Report on the vulnerable WordPress plugin, January 2025

An unauthenticated attack on the website corrupted access to our file system. The WP File Manager plugin version 7.2.1 became vulnerable. This was fixed in version 7.2.2, the website is running version 8.0.1 as of January 29th—more details in the article below.

If future versions of WP File Manager become vulnerable, it is advised that we switch to a different file manager. Since this process can be tedious and difficult, we decided to hold off on making any major changes unless the vulnerability returned.