WP-Safety

Post Export Import with Media Security & Risk Analysis

wordpress.org/plugins/post-export-import-with-media

Easily export and import WP posts, pages, media, widgets, menus, themes, plugins & settings with their media files- secure, fast, and with real-ti …

500 active installs v1.3.0 PHP 7.4+ WP 6.7+ Updated Feb 13, 2026
export-mediaimportmigrationpage-exportpost-export
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Post Export Import with Media Safe to Use in 2026?

Generally Safe

Score 100/100

Post Export Import with Media has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "post-export-import-with-media" plugin v1.3.0 exhibits a mixed security posture. While it demonstrates good practices by utilizing prepared statements for all SQL queries and implementing a significant number of nonce and capability checks, several areas raise concerns. The presence of four AJAX handlers without authentication checks represents a direct attack vector that could be exploited by unauthenticated users. Additionally, the taint analysis revealed two high-severity flows with unsanitized paths, indicating potential risks related to file system manipulation or command injection if these flows are triggered with user-controlled input.

The plugin's vulnerability history is a positive indicator, showing zero known CVEs. This suggests that the plugin has historically been well-maintained and has not been a target for widespread exploitation. However, the absence of historical vulnerabilities does not negate the risks identified in the static analysis. The combination of an unprotected attack surface and high-severity taint flows warrants caution. Overall, the plugin has strengths in its SQL handling and general authorization checks, but the identified vulnerabilities in AJAX handlers and taint flows are significant and should be addressed to improve its security.

Key Concerns

  • Unprotected AJAX handlers
  • High severity taint flows found
  • Unsanitized paths in taint flows
  • Output escaping is only 60% proper
Vulnerabilities
None known

Post Export Import with Media Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Post Export Import with Media Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
4 prepared
Unescaped Output
248
376 escaped
Nonce Checks
51
Capability Checks
60
File Operations
16
External Requests
0
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

100% prepared4 total queries

Output Escaping

60% escaped624 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

13 flows5 with unsanitized paths
download_export_posts (includes\class-ajax-handler.php:211)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Post Export Import with Media Attack Surface

