Assets Manager Security & Risk Analysis
wordpress.org/plugins/assets-managerAssets Manager for WordPress is a self hosted file sharing tool, enable / disable links, set expiration and make files you share password protected.
Is Assets Manager Safe to Use in 2026?
Generally Safe
Score 85/100Assets Manager has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "assets-manager" v1.0.2 plugin exhibits a concerning security posture primarily due to a large number of unprotected AJAX handlers. While the plugin demonstrates good practices in its handling of SQL queries, by exclusively using prepared statements, and has no recorded vulnerability history, the presence of five AJAX entry points without any authentication or capability checks presents a significant attack surface. The taint analysis revealed four flows with unsanitized paths, though these were not flagged as critical or high severity, suggesting potential for issues that might not be exploitable in all scenarios. The low percentage of properly escaped output (33%) further exacerbates the risk, as it increases the likelihood of cross-site scripting (XSS) vulnerabilities. The absence of nonce checks on these unprotected AJAX handlers is a critical oversight. In conclusion, despite some positive aspects like secure SQL usage and a clean vulnerability history, the plugin's security is severely compromised by its numerous unprotected entry points and potential for unsanitized data handling.
Key Concerns
- 5 AJAX handlers without auth checks
- 4 flows with unsanitized paths
- 33% properly escaped output
- 1 nonce check for 5 unprotected entry points
Assets Manager Security Vulnerabilities
Assets Manager Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
Assets Manager Attack Surface
AJAX Handlers 5
WordPress Hooks 8
Maintenance & Trust
Assets Manager Maintenance & Trust
Maintenance Signals
Community Trust
Assets Manager Alternatives
Add From Server
add-from-server
Add From Server is designed to help ease the pain of bad web hosts, allowing you to upload files via FTP or SSH and later import them into WordPress.
Media Sync
media-sync
Simple plugin to scan "uploads" directory and bring those files into Media Library.
WP Offload Media Lite for Amazon S3, DigitalOcean Spaces, and Google Cloud Storage
amazon-s3-and-cloudfront
Copies files to Amazon S3, DigitalOcean Spaces or Google Cloud Storage as they are uploaded to the Media Library. Optionally configure Amazon CloudFro …
Protect Uploads
protect-uploads
Protect your uploads directory. Prevent browsing, add watermarks, disable right-click, and password-protect files. For more information, visit protect …
Disable Media Sizes
disable-media-sizes
Provides options to disable the extra images generated by WordPress.
Assets Manager Developer Profile
6 plugins · 180 total installs
How We Detect Assets Manager
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/assets-manager/css/admin.css/wp-content/plugins/assets-manager/css/public.css/wp-content/plugins/assets-manager/js/admin.js/wp-content/plugins/assets-manager/js/public.js/wp-content/plugins/assets-manager/js/vendor/plupload.full.min.js/wp-content/plugins/assets-manager/js/vendor/moxie.js/wp-content/plugins/assets-manager/js/admin.js/wp-content/plugins/assets-manager/js/public.js/wp-content/plugins/assets-manager/js/vendor/plupload.full.min.js/wp-content/plugins/assets-manager/js/vendor/moxie.jsassets-manager/css/admin.css?ver=assets-manager/css/public.css?ver=assets-manager/js/admin.js?ver=assets-manager/js/public.js?ver=assets-manager/js/vendor/plupload.full.min.js?ver=assets-manager/js/vendor/moxie.js?ver=HTML / DOM Fingerprints
asset-buttonassetsassetniceNameassetValfileExtassetMetaexpires+11 moreid="asset_select_button"id="filelist"id="asset_attach_button"class="asset-button"style="display: none;"class="assets"+19 morewindow.assets_manager_upload_handler