A medium-risk security flaw has been patched in WordPress File Manager 8.4.2 and other plugins using outdated versions of the elFinder file management library (2.1.64 and earlier).
The bug, known as a Directory Traversal vulnerability, could let unauthenticated users delete any file on a site’s server. The exploit works if the site owner has given users access to a file manager tool without proper restrictions.
Affected plugins include:
- Advanced File Manager – Ultimate WP File Manager and Document Library Solution (patched in latest release)
- File Manager Pro – Filester (patched in version 1.8.9)
Developers have fixed the flaw by improving input validation to block malicious file path requests.
Security experts advise site owners to update to the latest plugin versions and ensure file managers are not accessible to the public.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
