Does XCmdr have any unpatched vulnerabilities?

No. All known vulnerabilities in XCmdr have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is XCmdr compatible with WordPress 6.8.5?

According to WordPress.org data, XCmdr 1.0.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is XCmdr compatible with PHP 8.2+?

XCmdr requires PHP 8.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is XCmdr updated?

XCmdr was last updated on Unknown. Frequent updates are generally a positive security signal.

What is XCmdr's security score?

XCmdr has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

XCmdr Security & Risk Analysis

wordpress.org/plugins/xcmdr

Streamline your media library with folders: this plugin creates media library categories.

0 active installs v1.0.0 PHP 8.2+ WP 6.3+ Updated Unknown

categoriesfoldersmedia

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is XCmdr Safe to Use in 2026?

Generally Safe

Score 100/100

XCmdr has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The "xcmdr" plugin version 1.0.0 demonstrates a strong security posture based on the provided static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points indicates a well-contained plugin with a minimal attack surface. Furthermore, the code analysis reveals no dangerous functions, file operations, or external HTTP requests. All SQL queries are properly prepared, and output is consistently escaped, mitigating common web vulnerabilities.

The taint analysis also shows zero flows with unsanitized paths, suggesting that user-supplied data is not being mishandled in a way that could lead to vulnerabilities. The plugin's vulnerability history is equally positive, with no recorded CVEs, indicating a lack of known security flaws. This overall picture suggests the developers have followed secure coding practices.

While the current analysis presents a very secure profile, it's important to note the complete lack of nonce and capability checks. This, combined with the zero AJAX/REST API entries, might indicate a plugin that doesn't interact with user input or perform sensitive actions. If the plugin's functionality were to expand or change to include such interactions in future versions without implementing these crucial checks, it would introduce significant security risks. For its current version and analysis, "xcmdr" appears to be a secure plugin.

Key Concerns

No nonce checks implemented
No capability checks implemented

Vulnerabilities

None known

XCmdr Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

XCmdr Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped3 total outputs

Attack Surface

XCmdr Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actioninitincludes\Plugin.php:8

actionrestrict_manage_postsincludes\Plugin.php:9

actionpre_get_postsincludes\Plugin.php:10

Maintenance & Trust

XCmdr Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedUnknown

PHP min version8.2

Downloads114

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

XCmdr Alternatives

Enhanced Media Library

enhanced-media-library

This plugin would be handy for those who need to manage a lot of media files.

70K 1 CVE

Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types

wicked-folders

Organize your pages, posts, and custom post types into folders. Upgrade to pro for media library folders, WooCommerce integration, and more.

20K 22 CVEs

Media Library Organizer – WordPress Media Library Folders & File Manager

media-library-organizer

100

Create unlimited Media Library folders and subfolders to organize your files. Export Media Library folders, set default attributes & more.

10K No CVEs

Categorify – WordPress Media Library Category & File Manager

categorify

Organize your WordPress media files in categories via drag and drop.

1K 1 unpatched

iFolders – Ultimate Folder Organizer for Media Library, Pages, Posts and Users

ifolders

100

Take control of your media library, posts, pages, and other content with our folder manager. Organize your WordPress data into specific categories.

300 1 CVE

Developer Profile

XCmdr Developer Profile

Yalogica

11 plugins · 110 total installs

100

trust score

Avg Security Score

100/100

Avg Patch Time

1 days

View full developer profile

Detection Fingerprints

How We Detect XCmdr

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/xcmdr/assets/css/xcmdr.css/wp-content/plugins/xcmdr/assets/js/xcmdr.js

Script Paths

/wp-content/plugins/xcmdr/assets/js/xcmdr.js

Version Parameters

xcmdr/assets/css/xcmdr.css?ver=xcmdr/assets/js/xcmdr.js?ver=

HTML / DOM Fingerprints

FAQ