkincludes/class-admin.php:20

authwp_ajax_olimc_remove_whitelistincludes/class-admin.php:21

authwp_ajax_olimc_remove_whitelist_bulkincludes/class-admin.php:22

authwp_ajax_olimc_restore_singleincludes/class-admin.php:23

authwp_ajax_olimc_restore_bulkincludes/class-admin.php:24

authwp_ajax_olimc_save_cron_settingsincludes/class-admin.php:25

authwp_ajax_olimc_empty_trash_batchincludes/class-admin.php:26

WordPress Hooks 3

actionadmin_menuincludes/class-admin.php:7

actionadmin_enqueue_scriptsincludes/class-admin.php:8

actionolimc_scheduled_cleanupincludes/class-admin.php:29

Scheduled Events 1

olimc_scheduled_cleanup

Maintenance & Trust

Oli Media Cleaner Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 30, 2026

PHP min version7.4

Downloads99

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Oli Media Cleaner Alternatives

Unattached Media Manager

unattached-media-manager

100

Fix the WordPress Unattached media filter. Automatically attach used media files to their posts so you can safely clean up your library.

30 No CVEs

PixRem – Unused Image Cleaner

pixrem

100

Find and delete unused images in your Media Library. Backup, restore, whitelist, and scan support for all major page builders.

20 No CVEs

Media Cleaner and Database Optimizer by ITPath

itpathsolutions-media-cleaner-and-database-optimizer

100

The most powerful tool for clearing unused media from your website and optimizing your database to boost site performance

10 No CVEs

MA Smart Image Cleaner

ma-smart-image-cleaner

100

Safely find and clean unused images in your WordPress Media Library without breaking your website.

10 No CVEs

Assetbroom – Unused Media & Duplicate Image Cleaner

assetbroom-media-cleaner

100

Detect unused images, duplicate media files, and safely clean your WordPress media library without breaking your website.

0 No CVEs

Developer Profile

Oli Media Cleaner Developer Profile

Olivier Bigras

3 plugins · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Oli Media Cleaner

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/oli-media-cleaner/assets/css/admin.css/wp-content/plugins/oli-media-cleaner/assets/js/admin.js

Version Parameters

oli-media-cleaner/assets/css/admin.css?ver=oli-media-cleaner/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

olimc-statsolimc-scan-btnolimc-progress-wrapolimc-progress-fillolimc-progress-textolimc-unused-count

Data Attributes

data-tab

JS Globals

olimcObj

REST Endpoints

/wp-json/olimc-api/v1/scan/wp-json/olimc-api/v1/results/wp-json/olimc-api/v1/trash/wp-json/olimc-api/v1/delete/wp-json/olimc-api/v1/whitelist/wp-json/olimc-api/v1/restore/wp-json/olimc-api/v1/cron

FAQ