PLUGIN SECURITY
Is File Manager Advanced safe?
Known vulnerabilities, PHP compatibility and safer alternatives for the File Manager Advanced WordPress plugin — checked against WP Clinic's local security database.
Plugin details
- Slug:
file-manager-advanced - Requires PHP: 7.0+
- Max supported PHP (analyzed): 8.4
Known vulnerabilities
- Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution [file-manager-advanced] < 5.1.1 [CVE-2023-3814, Advanced File Manager <= 5.1 - Authenticated (Administrator+) Arbitrary File and Folder Access, WordPress Advanced File Manager Plugin < 5.1.1 is vulnerable to Sensitive Data Exposure, Advanced File Manager < 5.1.1 - Admin+ Arbitrary File/Folder Access]
- Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution [file-manager-advanced] < 5.2.5 [CVE-2024-5598, Advanced File Manager <= 5.2.4 - Sensitive Information Exposure via Directory Listing, WordPress Advanced File Manager Plugin <= 5.2.4 is vulnerable to Sensitive Data Exposure]
- Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution [file-manager-advanced] < 5.2.9 [CVE-2024-8704, Advanced File Manager <= 5.2.8 - Authenticated (Administrator+) Local JavaScript File Inclusion via fma_locale, WordPress Advanced File Manager Plugin <= 5.2.8 is vulnerable to Path Traversal]
- Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution [file-manager-advanced] < 5.2.9 [CVE-2024-8725, Advanced File Manager <= 5.2.8 - Authenticated (Subscriber+) Limited File Upload, WordPress Advanced File Manager Plugin <= 5.2.8 is vulnerable to Arbitrary File Upload]
- Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution [file-manager-advanced] < 5.2.9 [CVE-2024-8126, Advanced File Manager <= 5.2.8 - Authenticated (Subscriber+) Arbitrary File Upload, WordPress Advanced File Manager Plugin <= 5.2.8 is vulnerable to Arbitrary File Upload]
+ 6 more known vulnerabilities
- Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution [file-manager-advanced] < 5.2.11 [CVE-2024-11391, Advanced File Manager <= 5.2.10 - Authenticated (Subscriber+) Arbitrary File Upload, WordPress Advanced File Manager Plugin <= 5.2.10 is vulnerable to Arbitrary File Upload]
- Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution [file-manager-advanced] < 5.2.14 [CVE-2024-13333, Advanced File Manager 5.2.12 - 5.2.13 - Authenticated (Subscriber+) Arbitrary File Upload, EUVD-2024-51538]
- Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution [file-manager-advanced] < 5.3.0 [CVE-2024-13805, Advanced File Manager <= 5.2.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload, EUVD-2025-6251]
- Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution [file-manager-advanced] < 5.3.2 [CVE-2025-47688, EUVD-2025-13720, Advanced File Manager <= 5.3.1 - Missing Authorization to Notice Dismisaal]
- Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution [file-manager-advanced] < 5.4.0 [Multiple elFinder Plugins <= (Various Versions) - Directory Traversal to Arbitrary File Deletion]
- Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution [file-manager-advanced] < 5.4.12 [CVE-2026-6382]
Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.
Safer / more established alternatives
- Download Manager — 100000+ active installs — max PHP 8.4
- Download Manager Addons for Elementor — 6000+ active installs
- Document Library Lite — 4000+ active installs — max PHP 8.4
- CatFolders Document Gallery & PDF Library — 3000+ active installs
- WP Document Revisions — 2000+ active installs
Check your own WordPress site
Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.