WP-Safety

WPIDE – File Manager & Code Editor Security & Risk Analysis

wordpress.org/plugins/wpide

WPIDE is a powerful file manager and code editor for WordPress with tabs, code completion, and full access to the entire wp-content folder.

40K active installs v3.5.5 PHP 7.4.0+ WP 5.0+ Updated Apr 14, 2026
code-editorfile-editorfile-managerplugin-editortheme-editor
95
A · Safe
CVEs total4
Unpatched0
Last CVEOct 14, 2024
Plugin page Download
Safety Verdict

Is WPIDE – File Manager & Code Editor Safe to Use in 2026?

Generally Safe

Score 95/100

WPIDE – File Manager & Code Editor has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

4 known CVEsLast CVE: Oct 14, 2024Updated 1mo ago
Risk Assessment

The wpide v3.5.3 plugin exhibits a mixed security posture. While it demonstrates good practices in SQL query handling and includes a reasonable number of nonce and capability checks, significant concerns arise from its attack surface and historical vulnerability patterns. The presence of one unprotected AJAX handler is a direct entry point for potential attacks, even without further taint analysis revealing specific malicious flows. This unprotected entry point is particularly worrying given the plugin's history. The plugin has a notable track record of four previously disclosed CVEs, with two high and two medium severity vulnerabilities. These historical issues, including path traversal, unrestricted uploads, and PHP remote file inclusion, indicate a recurring struggle with input validation and access control. Although there are currently no unpatched CVEs, the historical prevalence of critical vulnerability types suggests a potential for future undiscovered or reintroduced vulnerabilities if underlying coding practices are not rigorously improved. The bundled Freemius v1.0 library, while not explicitly flagged as outdated or vulnerable in the provided data, warrants attention as outdated bundled libraries can introduce risks.

Key Concerns

  • Unprotected AJAX handler
  • Multiple high severity past CVEs
  • Multiple medium severity past CVEs
  • Vulnerability history (Path Traversal, RFI)
  • Moderate percentage of unescaped output
  • Bundled library (Freemius v1.0)
Vulnerabilities
4 published

WPIDE – File Manager & Code Editor Security Vulnerabilities

CVEs by Year

3 CVEs in 2022
2022
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

High
2
Medium
2

4 total CVEs

CVE-2024-9546medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

WPIDE <= 3.4.9 - Unauthenticated Full Path Dislcosure

Oct 14, 2024 Patched in 3.5.0 (1d)
CVE-2022-35235medium · 4.9Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

WPide <= 2.6 - Authenticated (Administrator+) Arbitrary File Read

Aug 9, 2022 Patched in 3.0 (532d)
CVE-2022-40217high · 7.2Unrestricted Upload of File with Dangerous Type

WPide <= 2.6 - Authenticated (Administrator+) Arbitrary File Upload

Aug 9, 2022 Patched in 3.0 (532d)
CVE-2022-2261high · 7.2Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

WPIDE – File Manager & Code Editor <= 2.6 - Authenticated (Admininstrator+) Local File Inclusion

Aug 3, 2022 Patched in 3.0 (538d)
Version History

WPIDE – File Manager & Code Editor Release Timeline

v3.5.5Current
v3.5.4
v3.5.3
v3.5.2
v3.5.1
v3.5.0
v3.4.91 CVE
CVE-2024-9546
v3.4.81 CVE
CVE-2024-9546
v3.4.71 CVE
CVE-2024-9546
v3.4.61 CVE
CVE-2024-9546
v3.4.51 CVE
CVE-2024-9546
v3.4.41 CVE
CVE-2024-9546
v3.4.31 CVE
CVE-2024-9546
v3.4.21 CVE
CVE-2024-9546
v3.4.11 CVE
CVE-2024-9546
v3.41 CVE
CVE-2024-9546
v3.31 CVE
CVE-2024-9546
v3.21 CVE
CVE-2024-9546
v3.11 CVE
CVE-2024-9546
v3.01 CVE
CVE-2024-9546
Code Analysis
Analyzed Mar 16, 2026

WPIDE – File Manager & Code Editor Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
24
33 escaped
Nonce Checks
3
Capability Checks
1
File Operations
27
External Requests
0
Bundled Libraries
1

