Does TP Media Offload & Edge CDN have any unpatched vulnerabilities?

No. All known vulnerabilities in TP Media Offload & Edge CDN have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is TP Media Offload & Edge CDN compatible with WordPress 6.9.4?

According to WordPress.org data, TP Media Offload & Edge CDN 1.0.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is TP Media Offload & Edge CDN compatible with PHP 8.0+?

TP Media Offload & Edge CDN requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is TP Media Offload & Edge CDN updated?

TP Media Offload & Edge CDN was last updated on Mar 5, 2026. Frequent updates are generally a positive security signal.

What is TP Media Offload & Edge CDN's security score?

TP Media Offload & Edge CDN has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

TP Media Offload & Edge CDN Security & Risk Analysis

wordpress.org/plugins/tp-media-offload-edge-cdn

Offload WordPress media to Cloudflare R2 storage and serve via CDN with automatic image optimization.

0 active installs v1.0.0 PHP 8.0+ WP 6.0+ Updated Mar 5, 2026

cdncloudflareimage-optimizationmediaoffload

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is TP Media Offload & Edge CDN Safe to Use in 2026?

Generally Safe

Score 100/100

TP Media Offload & Edge CDN has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "tp-media-offload-edge-cdn" v1.0.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for a high percentage of its SQL queries and properly escaping the vast majority of its outputs. The absence of known CVEs and a clean vulnerability history are also strong indicators of a well-maintained and secure codebase. The presence of nonce and capability checks, along with the limited number of file operations and external HTTP requests, further contribute to a generally robust foundation.

However, a significant concern arises from the plugin's attack surface. With 29 AJAX handlers identified, a substantial 24 of them lack authentication checks. This creates a wide entry point for potential attackers to interact with the plugin's functionality without proper authorization, which could lead to unintended actions or data manipulation. While the taint analysis did not reveal critical or high-severity issues, the single flow with an unsanitized path warrants attention. The bundled Guzzle library, though not flagged as outdated in the provided data, is a common component that, if not kept up-to-date, could introduce vulnerabilities.

In conclusion, the plugin has a solid foundation in terms of core secure coding practices. The primary weakness lies in the excessive number of unprotected AJAX endpoints. Addressing this critical oversight by implementing proper authentication and authorization checks on these handlers should be the top priority to significantly mitigate the identified risks. The vulnerability history is encouraging, but the large attack surface remains a notable area of concern.

Key Concerns

Unprotected AJAX handlers (24/29)
Flow with unsanitized path
Bundled library (Guzzle) may pose risk

Vulnerabilities

None known

TP Media Offload & Edge CDN Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

TP Media Offload & Edge CDN Code Analysis

Dangerous Functions

Raw SQL Queries

58 prepared

Unescaped Output

139 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Guzzle

SQL Query Safety

76% prepared76 total queries

Output Escaping

96% escaped145 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

ajax_save_settings (src\Admin\Ajax\SettingsAjaxHandler.php:76)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

24 unprotected

TP Media Offload & Edge CDN Attack Surface

Entry Points29

Unprotected24

AJAX Handlers 29

authwp_ajax_cfr2_get_statssrc\Admin\Ajax\ActivityAjaxHandler.php:30

authwp_ajax_cfr2_get_activity_logsrc\Admin\Ajax\ActivityAjaxHandler.php:31

authwp_ajax_cfr2_retry_failedsrc\Admin\Ajax\ActivityAjaxHandler.php:32

authwp_ajax_cfr2_retry_singlesrc\Admin\Ajax\ActivityAjaxHandler.php:33

authwp_ajax_cfr2_clear_logsrc\Admin\Ajax\ActivityAjaxHandler.php:34

authwp_ajax_cfr2_bulk_offload_allsrc\Admin\Ajax\BulkOperationAjaxHandler.php:70

authwp_ajax_cfr2_bulk_restore_allsrc\Admin\Ajax\BulkOperationAjaxHandler.php:71

authwp_ajax_cfr2_bulk_delete_localsrc\Admin\Ajax\BulkOperationAjaxHandler.php:72

authwp_ajax_cfr2_process_bulk_itemsrc\Admin\Ajax\BulkOperationAjaxHandler.php:73

authwp_ajax_cfr2_process_restore_itemsrc\Admin\Ajax\BulkOperationAjaxHandler.php:74

