WP-Safety

WP Media Pro Security & Risk Analysis

wordpress.org/plugins/wp-media-pro

The must have media toolkit for WordPress. Edit individual image for specific screen sizes, organize media and images into folders, media tags, image …

10 active installs v1.1.2 PHP + WP 5.6+ Updated Jan 28, 2021
image-tagsimagesmediamedia-categoriesmedia-folders
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WP Media Pro Safe to Use in 2026?

Generally Safe

Score 85/100

WP Media Pro has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The plugin "wp-media-pro" v1.1.2 exhibits a generally strong security posture, with an excellent adherence to best practices in critical areas. All identified entry points, including AJAX handlers, lack any immediate concerns regarding the absence of authentication checks. The plugin also demonstrates a commitment to secure database interactions, with 100% of SQL queries utilizing prepared statements. Furthermore, the vast majority of output is properly escaped, and nonce checks are present for all AJAX handlers. The absence of known CVEs and a clean vulnerability history further bolsters confidence in its current security status.

However, a few areas warrant closer scrutiny. The presence of two "flows with unsanitized paths" in the taint analysis, although not categorized as critical or high severity, indicates a potential for insecure file operations or path manipulation if these paths are user-controlled or interact with external data. While the static analysis shows only one file operation in total, the nature of these unsanitized paths needs further investigation to understand the exact risk. The limited number of capability checks (2) might also suggest that some functionalities within the AJAX handlers could potentially be accessed by users with insufficient privileges if not carefully managed within the handler logic itself. The plugin's attack surface is moderate with 11 AJAX handlers, and while all appear to have authentication checks present, the capability checks are less comprehensive.

In conclusion, "wp-media-pro" v1.1.2 is built on a solid foundation of secure coding practices. The lack of historical vulnerabilities and adherence to many security best practices are significant strengths. The primary area for improvement and potential risk lies in the two unsanitized path flows identified in the taint analysis. A deeper dive into these specific flows is recommended to ensure they do not lead to any security vulnerabilities, particularly in the context of file handling or path traversal.

Key Concerns

  • Flows with unsanitized paths found
  • Limited capability checks on entry points
Vulnerabilities
None known

WP Media Pro Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

WP Media Pro Release Timeline

v1.1.2Current
v1.1.1
v1.1
v1.0
Code Analysis
Analyzed Mar 17, 2026

WP Media Pro Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
4
50 escaped
Nonce Checks
11
Capability Checks
2
File Operations
1
External Requests
0
Bundled Libraries
0

Output Escaping

93% escaped54 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
ajax_image_editor (inc\classes\Modules\Edit\Edit.php:113)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WP Media Pro Attack Surface

Entry Points11
Unprotected0

AJAX Handlers 11

authwp_ajax_image-editorinc\classes\Modules\Edit\Edit.php:22
authwp_ajax_wpmp_edit_previewinc\classes\Modules\Edit\Edit.php:24
authwp_ajax_wpmp_create_folderinc\classes\Modules\Folders\Folders.php:31
authwp_ajax_wpmp_delete_folderinc\classes\Modules\Folders\Folders.php:32
authwp_ajax_wpmp_get_foldersinc\classes\Modules\Folders\Folders.php:33
authwp_ajax_wpmp_get_folder_pathinc\classes\Modules\Folders\Folders.php:34
authwp_ajax_wpmp_move_imageinc\classes\Modules\Folders\Folders.php:35
authwp_ajax_wpmp_rename_folderinc\classes\Modules\Folders\Folders.php:36
authwp_ajax_wpmp_get_taxonomy_termsinc\classes\Modules\Taxonomies\Taxonomies.php:27
authwp_ajax_wpmp_remove_taxonomy_terminc\classes\Modules\Taxonomies\Taxonomies.php:28
authwp_ajax_wpmp_add_taxonomy_terminc\classes\Modules\Taxonomies\Taxonomies.php:29
WordPress Hooks 19
filterattachment_fields_to_editinc\classes\Modules\Credits\Credits.php:25
filterattachment_fields_to_saveinc\classes\Modules\Credits\Credits.php:26
actionenqueue_block_editor_assetsinc\classes\Modules\Credits\Credits.php:27
actionadmin_enqueue_scriptsinc\classes\Modules\Edit\Edit.php:23
filterwp_image_resize_identical_dimensionsinc\classes\Modules\Edit\Edit.php:25
actionadmin_enqueue_scriptsinc\classes\Modules\Folders\Folders.php:29
actioninitinc\classes\Modules\Folders\Folders.php:30
filterajax_query_attachments_argsinc\classes\Modules\Folders\Folders.php:37
actionattachment_submitbox_misc_actionsinc\classes\Modules\Folders\Folders.php:38
filtertemplate_redirectinc\classes\Modules\SingleView\SingleView.php:27
filterattachment_linkinc\classes\Modules\SingleView\SingleView.php:28
actionadmin_print_footer_scriptsinc\classes\Modules\SingleView\SingleView.php:29
filtermedia_row_actionsinc\classes\Modules\SingleView\SingleView.php:30
actioninitinc\classes\Modules\Taxonomies\Taxonomies.php:25
actionadmin_enqueue_scriptsinc\classes\Modules\Taxonomies\Taxonomies.php:26
actionadmin_enqueue_scriptsinc\core.php:14
actionplugins_loadedinc\core.php:15
actionadmin_menuinc\dashboard.php:18
actionadmin_initinc\dashboard.php:19
Maintenance & Trust

WP Media Pro Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15
Last updatedJan 28, 2021
PHP min version
Downloads2K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

WP Media Pro Alternatives

Enhanced Media Library

Enhanced Media Library

enhanced-media-library

A
92

This plugin would be handy for those who need to manage a lot of media files.

70K 1 CVE
FileBird – WordPress Media Library Folders & File Manager

FileBird – WordPress Media Library Folders & File Manager

filebird

A
89

Organize thousands of WordPress media files in folders / categories with ease.

200K 10 CVEs
Instant Images – One-click Image Uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy

Instant Images – One-click Image Uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy

instant-images

A
98

One-click uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy directly to your WordPress media library.

200K 3 CVEs
Media Cleaner: Clean your WordPress!

Media Cleaner: Clean your WordPress!

media-cleaner

A
100

Clean your WordPress! Eliminate unused and broken media files. For a faster, and better website.

90K 1 CVE
Media Library Assistant

Media Library Assistant

media-library-assistant

B
76

Enhances the Media Library; powerful gallery and list shortcodes, full taxonomy support, IPTC/EXIF/XMP/PDF processing, bulk/quick edit.

70K 29 CVEs
Developer Profile

WP Media Pro Developer Profile

Taylor Lovett

10 plugins · 8K total installs

69
trust score
Avg Security Score
85/100
Avg Patch Time
3845 days
View full developer profile
Detection Fingerprints

How We Detect WP Media Pro

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-media-pro/dist/js/credits.js/wp-content/plugins/wp-media-pro/dist/js/edit.js/wp-content/plugins/wp-media-pro/dist/css/edit-styles.css
Script Paths
/wp-content/plugins/wp-media-pro/dist/js/credits.js/wp-content/plugins/wp-media-pro/dist/js/edit.js
Version Parameters
wp-media-pro/dist/js/credits.js?ver=wp-media-pro/dist/js/edit.js?ver=wp-media-pro/dist/css/edit-styles.css?ver=

HTML / DOM Fingerprints

Data Attributes
data-nonce='wpmp_edit'
JS Globals
wpmpEdit
REST Endpoints
/wp-json/wpmp/v1/settings
FAQ

Frequently Asked Questions about WP Media Pro