Does Scaleflex DAM have any unpatched vulnerabilities?

No. All known vulnerabilities in Scaleflex DAM have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Scaleflex DAM compatible with WordPress 6.8.5?

According to WordPress.org data, Scaleflex DAM 4.0.14 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Scaleflex DAM compatible with PHP 5.3.3+?

Scaleflex DAM requires PHP 5.3.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Scaleflex DAM updated?

Scaleflex DAM was last updated on Jan 23, 2026. Frequent updates are generally a positive security signal.

What is Scaleflex DAM's security score?

Scaleflex DAM has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Scaleflex DAM Security & Risk Analysis

wordpress.org/plugins/filerobot-digital-asset-management-and-acceleration

Digital Asset Management and media acceleration platform that will store, manage, optimise and accelerate your media assets everywhere around the Worl …

0 active installs v4.0.14 PHP 5.3.3+ WP 4.8+ Updated Jan 23, 2026

asset-managementcdndamspeedstorage

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Scaleflex DAM Safe to Use in 2026?

Generally Safe

Score 100/100

Scaleflex DAM has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The filerobot-digital-asset-management-and-acceleration plugin v4.0.14 presents a concerning security posture, primarily due to a significantly large attack surface with minimal authentication checks. The analysis reveals 11 AJAX handlers, of which 10 lack any authentication checks, creating numerous potential entry points for attackers. Coupled with the complete absence of nonce checks on these handlers, this is a major red flag for Cross-Site Request Forgery (CSRF) vulnerabilities. Furthermore, the plugin's SQL queries are not being prepared, increasing the risk of SQL injection attacks. The taint analysis, while showing no critical or high severity unsanitized paths, does indicate 2 flows with unsanitized paths, which warrants investigation despite the severity rating. The complete lack of recorded vulnerabilities in its history might suggest a period of good security practices or simply a lack of public discovery. However, the code analysis itself highlights significant weaknesses that could be exploited regardless of past vulnerability records. The presence of 'unserialize' is also a potential concern if it's processing user-supplied data without proper sanitization. Overall, while the plugin doesn't show a history of known exploits, the current static analysis reveals critical deficiencies in authentication and input sanitization that expose it to significant risks.

Key Concerns

10 AJAX handlers without auth checks
0 Nonce checks on AJAX handlers
16 SQL queries, 0% using prepared statements
2 Flows with unsanitized paths
1 Dangerous function (unserialize)
10% output escaping is properly escaped

Vulnerabilities

None known

Scaleflex DAM Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Scaleflex DAM Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

7 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$dataItem = unserialize($item);filerobot_class.php:1986

SQL Query Safety

0% prepared16 total queries

Output Escaping

10% escaped70 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

<filerobot_class> (filerobot_class.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

10 unprotected

Scaleflex DAM Attack Surface

Entry Points11

Unprotected10

AJAX Handlers 11

authwp_ajax_filerobot_fmaw_action_change_filenamefilerobot_class.php:86

authwp_ajax_filerobot_test_connectionfilerobot_class.php:90

authwp_ajax_filerobot_sync_statusfilerobot_class.php:92

authwp_ajax_filerobot_get_totals_to_syncfilerobot_class.php:94

authwp_ajax_filerobot_sync_upfilerobot_class.php:95

authwp_ajax_filerobot_sync_downfilerobot_class.php:96

authwp_ajax_filerobot_update_logfilerobot_class.php:100

authwp_ajax_filerobot_fmaw_insert_to_contentfilerobot_class.php:102

authwp_ajax_filerobot_widget_insert_attachment_to_dbfilerobot_class.php:104

authwp_ajax_filerobot_load_fmaw_pagefilerobot_class.php:106

authwp_ajax_filerobot_deactivate_pluginfilerobot_class.php:125

WordPress Hooks 23

actionadmin_menufilerobot_class.php:71

actionadmin_initfilerobot_class.php:72

actionadmin_enqueue_scriptsfilerobot_class.php:75

actionadmin_enqueue_scriptsfilerobot_class.php:77

actionelementor/editor/after_enqueue_scriptsfilerobot_class.php:79

actionadmin_noticesfilerobot_class.php:82

actionadmin_noticesfilerobot_class.php:83

actiondelete_attachmentfilerobot_class.php:112

actionedit_form_before_permalinkfilerobot_class.php:118

actionedit_form_after_editorfilerobot_class.php:119

actionupgrader_process_completefilerobot_class.php:122

filterwp_generate_attachment_metadatafilerobot_class.php:132

filterwp_update_attachment_metadatafilerobot_class.php:133

filterwp_get_attachment_image_srcfilerobot_class.php:136

filterwp_prepare_attachment_for_jsfilerobot_class.php:137

filterimage_send_to_editorfilerobot_class.php:141

filterthe_contentfilerobot_class.php:144

filterthe_editor_contentfilerobot_class.php:145

filterwp_get_attachment_urlfilerobot_class.php:149

filterwp_calculate_image_srcsetfilerobot_class.php:152

filterrest_prepare_attachmentfilerobot_class.php:156

filterdo_shortcode_tagloader.php:61

filterblock_editor_settings_allloader.php:67

Scheduled Events 1

wp_filerobot_sync_files

Maintenance & Trust

Scaleflex DAM Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJan 23, 2026

PHP min version5.3.3

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Scaleflex DAM Alternatives

Canto

canto

Find & publish creative assets to WordPress easily, no email or folder search needed, with Canto's digital asset management.

100 1 unpatched

W3 Total Cache

w3-total-cache

Search Engine (SEO) & Performance Optimization (WPO) via caching. Integrated caching: CDN, Page, Minify, Object, Fragment, Database support.

900K 29 CVEs

SpeedyCache – Cache, Optimization, Performance

speedycache

SpeedyCache is a WordPress cache plugin that helps you improve performance of your WordPress site by caching, minifying, and compressing your website.

600K 4 CVEs

Swift Performance Lite

swift-performance-lite

Swift Performance is a cache and performance booster plugin. It can speed up your site, improve SEO scores and user experience.

7K 4 CVEs

WP-Stateless – Google Cloud Storage

wp-stateless

Upload and serve your WordPress media files from Google Cloud Storage.

4K 2 CVEs

Developer Profile

Scaleflex DAM Developer Profile

Scaleflex

3 plugins · 310 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Scaleflex DAM

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/filerobot-digital-asset-management-and-acceleration/assets/styles/core.css

HTML / DOM Fingerprints

CSS Classes

notice-warning

Data Attributes

data-id="scaleflex-dam-settings"

JS Globals

scaleflex_dam_settings

REST Endpoints

/wp-json/scaleflex-dam/v1/settings

FAQ