Does SortMeThis have any unpatched vulnerabilities?

No. All known vulnerabilities in SortMeThis have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is SortMeThis compatible with WordPress 6.5.8?

According to WordPress.org data, SortMeThis 1.1 has been tested up to WordPress 6.5.8. Check the plugin's changelog for the latest compatibility information.

How often is SortMeThis updated?

SortMeThis was last updated on Unknown. Frequent updates are generally a positive security signal.

What is SortMeThis's security score?

SortMeThis has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

SortMeThis Security & Risk Analysis

wordpress.org/plugins/sort-me-this

Manage your WordPress media in a deeper and more precise way!

0 active installs v1.1 PHP + WP 5.0+ Updated Unknown

media-categorymedia-organizermedia-sorting-pluginorganize-mediasort-media

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is SortMeThis Safe to Use in 2026?

Generally Safe

Score 100/100

SortMeThis has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The "sort-me-this" plugin v1.1 presents a significant security risk primarily due to a large attack surface composed entirely of unprotected AJAX handlers. While the plugin demonstrates good practices by using prepared statements for SQL and avoiding dangerous functions or file operations, the lack of authorization checks on all 16 AJAX entry points is a critical oversight. This means any authenticated user, regardless of their role or capabilities, could potentially trigger these handlers and manipulate the plugin's functionality.

Taint analysis reveals flows with unsanitized paths, indicating a potential for path traversal vulnerabilities, though no critical or high severity issues were flagged. This is concerning because even if no immediate critical exploits are evident, the presence of unsanitized paths is a foundational weakness that could be leveraged with specific inputs. The absence of any recorded vulnerability history might suggest a lack of past exploitation or discovery, but this should not be interpreted as an indication of current robust security, especially given the identified code weaknesses.

In conclusion, the plugin has some positive security attributes, such as the use of prepared statements. However, the overwhelming number of unprotected AJAX endpoints and the taint analysis findings create a substantial risk. The plugin's security posture is poor due to the exposed attack surface. Remediation should prioritize adding proper authentication and capability checks to all AJAX handlers.

Key Concerns

Unprotected AJAX handlers
Flows with unsanitized paths
Limited capability checks
Output escaping is insufficient (55% unescaped)

Vulnerabilities

None known

SortMeThis Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

SortMeThis Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

26 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

45% escaped58 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths

smet_show_filtered_media (admin\class-sort-me-this-admin.php:134)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

16 unprotected

SortMeThis Attack Surface

Entry Points16

Unprotected16

AJAX Handlers 16

authwp_ajax_smet_show_filtered_mediaincludes\class-sort-me-this.php:160

noprivwp_ajax_smet_show_filtered_mediaincludes\class-sort-me-this.php:161

authwp_ajax_smet_retrieve_infoincludes\class-sort-me-this.php:163

noprivwp_ajax_smet_retrieve_infoincludes\class-sort-me-this.php:164

authwp_ajax_smet_edit_metadataincludes\class-sort-me-this.php:166

noprivwp_ajax_smet_edit_metadataincludes\class-sort-me-this.php:167

authwp_ajax_smet_save_cat_onlyincludes\class-sort-me-this.php:169

noprivwp_ajax_smet_save_cat_onlyincludes\class-sort-me-this.php:170

authwp_ajax_smet_save_new_media_categoryincludes\class-sort-me-this.php:172

noprivwp_ajax_smet_save_new_media_categoryincludes\class-sort-me-this.php:173

authwp_ajax_smet_delete_media_categoryincludes\class-sort-me-this.php:175

noprivwp_ajax_smet_delete_media_categoryincludes\class-sort-me-this.php:176

authwp_ajax_smet_edit_existent_media_categoryincludes\class-sort-me-this.php:178

noprivwp_ajax_smet_edit_existent_media_categoryincludes\class-sort-me-this.php:179

authwp_ajax_smet_delete_mediaincludes\class-sort-me-this.php:181

noprivwp_ajax_smet_delete_mediaincludes\class-sort-me-this.php:182

WordPress Hooks 6

actionplugins_loadedincludes\class-sort-me-this.php:141

actionadmin_enqueue_scriptsincludes\class-sort-me-this.php:156

actionadmin_enqueue_scriptsincludes\class-sort-me-this.php:157

actionadmin_menuincludes\class-sort-me-this.php:158

actionwp_enqueue_scriptsincludes\class-sort-me-this.php:197

actionwp_enqueue_scriptsincludes\class-sort-me-this.php:198

Maintenance & Trust

SortMeThis Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8

Last updatedUnknown

PHP min version

Downloads980

Community Trust

Rating100/100

Number of ratings1

Active installs0

Alternatives

SortMeThis Alternatives

Media Library Organizer – WordPress Media Library Folders & File Manager

media-library-organizer

100

Create unlimited Media Library folders and subfolders to organize your files. Export Media Library folders, set default attributes & more.

10K No CVEs

Media Library Folders

media-library-plus

Easier file and folder management for WordPress Media Library for Galleries and Albums

10K 8 CVEs

WP Media Category Management

wp-media-category-management

A plugin to provide bulk category management functionality for media in WordPress sites.

6K 2 CVEs

AzDrive – WordPress Media Folders & Organizer

azdrive

100

Organize your media library with folders and subfolders. Drag & drop files, color folders, sort and import from other plugins.

30 No CVEs

MediaSpark – Organize Your Media Library

mediaspark

100

Organize your WordPress media with folders, tags, and bulk editing. Auto alt text, analytics dashboard, and beautiful interface.

0 No CVEs

Developer Profile

SortMeThis Developer Profile

algaweb

2 plugins · 0 total installs

trust score

Avg Security Score

96/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect SortMeThis

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/sort-me-this/css/sort-me-this-admin.css/wp-content/plugins/sort-me-this/selectize/dist/css/selectize.css/wp-content/plugins/sort-me-this/css/jquery-ui.css/wp-content/plugins/sort-me-this/js/sort-me-this-admin.js/wp-content/plugins/sort-me-this/selectize/dist/js/standalone/selectize.min.js/wp-content/plugins/sort-me-this/partials/img/sortmethis_icon.png

Script Paths

selectize/dist/css/selectize.csscss/jquery-ui.cssjs/sort-me-this-admin.jsselectize/dist/js/standalone/selectize.min.jspartials/img/sortmethis_icon.png

Version Parameters

sort-me-this/css/sort-me-this-admin.css?ver=sort-me-this/js/sort-me-this-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

smt-curr-page

HTML Comments

The Sort_Me_This_Loader will then create the relationship
         between the defined hooks and the functions defined in this
         class.

Data Attributes