Does Real Media Library: Media Library Folder & File Manager have any unpatched vulnerabilities?

No. All known vulnerabilities in Real Media Library: Media Library Folder & File Manager have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Real Media Library: Media Library Folder & File Manager compatible with WordPress 6.9.4?

According to WordPress.org data, Real Media Library: Media Library Folder & File Manager 4.22.67 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Real Media Library: Media Library Folder & File Manager compatible with PHP 7.4.0+?

Real Media Library: Media Library Folder & File Manager requires PHP 7.4.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

Real Media Library: Media Library Folder & File Manager Security & Risk Analysis

wordpress.org/plugins/real-media-library-lite

Organize uploaded media in folders, collections and galleries: A file manager for WordPress. Media management made easy with Real Media Library! (Alte …

100K active installs v4.22.67 PHP 7.4.0+ WP 5.9+ Updated Feb 5, 2026

file-managermedia-foldermedia-library-foldermedia-library-folderswordpress-media-library-folders

A · Safe

CVEs total4

Unpatched0

Last CVEApr 15, 2024

Plugin page Download

Safety Verdict

Is Real Media Library: Media Library Folder & File Manager Safe to Use in 2026?

Generally Safe

Score 97/100

Real Media Library: Media Library Folder & File Manager has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Apr 15, 2024Updated 1mo ago

Risk Assessment

The plugin 'real-media-library-lite' v4.22.67 presents a mixed security profile. On the positive side, the static analysis reveals a very small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events that are accessible without authentication or proper permission checks. This indicates a generally well-secured entry point.

However, significant concerns arise from the output escaping. With 100% of the 20 identified outputs lacking proper escaping, there is a high risk of Cross-Site Scripting (XSS) vulnerabilities. Although taint analysis found no specific issues, the lack of output escaping creates a broad potential for attackers to inject malicious scripts. The plugin also has a history of four medium-severity CVEs, with common themes of Improper Input Validation and XSS, further underscoring the output escaping issue. While all known CVEs are currently patched, this history suggests a recurring pattern that requires ongoing vigilance.

In conclusion, while the plugin has a minimal attack surface, the pervasive lack of output escaping is a critical weakness. Coupled with a history of XSS-related vulnerabilities, this poses a substantial risk that needs immediate attention. The plugin demonstrates good practices in limiting entry points but fails in a fundamental area of output sanitization.

Key Concerns

100% of output unescaped
History of 4 medium CVEs
Vulnerability types include XSS
No nonce checks found

Vulnerabilities

Real Media Library: Media Library Folder & File Manager Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

1 CVE in 2023

2023

2 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

4 total CVEs

CVE-2024-2328medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Real Media Library <= 4.22.11 - Authenticated (Author+) Stored Cross-Site Scripting

Apr 15, 2024 Patched in 4.22.12 (66d)

CVE-2024-2027medium · 6.4Improper Input Validation

Real Media Library: Media Library Folder & File Manager <= 4.22.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 25, 2024 Patched in 4.22.8 (16d)

CVE-2023-0285medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Real Media Library: Media Library Folder & File Manager <= 4.18.28 - Authenticated (Author+) Stored Cross-Site Scripting

Feb 2, 2023 Patched in 4.18.29 (552d)

CVE-2021-34668medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WordPress Real Media Library <= 4.14.1 - Authenticated (Author) Stored Cross-Site Scripting

Aug 25, 2021 Patched in 4.14.2 (881d)

Code Analysis

Analyzed Mar 16, 2026

Real Media Library: Media Library Folder & File Manager Code Analysis

Dangerous Functions

Raw SQL Queries

75 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

69% prepared108 total queries

Output Escaping

0% escaped20 total outputs

Attack Surface

Real Media Library: Media Library Folder & File Manager Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionadmin_noticesinc\base\others\fallback-already.php:16

actionadmin_noticesinc\base\others\fallback-php-version.php:24

actionadmin_noticesinc\base\others\fallback-rest-api.php:29

actionadmin_noticesinc\base\others\fallback-wp-version.php:28

Maintenance & Trust

Real Media Library: Media Library Folder & File Manager Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 5, 2026

PHP min version7.4.0

Downloads3.7M

Community Trust

Rating96/100

Number of ratings280

Active installs100K

Alternatives

Real Media Library: Media Library Folder & File Manager Alternatives

FileBird – WordPress Media Library Folders & File Manager

filebird

Organize thousands of WordPress media files in folders / categories with ease.

200K 10 CVEs

iFolders – Ultimate Folder Organizer for Media Library, Pages, Posts and Users

ifolders

100

Take control of your media library, posts, pages, and other content with our folder manager. Organize your WordPress data into specific categories.

300 1 CVE

Easy Folders – WordPress Media Library Folders, File Manager

easy-folders

🔥 Easily arrange WordPress media files, pages & posts into folders or categories.

40 No CVEs

MediaCommander – Bring Folders to Media, Posts, and Pages

mediacommander

Take control of your data with our folder manager - organize your WordPress media library, posts, and pages into specific categories with ease.

40 1 CVE

Categorify – WordPress Media Library Category & File Manager

categorify

Organize your WordPress media files in categories via drag and drop.

1K 1 unpatched

Developer Profile

Real Media Library: Media Library Folder & File Manager Developer Profile

devowl.io GmbH

4 plugins · 210K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

402 days

View full developer profile

Detection Fingerprints

How We Detect Real Media Library: Media Library Folder & File Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/real-media-library-lite/public/css/rml.css/wp-content/plugins/real-media-library-lite/public/others/icons/css/rml.css/wp-content/plugins/real-media-library-lite/public/js/rml.lite.js/wp-content/plugins/real-media-library-lite/public/js/rml_gutenberg.lite.js

Script Paths

/wp-content/plugins/real-media-library-lite/public/js/rml.lite.js/wp-content/plugins/real-media-library-lite/public/js/rml_gutenberg.lite.js

Version Parameters

real-media-library-lite/public/css/rml.css?ver=real-media-library-lite/public/others/icons/css/rml.css?ver=real-media-library-lite/public/js/rml.lite.js?ver=real-media-library-lite/public/js/rml_gutenberg.lite.js?ver=

HTML / DOM Fingerprints

CSS Classes

rml-modalrml-galleryrml-folderrml-collection

HTML Comments

Data Attributes

data-rml-gallery-iddata-rml-folder-iddata-rml-collection-iddata-rml-droppable

JS Globals

rmlOptsRML

REST Endpoints

/wp-json/real-media-library-lite/v1/folders/wp-json/real-media-library-lite/v1/collections/wp-json/real-media-library-lite/v1/galleries

Shortcode Output

[realmedialibrary][rml_gallery][rml_folder][rml_collection]

FAQ