authwp_ajax_cfr2_process_delete_local_itemsrc\Admin\Ajax\BulkOperationAjaxHandler.php:75

authwp_ajax_cfr2_cancel_bulksrc\Admin\Ajax\BulkOperationAjaxHandler.php:76

authwp_ajax_cfr2_get_bulk_progresssrc\Admin\Ajax\BulkOperationAjaxHandler.php:77

authwp_ajax_cfr2_get_bulk_countssrc\Admin\Ajax\BulkOperationAjaxHandler.php:78

authwp_ajax_cfr2_get_pending_itemssrc\Admin\Ajax\BulkOperationAjaxHandler.php:79

authwp_ajax_cfr2_cancel_pending_itemsrc\Admin\Ajax\BulkOperationAjaxHandler.php:80

authwp_ajax_cfr2_clear_pendingsrc\Admin\Ajax\BulkOperationAjaxHandler.php:81

authwp_ajax_cfr2_save_settingssrc\Admin\Ajax\SettingsAjaxHandler.php:32

authwp_ajax_cfr2_test_r2src\Admin\Ajax\SettingsAjaxHandler.php:33

authwp_ajax_cfr2_validate_cdn_dnssrc\Admin\Ajax\SettingsAjaxHandler.php:34

authwp_ajax_cfr2_enable_dns_proxysrc\Admin\Ajax\SettingsAjaxHandler.php:35

authwp_ajax_cfr2_deploy_workersrc\Admin\Ajax\WorkerAjaxHandler.php:29

authwp_ajax_cfr2_remove_workersrc\Admin\Ajax\WorkerAjaxHandler.php:30

authwp_ajax_cfr2_worker_statussrc\Admin\Ajax\WorkerAjaxHandler.php:31

authwp_ajax_cfr2_cleanup_datasrc\Admin\DeactivationHandler.php:27

authwp_ajax_cfr2_offload_singlesrc\Admin\MediaLibraryExtension.php:62

authwp_ajax_cfr2_restore_singlesrc\Admin\MediaLibraryExtension.php:63

authwp_ajax_cfr2_delete_local_singlesrc\Admin\MediaLibraryExtension.php:64

authwp_ajax_cfr2_offload_attachmentsrc\Admin\MediaLibraryExtension.php:68

WordPress Hooks 35

actionadmin_menusrc\Admin\AdminMenu.php:79

actionadmin_initsrc\Admin\AdminMenu.php:80

actionadmin_enqueue_scriptssrc\Admin\AdminMenu.php:81

actionadmin_enqueue_scriptssrc\Admin\DeactivationHandler.php:26

actionpre_get_postssrc\Admin\MediaLibraryExtension.php:45

filtermanage_media_columnssrc\Admin\MediaLibraryExtension.php:48

actionmanage_media_custom_columnsrc\Admin\MediaLibraryExtension.php:49

filtermedia_row_actionssrc\Admin\MediaLibraryExtension.php:52

filterbulk_actions-uploadsrc\Admin\MediaLibraryExtension.php:55

filterhandle_bulk_actions-uploadsrc\Admin\MediaLibraryExtension.php:56

actionadmin_noticessrc\Admin\MediaLibraryExtension.php:59

filterattachment_fields_to_editsrc\Admin\MediaLibraryExtension.php:67

filterthe_postssrc\Admin\MediaLibraryExtension.php:87

filterwp_generate_attachment_metadatasrc\Hooks\MediaUploadHooks.php:37

actiondelete_attachmentsrc\Hooks\MediaUploadHooks.php:41

actioncfr2_process_queuesrc\Hooks\MediaUploadHooks.php:42

filterrender_block_core/imagesrc\Integrations\GutenbergIntegration.php:45

filterrender_block_core/gallerysrc\Integrations\GutenbergIntegration.php:48

filterrender_block_core/coversrc\Integrations\GutenbergIntegration.php:51

filterrender_block_core/media-textsrc\Integrations\GutenbergIntegration.php:54

actionrest_api_initsrc\Integrations\RestApiIntegration.php:30

filterwoocommerce_single_product_image_thumbnail_htmlsrc\Integrations\WooCommerceIntegration.php:46

