WP-Safety

Media Manager Plus Security & Risk Analysis

wordpress.org/plugins/uber-media

Upgrade the WordPress Media Manager and add support for Flickr, Instagram, 500px, Facebook etc.

100 active installs v1.4.5 PHP 5.6+ WP 4.6+ Updated Jul 28, 2021
500pximageimagesmanagermedia
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Media Manager Plus Safe to Use in 2026?

Generally Safe

Score 85/100

Media Manager Plus has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The "uber-media" plugin v1.4.5 exhibits a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and a lack of recorded vulnerabilities, several areas raise concerns. The static analysis reveals a notable attack surface with 5 AJAX handlers, of which 2 lack authentication checks. This is a significant risk, as unauthenticated AJAX endpoints can be exploited by attackers to perform unauthorized actions or exfiltrate data. Furthermore, the output escaping is only properly implemented in 38% of cases, indicating a potential for cross-site scripting (XSS) vulnerabilities in the remaining 62% of outputs. The absence of any known CVEs or past vulnerabilities is a positive sign, suggesting a generally diligent development team, but it does not negate the risks identified in the current code analysis.

Key Concerns

  • Unprotected AJAX handlers
  • Insufficient output escaping
  • Limited capability checks
Vulnerabilities
None known

Media Manager Plus Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Media Manager Plus Release Timeline

v1.4.5Current
v1.4.4
v1.4.3
v1.4.2
v1.4
v1.3
v1.2
v1.1
v1.0
Code Analysis
Analyzed Mar 16, 2026

Media Manager Plus Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
36
22 escaped
Nonce Checks
3
Capability Checks
1
File Operations
1
External Requests
2
Bundled Libraries
0

Output Escaping

38% escaped58 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
settings_page (uber-media.php:253)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Media Manager Plus Attack Surface

Entry Points5
Unprotected2

AJAX Handlers 5

authwp_ajax_uber_disconnectuber-media.php:82
authwp_ajax_uber_checkuber-media.php:83
authwp_ajax_uber_load_imagesuber-media.php:84
authwp_ajax_uber_param_choicesuber-media.php:85
authwp_ajax_uber_pre_insertuber-media.php:87
WordPress Hooks 18
filteruber_media_sourcesincludes\sources\500px.php:23
filteruber_media_settingsincludes\sources\500px.php:49
filteruber_media_sourcesincludes\sources\dribbble.php:23
filteruber_media_sourcesincludes\sources\flickr.php:23
filteruber_media_settingsincludes\sources\flickr.php:46
filteruber_media_sourcesincludes\sources\instagram.php:23
actionadmin_initincludes\wp-settings-framework.php:36
actionadmin_noticesincludes\wp-settings-framework.php:37
actionadmin_enqueue_scriptsincludes\wp-settings-framework.php:38
actionadmin_inituber-media.php:70
actionadmin_enqueue_scriptsuber-media.php:72
actionadmin_menuuber-media.php:73
actionadmin_headuber-media.php:74
actionadmin_inituber-media.php:76
actionadmin_inituber-media.php:77
actionprint_media_templatesuber-media.php:79
filtermedia_view_stringsuber-media.php:80
actionplugins_loadeduber-media.php:97
Maintenance & Trust

Media Manager Plus Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13
Last updatedJul 28, 2021
PHP min version5.6
Downloads23K

Community Trust

Rating76/100
Number of ratings10
Active installs100
Alternatives

Media Manager Plus Alternatives

WP Copyright

WP Copyright

wp-copyright

A
85

Enforces copyright discipline by blurring all uploaded images as long as the associated copyright info is undefined.

60 No CVEs
Instant Images – One-click Image Uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy

Instant Images – One-click Image Uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy

instant-images

A
98

One-click uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy directly to your WordPress media library.

200K 3 CVEs
Media Cleaner: Clean your WordPress!

Media Cleaner: Clean your WordPress!

media-cleaner

A
100

Clean your WordPress! Eliminate unused and broken media files. For a faster, and better website.

90K 1 CVE
Media Library Assistant

Media Library Assistant

media-library-assistant

B
76

Enhances the Media Library; powerful gallery and list shortcodes, full taxonomy support, IPTC/EXIF/XMP/PDF processing, bulk/quick edit.

70K 29 CVEs
Quick Featured Images

Quick Featured Images

quick-featured-images

A
97

The time-saving solution for managing tons of featured images within minutes: Set, replace and delete in bulk and set default images for future posts.

50K 3 CVEs
Developer Profile

Media Manager Plus Developer Profile

Macho Themes

1 plugin · 100 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Media Manager Plus

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/uber-media/assets/css/uber-media.css/wp-content/plugins/uber-media/assets/js/uber-media.js
Script Paths
/wp-content/plugins/uber-media/assets/js/uber-media.js
Version Parameters
uber-media/assets/js/uber-media.js?ver=uber-media/assets/css/uber-media.css?ver=

HTML / DOM Fingerprints

CSS Classes
mmp-welcome
HTML Comments
<!-- @todo:delete below commented lines --><!-- <h3><?php /*_e('Introducing Extensions', 'uber-media'); */?></h3> <?php /*$this->get_extensions(); */?> -->
Data Attributes
data-nonce
JS Globals
uber_media
REST Endpoints
/wp-json/uber_media/v1/settings/wp-json/uber_media/v1/sources/wp-json/uber_media/v1/sources/(?P<id>[\w-]+)/connect
FAQ

Frequently Asked Questions about Media Manager Plus