WP-Safety

Well-Known File Manager Security & Risk Analysis

wordpress.org/plugins/well-known-file-manager

Manage files in the .well-known directory with ease.

100 active installs v1.4.10 PHP 7.4+ WP 5.6+ Updated Dec 16, 2025
fileswell-known
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Well-Known File Manager Safe to Use in 2026?

Generally Safe

Score 100/100

Well-Known File Manager has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The "well-known-file-manager" v1.4.10 plugin exhibits a generally strong security posture based on the provided static analysis. The complete absence of known CVEs and a solid implementation of WordPress security best practices, such as comprehensive nonce and capability checks on all AJAX handlers, are significant strengths. The plugin also demonstrates good practices by exclusively using prepared statements for SQL queries, minimizing the risk of SQL injection vulnerabilities. However, the taint analysis reveals two flows with unsanitized paths. While no critical or high severity issues were flagged, these unsanitized paths represent a potential concern for path traversal or file manipulation vulnerabilities if not handled with extreme care within the application logic. The lack of past vulnerabilities might suggest a generally well-maintained codebase, but it's important to note that past security history is not a guarantee against future issues, especially given the identified taint flows.

Key Concerns

  • Flows with unsanitized paths identified
  • 71% of output properly escaped
Vulnerabilities
None known

Well-Known File Manager Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Well-Known File Manager Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
17
42 escaped
Nonce Checks
5
Capability Checks
5
File Operations
2
External Requests
0
Bundled Libraries
0

Output Escaping

71% escaped59 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
ajax_toggle_well_known_file (classes\class-admin.php:573)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Well-Known File Manager Attack Surface

Entry Points4
Unprotected0

AJAX Handlers 4

authwp_ajax_wkfm_toggle_well_known_fileclasses\class-admin.php:41
authwp_ajax_wkfm_save_fileclasses\class-admin.php:42
authwp_ajax_wkfm_save_redirect_fileclasses\class-admin.php:43
authwp_ajax_wkfm_get_default_contentclasses\class-admin.php:44
WordPress Hooks 3
actionadmin_menuclasses\class-admin.php:39
actionadmin_enqueue_scriptsclasses\class-admin.php:40
actioninitclasses\class-handler.php:35
Maintenance & Trust

Well-Known File Manager Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedDec 16, 2025
PHP min version7.4
Downloads1K

Community Trust

Rating100/100
Number of ratings2
Active installs100
Alternatives

Well-Known File Manager Alternatives

FileOrganizer – WordPress File Manager

FileOrganizer – WordPress File Manager

fileorganizer

A
95

FileOrganizer is an intuitive file manager to easily edit, delete, upload, download, and manage all your WordPress files and folders right from the da …

200K 5 CVEs
File Manager Pro – Filester

File Manager Pro – Filester

filester

A
91

Advanced File Manager and Code Editor. Best WordPress file manager without FTP access. No need to upgrade because this is PRO version.

100K 9 CVEs
Simple Social Icons

Simple Social Icons

simple-social-icons

A
100

This plugin provides two ways to display social icons: a traditional widget (available on all WordPress versions) and block variations for the core So …

100K No CVEs
Media Cleaner: Clean your WordPress!

Media Cleaner: Clean your WordPress!

media-cleaner

A
99

Clean your WordPress! Eliminate unused and broken media files. For a faster, and better website.

90K 1 CVE
Clean Image Filenames

Clean Image Filenames

clean-image-filenames

A
100

This plugin automatically converts language accent characters to non-accent characters in filenames when uploading to the media library.

30K No CVEs
Developer Profile

Well-Known File Manager Developer Profile

Jono Alderson

2 plugins · 120 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Well-Known File Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/well-known-file-manager/styles/build/admin.min.css/wp-content/plugins/well-known-file-manager/js/build/admin.min.js
Script Paths
/wp-content/plugins/well-known-file-manager/js/build/admin.min.js
Version Parameters
well-known-file-manager/styles/build/admin.min.css?ver=well-known-file-manager/js/build/admin.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
wkfm-admin-noticewkfm-settings-sectionwkfm-settings-itemwkfm-settings-input-wrapperwkfm-button
Data Attributes
data-wkfm-filedata-wkfm-toggledata-wkfm-savedata-wkfm-action
JS Globals
wellKnownFileManagerAdmin
REST Endpoints
/wp-json/well-known-file-manager/v1/files
FAQ

Frequently Asked Questions about Well-Known File Manager