UCM Files Manager Addon (UCM FM) Security & Risk Analysis
wordpress.org/plugins/ucm-files-manager-ucm-fmUCM Files Manager (UCM FM) is an addon for Ultimate Media On The Cloud Plugin! https://wordpress.org/plugins/ultimate-media-on-the-cloud-lite/ With UC …
Is UCM Files Manager Addon (UCM FM) Safe to Use in 2026?
Generally Safe
Score 85/100UCM Files Manager Addon (UCM FM) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The static analysis of ucm-files-manager-ucm-fm v1.1 reveals a concerning security posture despite a seemingly small attack surface. While there are no identified AJAX handlers, REST API routes, shortcodes, or cron events that are exposed, the presence of the `unserialize` function five times is a significant red flag. The complete lack of output escaping on all identified outputs further exacerbates this risk, as it creates a high probability of cross-site scripting (XSS) vulnerabilities. The absence of nonce checks and capability checks on any potential entry points is also a serious oversight, leaving the plugin vulnerable to unauthorized actions.
Key Concerns
- Dangerous function 'unserialize' used 5 times
- 100% of outputs not properly escaped
- 0 Nonce checks found
- 0 Capability checks found
UCM Files Manager Addon (UCM FM) Security Vulnerabilities
UCM Files Manager Addon (UCM FM) Code Analysis
Dangerous Functions Found
Bundled Libraries
Output Escaping
UCM Files Manager Addon (UCM FM) Attack Surface
WordPress Hooks 12
Maintenance & Trust
UCM Files Manager Addon (UCM FM) Maintenance & Trust
Maintenance Signals
Community Trust
UCM Files Manager Addon (UCM FM) Alternatives
File Manager
wp-file-manager
file manager provides you ability to edit, delete, upload, download, copy and paste files and folders.
Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution
file-manager-advanced
Use Advanced File Manager to manage WordPress files, create archives, and build document libraries—all directly from your WordPress dashboard!
File Manager Pro – Filester
filester
Advanced File Manager and Code Editor. Best WordPress file manager without FTP access. No need to upgrade because this is PRO version.
Frontend File Manager Plugin
nmedia-user-file-uploader
N-Media Frontend File Manager plugin enables WordPress site users to upload, manage, and share files directly from the frontend with secure storage an …
Digital Asset Manager
digital-asset-manager
Helps you to store and manage all of your digital assets in one place.
UCM Files Manager Addon (UCM FM) Developer Profile
2 plugins · 10 total installs
How We Detect UCM Files Manager Addon (UCM FM)
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/ucm-files-manager-ucm-fm/assets/css/fm.css/wp-content/plugins/ucm-files-manager-ucm-fm/assets/js/fm.js/wp-content/plugins/ucm-files-manager-ucm-fm/assets/js/fm.jsucm-files-manager-ucm-fm/assets/css/fm.css?ver=ucm-files-manager-ucm-fm/assets/js/fm.js?ver=HTML / DOM Fingerprints
php-rockets-fm<!-- php-rockets-fm --><!-- UCM File Manager Add-on -->data-ucm-fm-iducm_fm_params/wp-json/ucm-fm/v1/clientConnect/wp-json/ucm-fm/v1/reload-buckets/wp-json/ucm-fm/v1/fm-save-general/wp-json/ucm-fm/v1/fm-save-roles/wp-json/ucm-fm/v1/fm-save-ui/wp-json/ucm-fm/v1/fm-save-file-types/wp-json/ucm-fm/v1/fm-save-image-editors/wp-json/ucm-fm/v1/fm-save-code-editors/wp-json/ucm-fm/v1/fm-save-advanced/wp-json/ucm-fm/v1/update-file-acl/wp-json/ucm-fm/v1/import-media