WP-Safety

File Manager, Code Editor, and Backup by Managefy Security & Risk Analysis

wordpress.org/plugins/softdiscover-db-file-manager

Manage your folder and files , backup, user roles and database easily

200 active installs v1.6.2 PHP 5.3+ WP 3.6+ Updated Nov 6, 2025
backupdatabaseelfinderfile-manageruser-roles
98
A · Safe
CVEs total2
Unpatched0
Last CVESep 30, 2025
Plugin page Download
Safety Verdict

Is File Manager, Code Editor, and Backup by Managefy Safe to Use in 2026?

Generally Safe

Score 98/100

File Manager, Code Editor, and Backup by Managefy has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Sep 30, 2025Updated 4mo ago
Risk Assessment

The softdiscover-db-file-manager plugin v1.6.2 presents a mixed security posture. While it boasts no unprotected AJAX handlers or REST API routes, and includes nonce and capability checks on its entry points, several concerning signals emerge from the static analysis. The presence of the `exec` function is a significant red flag, as it can be exploited for remote code execution if not handled with extreme care. Furthermore, the low percentage of properly escaped output (5%) suggests a high risk of Cross-Site Scripting (XSS) vulnerabilities. The taint analysis reveals a concerning number of flows with unsanitized paths, with three identified as high severity. This, coupled with the plugin's history of two medium-severity CVEs, one being 'Improper Limitation of a Pathname to a Restricted Directory' (Path Traversal), indicates a recurring weakness in path handling that could lead to unauthorized file access or manipulation. Although there are no currently unpatched CVEs, the past vulnerabilities and the identified path-related issues in the taint analysis are substantial risks that require immediate attention. The plugin's strength lies in its controlled entry points, but the inherent risks within its code execution and output handling, along with historical patterns, suggest a need for significant security improvements.

Key Concerns

  • Dangerous function 'exec' found
  • Low percentage of properly escaped output (5%)
  • 3 high severity taint flows with unsanitized paths
  • History of 2 medium CVEs (Path Traversal concern)
  • File operations (34) without clear sanitization context
Vulnerabilities
2

File Manager, Code Editor, and Backup by Managefy Security Vulnerabilities

CVEs by Year

2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-10744medium · 5.9Exposure of Sensitive Information to an Unauthorized Actor

File Manager, Code editor, backup by Managefy <= 1.6.1 - Unauthenticated Information Exposure

Sep 30, 2025 Patched in 1.6.2 (15d)
CVE-2025-9345medium · 4.9Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

File Manager, Code Editor, and Backup by Managefy <= 1.4.8 - Authenticated (Admin+) Path Traversal to Arbitrary File Download

Aug 27, 2025 Patched in 1.5.0 (1d)
Code Analysis
Analyzed Mar 16, 2026

File Manager, Code Editor, and Backup by Managefy Code Analysis

Dangerous Functions
1
Raw SQL Queries
8
10 prepared
Unescaped Output
201
10 escaped
Nonce Checks
11
Capability Checks
4
File Operations
34
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

execexec('find ' . $path . ' -follow -type f' . $this->build_exclude_find_params() . ' | wc -l', $outputmodules\filemanager\controllers\backup.php:1039

Bundled Libraries

TinyMCE

SQL Query Safety

56% prepared18 total queries

Output Escaping

5% escaped211 total outputs
Data Flows
6 unsanitized

Data Flow Analysis

7 flows6 with unsanitized paths
lmode_iframe_handler (classes\uiform-bootstrap.php:266)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

