Cybersecurity Alert | August 17, 2025
A serious security vulnerability has been discovered in three popular WordPress file management plugins, putting over 1.3 million websites at risk of file deletion attacks by malicious actors. Security firm Wordfence issued an advisory warning website administrators of the immediate need to update their plugins to prevent potential exploitation.
The Vulnerability Explained
The security flaw stems from outdated versions of the elFinder file manager component, specifically versions 2.1.64 and earlier. The vulnerability is classified as a Directory Traversal attack, which allows cybercriminals to manipulate file paths and access directories outside their intended scope. 
Attackers can exploit this weakness by sending specially crafted requests containing path traversal sequences such as “../../../../” to the vulnerable file managers. Once successful, these attacks enable unauthorized deletion of arbitrary files anywhere on the affected server.
Affected WordPress Plugins
Three widely-used WordPress plugins have been identified as vulnerable:
File Manager WordPress Plugin
- Active installations: 1 million websites
- Most popular of the affected plugins
Advanced File Manager – Ultimate WP File Manager And Document Library Solution
- Active installations: 200,000+ websites
- Enterprise-focused file management solution
File Manager Pro – Filester
- Active installations: 100,000+ websites
- Premium file management plugin
Combined, these three plugins are installed across more than 1.3 million WordPress websites globally, representing a significant portion of the WordPress ecosystem.
Exploitation Conditions and Risk Assessment
While the vulnerability technically allows unauthenticated attacks, exploitation requires specific conditions to be met. The file manager must be publicly accessible for unauthenticated attacks to succeed. However, security researchers note that two of the affected plugins indicate in their changelogs that attackers would need at least subscriber-level credentials to exploit the vulnerability.
This requirement somewhat limits the attack surface, but subscriber accounts represent the lowest level of website access and are often easier for attackers to obtain through social engineering or credential stuffing attacks.
Potential Impact
Successful exploitation of this vulnerability could result in severe consequences for affected websites:
- Critical file deletion: Attackers can remove essential website files, including core WordPress files, themes, and plugins
- Website disruption: Deletion of critical files could render websites completely non-functional
- Data loss: Important user data, content, and configuration files could be permanently deleted
- Business continuity impact: E-commerce sites and business websites could face significant downtime and revenue loss
Immediate Response Required
Cybersecurity experts emphasize the urgent nature of this vulnerability. Website administrators using any of the three affected plugins must take immediate action:
- Update immediately: Install the latest versions of affected plugins
- Audit access controls: Review who has access to file management features
- Monitor for suspicious activity: Check server logs for unusual file access patterns
- Backup verification: Ensure recent backups are available and tested
Industry Context
This vulnerability highlights ongoing security challenges within the WordPress ecosystem, which powers over 40% of all websites globally. File management plugins, due to their privileged access to server filesystems, represent particularly attractive targets for cybercriminals.
The incident underscores the critical importance of keeping WordPress plugins updated and regularly auditing third-party components for security vulnerabilities. As WordPress continues to dominate the web content management space, such vulnerabilities can have far-reaching implications across the internet.
Website owners and administrators are urged to prioritize this security update to protect their sites and users from potential attacks.
