Critical security vulnerability version 8.0.2

Hello everyone,

The security issue referenced here — CVE-2025-0818 — has already been addressed in WP File Manager Pro version 8.4.3.

Points to be noted: –

• This vulnerability applies only to the paid (Pro) version because it is related to the shortcode functionality.
• The free version works only on the admin side and is not affected, so if you are using the free version 8.0.2, you don’t need to take any action at this time.
• If you are using WP File Manager Pro version 8.4.2 or earlier, please update to version 8.4.3.

We work closely with Wordfence and take every reported issue seriously, addressing them as they arise. Please be assured that if we come across any new issues in the future, we will resolve them promptly. For now, the issue you raised is already fixed through the latest update.

For reference:

• Wordfence Vulnerability Report (Direct)

If you have any questions or need help updating, feel free to reach out to our support team — we’re here to assist.

Best,
WP File Manager Support Team

Thanks for the update – useful information

(Would have been useful for WordFence to have been more specific)

This issue was resolved immediately within a few hours.
Reference Thread – https://ww.wp.xz.cn/support/topic/elfinder-plugin-vulnerability-version-issue/
We are marking this as resolved.

If you have any other questions, feel free to write to us in the forum.

@filemanagersupport
Kinsta.com hosting is still showing the Free version as vulnerable.
Maybe just release a small update to 8.0.3 just to get them to not show it as vulnerable any more?
Had a client ask about it.

See: