Does ERI File Library have any unpatched vulnerabilities?

No. All known vulnerabilities in ERI File Library have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is ERI File Library compatible with WordPress 6.8.5?

According to WordPress.org data, ERI File Library 1.1.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is ERI File Library compatible with PHP 7.4+?

ERI File Library requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is ERI File Library updated?

ERI File Library was last updated on Oct 28, 2025. Frequent updates are generally a positive security signal.

What is ERI File Library's security score?

ERI File Library has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ERI File Library Security & Risk Analysis

wordpress.org/plugins/eri-file-library

Easily upload, manage, and track downloads of your shared files

10 active installs v1.1.1 PHP 7.4+ WP 6.0+ Updated Oct 28, 2025

downloadfile-managerfile-sharinglinkstracking

A · Safe

CVEs total1

Unpatched0

Last CVEOct 30, 2025

Plugin page Download

Safety Verdict

Is ERI File Library Safe to Use in 2026?

Generally Safe

Score 99/100

ERI File Library has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Oct 30, 2025Updated 5mo ago

Risk Assessment

The eri-file-library v1.1.1 plugin exhibits a generally good security posture with several strengths. The extensive use of prepared statements for SQL queries and a high percentage of properly escaped output are positive indicators. Nonce and capability checks are present on most entry points, and the static analysis found no unsanitized paths in taint flows, which is excellent. However, the presence of the `unserialize` function is a significant concern, as it can lead to remote code execution if used with untrusted input. While there are no currently unpatched CVEs, the plugin has a history of a medium severity vulnerability related to missing authorization. This suggests a potential recurring issue that warrants attention, even if not immediately exploitable in the current version. Overall, the plugin has a decent foundation but the `unserialize` function introduces a critical risk that needs careful mitigation, and the past vulnerability hints at the need for ongoing vigilance regarding authorization checks.

Key Concerns

Presence of unserialize function
Past medium severity vulnerability (Missing Authorization)

Vulnerabilities

ERI File Library Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-12041medium · 5.3Missing Authorization

ERI File Library <= 1.1.0 - Missing Authorization to Unauthenticated Protected File Download

Oct 30, 2025 Patched in 1.1.1 (1d)

Code Analysis

Analyzed Mar 17, 2026

ERI File Library Code Analysis

Dangerous Functions

Raw SQL Queries

19 prepared

Unescaped Output

384 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$returned_object = unserialize( wp_remote_retrieve_body( $response ) );inc\about.php:148

SQL Query Safety

90% prepared21 total queries

Output Escaping

92% escaped416 total outputs

Data Flows

All sanitized

Data Flow Analysis

5 flows

wp_list_table (inc\downloads.php:313)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

ERI File Library Attack Surface

Entry Points4

Unprotected0

AJAX Handlers 1

authwp_ajax_erifl_save_bulk_editinc\post-type.php:172

Shortcodes 3

[erifl_user_download_history] inc\shortcodes.php:87

[erifl_top_downloads] inc\shortcodes.php:90

[erifl_file_list] inc\shortcodes.php:93

WordPress Hooks 42

actioninitinc\about.php:22

actionadmin_menuinc\about.php:40

actionadmin_enqueue_scriptsinc\about.php:43

actioninitinc\common.php:47

filterplugin_row_metainc\common.php:50

actionadmin_initinc\common.php:62

actionadmin_noticesinc\common.php:65

actioninitinc\downloads.php:26

actionadmin_menuinc\downloads.php:62

actionadmin_enqueue_scriptsinc\downloads.php:65

actioninitinc\post-type.php:26

filterwp_robotsinc\post-type.php:126

actiontemplate_redirectinc\post-type.php:129

filtergettextinc\post-type.php:132

actionedit_form_after_titleinc\post-type.php:135

actionadmin_initinc\post-type.php:138

actionsave_postinc\post-type.php:141

actionbefore_delete_postinc\post-type.php:144

actionpost_edit_form_taginc\post-type.php:147

filtersafe_style_cssinc\post-type.php:150

actionpre_get_postsinc\post-type.php:156

actionrestrict_manage_postsinc\post-type.php:159

filterpage_row_actionsinc\post-type.php:162

actionbulk_edit_custom_boxinc\post-type.php:165

actionquick_edit_custom_boxinc\post-type.php:166

actionsave_postinc\post-type.php:169

actiondo_meta_boxesinc\post-type.php:175

actionadmin_initinc\post-type.php:177

filterx_breadcrumbs_datainc\post-type.php:182

actionadmin_enqueue_scriptsinc\post-type.php:186

filterupload_dirinc\post-type.php:478

filterposts_searchinc\post-type.php:1322

actioninitinc\report.php:26

actionadmin_menuinc\report.php:54

actionadmin_initinc\report.php:57

actionadmin_enqueue_scriptsinc\report.php:60

actioninitinc\settings.php:23

actionadmin_menuinc\settings.php:81

actionadmin_initinc\settings.php:84

actionadmin_enqueue_scriptsinc\settings.php:87

actionwp_enqueue_scriptsinc\shortcodes.php:84

actioninitinc\taxonomies.php:24

Maintenance & Trust

ERI File Library Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedOct 28, 2025

PHP min version7.4

Downloads628

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

ERI File Library Alternatives

Shared Files – Frontend File Upload Form & Secure File Sharing

shared-files

File management plugin featuring frontend file upload form, download manager, statistics and download log.

4K 8 CVEs

File Sharing & Download Manager – User Private Files

user-private-files

Secure WordPress file sharing & download manager. Upload, manage & share private files with users safely.

1K 7 CVEs

Filr – Secure document library

filr-protection

Easily Create a Secure Document Library with Filr

800 1 unpatched

PrettyLinks – Affiliate Links, Link Branding, Link Tracking, Marketing and Stripe Payments Plugin

pretty-link

🌠 The best WordPress link management, branding, tracking, sharing and payments plugin. Easily make pretty & trackable shortlinks. 🔗

300K 8 CVEs

Download Manager

download-manager

This File Management & Digital Store plugin will help you to control file downloads & sell digital products from your WP site.

100K 74 CVEs

Developer Profile

ERI File Library Developer Profile

PluginRx

12 plugins · 2K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

10 days

View full developer profile

Detection Fingerprints

How We Detect ERI File Library

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/eri-file-library/inc/img//wp-content/plugins/eri-file-library/inc/css//wp-content/plugins/eri-file-library/inc/js//wp-content/plugins/eri-file-library/inc/lang/

Script Paths

eri-file-library/inc/css/admin.csseri-file-library/inc/js/admin.js

Version Parameters

eri-file-library/inc/css/admin.css?ver=eri-file-library/inc/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

eri-file-library-admin-page

FAQ