Does File Manager Pro – Filester have any unpatched vulnerabilities?

No. All known vulnerabilities in File Manager Pro – Filester have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is File Manager Pro – Filester compatible with WordPress 6.9.4?

According to WordPress.org data, File Manager Pro – Filester 2.0.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is File Manager Pro – Filester updated?

File Manager Pro – Filester was last updated on Jan 12, 2026. Frequent updates are generally a positive security signal.

What is File Manager Pro – Filester's security score?

File Manager Pro – Filester has a WP-Safety security score of 91/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

File Manager Pro – Filester Security & Risk Analysis

wordpress.org/plugins/filester

Advanced File Manager and Code Editor. Best WordPress file manager without FTP access. No need to upgrade because this is PRO version.

100K active installs v2.0.2 PHP + WP 3.0+ Updated Jan 12, 2026

download-pluginfile-managerfileswordpress-file-managerwp-file-manager

A · Safe

CVEs total9

Unpatched0

Last CVEJun 19, 2025

Plugin page Download

Safety Verdict

Is File Manager Pro – Filester Safe to Use in 2026?

Generally Safe

Score 91/100

File Manager Pro – Filester has a strong security track record. Known vulnerabilities have been patched promptly.

9 known CVEsLast CVE: Jun 19, 2025Updated 2mo ago

Risk Assessment

The "filester" plugin, version 2.0.2, exhibits a mixed security posture. On one hand, the static analysis reveals strong adherence to some WordPress security best practices. There are no identified dangerous functions, all SQL queries utilize prepared statements, and a high percentage of output is properly escaped. Additionally, the plugin includes a good number of nonce and capability checks, indicating an effort to protect its entry points.

However, the plugin's vulnerability history is a significant concern. With a total of 9 known CVEs, including 6 high and 3 medium severity vulnerabilities, this suggests a pattern of security flaws. Common vulnerability types such as Cross-Site Scripting (XSS), Unrestricted File Upload, Missing Authorization, Path Traversal, and Cross-Site Request Forgery (CSRF) are concerning and indicate potential weaknesses in input validation, authorization logic, and file handling.

While the current version (2.0.2) shows no unpatched vulnerabilities and a clean slate in the static analysis regarding taint flows and unprotected entry points, the historical pattern of numerous high-severity issues cannot be ignored. This indicates a past tendency for critical security oversights that could potentially resurface in future updates if not rigorously addressed. Therefore, while the immediate code analysis presents positively, the historical context warrants a cautious approach.

Key Concerns

High number of past High/Medium severity CVEs
Past vulnerabilities include XSS, Unrestricted Upload, Auth Bypass, Path Travers
Bundled library TinyMCE (potential for outdatedness)
82% output escaping (18% not properly escaped)

Vulnerabilities

File Manager Pro – Filester Security Vulnerabilities

CVEs by Year

3 CVEs in 2023

2023

4 CVEs in 2024

2024

2 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

9 total CVEs

CVE-2025-52710medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

File Manager Pro <= 1.8.8 - Authenticated (Administrator+) Stored Cross-Site Scripting

Jun 19, 2025 Patched in 1.8.9 (7d)

CVE-2025-3234high · 7.2Unrestricted Upload of File with Dangerous Type

File Manager Pro – Filester <= 1.8.8 - Authenticated (Administrator+) Arbitrary File Upload

Jun 13, 2025 Patched in 1.8.9 (1d)

CVE-2024-12331medium · 4.3Missing Authorization

File Manager Pro – Filester <= 1.8.6 - Missing Authorization to Authenticated (Subscriber+) Filebird Plugin Installation

Dec 18, 2024 Patched in 1.8.7 (1d)

CVE-2024-8066high · 7.5Unrestricted Upload of File with Dangerous Type

File Manager Pro – Filester <= 1.8.6- Authenticated (Subscriber+) Arbitrary File Upload

Nov 27, 2024 Patched in 1.8.7 (38d)

CVE-2024-9669high · 7.2Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

File Manager Pro – Filester <= 1.8.5 - Authenticated (Administrator+) Local JavaScript File Inclusion

Nov 27, 2024 Patched in 1.8.6 (423d)

CVE-2024-7031high · 7.5Missing Authorization

File Manager Pro – Filester <= 1.8.2 - Authenticated Plugin Settings Update

Aug 2, 2024 Patched in 1.8.3 (1d)

CVE-2023-4862medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

File Manager Pro <= 1.8 - Authenticated (Admin+) Stored Cross-Site Scripting

Sep 19, 2023 Patched in 1.8.1 (126d)