Bundled Libraries

Freemius1.0

Output Escaping

58% escaped57 total outputs
Attack Surface
1 unprotected

WPIDE – File Manager & Code Editor Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_wpide_requestApp\App.php:200
WordPress Hooks 36
actionplugins_loadedApp\App.php:50
actionadmin_noticesApp\App.php:185
actionadmin_menuApp\App.php:196
actionnetwork_admin_menuApp\App.php:197
actionadmin_initApp\App.php:201
actionadmin_enqueue_scriptsApp\App.php:202
filteradmin_titleApp\App.php:212
actionnetwork_admin_menuApp\App.php:214
actionnetwork_admin_menuApp\App.php:215
actionnetwork_admin_menuApp\App.php:216
actionadmin_headApp\App.php:218
actionadmin_menuApp\App.php:219
actionadmin_menuApp\App.php:220
filterscreen_options_show_screenApp\App.php:222
actionadmin_enqueue_scriptsApp\App.php:223
actioninitApp\AppConfig.php:17
actionconnect/beforeApp\Classes\Freemius.php:57
actionconnect/afterApp\Classes\Freemius.php:58
filtercheckout/purchaseCompletedApp\Classes\Freemius.php:59
filtertemplates/checkout.phpApp\Classes\Freemius.php:60
filterfreemius_pricing_js_pathApp\Classes\Freemius.php:61
filterplugin_iconApp\Classes\Freemius.php:62
filterhide_account_tabsApp\Classes\Freemius.php:63
filterhide_freemius_powered_byApp\Classes\Freemius.php:64
filterhide_billing_and_payments_infoApp\Classes\Freemius.php:65
actionplugins_loadedApp\Classes\Freemius.php:66
actionadmin_enqueue_scriptsApp\Classes\Freemius.php:67
actioninitApp\Classes\Migrations.php:46
actionwpide_inline_scriptsApp\Classes\Notices.php:44
actionadmin_enqueue_scriptsApp\Classes\PromoNotice.php:41
actionadmin_noticesApp\Classes\PromoNotice.php:48
actionadmin_enqueue_scriptsApp\Classes\RecommendedPlugins.php:15
filterplugins_api_resultApp\Classes\RecommendedPlugins.php:16
actionadmin_enqueue_scriptsApp\Classes\ReviewNotice.php:46
actionadmin_noticesApp\Classes\ReviewNotice.php:55
actionadmin_noticeswpide.php:46
Maintenance & Trust

WPIDE – File Manager & Code Editor Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 14, 2026
PHP min version7.4.0
Downloads903K

Community Trust

Rating96/100
Number of ratings287
Active installs40K
Alternatives

WPIDE – File Manager & Code Editor Alternatives

WP Editor

WP Editor

wp-editor

B
82

WP Editor is a plugin for WordPress that replaces the default plugin and theme editors as well as the page/post editor.

30K 10 CVEs
Disable Theme and Plugin Editor

Disable Theme and Plugin Editor

disable-theme-and-plugin-editor

A
85

Disable Theme and Plugin Editors from WordPress Admin Panel for security reasons

10 No CVEs
Enable Theme and Plugin Editor (WPMU)

Enable Theme and Plugin Editor (WPMU)

enable-theme-and-plugin-editor

A
85

Allows to enable theme and plugin editor for site administrator in WordPress MU.

10 No CVEs
File Manager

File Manager

wp-file-manager

A
87

file manager provides you ability to edit, delete, upload, download, copy and paste files and folders.

1.0M 12 CVEs
FileBird – WordPress Media Library Folders & File Manager

FileBird – WordPress Media Library Folders & File Manager

filebird

A
89

Organize thousands of WordPress media files in folders / categories with ease.

200K 10 CVEs
Developer Profile

WPIDE – File Manager & Code Editor Developer Profile

XplodedThemes

6 plugins · 47K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
268 days
View full developer profile
Detection Fingerprints

How We Detect WPIDE – File Manager & Code Editor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wpide/app/public/css/styles.css/wp-content/plugins/wpide/app/public/js/vendors.js/wp-content/plugins/wpide/app/public/js/app.js/wp-content/plugins/wpide/app/public/fonts/wpide-icons.css/wp-content/plugins/wpide/app/public/fonts/wpide-icons.woff2/wp-content/plugins/wpide/app/public/img/logo.svg/wp-content/plugins/wpide/app/public/img/favicon.png
Script Paths
/wp-content/plugins/wpide/app/public/js/vendors.js/wp-content/plugins/wpide/app/public/js/app.js
Version Parameters
/wp-content/plugins/wpide/app/public/css/styles.css?ver=/wp-content/plugins/wpide/app/public/js/vendors.js?ver=/wp-content/plugins/wpide/app/public/js/app.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpide-noticewpide-promos-notice
HTML Comments
WPIDE NOTICE STARTWPIDE NOTICE END
Data Attributes
data-wpidedata-wpide-noncedata-wpide-urldata-wpide-slugdata-wpide-name
JS Globals
wpideWPIDE_APP_CONFIG
REST Endpoints
/wp-json/wpide/v1
FAQ

Frequently Asked Questions about WPIDE – File Manager & Code Editor