Entry Points53
Unprotected4

AJAX Handlers 53

authwp_ajax_peiwm_download_single_themeincludes\class-admin-download-buttons.php:61
authwp_ajax_peiwm_download_single_pluginincludes\class-admin-download-buttons.php:62
authwp_ajax_peiwm_import_widgets_menusincludes\class-admin-menu.php:64
authwp_ajax_peiwm_test_configincludes\class-ajax-handler.php:50
authwp_ajax_peiwm_get_media_statsincludes\class-ajax-handler.php:53
authwp_ajax_peiwm_get_content_statsincludes\class-ajax-handler.php:56
authwp_ajax_peiwm_batch_export_posts_startincludes\class-batch-processor.php:58
authwp_ajax_peiwm_batch_export_posts_processincludes\class-batch-processor.php:59
authwp_ajax_peiwm_batch_export_pages_startincludes\class-batch-processor.php:60
authwp_ajax_peiwm_batch_export_pages_processincludes\class-batch-processor.php:61
authwp_ajax_peiwm_batch_export_media_startincludes\class-batch-processor.php:62
authwp_ajax_peiwm_batch_export_media_processincludes\class-batch-processor.php:63
authwp_ajax_peiwm_batch_import_posts_startincludes\class-batch-processor.php:66
authwp_ajax_peiwm_batch_import_posts_processincludes\class-batch-processor.php:67
authwp_ajax_peiwm_batch_import_pages_startincludes\class-batch-processor.php:68
authwp_ajax_peiwm_batch_import_pages_processincludes\class-batch-processor.php:69
authwp_ajax_peiwm_batch_check_imagesincludes\class-batch-processor.php:72
authwp_ajax_peiwm_get_content_statsincludes\class-batch-settings.php:61
authwp_ajax_fetch_recommendationsincludes\class-generic-recommendations.php:151
authwp_ajax_peiwm_export_mediaincludes\class-media-handler.php:68
authwp_ajax_peiwm_import_media_startincludes\class-media-handler.php:69
authwp_ajax_peiwm_import_media_fileincludes\class-media-handler.php:70
authwp_ajax_peiwm_delete_mediaincludes\class-media-handler.php:71
authwp_ajax_peiwm_cleanup_media_batchincludes\class-media-handler.php:72
authwp_ajax_peiwm_export_pagesincludes\class-page-handler.php:57
authwp_ajax_peiwm_import_pageincludes\class-page-handler.php:58
authwp_ajax_peiwm_delete_pagesincludes\class-page-handler.php:59
authwp_ajax_peiwm_check_and_download_page_imageincludes\class-page-handler.php:60
authwp_ajax_peiwm_export_postsincludes\class-post-handler.php:57
authwp_ajax_peiwm_import_postincludes\class-post-handler.php:58
authwp_ajax_peiwm_delete_postsincludes\class-post-handler.php:59
authwp_ajax_peiwm_check_and_download_imageincludes\class-post-handler.php:60
authwp_ajax_peiwm_get_scheduled_backupsincludes\class-scheduled-exports.php:63
authwp_ajax_peiwm_delete_scheduled_backupincludes\class-scheduled-exports.php:64
authwp_ajax_peiwm_download_scheduled_backupincludes\class-scheduled-exports.php:65
authwp_ajax_peiwm_export_settingsincludes\class-settings-handler.php:144
authwp_ajax_peiwm_import_settingsincludes\class-settings-handler.php:145
authwp_ajax_peiwm_get_settings_previewincludes\class-settings-handler.php:146
authwp_ajax_peiwm_get_themes_listincludes\class-themes-plugins-handler.php:50
authwp_ajax_peiwm_export_themesincludes\class-themes-plugins-handler.php:51
authwp_ajax_peiwm_import_themesincludes\class-themes-plugins-handler.php:52
authwp_ajax_peiwm_get_plugins_listincludes\class-themes-plugins-handler.php:55
authwp_ajax_peiwm_export_pluginsincludes\class-themes-plugins-handler.php:56
authwp_ajax_peiwm_import_pluginsincludes\class-themes-plugins-handler.php:57
authwp_ajax_peiwm_import_widgets_menusincludes\class-widgets-menus-handler.php:52
authwp_ajax_peiwm_import_widgetsincludes\class-widgets-menus-handler.php:53
authwp_ajax_peiwm_import_nav_menusincludes\class-widgets-menus-handler.php:54
authwp_ajax_peiwm_export_widgetsincludes\class-widgets-menus-handler.php:125
authwp_ajax_peiwm_import_widgetsincludes\class-widgets-menus-handler.php:126
authwp_ajax_peiwm_export_nav_menusincludes\class-widgets-menus-handler.php:129
authwp_ajax_peiwm_import_nav_menusincludes\class-widgets-menus-handler.php:130
authwp_ajax_peiwm_export_widgets_menusincludes\class-widgets-menus-handler.php:133
authwp_ajax_peiwm_import_widgets_menusincludes\class-widgets-menus-handler.php:134
WordPress Hooks 44
actionadmin_footer-themes.phpincludes\class-admin-download-buttons.php:55
actionadmin_footer-plugins.phpincludes\class-admin-download-buttons.php:58
actionadmin_enqueue_scriptsincludes\class-admin-download-buttons.php:65
actionadmin_menuincludes\class-admin-menu.php:42
actionadmin_menuincludes\class-admin-menu.php:43
actionadmin_enqueue_scriptsincludes\class-admin-menu.php:44
actioncurrent_screenincludes\class-admin-menu.php:45
actionadmin_headincludes\class-admin-menu.php:62
actionadmin_footerincludes\class-admin-menu.php:63
actionwp_loadedincludes\class-admin-menu.php:67
actionwp_footerincludes\class-admin-menu.php:112
actionadmin_footerincludes\class-admin-menu.php:113
actionadmin_post_peiwm_export_posts_downloadincludes\class-ajax-handler.php:59
actionadmin_post_peiwm_export_media_downloadincludes\class-ajax-handler.php:60
actionadmin_initincludes\class-batch-settings.php:58
actionadmin_menuincludes\class-batch-settings.php:59
actionadmin_enqueue_scriptsincludes\class-batch-settings.php:60
actionactivated_pluginincludes\class-generic-recommendations.php:154
actiondeactivated_pluginincludes\class-generic-recommendations.php:155
filterheartbeat_settingsincludes\class-heartbeat-handler.php:50
actionshutdownincludes\class-heartbeat-handler.php:53
actioninitincludes\class-main.php:52
actionadmin_initincludes\class-main.php:53
actionplugins_loadedincludes\class-main.php:56
actionwp_loadedincludes\class-main.php:132
actionadmin_headincludes\class-main.php:133
actioncurrent_screenincludes\class-main.php:142
actionadmin_enqueue_scriptsincludes\class-main.php:143
actioninitincludes\class-main.php:199
actionwp_scheduled_deleteincludes\class-main.php:202
actionadmin_initincludes\class-main.php:205
actionadmin_initincludes\class-main.php:208
actionadmin_enqueue_scriptsincludes\class-main.php:211
filterhttp_request_timeoutincludes\class-page-handler.php:879
filterhttp_request_argsincludes\class-page-handler.php:880
filterhttp_request_timeoutincludes\class-post-handler.php:1008
filterhttp_request_argsincludes\class-post-handler.php:1009
actionadmin_menuincludes\class-scheduled-exports.php:58
actionadmin_enqueue_scriptsincludes\class-scheduled-exports.php:59
actionadmin_initincludes\class-scheduled-exports.php:60
actionpeiwm_scheduled_export_eventincludes\class-scheduled-exports.php:68
filtercron_schedulesincludes\class-scheduled-exports.php:69
actionwp_dieincludes\class-widgets-menus-handler.php:74
actionplugins_loadedpost-export-import-with-media.php:132

