WP-Safety

Zu Media Security & Risk Analysis

wordpress.org/plugins/zu-media

Enhances WordPress Media Library with some features (folders, dominant color, location category and others).

0 active installs v2.3.3 PHP 7.2.0+ WP 5.3.0+ Updated Feb 13, 2022
admindominant-colorfoldersgutenbergmedia-library-folders
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Zu Media Safe to Use in 2026?

Generally Safe

Score 85/100

Zu Media has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The zu-media plugin v2.3.3 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and properly escaping a high percentage (94%) of its output. The absence of known vulnerabilities and CVEs in its history is also a strong indicator of a well-maintained and secure plugin. However, a significant concern arises from the static analysis, which reveals a single AJAX handler that lacks proper authentication checks. This creates a direct attack vector that could potentially be exploited by unauthenticated users.

The lack of taint analysis data might be due to the plugin's limited attack surface or the analysis tool's capabilities, but it doesn't negate the risk posed by the unprotected AJAX endpoint. While the plugin's overall code signals are positive, the unprotected AJAX entry point represents a critical weakness. The absence of vulnerability history, while reassuring, can also be interpreted as the plugin being less widely used or tested, which might mean undiscovered vulnerabilities exist. In conclusion, the plugin is generally well-developed with good coding hygiene, but the unprotected AJAX endpoint is a clear and present risk that requires immediate attention.

Key Concerns

  • AJAX handler without authentication
Vulnerabilities
None known

Zu Media Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Zu Media Release Timeline

v2.3.3Current
v2.3.2
v2.3.1
v2.2.3
v2.2.2
Code Analysis
Analyzed Mar 17, 2026

Zu Media Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
2
30 escaped
Nonce Checks
0
Capability Checks
1
File Operations
8
External Requests
0
Bundled Libraries
0

Output Escaping

94% escaped32 total outputs
Attack Surface
1 unprotected

Zu Media Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_folders_actionincludes\media-folders\zumedia-folders.php:56
WordPress Hooks 45
actionadd_attachmentincludes\addons\dominant-color.php:24
filterattachment_fields_to_editincludes\addons\dominant-color.php:25
filterattachment_fields_to_saveincludes\addons\dominant-color.php:26
actionpre_get_postsincludes\media-folders\zumedia-folders.php:57
filterwp_generate_attachment_metadataincludes\media-folders\zumedia-folders.php:58
actionpre_get_postsincludes\media-folders\zumedia-folders.php:60
actionrestrict_manage_postsincludes\media-folders\zumedia-folders.php:61
actionadd_attachmentincludes\traits\cached.php:26
actiondelete_attachmentincludes\traits\cached.php:27
actionzumedia_reset_cachedincludes\traits\cached.php:30
actionzumedia_reset_collectionsincludes\traits\cached.php:32
filterattachment_fields_to_editincludes\traits\ratio.php:24
filterattachment_fields_to_saveincludes\traits\ratio.php:25
actionplugins_loadedincludes\zumedia-plugin.php:242
actionadmin_noticeszukit\load.php:139
filterbody_classzukit\snippets\traits\classes.php:24
filteradmin_body_classzukit\snippets\traits\classes.php:32
filterpre_render_blockzukit\snippets\traits\content.php:132
actionadmin_footerzukit\snippets\traits\inline.php:15
actionadmin_footerzukit\snippets\traits\inline.php:16
actionwp_footerzukit\snippets\traits\inline.php:18
actionwp_footerzukit\snippets\traits\inline.php:19
filtercustom_menu_orderzukit\traits\admin-menu.php:24
filtercustom_menu_orderzukit\traits\admin-menu.php:25
actionadmin_initzukit\traits\admin.php:39
actionadmin_enqueue_scriptszukit\traits\admin.php:44
actionadmin_menuzukit\traits\admin.php:50
actionrest_api_initzukit\traits\ajax-rest.php:142
actionrest_api_initzukit\traits\ajax-rest.php:143
actioninitzukit\traits\debug.php:47
filterscript_loader_tagzukit\traits\scripts.php:14
actionenqueue_block_editor_assetszukit\zukit-blocks.php:44
actionenqueue_block_assetszukit\zukit-blocks.php:45
actionwp_enqueue_scriptszukit\zukit-blocks.php:46
filterzukit_no_excerpt_blockszukit\zukit-blocks.php:111
actioninitzukit\zukit-plugin.php:94
actioninitzukit\zukit-plugin.php:95
actionadmin_initzukit\zukit-plugin.php:97
actionadmin_initzukit\zukit-plugin.php:98
actionwp_enqueue_scriptszukit\zukit-plugin.php:100
actionwp_enqueue_scriptszukit\zukit-plugin.php:101
actionadmin_enqueue_scriptszukit\zukit-plugin.php:104
actionadmin_enqueue_scriptszukit\zukit-plugin.php:106
actionadmin_enqueue_scriptszukit\zukit-plugin.php:107
actionafter_setup_themezukit\zukit-plugin.php:110
Maintenance & Trust

Zu Media Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.0
Last updatedFeb 13, 2022
PHP min version7.2.0
Downloads4K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Zu Media Alternatives

FileBird – WordPress Media Library Folders & File Manager

FileBird – WordPress Media Library Folders & File Manager

filebird

A
89

Organize thousands of WordPress media files in folders / categories with ease.

200K 10 CVEs
Real Media Library: Media Library Folder & File Manager

Real Media Library: Media Library Folder & File Manager

real-media-library-lite

A
99

Organize uploaded media in folders, collections and galleries: A file manager for WordPress. Media management made easy with Real Media Library! (Alte …

100K 4 CVEs
Media Library Organizer – WordPress Media Library Folders & File Manager

Media Library Organizer – WordPress Media Library Folders & File Manager

media-library-organizer

A
100

Create unlimited Media Library folders and subfolders to organize your files. Export Media Library folders, set default attributes & more.

20K No CVEs
Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types

Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types

wicked-folders

A
92

Organize your pages, posts, and custom post types into folders. Upgrade to pro for media library folders, WooCommerce integration, and more.

20K 22 CVEs
Media Library Folders

Media Library Folders

media-library-plus

A
86

Easier file and folder management for WordPress Media Library for Galleries and Albums

10K 8 CVEs
Developer Profile

Zu Media Developer Profile

Dmitry

2 plugins · 0 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Zu Media

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/zu-media/dist/css/zumedia.css/wp-content/plugins/zu-media/dist/js/zumedia.min.js/wp-content/plugins/zu-media/dist/js/zumedia.admin.min.js/wp-content/plugins/zu-media/dist/admin/css/zumedia.admin.css
Script Paths
/wp-content/plugins/zu-media/dist/js/zumedia.min.js/wp-content/plugins/zu-media/dist/js/zumedia.admin.min.js
Version Parameters
zu-media/dist/css/zumedia.css?ver=zu-media/dist/js/zumedia.min.js?ver=zu-media/dist/js/zumedia.admin.min.js?ver=zu-media/dist/admin/css/zumedia.admin.css?ver=

HTML / DOM Fingerprints

Data Attributes
data-zumedia-folders
JS Globals
ZUMEDIA
FAQ

Frequently Asked Questions about Zu Media