Plugin: file-manager-advanced

Alerts (0)

No open alerts.

Show 1 resolved alert

Medium code_scan_match Resolved · code_scan_fp_class_genre_encoding 2026-05-05 11:33:05 (17d ago)

Slug file-manager-advanced

Finding count 15

Findings

Pattern	Kind	File	Line	Snippet	Confidence
`base64_decode`	`builtin`	`application/library/php/elFinderVolumeDriver.class.php`	2,828	`$content = base64_decode(substr($content, strlen($m[0])));`	`medium`
`base64_decode`	`builtin`	`application/library/php/elFinderVolumeDriver.class.php`	3,951	`$h = base64_decode(strtr($h, '-_.', '+/='));`	`medium`
`base64_decode`	`builtin`	`application/library/php/elFinder.class.php`	2,007	`$src = base64_decode($file['file']);`	`medium`
`base64_decode`	`builtin`	`application/library/php/elFinder.class.php`	2,918	`$data = base64_decode(substr($str, strlen($m[0])));`	`medium`
`base64_decode`	`builtin`	`application/library/php/elFinder.class.php`	4,793	`$data = unserialize(base64_decode($var));`	`medium`
`base64_decode`	`builtin`	`application/library/php/elFinderSession.php`	205	`if (($data = base64_decode($data)) !== false) {`	`medium`
`eval_call`	`builtin`	`application/class_fma_pure_php_validator.php`	346	`@eval( $safe_code );`	`medium`
`eval_call`	`builtin`	`application/svg-sanitizer/includes/phpunit/php-code-coverage/src/Filter.php`	111	`\strpos($filename, 'eval()\'d code') !== false \|\|`	`medium`
`eval_call`	`builtin`	`application/svg-sanitizer/includes/phpunit/phpunit/src/Framework/TestCase.php`	1,893	`eval(`	`medium`
`eval_call`	`builtin`	application/svg-sanitizer/includes/phpunit/phpunit/src/Framework/MockObject/Generator.php	1,158	`eval(self::MOCKED_CLONE_METHOD_WITH_VOID_RETURN_TYPE_TRAIT);`	`medium`
`eval_call`	`builtin`	application/svg-sanitizer/includes/phpunit/phpunit/src/Framework/MockObject/Generator.php	1,165	`eval(self::MOCKED_CLONE_METHOD_WITHOUT_RETURN_TYPE_TRAIT);`	`medium`
`eval_call`	`builtin`	application/svg-sanitizer/includes/phpunit/phpunit/src/Framework/MockObject/Generator.php	1,175	`eval(self::UNMOCKED_CLONE_METHOD_WITH_VOID_RETURN_TYPE_TRAIT);`	`medium`
`eval_call`	`builtin`	application/svg-sanitizer/includes/phpunit/phpunit/src/Framework/MockObject/Generator.php	1,182	`eval(self::UNMOCKED_CLONE_METHOD_WITHOUT_RETURN_TYPE_TRAIT);`	`medium`
`eval_call`	`builtin`	application/svg-sanitizer/includes/phpunit/phpunit/src/Framework/MockObject/MockTrait.php	38	`eval($this->classCode);`	`medium`
`eval_call`	`builtin`	application/svg-sanitizer/includes/phpunit/phpunit/src/Framework/MockObject/MockClass.php	45	`eval($this->classCode);`	`medium`