Scheduled Events 1

peiwm_scheduled_export_event
Maintenance & Trust

Post Export Import with Media Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 13, 2026
PHP min version7.4
Downloads3K

Community Trust

Rating100/100
Number of ratings3
Active installs500
Alternatives

Post Export Import with Media Alternatives

FG Joomla to WordPress

FG Joomla to WordPress

fg-joomla-to-wordpress

A
98

A plugin to migrate categories, posts, tags, images and other medias from Joomla to WordPress

7K 2 CVEs
S2W – Import Shopify to WooCommerce

S2W – Import Shopify to WooCommerce

import-shopify-to-woocommerce

A
99

Easily migrate all Shopify products and their collections(categories) to WooCommerce after several clicks

3K 1 CVE
Export Single Post Page

Export Single Post Page

single-post-page-export

A
100

Export (an XML file) a single post or page using WordPress' eXtended RSS (WXR). There's no need to export your entire database anymore!

2K No CVEs
FG Drupal to WordPress

FG Drupal to WordPress

fg-drupal-to-wp

A
97

A plugin to migrate articles, stories, pages, categories, tags, images from Drupal to WordPress

800 3 CVEs
Export/Import Media

Export/Import Media

calliope-media-import-export

A
100

The ultimate tool to migrate your media library. Export to CSV with Advanced Filters and Import securely with Drag & Drop (images, videos, audio a …

600 No CVEs
Developer Profile

Post Export Import with Media Developer Profile

wpazleen

5 plugins · 580 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Post Export Import with Media

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/post-export-import-with-media/assets/js/admin-download-buttons.js
Script Paths
/wp-content/plugins/post-export-import-with-media/assets/js/admin-download-buttons.js
Version Parameters
post-export-import-with-media/assets/js/admin-download-buttons.js?ver=

HTML / DOM Fingerprints

CSS Classes
peiwm-download-theme-btn
Data Attributes
data-theme
JS Globals
peiwm_download
FAQ

Frequently Asked Questions about Post Export Import with Media