diff --git a/application/src/main/java/run/halo/app/core/extension/reconciler/PluginReconciler.java b/application/src/main/java/run/halo/app/core/extension/reconciler/PluginReconciler.java
index 1d079137a..9744c7930 100644
--- a/application/src/main/java/run/halo/app/core/extension/reconciler/PluginReconciler.java
+++ b/application/src/main/java/run/halo/app/core/extension/reconciler/PluginReconciler.java
@@ -55,6 +55,7 @@ import run.halo.app.extension.controller.Reconciler;
 import run.halo.app.extension.controller.Reconciler.Request;
 import run.halo.app.infra.Condition;
 import run.halo.app.infra.ConditionStatus;
+import run.halo.app.infra.utils.FileUtils;
 import run.halo.app.infra.utils.JsonUtils;
 import run.halo.app.infra.utils.PathUtils;
 import run.halo.app.infra.utils.YamlUnstructuredLoader;
@@ -391,9 +392,11 @@ public class PluginReconciler implements Reconciler<Request> {
                 return null;
             });
         } catch (Exception e) {
-            haloPluginManager.stopPlugin(name);
             PluginWrapper pluginWrapper = haloPluginManager.getPlugin(name);
-            pluginWrapper.setPluginState(PluginState.FAILED);
+            if (pluginWrapper != null) {
+                haloPluginManager.stopPlugin(name);
+                pluginWrapper.setPluginState(PluginState.FAILED);
+            }
             throw e;
         }
     }
@@ -614,7 +617,11 @@ public class PluginReconciler implements Reconciler<Request> {
             }
             return pluginPath.toString();
         }
-        return PathUtils.combinePath(pluginsRoot.toString(), pluginPath.toString());
+        var result = pluginsRoot.resolve(pluginPath);
+        if (!isDevelopmentMode(name)) {
+            FileUtils.checkDirectoryTraversal(pluginsRoot, result);
+        }
+        return result.toString();
     }
 
     boolean shouldDeleteFile(String newPluginPath, URI oldPluginLocation) {