Does Real Media Library: Media Library Folder & File Manager have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Real Media Library: Media Library Folder & File Manager compatible with WordPress 7.0?

According to WordPress.org data, Real Media Library: Media Library Folder & File Manager 4.22.72 has been tested up to WordPress 7.0. Check the plugin's changelog for the latest compatibility information.

Is Real Media Library: Media Library Folder & File Manager compatible with PHP 7.4.0+?

Real Media Library: Media Library Folder & File Manager requires PHP 7.4.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

Real Media Library: Media Library Folder & File Manager Security & Risk Analysis

wordpress.org/plugins/real-media-library-lite

Organize uploaded media in folders, collections and galleries: A file manager for WordPress. Media management made easy with Real Media Library! (Alte …

100K active installs v4.22.72 PHP 7.4.0+ WP 5.9+ Updated Mar 26, 2026

file-managermedia-foldermedia-library-foldermedia-library-folderswordpress-media-library-folders

A · Safe

CVEs total4

Unpatched0

Last CVEApr 15, 2024

Plugin page Download

Safety Verdict

Is Real Media Library: Media Library Folder & File Manager Safe to Use in 2026?

Generally Safe

Score 99/100

Real Media Library: Media Library Folder & File Manager has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

4 known CVEsLast CVE: Apr 15, 2024Updated 1mo ago

Risk Assessment

The plugin 'real-media-library-lite' v4.22.67 presents a mixed security profile. On the positive side, the static analysis reveals a very small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events that are accessible without authentication or proper permission checks. This indicates a generally well-secured entry point.

However, significant concerns arise from the output escaping. With 100% of the 20 identified outputs lacking proper escaping, there is a high risk of Cross-Site Scripting (XSS) vulnerabilities. Although taint analysis found no specific issues, the lack of output escaping creates a broad potential for attackers to inject malicious scripts. The plugin also has a history of four medium-severity CVEs, with common themes of Improper Input Validation and XSS, further underscoring the output escaping issue. While all known CVEs are currently patched, this history suggests a recurring pattern that requires ongoing vigilance.

In conclusion, while the plugin has a minimal attack surface, the pervasive lack of output escaping is a critical weakness. Coupled with a history of XSS-related vulnerabilities, this poses a substantial risk that needs immediate attention. The plugin demonstrates good practices in limiting entry points but fails in a fundamental area of output sanitization.

Key Concerns

100% of output unescaped
History of 4 medium CVEs
Vulnerability types include XSS
No nonce checks found

Vulnerabilities

4 published

Real Media Library: Media Library Folder & File Manager Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

1 CVE in 2023

2023

2 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

4 total CVEs

CVE-2024-2328medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Real Media Library <= 4.22.11 - Authenticated (Author+) Stored Cross-Site Scripting

Apr 15, 2024 Patched in 4.22.12 (66d)

CVE-2024-2027medium · 6.4Improper Input Validation

Real Media Library: Media Library Folder & File Manager <= 4.22.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 25, 2024 Patched in 4.22.8 (16d)

CVE-2023-0285medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Real Media Library: Media Library Folder & File Manager <= 4.18.28 - Authenticated (Author+) Stored Cross-Site Scripting

Feb 2, 2023 Patched in 4.18.29 (552d)

CVE-2021-34668medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WordPress Real Media Library <= 4.14.1 - Authenticated (Author) Stored Cross-Site Scripting

Aug 25, 2021 Patched in 4.14.2 (881d)

Version History

Real Media Library: Media Library Folder & File Manager Release Timeline

v4.22.72Current30 files changed

v4.22.6736 files changed

v4.22.6228 files changed

v4.22.6030 files changed

v4.22.5726 files changed

v4.22.5428 files changed

v4.22.4729 files changed

v4.22.4629 files changed

v4.22.4437 files changed

v4.22.4133 files changed

v4.22.3832 files changed

v4.22.2928 files changed

v4.22.2832 files changed

v4.22.2728 files changed

v4.22.2632 files changed

v4.22.2536 files changed

v4.22.2435 files changed

v4.22.2238 files changed

v4.22.2123 files changed

v4.22.20

Code Analysis

Analyzed Mar 16, 2026

Real Media Library: Media Library Folder & File Manager Code Analysis

Dangerous Functions

Raw SQL Queries

75 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

69% prepared108 total queries

Output Escaping

0% escaped20 total outputs

Attack Surface

Real Media Library: Media Library Folder & File Manager Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionadmin_noticesinc\base\others\fallback-already.php:16

actionadmin_noticesinc\base\others\fallback-php-version.php:24

actionadmin_noticesinc\base\others\fallback-rest-api.php:29

actionadmin_noticesinc\base\others\fallback-wp-version.php:28

Maintenance & Trust

Real Media Library: Media Library Folder & File Manager Maintenance & Trust

Maintenance Signals

WordPress version tested7.0

Last updatedMar 26, 2026

PHP min version7.4.0

Downloads3.7M

Community Trust

Rating96/100

Number of ratings283

Active installs100K

Alternatives

Real Media Library: Media Library Folder & File Manager Alternatives

FileBird – WordPress Media Library Folders & File Manager

filebird

Organize thousands of WordPress media files in folders / categories with ease.

200K 10 CVEs

iFolders – Ultimate Folder Organizer for Media Library, Pages, Posts and Users

ifolders

100

Take control of your media library, posts, pages, and other content with our folder manager. Organize your WordPress data into specific categories.

300 1 CVE

Easy Folders – WordPress Media Library Folders, File Manager

easy-folders

🔥 Easily arrange WordPress media files, pages & posts into folders or categories.

40 No CVEs

MediaCommander – Bring Folders to Media, Posts, and Pages

mediacommander

Take control of your data with our folder manager - organize your WordPress media library, posts, and pages into specific categories with ease.

40 1 CVE

Categorify – WordPress Media Library Category & File Manager

categorify

Organize your WordPress media files in categories via drag and drop.

1K 1 unpatched

Developer Profile

Real Media Library: Media Library Folder & File Manager Developer Profile

devowl.io GmbH

4 plugins · 210K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

402 days

View full developer profile

Detection Fingerprints

How We Detect Real Media Library: Media Library Folder & File Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/real-media-library-lite/public/css/rml.css/wp-content/plugins/real-media-library-lite/public/others/icons/css/rml.css/wp-content/plugins/real-media-library-lite/public/js/rml.lite.js/wp-content/plugins/real-media-library-lite/public/js/rml_gutenberg.lite.js

Script Paths

/wp-content/plugins/real-media-library-lite/public/js/rml.lite.js/wp-content/plugins/real-media-library-lite/public/js/rml_gutenberg.lite.js

Version Parameters

real-media-library-lite/public/css/rml.css?ver=real-media-library-lite/public/others/icons/css/rml.css?ver=real-media-library-lite/public/js/rml.lite.js?ver=real-media-library-lite/public/js/rml_gutenberg.lite.js?ver=

HTML / DOM Fingerprints

CSS Classes

rml-modalrml-galleryrml-folderrml-collection

HTML Comments

Data Attributes

data-rml-gallery-iddata-rml-folder-iddata-rml-collection-iddata-rml-droppable

JS Globals

rmlOptsRML

REST Endpoints

/wp-json/real-media-library-lite/v1/folders/wp-json/real-media-library-lite/v1/collections/wp-json/real-media-library-lite/v1/galleries

Shortcode Output

[realmedialibrary][rml_gallery][rml_folder][rml_collection]

FAQ