Does WP Media Replace have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Media Replace have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Media Replace compatible with WordPress 5.1.22?

According to WordPress.org data, WP Media Replace 1.0.0 has been tested up to WordPress 5.1.22. Check the plugin's changelog for the latest compatibility information.

Is WP Media Replace compatible with PHP 5.2.4+?

WP Media Replace requires PHP 5.2.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP Media Replace updated?

WP Media Replace was last updated on Apr 29, 2019. Frequent updates are generally a positive security signal.

What is WP Media Replace's security score?

WP Media Replace has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Media Replace Security & Risk Analysis

wordpress.org/plugins/wp-media-replace

WP Replace Media is a useful and smooth plugin to replace an image to some other existing or new media image. It automatically replaces the old image …

40 active installs v1.0.0 PHP 5.2.4+ WP 4.0+ Updated Apr 29, 2019

attachmentmediareplace-media

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Media Replace Safe to Use in 2026?

Generally Safe

Score 85/100

WP Media Replace has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The "wp-media-replace" v1.0.0 plugin exhibits a generally strong security posture, with no known CVEs, zero identified attack surface points without authentication, and the majority of SQL queries employing prepared statements. The presence of a nonce check and a capability check further bolster its defenses against common WordPress vulnerabilities. However, the static analysis reveals two taint flows with unsanitized paths, both flagged with high severity. While the absence of raw SQL queries and a limited attack surface are positive, these high-severity taint flows represent a significant concern. The plugin's vulnerability history is clean, suggesting a good track record, but the high-severity findings in the current static analysis warrant careful consideration. Overall, the plugin has robust foundational security but requires immediate attention to address the identified unsanitized path vulnerabilities to mitigate potential risks.

Key Concerns

High severity taint flow with unsanitized path
High severity taint flow with unsanitized path
Output escaping only 67% properly escaped

Vulnerabilities

None known

WP Media Replace Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Media Replace Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

67% escaped3 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

save_meta_box (admin\class-wp-media-replace-admin.php:122)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP Media Replace Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 7

actionplugins_loadedincludes\class-wp-media-replace.php:142

actionadmin_enqueue_scriptsincludes\class-wp-media-replace.php:157

actionadmin_enqueue_scriptsincludes\class-wp-media-replace.php:158

actionadd_meta_boxesincludes\class-wp-media-replace.php:159

actionpre_post_updateincludes\class-wp-media-replace.php:160

actionwp_enqueue_scriptsincludes\class-wp-media-replace.php:175

actionwp_enqueue_scriptsincludes\class-wp-media-replace.php:176

Maintenance & Trust

WP Media Replace Maintenance & Trust

Maintenance Signals

WordPress version tested5.1.22

Last updatedApr 29, 2019

PHP min version5.2.4

Downloads2K

Community Trust

Rating100/100

Number of ratings2

Active installs40

Alternatives

WP Media Replace Alternatives

Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager

folders

Create unlimited folders with the Folders WordPress plugin, organize & manage your Media Library files, Pages & Posts in folders 📁

90K 6 CVEs

Disable Media Pages

disable-media-pages

100

Completely remove "attachment" pages for WordPress media. Improve SEO and prevent conflicts between page and image permalinks.

10K No CVEs

Media Deduper

media-deduper

100

Save disk space and bring some order to the chaos of your media library by removing and preventing duplicate files.

9K No CVEs

DX Delete Attached Media

dx-delete-attached-media

Automatically deletes attached media from posts and custom post types added via the Media button.

4K 2 CVEs

Autoremove Attachments

autoremove-attachments

Remove child attachments when parent post, page or custom post type is deleted.

3K No CVEs

Developer Profile

WP Media Replace Developer Profile

Prakash Rao

1 plugin · 40 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Media Replace

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-media-replace/admin/css/wp-media-replace-admin.css/wp-content/plugins/wp-media-replace/admin/js/wp-media-replace-admin.js

Script Paths

/wp-content/plugins/wp-media-replace/admin/js/wp-media-replace-admin.js

Version Parameters

wp-media-replace/css/wp-media-replace-admin.css?ver=wp-media-replace/js/wp-media-replace-admin.js?ver=

HTML / DOM Fingerprints

HTML Comments

Data Attributes

id="replace_image"name="upload_replace_image"name="replace_image_field_nonce"

JS Globals

var ajaxurl = '

FAQ