File Manager, Code Editor, and Backup by Managefy Attack Surface

Entry Points11
Unprotected0

AJAX Handlers 11

authwp_ajax_flmbkp_back_initfmmodules\filemanager\controllers\backend.php:54
authwp_ajax_flmbkp_header_optionsmodules\filemanager\controllers\backend.php:57
authwp_ajax_flmbkp_backup_createrecmodules\filemanager\controllers\backup.php:71
authwp_ajax_flmbkp_backup_sendoptionsmodules\filemanager\controllers\backup.php:74
authwp_ajax_flmbkp_backup_watchprogressmodules\filemanager\controllers\backup.php:77
authwp_ajax_flmbkp_backup_downloadfilemodules\filemanager\controllers\backup.php:80
authwp_ajax_flmbkp_backup_delete_recordsmodules\filemanager\controllers\backup.php:83
authwp_ajax_flmbkp_backup_restore_recordsmodules\filemanager\controllers\backup.php:86
authwp_ajax_flmbkp_backup_cancelmodules\filemanager\controllers\backup.php:89
authwp_ajax_flmbkp_backup_cleanupmodules\filemanager\controllers\backup.php:90
authwp_ajax_flmbkp_settings_saveoptionsmodules\settings\controllers\backend.php:51
WordPress Hooks 24
actionadmin_menuclasses\uiform-bootstrap.php:57
filterrockfm_languages_directoryclasses\uiform-bootstrap.php:60
filterrockfm_languages_domainclasses\uiform-bootstrap.php:61
filterplugin_localeclasses\uiform-bootstrap.php:62
filterbody_classclasses\uiform-bootstrap.php:69
actionadmin_enqueue_scriptsclasses\uiform-bootstrap.php:72
actionadmin_enqueue_scriptsclasses\uiform-bootstrap.php:74
actionadmin_menuclasses\uiform-bootstrap.php:78
actioninitclasses\uiform-bootstrap.php:82
actioninitclasses\uiform-bootstrap.php:89
actionplugins_loadedclasses\uiform-bootstrap.php:93
actioninitclasses\uiform-bootstrap.php:97
actionparse_requestclasses\uiform-bootstrap.php:99
actionuifm_fbuilder_api_paypal_ipn_handlerclasses\uiform-bootstrap.php:100
actionuifm_fbuilder_api_lmode_iframe_handlerclasses\uiform-bootstrap.php:101
actionuifm_fbuilder_api_pdf_show_recordclasses\uiform-bootstrap.php:102
actionuifm_fbuilder_api_csv_show_allrecordsclasses\uiform-bootstrap.php:103
filtersite_transient_update_pluginsclasses\uiform-bootstrap.php:109
actionadmin_noticesclasses\uiform-bootstrap.php:115
filterplugin_row_metaclasses\uiform-bootstrap.php:547
actionadmin_headclasses\uiform-bootstrap.php:548
actionadmin_noticesdb-file-manager.php:91
actionadmin_noticesdb-file-manager.php:124
actionwp_headdb-file-manager.php:198
Maintenance & Trust

File Manager, Code Editor, and Backup by Managefy Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 6, 2025
PHP min version5.3
Downloads5K

Community Trust

Rating100/100
Number of ratings1
Active installs200
Alternatives

File Manager, Code Editor, and Backup by Managefy Alternatives

Lazy Backup

Lazy Backup

lazy-backup

A
100

Lazy Backup is a WordPress plugin for one-click database backups and file access from the admin dashboard.

0 No CVEs
UpdraftPlus: WP Backup & Migration Plugin

UpdraftPlus: WP Backup & Migration Plugin

updraftplus

A
90

Backup, restore or migrate your WordPress website to another host or domain. Schedule backups or run manually. Migrate in minutes.

3.0M 14 CVEs
Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More

Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More

duplicator

A
87

The best WordPress backup and migration plugin. Quickly and easily backup ,migrate, copy, move, or clone your site from one location to another.

1.0M 15 CVEs
File Manager

File Manager

wp-file-manager

A
87

file manager provides you ability to edit, delete, upload, download, copy and paste files and folders.

1.0M 12 CVEs
Backuply – Backup, Restore, Migrate and Clone

Backuply – Backup, Restore, Migrate and Clone

backuply

A
90

Backup, restores, and migration with Backuply are fairly simple with a wide range of storage options from Local Backups, FTP to cloud options like AWS &hellip;

600K 5 CVEs
Developer Profile

File Manager, Code Editor, and Backup by Managefy Developer Profile

softdiscover

4 plugins · 480 total installs

91
trust score
Avg Security Score
95/100
Avg Patch Time
8 days
View full developer profile
Detection Fingerprints

How We Detect File Manager, Code Editor, and Backup by Managefy

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/softdiscover-db-file-manager/assets/css/backend.css/wp-content/plugins/softdiscover-db-file-manager/assets/css/frontend.css/wp-content/plugins/softdiscover-db-file-manager/assets/js/backend.js/wp-content/plugins/softdiscover-db-file-manager/assets/js/frontend.js
Script Paths
/wp-content/plugins/softdiscover-db-file-manager/assets/js/backend.js/wp-content/plugins/softdiscover-db-file-manager/assets/js/frontend.js
Version Parameters
softdiscover-db-file-manager/assets/css/backend.css?ver=softdiscover-db-file-manager/assets/css/frontend.css?ver=softdiscover-db-file-manager/assets/js/backend.js?ver=softdiscover-db-file-manager/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
flmbkp-admin-container
HTML Comments
<!-- Managefy version -->
Data Attributes
data-fmanager-url
JS Globals
flmbkp_admin_obj
REST Endpoints
/wp-json/flmbkp/v1/get_settings/wp-json/flmbkp/v1/save_settings/wp-json/flmbkp/v1/get_files_list/wp-json/flmbkp/v1/create_file/wp-json/flmbkp/v1/delete_file/wp-json/flmbkp/v1/create_folder/wp-json/flmbkp/v1/delete_folder/wp-json/flmbkp/v1/upload_file/wp-json/flmbkp/v1/download_file/wp-json/flmbkp/v1/rename_file/wp-json/flmbkp/v1/rename_folder
Shortcode Output
<a href="https://softdiscover.com/?mngfy_v=1.6.2" title="WordPress File Manager" >Managefy </a> version 1.6.2
FAQ

Frequently Asked Questions about File Manager, Code Editor, and Backup by Managefy