WP-Safety

Virtual Media Folders Security & Risk Analysis

wordpress.org/plugins/virtual-media-folders

Virtual folder organization and intelligent management for the WordPress Media Library, without altering file locations on disk.

90 active installs v2.0.3 PHP 8.3+ WP 6.8+ Updated Apr 4, 2026
aifoldersmediamedia-libraryorganization
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Virtual Media Folders Safe to Use in 2026?

Generally Safe

Score 100/100

Virtual Media Folders has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The virtual-media-folders plugin v2.0.0 exhibits a strong security posture based on the provided static analysis. The absence of dangerous functions, file operations, and external HTTP requests is commendable. All SQL queries are properly prepared, and a high percentage of output is escaped, minimizing the risk of common web vulnerabilities. Furthermore, the plugin demonstrates a good understanding of WordPress security best practices by implementing nonce and capability checks on all identified entry points. The vulnerability history being empty is also a positive indicator.

However, while the current analysis shows no critical or high-severity issues, the limited scope of the taint analysis (0 flows analyzed) means that more complex, chained vulnerabilities or those involving user input manipulation might not have been detected. The presence of AJAX handlers, even with current protection, represents a potential attack surface that warrants continuous monitoring. The plugin's strengths lie in its adherence to core WordPress security measures for SQL and output handling. The primary area for caution is the potential for undiscovered vulnerabilities due to the limited taint analysis depth.

Overall, the plugin appears to be developed with security in mind. The lack of known vulnerabilities and the robust implementation of security checks on its entry points suggest a well-maintained and secure plugin. The only significant consideration is the inherent unknown in security analysis, particularly concerning potential taint flows that were not explored.

Vulnerabilities
None known

Virtual Media Folders Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Virtual Media Folders Release Timeline

v2.0.3Current
v2.0.2
v2.0.0
v1.9.0
v1.8.3
v1.8.2
v1.8.1
v1.8.0
v1.7.2
v1.7.1
v1.7.0
v1.6.8
v1.6.6
v1.6.5
v1.6.4
v1.6.3
v1.6.2
v1.6.1
v1.6.0
v1.5.3
Code Analysis
Analyzed Mar 16, 2026

Virtual Media Folders Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
4 prepared
Unescaped Output
7
52 escaped
Nonce Checks
2
Capability Checks
4
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared4 total queries

Output Escaping

88% escaped59 total outputs
Attack Surface

Virtual Media Folders Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

authwp_ajax_vmfo_move_to_foldersrc\Admin.php:38
authwp_ajax_vmfo_bulk_move_to_foldersrc\Admin.php:39
WordPress Hooks 22
actioninitsrc\Addon\AbstractPlugin.php:66
actionadmin_noticessrc\AddonChecker.php:48
actionadmin_enqueue_scriptssrc\Admin.php:37
filterwp_generate_attachment_metadatasrc\Admin.php:40
actionadmin_head-upload.phpsrc\Admin.php:41
actionadmin_enqueue_scriptssrc\Admin.php:42
actionadmin_footer-upload.phpsrc\Admin.php:43
actionload-upload.phpsrc\Admin.php:44
actionadmin_body_classsrc\Admin.php:127
actionenqueue_block_editor_assetssrc\Editor.php:34
filterajax_query_attachments_argssrc\Editor.php:35
actionrest_api_initsrc\RestApi.php:42
actionadmin_menusrc\Settings.php:65
actionadmin_initsrc\Settings.php:66
actionadmin_enqueue_scriptssrc\Settings.php:67
filterwp_generate_attachment_metadatasrc\Suggestions.php:46
actioninitsrc\Taxonomy.php:44
filterterms_clausessrc\Taxonomy.php:47
actionadmin_noticesvirtual-media-folders.php:38
actionadmin_noticesvirtual-media-folders.php:49
actionplugins_loadedvirtual-media-folders.php:193
actioninitvirtual-media-folders.php:198
Maintenance & Trust

Virtual Media Folders Maintenance & Trust

Maintenance Signals

WordPress version tested7.0
Last updatedApr 4, 2026
PHP min version8.3
Downloads2K

Community Trust

Rating100/100
Number of ratings2
Active installs90
Alternatives

Virtual Media Folders Alternatives

Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types

Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types

wicked-folders

A
92

Organize your pages, posts, and custom post types into folders. Upgrade to pro for media library folders, WooCommerce integration, and more.

