Does Filevue have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Filevue compatible with WordPress 6.9.4?

According to WordPress.org data, Filevue 1.0.7 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Filevue compatible with PHP 7.4+?

Filevue requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Filevue updated?

Filevue was last updated on Apr 3, 2026. Frequent updates are generally a positive security signal.

What is Filevue's security score?

Filevue has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Filevue Security & Risk Analysis

wordpress.org/plugins/filevue

A private client portal for WordPress — let each client log in to view, preview, and download only their files.

30 active installs v1.0.7 PHP 7.4+ WP 5.0+ Updated Apr 3, 2026

client-loginclient-portaldocument-managementfile-sharingsecure-file-download

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Filevue Safe to Use in 2026?

Generally Safe

Score 100/100

Filevue has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The FileVue plugin, version 1.0.7, presents a mixed security posture. On the positive side, it demonstrates strong practices with 100% of its SQL queries using prepared statements and a very high percentage of properly escaped output. The absence of known CVEs and bundled libraries is also reassuring. However, the plugin exhibits a significant attack surface with 6 AJAX handlers, of which 5 lack authentication checks. This means that unauthorized users could potentially interact with these handlers, leading to unintended actions or information disclosure. The taint analysis also revealed 2 flows with unsanitized paths, which, although not classified as critical or high severity in this analysis, warrants attention as it suggests potential for path traversal or similar vulnerabilities if these flows are exploited in conjunction with other weaknesses.

While the plugin has no recorded vulnerability history, this does not guarantee future safety, especially given the identified unprotected entry points. The use of 'set_time_limit' and 'ini_set' are potentially dangerous functions that could be misused if not handled with extreme care, although the static analysis did not flag specific exploitable instances. The presence of unprotected AJAX handlers is the most immediate and significant concern, creating a clear avenue for potential exploitation. The plugin's strengths lie in its data handling and output sanitization, but the lack of authorization on a majority of its AJAX endpoints is a critical oversight.

Key Concerns

Unprotected AJAX handlers
Flows with unsanitized paths
Use of dangerous functions

Vulnerabilities

None known

Filevue Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Filevue Release Timeline

v1.0.7Current

v1.0.6

v1.0.5

v1.0.4

v1.0.3

v1.0.2

v1.0.1

v1.0.0

Code Analysis

Analyzed Apr 16, 2026

Filevue Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

946 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

set_time_limitset_time_limit( 300 ); // phpcs:ignore Squiz.PHP.DiscouragedFunctions.Discouraged -- Large file uploincludes/handlers/class-file-handler.php:24

ini_setini_set( 'memory_limit', '256M' ); // phpcs:ignore Squiz.PHP.DiscouragedFunctions.Discouraged -- Larincludes/handlers/class-file-handler.php:25

SQL Query Safety

100% prepared4 total queries

Output Escaping

99% escaped956 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

13 flows2 with unsanitized paths

render_notices (includes/admin/class-client-form-page.php:110)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

