Pro Mime Types – Manage file media types Security & Risk Analysis
wordpress.org/plugins/pro-mime-typesPro Mime Types adds a nifty admin interface for allowing or blocking many file extensions for uploading media, documents, and other attachments.
Is Pro Mime Types – Manage file media types Safe to Use in 2026?
Generally Safe
Score 99/100Pro Mime Types – Manage file media types has a strong security track record. Known vulnerabilities have been patched promptly.
The 'pro-mime-types' plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL query execution, utilizing prepared statements exclusively, and it has no known unpatched vulnerabilities. The absence of external HTTP requests, file operations, and critical taint flows further contributes to its perceived stability.
However, significant concerns arise from the complete lack of output escaping. This indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities, where attacker-controlled data could be injected into web pages without proper sanitization. Additionally, the plugin has a history of two medium-severity CVEs, both related to Cross-Site Request Forgery (CSRF). While these are currently patched, the recurring nature of CSRF vulnerabilities suggests a potential underlying weakness in how user actions are validated or protected against unauthorized execution.
In conclusion, while the plugin avoids common pitfalls like unpatched vulnerabilities and insecure SQL, the pervasive issue of unescaped output presents a critical security blind spot. The historical pattern of CSRF also warrants attention. Users should be aware of the XSS risk and the need for vigilance regarding any future reported vulnerabilities.
Key Concerns
- 0% properly escaped output
- History of 2 medium CVEs (CSRF)
- No nonce checks
- No capability checks
Pro Mime Types – Manage file media types Security Vulnerabilities
CVEs by Year
Severity Breakdown
2 total CVEs
Pro Mime Types <= 1.0.7 - Cross-Site Request Forgery
Pro Mime Types - Manage file media types <= 1.0.7 - Cross-Site Request Forgery via pmt_settings_section_callback_tab_1
Pro Mime Types – Manage file media types Code Analysis
SQL Query Safety
Output Escaping
Pro Mime Types – Manage file media types Attack Surface
Maintenance & Trust
Pro Mime Types – Manage file media types Maintenance & Trust
Maintenance Signals
Community Trust
Pro Mime Types – Manage file media types Alternatives
AP Extended MIME Types
ap-extended-mime-types
This plugin extends the allowed uploadable MIME types to include a WIDE range of file types. Created specifically for WPMS...
bbPress Multi Image Uploader
bbpress-multi-image-uploader
Upload multiple images to bbPress topics and replies.
Add EXIF and IPTC meta data to Attachment Post
add-exif-and-iptc-meta-data-to-attachment
Extends the attachment meta data to include a much wider range of EXIF and IPTC information when an image is uploaded. This plugin does not output any …
WP-MultiTarget-Uploads-Sync-Tool
wp-multitarget-uploads-sync-tool
A WordPress plugin which able to sync attachments to multiple FTP targets.
CodeDrill Single Image Upload
codedrill-single-image-upload
This plugin will allow to upload an image as attachment. And you will get attachment id of the image. Shortcode: [CD_Single_IMAGE_UPLOAD].
Pro Mime Types – Manage file media types Developer Profile
11 plugins · 204K total installs
How We Detect Pro Mime Types – Manage file media types
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/pro-mime-types/assets/css/admin.css/wp-content/plugins/pro-mime-types/assets/js/admin.js/wp-content/plugins/pro-mime-types/assets/js/admin.jspro-mime-types/assets/css/admin.css?ver=pro-mime-types/assets/js/admin.js?ver=