filterwoocommerce_product_get_imagesrc\Integrations\WooCommerceIntegration.php:47

filterwoocommerce_cart_item_thumbnailsrc\Integrations\WooCommerceIntegration.php:48

actionwoocommerce_process_product_metasrc\Integrations\WooCommerceIntegration.php:51

actioncfr2_cleanup_statssrc\Plugin.php:92

actionadmin_enqueue_scriptssrc\PublicSide\Assets.php:24

actionwp_enqueue_scriptssrc\PublicSide\Assets.php:25

filterwp_get_attachment_urlsrc\Services\URLRewriter.php:65

filterwp_get_attachment_image_attributessrc\Services\URLRewriter.php:66

filterwp_get_attachment_image_srcsrc\Services\URLRewriter.php:70

filterwp_calculate_image_srcsetsrc\Services\URLRewriter.php:71

filterwp_content_img_tagsrc\Services\URLRewriter.php:74

actionshutdownsrc\Services\URLRewriter.php:135

actionplugins_loadedtp-media-offload-edge-cdn.php:34

Scheduled Events 3

cfr2_cleanup_stats

cfr2_process_queue

Maintenance & Trust

TP Media Offload & Edge CDN Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 5, 2026

PHP min version8.0

Downloads141

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

TP Media Offload & Edge CDN Alternatives

Codirun R2 Media & Static CDN

codirun-codir2me-cdn

100

Upload JS, CSS, SVG, fonts and images to Cloudflare R2 and serve them via Cloudflare CDN to speed up your WordPress site and reduce server load.

10 No CVEs

Media Cloud for Bunny CDN, Amazon S3, Cloudflare R2, Google Cloud Storage, DigitalOcean and more

ilab-media-tools

Automatically store media on Amazon S3, Cloudflare R2, Google Cloud Storage, DigitalOcean Spaces + others. Serve CSS/JS assets through CDNs.

7K 1 CVE

Advanced Media Offloader

advanced-media-offloader

100

Save server space & speed up your site by automatically offloading media to Amazon S3, Cloudflare R2 & more.

3K No CVEs

Offload Media – Cloud Storage

offload-media-cloud-storage

100

Offload Media moves your WordPress files to cloud storage (AWS S3, DigitalOcean, Cloudflare R2, Google Cloud) to improve site performance.

1K No CVEs

Yctvn Media Offload for Cloudflare R2

yctvn-media-offload-cloudflare-r2

100

Automatically offload your WordPress media library to Cloudflare R2 Storage for improved performance and reduced hosting costs.

100 No CVEs

Developer Profile

TP Media Offload & Edge CDN Developer Profile

thachpn165

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect TP Media Offload & Edge CDN

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/tp-media-offload-edge-cdn/assets/css/admin.css/wp-content/plugins/tp-media-offload-edge-cdn/assets/js/admin.js

Script Paths

/wp-content/plugins/tp-media-offload-edge-cdn/assets/js/admin.js

Version Parameters

tp-media-offload-edge-cdn/assets/css/admin.css?ver=tp-media-offload-edge-cdn/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

toplevel_page_tp-media-offload-edge-cdn

Data Attributes

data-cfr2-bucketdata-cfr2-regiondata-cfr2-endpoint

JS Globals

window.tp_media_offload_edge_cdn_params

REST Endpoints

/wp-json/tp-media-offload-edge-cdn/v1/settings

FAQ