5 unprotected

Filevue Attack Surface

Entry Points7

Unprotected5

AJAX Handlers 6

authwp_ajax_filevue_move_fileincludes/class-plugin.php:88

authwp_ajax_filevue_spreadsheet_loadincludes/class-plugin.php:91

authwp_ajax_filevue_spreadsheet_saveincludes/class-plugin.php:92

authwp_ajax_filevue_spreadsheet_load_frontendincludes/class-plugin.php:95

noprivwp_ajax_filevue_spreadsheet_load_frontendincludes/class-plugin.php:96

authwp_ajax_filevue_toggle_delete_dataincludes/class-plugin.php:99

Shortcodes 1

[filevue_client_files] includes/class-plugin.php:50

WordPress Hooks 45

actionadmin_initincludes/class-plugin.php:41

actionadmin_initincludes/class-plugin.php:44

actionadmin_initincludes/class-plugin.php:47

filterpage_templateincludes/class-plugin.php:53

filterbody_classincludes/class-plugin.php:54

actionwp_enqueue_scriptsincludes/class-plugin.php:57

actioninitincludes/class-plugin.php:60

actionadmin_post_nopriv_filevue_client_loginincludes/class-plugin.php:63

actionadmin_post_filevue_client_loginincludes/class-plugin.php:64

actionadmin_initincludes/class-plugin.php:65

actiontemplate_redirectincludes/class-plugin.php:66

actionadmin_menuincludes/class-plugin.php:69

actionadmin_enqueue_scriptsincludes/class-plugin.php:72

actionadmin_enqueue_scriptsincludes/class-plugin.php:73

actionadmin_initincludes/class-plugin.php:76

actionadmin_post_filevue_upload_fileincludes/class-plugin.php:79

actionadmin_post_filevue_create_folderincludes/class-plugin.php:80

actionadmin_post_filevue_delete_fileincludes/class-plugin.php:81

actionadmin_post_filevue_delete_folderincludes/class-plugin.php:82

actionadmin_post_filevue_view_fileincludes/class-plugin.php:83

actionadmin_post_filevue_save_clientincludes/class-plugin.php:84

actionadmin_post_filevue_test_smtpincludes/class-plugin.php:85

actionadmin_initincludes/class-plugin.php:102

actionadmin_initincludes/class-plugin.php:103

actionphpmailer_initincludes/class-plugin.php:106

actionadmin_initincludes/class-plugin.php:109

actionadmin_initincludes/class-plugin.php:110

actionadmin_menuincludes/class-plugin.php:111

actionadmin_bar_menuincludes/class-plugin.php:112

filterlogin_redirectincludes/class-plugin.php:113

actionwp_loginincludes/class-plugin.php:114

filteradmin_footer_textincludes/class-plugin.php:117

filterupdate_footerincludes/class-plugin.php:118

actionadmin_headincludes/class-plugin.php:550

actionadmin_headincludes/class-plugin.php:553

filterwp_mail_content_typeincludes/handlers/class-email-handler.php:140

filterwp_mail_fromincludes/handlers/class-email-handler.php:143

filterwp_mail_from_nameincludes/handlers/class-email-handler.php:146

filterwp_mail_content_typeincludes/handlers/class-email-handler.php:203

filterwp_mail_fromincludes/handlers/class-email-handler.php:206

filterwp_mail_from_nameincludes/handlers/class-email-handler.php:209

actionphpmailer_initincludes/handlers/class-email-handler.php:340

filterwp_mail_content_typeincludes/handlers/class-email-handler.php:341

filterwp_mail_fromincludes/handlers/class-email-handler.php:342

filterwp_mail_from_nameincludes/handlers/class-email-handler.php:343

Maintenance & Trust

Filevue Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 3, 2026

PHP min version7.4

Downloads582

Community Trust

Rating0/100

Number of ratings0

Active installs30

Alternatives

Filevue Alternatives

File Sharing & Download Manager – User Private Files

user-private-files

Secure WordPress file sharing & download manager. Upload, manage & share private files with users safely.

1K 7 CVEs

Filr – Secure document library

filr-protection

Easily Create a Secure Document Library with Filr

800 1 unpatched

Clinked Client Portal

clinked-client-portal

The Clinked Client Portal plugin is a great addition to the popular Clinked application - a branded, feature rich client portal.

80 1 unpatched

Darkstar File Manager

darkstar-file-manager

100

Secure client document management system allowing administrators to share files with clients and clients to upload their own documents.

0 No CVEs

Download Manager

download-manager

This File Management & Digital Store plugin will help you to control file downloads & sell digital products from your WP site.

100K 79 CVEs

Developer Profile

Filevue Developer Profile

Lucian Radu

1 plugin · 30 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Filevue

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/filevue/dist/assets/index-c7f13417.js/wp-content/plugins/filevue/dist/assets/index-e83737e5.css/wp-content/plugins/filevue/assets/css/admin.css/wp-content/plugins/filevue/assets/js/admin.js/wp-content/plugins/filevue/assets/css/frontend.css/wp-content/plugins/filevue/assets/js/frontend.js

Script Paths

/wp-content/plugins/filevue/dist/assets/index-c7f13417.js/wp-content/plugins/filevue/assets/js/admin.js/wp-content/plugins/filevue/assets/js/frontend.js

Version Parameters

filevue/dist/assets/index-c7f13417.js?ver=filevue/assets/css/admin.css?ver=filevue/assets/js/admin.js?ver=filevue/assets/css/frontend.css?ver=filevue/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

filevue-client-filesfilevue-client-login-formfilevue-admin-menu

HTML Comments

Filevue Client Files ShortcodeFilevue Client Login FormFilevue Admin Menu

Data Attributes

data-filevue-client-iddata-filevue-folder-iddata-filevue-actiondata-filevue-nonce

JS Globals

filevue_ajax_objectfilevue_frontend_datafilevue_admin_data

REST Endpoints

/wp-json/filevue/v1/clients/wp-json/filevue/v1/files/wp-json/filevue/v1/folders

Shortcode Output

[filevue_client_files]

FAQ