20K 22 CVEs
FlashFolders

FlashFolders

flashfolders

A
100

FlashFolders improves the WordPress media library by making it easier to organize and browse media files.

0 No CVEs
Media Folder Manager

Media Folder Manager

media-folder-manager

A
100

Organize media files into virtual folders with a modern, folder-based media manager for WordPress Media Library.

0 No CVEs
FileBird – WordPress Media Library Folders & File Manager

FileBird – WordPress Media Library Folders & File Manager

filebird

A
89

Organize thousands of WordPress media files in folders / categories with ease.

200K 10 CVEs
Real Media Library: Media Library Folder & File Manager

Real Media Library: Media Library Folder & File Manager

real-media-library-lite

A
99

Organize uploaded media in folders, collections and galleries: A file manager for WordPress. Media management made easy with Real Media Library! (Alte …

100K 4 CVEs
Developer Profile

Virtual Media Folders Developer Profile

PersianScript

102 plugins · 177K total installs

72
trust score
Avg Security Score
90/100
Avg Patch Time
304 days
View full developer profile
Detection Fingerprints

How We Detect Virtual Media Folders

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/virtual-media-folders/build/admin.css/wp-content/plugins/virtual-media-folders/build/admin.js/wp-content/plugins/virtual-media-folders/build/editor.css/wp-content/plugins/virtual-media-folders/build/editor.js/wp-content/plugins/virtual-media-folders/build/editor-wp7.css/wp-content/plugins/virtual-media-folders/build/frontend.css/wp-content/plugins/virtual-media-folders/build/frontend.js/wp-content/plugins/virtual-media-folders/build/frontend-wp7.css
Script Paths
/wp-content/plugins/virtual-media-folders/build/admin.js/wp-content/plugins/virtual-media-folders/build/editor.js/wp-content/plugins/virtual-media-folders/build/editor-wp7.js/wp-content/plugins/virtual-media-folders/build/frontend.js/wp-content/plugins/virtual-media-folders/build/frontend-wp7.js
Version Parameters
virtual-media-folders/build/admin.css?ver=virtual-media-folders/build/admin.js?ver=virtual-media-folders/build/editor.css?ver=virtual-media-folders/build/editor.js?ver=virtual-media-folders/build/editor-wp7.css?ver=virtual-media-folders/build/frontend.css?ver=virtual-media-folders/build/frontend.js?ver=virtual-media-folders/build/frontend-wp7.css?ver=

HTML / DOM Fingerprints

CSS Classes
vmfo-sidebar-visiblevmfo-sidebar-hiddenvmfo-folder-treevmfo-modal-foldersvmfo-media-gridvmfo-settings-tabvmfo-settings-tabs-wrapper
HTML Comments
<!-- Virtual Media Folders --><!-- Virtual Media Folders Admin --><!-- Virtual Media Folders Frontend --><!-- Virtual Media Folders Settings -->
Data Attributes
data-vmfo-folder-iddata-vmfo-parent-iddata-vmfo-is-new-folderdata-vmfo-is-renamingdata-vmfo-modal-target
JS Globals
window.vmfoAdminwindow.vmfoEditorwindow.vmfoFrontendwindow.vmfoSettings
REST Endpoints
/wp-json/vmfo/v1/folders/wp-json/vmfo/v1/folders/create/wp-json/vmfo/v1/folders/update/wp-json/vmfo/v1/folders/delete/wp-json/vmfo/v1/media/move
FAQ

Frequently Asked Questions about Virtual Media Folders