CVE-2023-4861high · 7.2Unrestricted Upload of File with Dangerous Type

File Manager Pro – Filester <= 1.8 - Authenticated (Admin+) Arbitrary File Upload

Sep 19, 2023 Patched in 1.8.1 (126d)

CVE-2023-4827high · 8.8Cross-Site Request Forgery (CSRF)

File Manager Pro – Filester - <= 1.7.6 - Cross-Site Request Forgery to Arbitrary File Rename

Sep 11, 2023 Patched in 1.8 (134d)

Code Analysis

Analyzed Mar 16, 2026

File Manager Pro – Filester Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

125 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TinyMCE

Output Escaping

82% escaped153 total outputs

Attack Surface

File Manager Pro – Filester Attack Surface

Entry Points9

Unprotected0

AJAX Handlers 9

authwp_ajax_fs_connectorincludes\File_manager\FileManager.php:66

authwp_ajax_selector_themesincludes\File_manager\FileManager.php:67

authwp_ajax_get_role_restrictionsincludes\File_manager\FileManager.php:68

authwp_ajax_njt_fs_save_settingincludes\File_manager\FileManager.php:69

authwp_ajax_njt_fs_save_setting_restrictionsincludes\File_manager\FileManager.php:70

authwp_ajax_njt_fs_save_reviewincludes\File_manager\FileManager.php:77

authwp_ajax_yay_recommended_get_plugin_dataincludes\Recommended\Recommended.php:24

authwp_ajax_yay_recommended_activate_pluginincludes\Recommended\Recommended.php:25

authwp_ajax_yay_recommended_upgrade_pluginincludes\Recommended\Recommended.php:26

WordPress Hooks 15

actioninitincludes\cross.php:52

actionadmin_noticesincludes\cross.php:58

actionwp_dashboard_setupincludes\cross.php:66

actionadmin_footerincludes\cross.php:67

actioninitincludes\File_manager\FileManager.php:62

actionadmin_enqueue_scriptsincludes\File_manager\FileManager.php:64

actionadmin_menuincludes\File_manager\FileManager.php:65

actionadmin_noticesincludes\File_manager\FileManager.php:74

actionplugins_loadedincludes\I18n.php:20

actionplugins_loadedincludes\Plugin.php:20

actioninitincludes\Recommended\Recommended.php:19

actionadmin_menuincludes\Recommended\Recommended.php:22

actionadmin_footerincludes\Recommended\Recommended.php:23

filteryay_recommended_plugins_excludedincludes\Recommended\Recommended.php:541

actionplugins_loadedninja-file-manager.php:76

Maintenance & Trust

File Manager Pro – Filester Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 12, 2026

PHP min version

Downloads1.3M

Community Trust

Rating98/100

Number of ratings146

Active installs100K

Alternatives

File Manager Pro – Filester Alternatives

FileOrganizer – WordPress File Manager

fileorganizer

FileOrganizer is an intuitive file manager to easily edit, delete, upload, download, and manage all your WordPress files and folders right from the da …

200K 5 CVEs

Digital Asset Manager

digital-asset-manager

Helps you to store and manage all of your digital assets in one place.

20 No CVEs

UCM Files Manager Addon (UCM FM)

ucm-files-manager-ucm-fm

UCM Files Manager (UCM FM) is an addon for Ultimate Media On The Cloud Plugin! https://wordpress.org/plugins/ultimate-media-on-the-cloud-lite/ With UC …

0 No CVEs

File Manager

wp-file-manager

file manager provides you ability to edit, delete, upload, download, copy and paste files and folders.

1.0M 12 CVEs

Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution

file-manager-advanced

Use Advanced File Manager to manage WordPress files, create archives, and build document libraries—all directly from your WordPress dashboard!

100K 9 CVEs

Developer Profile

File Manager Pro – Filester Developer Profile

Ninja Team

13 plugins · 496K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

93 days

View full developer profile

Detection Fingerprints

How We Detect File Manager Pro – Filester

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/filester/assets/css/style.css/wp-content/plugins/filester/assets/js/filester.js

Script Paths

/wp-content/plugins/filester/assets/js/filester.js

Version Parameters

filester/assets/css/style.css?ver=filester/assets/js/filester.js?ver=

HTML / DOM Fingerprints

CSS Classes

filester-containerfilester-modal

Data Attributes

data-filester-modal-iddata-filester-action

JS Globals

filester_optionsfilester_localization

REST Endpoints

/wp-json/filester/v1/actions

Shortcode Output

[filester_manager]

FAQ