Does WP Add Mime Types have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Add Mime Types have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Add Mime Types compatible with WordPress 6.7.5?

According to WordPress.org data, WP Add Mime Types 3.1.2 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is WP Add Mime Types compatible with PHP 7.4+?

WP Add Mime Types requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP Add Mime Types updated?

WP Add Mime Types was last updated on Mar 30, 2025. Frequent updates are generally a positive security signal.

What is WP Add Mime Types's security score?

WP Add Mime Types has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Add Mime Types Security & Risk Analysis

wordpress.org/plugins/wp-add-mime-types

The plugin additionally allows the mime types and file extensions to WordPress.

50K active installs v3.1.2 PHP 7.4+ WP 6.2+ Updated Mar 30, 2025

file-extentionmime

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is WP Add Mime Types Safe to Use in 2026?

Generally Safe

Score 92/100

WP Add Mime Types has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "wp-add-mime-types" plugin v3.1.2 demonstrates several good security practices, including the absence of known vulnerabilities and the use of prepared statements for all SQL queries. The static analysis shows no external HTTP requests or file operations, and a robust implementation of nonce and capability checks for its identified entry points. Taint analysis also reveals no critical or high-severity vulnerabilities, suggesting a relatively secure codebase in terms of data flow risks.

However, the presence of three instances of the "unserialize" function is a notable concern. While the data surrounding these functions is not detailed in the provided analysis, "unserialize" is inherently risky if the data being processed is not strictly controlled and sanitized, as it can lead to Object Injection vulnerabilities. Additionally, only 33% of output is properly escaped, which could expose the application to Cross-Site Scripting (XSS) vulnerabilities if the unescaped output contains user-supplied or untrusted data.

Given the lack of historical vulnerabilities and the protected nature of its entry points, the plugin's overall security posture appears decent. Nevertheless, the identified risks associated with "unserialize" and insufficient output escaping warrant careful consideration and potential remediation to further strengthen its security.

Key Concerns

Use of unserialize function
Low percentage of properly escaped output

Vulnerabilities

None known

WP Add Mime Types Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Add Mime Types Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$mime_type_values = unserialize($settings['mime_type_values']);includes\admin.php:29

unserialize$past_mime_type_values = unserialize($past_settings['mime_type_values']);includes\admin.php:163

unserialize$mime_type_values = unserialize($settings['mime_type_values']);includes\network-admin.php:28

Output Escaping

33% escaped9 total outputs

Attack Surface

WP Add Mime Types Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 7

actionplugins_loadedwp-add-mime-types.php:35

actionnetwork_admin_menuwp-add-mime-types.php:39

actionadmin_menuwp-add-mime-types.php:42

filterupload_mimeswp-add-mime-types.php:88

filtersanitize_file_namewp-add-mime-types.php:139

filterwp_check_filetype_and_extwp-add-mime-types.php:184

filterwp_check_filetype_and_extwp-add-mime-types.php:186

Maintenance & Trust

WP Add Mime Types Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedMar 30, 2025

PHP min version7.4

Downloads627K

Community Trust

Rating84/100

Number of ratings24

Active installs50K

Alternatives

WP Add Mime Types Alternatives

Safe SVG

safe-svg

Enable SVG uploads and sanitize them to stop XML/SVG vulnerabilities in your WordPress website.

1.0M 6 CVEs

SVG Support

svg-support

Securely upload SVG files to your media library, with built-in sanitization and advanced features for styling and animation.

1.0M 6 CVEs

Enhanced Media Library

enhanced-media-library

This plugin would be handy for those who need to manage a lot of media files.

70K 1 CVE

File Upload Types by WPForms

file-upload-types

Easily allow WordPress to accept and upload any file type extension or MIME type, including custom file types.

30K 1 CVE

Disable Real MIME Check

disable-real-mime-check

Restores the ability to upload non-image files in WordPress 4.7.1 and 4.7.2.

10K No CVEs

Developer Profile

WP Add Mime Types Developer Profile

kimipooh

9 plugins · 54K total installs

trust score

Avg Security Score

93/100

Avg Patch Time

1460 days

View full developer profile

Detection Fingerprints

How We Detect WP Add Mime Types

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-add-mime-types/includes/admin.php/wp-content/plugins/wp-add-mime-types/includes/network-admin.php

HTML / DOM Fingerprints

FAQ