File Manager Pro – Filester

Best WordPress file manager without FTP access. Edit code with built-in editor, upload files, download plugins, download themes, manage wp directory, …

v2.1.1Ninja TeamUpdated 1 month agoAdded 6 years ago100k+ installs98% rating0% support resolved

Download Plugin file manager ftp wordpress file manager wp file manager

Score

565

Errors

391

Warnings

Change

Category Scores

Security0

Repo78

Performance100

Maintainability0

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

956 findings

Maintainability

444

16 issue groups

Security

350

8 issue groups

I18n

1 issue group

WARNINGSecurityRequest data is not unslashed$_GET['code'] not unslashed before sanitization. Use wp_unslash() or similar90

Category: Security
Occurrences: 90
Severity: warning

Sample message

$_GET['code'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$actionLinks".63

Category: Maintainability
Occurrences: 63
Severity: warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$actionLinks".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound

ERRORMaintainabilityfile system operations fcloseFile operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().60

Category: Maintainability
Occurrences: 60
Severity: error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().

WordPress.WP.AlternativeFunctions.file_system_operations_fclose

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_FILES['content']['tmp_name']58

Category: Security
Occurrences: 58
Severity: warning

Sample message

Detected usage of a non-sanitized input variable: $_FILES['content']['tmp_name']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.55

Category: Security
Occurrences: 55
Severity: error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WordPress.Security.EscapeOutput.UnsafePrintingFunction Reference

ERRORMaintainabilitywp function not compatible with requires wpFunction "esc_textarea()" requires WordPress 3.1.0, but your plugin minimum supported version is WordPress 3.0.0.55

Category: Maintainability
Occurrences: 55
Severity: error

Sample message

Function "esc_textarea()" requires WordPress 3.1.0, but your plugin minimum supported version is WordPress 3.0.0.

wp_function_not_compatible_with_requires_wp Reference

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.49

Category: Security
Occurrences: 49
Severity: warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended

ERRORI18nText Domain MismatchMismatched text domain. Expected 'filester' but got 'filebird'.45

Category: I18n
Occurrences: 45
Severity: error

Sample message

Mismatched text domain. Expected 'filester' but got 'filebird'.

WordPress.WP.I18n.TextDomainMismatch Reference

ERRORMaintainabilityfile system operations fopenFile operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().43

Category: Maintainability
Occurrences: 43
Severity: error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().

WordPress.WP.AlternativeFunctions.file_system_operations_fopen

WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_FILES['content']['tmp_name']. Check that the array index exists before using it.39

Category: Security
Occurrences: 39
Severity: warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_FILES['content']['tmp_name']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated

Show 15 more

ERRORMaintainabilitycurl curl setopt39

Category: Maintainability
Occurrences: 39
Severity: error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

WordPress.WP.AlternativeFunctions.curl_curl_setopt

ERRORMaintainabilityfile system operations is writable30

Category: Maintainability
Occurrences: 30
Severity: error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writable().

WordPress.WP.AlternativeFunctions.file_system_operations_is_writable

ERRORSecurityOutput is not escaped28

Category: Security
Occurrences: 28
Severity: error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$ermsg'.

WordPress.Security.EscapeOutput.OutputNotEscaped Reference

ERRORMaintainabilityfile system operations fread27

Category: Maintainability
Occurrences: 27
Severity: error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fread().

WordPress.WP.AlternativeFunctions.file_system_operations_fread

WARNINGMaintainabilityprevent path disclosure error reporting19

Category: Maintainability
Occurrences: 19
Severity: warning

Sample message

error_reporting() can lead to full path disclosure.

WordPress.PHP.DevelopmentFunctions.prevent_path_disclosure_error_reporting

ERRORMaintainabilityfile system operations mkdir19

Category: Maintainability
Occurrences: 19
Severity: error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: mkdir().

WordPress.WP.AlternativeFunctions.file_system_operations_mkdir

ERRORSecurityException output is not escaped17

Category: Security
Occurrences: 17
Severity: error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$e'.

WordPress.Security.EscapeOutput.ExceptionNotEscaped Reference

ERRORMaintainabilitycurl curl init16

Category: Maintainability
Occurrences: 16
Severity: error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

WordPress.WP.AlternativeFunctions.curl_curl_init

ERRORMaintainabilitycurl curl setopt array16

Category: Maintainability
Occurrences: 16
Severity: error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

WordPress.WP.AlternativeFunctions.curl_curl_setopt_array

WARNINGSecurityMissing nonce verification14

Category: Security
Occurrences: 14
Severity: warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing

ERRORMaintainabilityfile system operations touch14

Category: Maintainability
Occurrences: 14
Severity: error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: touch().

WordPress.WP.AlternativeFunctions.file_system_operations_touch

ERRORMaintainabilityfile system operations chmod12

Category: Maintainability
Occurrences: 12
Severity: error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: chmod().

WordPress.WP.AlternativeFunctions.file_system_operations_chmod

ERRORMaintainabilityrename rename11

Category: Maintainability
Occurrences: 11
Severity: error

Sample message

rename() is discouraged. Use WP_Filesystem::move() to rename a file.

WordPress.WP.AlternativeFunctions.rename_rename

WARNINGMaintainabilityMissing Version11

Category: Maintainability
Occurrences: 11
Severity: warning

Sample message

Resource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.

WordPress.WP.EnqueuedResourceParameters.MissingVersion

WARNINGMaintainabilityDiscouraged PHP function9

Category: Maintainability
Occurrences: 9
Severity: warning

Sample message

The use of function ini_set() is discouraged

Squiz.PHP.DiscouragedFunctions.Discouraged

Score History

First score snapshot

2 days ago

v2.1.1

Latest

Findings: 956
Errors: 565
Warnings: 391
Check: 2.0.0

Scan	Score	Findings	Errors	Warnings	Plugin	Check
2 days agoLatest	22	956	565	391	v2.1.1	2.0.0

Related Plugins

Add From Server Reloaded

2k+ active installs

Bulk Media Register

8k+ active installs

Simple File List

3k+ active installs

WP Anything Downloader

3k+ active installs

Media Library Organizer – Folders, File Manager & Media Categories

20k+ active installs

Download Manager Addons for Elementor

6k+ active installs