WP Clinic
Log in Sign up

PLUGIN SECURITY

Is File Manager Advanced safe?

Known vulnerabilities, PHP compatibility and safer alternatives for the File Manager Advanced WordPress plugin — checked against WP Clinic's local security database.

Plugin details

  • Slug: file-manager-advanced
  • Requires PHP: 7.0+
  • Max supported PHP (analyzed): 8.4

Known vulnerabilities

  • Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution [file-manager-advanced] < 5.1.1 [CVE-2023-3814, Advanced File Manager <= 5.1 - Authenticated (Administrator+) Arbitrary File and Folder Access, WordPress Advanced File Manager Plugin < 5.1.1 is vulnerable to Sensitive Data Exposure, Advanced File Manager &lt; 5.1.1 - Admin+ Arbitrary File/Folder Access]
  • Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution [file-manager-advanced] < 5.2.5 [CVE-2024-5598, Advanced File Manager <= 5.2.4 - Sensitive Information Exposure via Directory Listing, WordPress Advanced File Manager Plugin <= 5.2.4 is vulnerable to Sensitive Data Exposure]
  • Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution [file-manager-advanced] < 5.2.9 [CVE-2024-8704, Advanced File Manager <= 5.2.8 - Authenticated (Administrator+) Local JavaScript File Inclusion via fma_locale, WordPress Advanced File Manager Plugin <= 5.2.8 is vulnerable to Path Traversal]
  • Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution [file-manager-advanced] < 5.2.9 [CVE-2024-8725, Advanced File Manager <= 5.2.8 - Authenticated (Subscriber+) Limited File Upload, WordPress Advanced File Manager Plugin <= 5.2.8 is vulnerable to Arbitrary File Upload]
  • Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution [file-manager-advanced] < 5.2.9 [CVE-2024-8126, Advanced File Manager <= 5.2.8 - Authenticated (Subscriber+) Arbitrary File Upload, WordPress Advanced File Manager Plugin <= 5.2.8 is vulnerable to Arbitrary File Upload]
+ 6 more known vulnerabilities
  • Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution [file-manager-advanced] < 5.2.11 [CVE-2024-11391, Advanced File Manager <= 5.2.10 - Authenticated (Subscriber+) Arbitrary File Upload, WordPress Advanced File Manager Plugin <= 5.2.10 is vulnerable to Arbitrary File Upload]
  • Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution [file-manager-advanced] < 5.2.14 [CVE-2024-13333, Advanced File Manager 5.2.12 - 5.2.13 - Authenticated (Subscriber+) Arbitrary File Upload, EUVD-2024-51538]
  • Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution [file-manager-advanced] < 5.3.0 [CVE-2024-13805, Advanced File Manager <= 5.2.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload, EUVD-2025-6251]
  • Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution [file-manager-advanced] < 5.3.2 [CVE-2025-47688, EUVD-2025-13720, Advanced File Manager <= 5.3.1 - Missing Authorization to Notice Dismisaal]
  • Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution [file-manager-advanced] < 5.4.0 [Multiple elFinder Plugins <= (Various Versions) - Directory Traversal to Arbitrary File Deletion]
  • Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution [file-manager-advanced] < 5.4.12 [CVE-2026-6382]

Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.

Safer / more established alternatives

Check your own WordPress site

Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.