Resolved sha 91df8b25be7e4cb134035ccd0fa08cc6887e78db

View raw JSON

{
    "slug": "file-manager-advanced",
    "finding_count": 15,
    "findings": [
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "application/library/php/elFinderVolumeDriver.class.php",
            "line": 2828,
            "snippet": "$content = base64_decode(substr($content, strlen($m[0])));",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "application/library/php/elFinderVolumeDriver.class.php",
            "line": 3951,
            "snippet": "$h = base64_decode(strtr($h, '-_.', '+/='));",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "application/library/php/elFinder.class.php",
            "line": 2007,
            "snippet": "$src = base64_decode($file['file']);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "application/library/php/elFinder.class.php",
            "line": 2918,
            "snippet": "$data = base64_decode(substr($str, strlen($m[0])));",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "application/library/php/elFinder.class.php",
            "line": 4793,
            "snippet": "$data = unserialize(base64_decode($var));",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "application/library/php/elFinderSession.php",
            "line": 205,
            "snippet": "if (($data = base64_decode($data)) !== false) {",
            "confidence": "medium"
        },
        {
            "pattern": "eval_call",
            "kind": "builtin",
            "file": "application/class_fma_pure_php_validator.php",
            "line": 346,
            "snippet": "@eval( $safe_code );",
            "confidence": "medium"
        },
        {
            "pattern": "eval_call",
            "kind": "builtin",
            "file": "application/svg-sanitizer/includes/phpunit/php-code-coverage/src/Filter.php",
            "line": 111,
            "snippet": "\\strpos($filename, 'eval()\\'d code') !== false ||",
            "confidence": "medium"
        },
        {
            "pattern": "eval_call",
            "kind": "builtin",
            "file": "application/svg-sanitizer/includes/phpunit/phpunit/src/Framework/TestCase.php",
            "line": 1893,
            "snippet": "eval(",
            "confidence": "medium"
        },
        {
            "pattern": "eval_call",
            "kind": "builtin",
            "file": "application/svg-sanitizer/includes/phpunit/phpunit/src/Framework/MockObject/Generator.php",
            "line": 1158,
            "snippet": "eval(self::MOCKED_CLONE_METHOD_WITH_VOID_RETURN_TYPE_TRAIT);",
            "confidence": "medium"
        },
        {
            "pattern": "eval_call",
            "kind": "builtin",
            "file": "application/svg-sanitizer/includes/phpunit/phpunit/src/Framework/MockObject/Generator.php",
            "line": 1165,
            "snippet": "eval(self::MOCKED_CLONE_METHOD_WITHOUT_RETURN_TYPE_TRAIT);",
            "confidence": "medium"
        },
        {
            "pattern": "eval_call",
            "kind": "builtin",
            "file": "application/svg-sanitizer/includes/phpunit/phpunit/src/Framework/MockObject/Generator.php",
            "line": 1175,
            "snippet": "eval(self::UNMOCKED_CLONE_METHOD_WITH_VOID_RETURN_TYPE_TRAIT);",
            "confidence": "medium"
        },
        {
            "pattern": "eval_call",
            "kind": "builtin",
            "file": "application/svg-sanitizer/includes/phpunit/phpunit/src/Framework/MockObject/Generator.php",
            "line": 1182,
            "snippet": "eval(self::UNMOCKED_CLONE_METHOD_WITHOUT_RETURN_TYPE_TRAIT);",
            "confidence": "medium"
        },
        {
            "pattern": "eval_call",
            "kind": "builtin",
            "file": "application/svg-sanitizer/includes/phpunit/phpunit/src/Framework/MockObject/MockTrait.php",
            "line": 38,
            "snippet": "eval($this->classCode);",
            "confidence": "medium"
        },
        {
            "pattern": "eval_call",
            "kind": "builtin",
            "file": "application/svg-sanitizer/includes/phpunit/phpunit/src/Framework/MockObject/MockClass.php",
            "line": 45,
            "snippet": "eval($this->classCode);",
            "confidence": "medium"
        }
    ],
    "resolved_sha": "91df8b25be7e4cb134035ccd0fa08cc6887e78db"
}

SVN committers (3)

Accounts with actual commit access to file-manager-advanced on plugins.svn.wordpress.org, reconstructed from svn log. This is the list that matters for ownership changes — not the readme contributors.

Committer	Member since	Commits	First commit	Latest commit
modalweb	2017-06-16	130	2017-11-19 · r1770587	2024-12-01 · r3200092
WPExperts.io	2016-03-28	70	2024-12-07 · r3204159	2026-03-18 · r3485502
plugin-master	2007-03-09	1	2017-06-23 · r1684384	2017-06-23 · r1684384

Readme contributors (2)

Names the plugin's readme declares as contributors. A soft signal — anyone can be listed. The SVN access column is the ground-truth cross-reference: does this contributor actually commit code?

Contributor	Member since	SVN access	Status
WPExperts.io	2016-03-28	70 commits	Active
Saad Iqbal	2014-12-28	—	Active

Versions (23 most recent)

Version	Released	Download
5.4.11	2026-03-18 · 2mo ago	zip
5.4.10	2026-03-11 · 2mo ago	zip
5.4.8	2026-02-03 · 3mo ago	zip
5.4.7	2025-12-12 · 5mo ago	zip
5.4.6	2025-11-17 · 6mo ago	zip
5.4.5	2025-10-27 · 6mo ago	zip
5.4.4	2025-09-29 · 7mo ago	zip
5.4.3	2025-09-17 · 8mo ago	zip
5.4.2	2025-08-26 · 8mo ago	zip
5.4.1	2025-08-18 · 9mo ago	zip
5.4.0	2025-07-31 · 9mo ago	zip
5.3.6	2025-07-11 · 10mo ago	zip
5.3.5	2025-06-17 · 11mo ago	zip
5.3.4	2025-06-03 · 11mo ago	zip
5.3.3	2025-05-27 · 12mo ago	zip
5.3.2	2025-05-14 · 1y ago	zip
5.3.1	2025-05-05 · 1y ago	zip
5.3.0	2025-04-14 · 1y ago	zip
5.2.14	2025-01-15 · 1y ago	zip
5.2.13	2024-12-07 · 1y ago	zip
5.0	2022-11-27 · 3y ago	zip
4.1.5	2022-11-27 · 3y ago	zip
4.1.6	2022-10-25 · 3y ago	zip

Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution

Alerts (0)

SVN committers (3)

Readme contributors (2)

Versions (23 most recent)