Title: elFinder Plugin Vulnerability … Version issue? Last modified: August 12, 2025 --- # elFinder Plugin Vulnerability … Version issue? * Resolved [dlmsontag](https://wordpress.org/support/users/dlmsontag/) * (@dlmsontag) * [9 months, 2 weeks ago](https://wordpress.org/support/topic/elfinder-plugin-vulnerability-version-issue/) * I got an email about this vulnerability ([https://www.wordfence.com/threat-intel/vulnerabilities/detail/multiple-elfinder-plugins-various-versions-directory-traversal-to-arbitrary-file-deletion](https://www.wordfence.com/threat-intel/vulnerabilities/detail/multiple-elfinder-plugins-various-versions-directory-traversal-to-arbitrary-file-deletion)). I checked the WP File Manager version and the most recent version is 8.0.2. Is there another plugin path for this plugin or was it an error in the version note on the WordFence page? According to my sites, version 8.0.2 is fully up to date. * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Felfinder-plugin-vulnerability-version-issue%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 3 replies - 1 through 3 (of 3 total) * Plugin Support [wfpeter](https://wordpress.org/support/users/wfpeter/) * (@wfpeter) * [9 months, 1 week ago](https://wordpress.org/support/topic/elfinder-plugin-vulnerability-version-issue/#post-18597560) * Hi [@dlmsontag](https://wordpress.org/support/users/dlmsontag/), * This was coming up because the free version is `8.0.2` as you rightly mention, and the issue was intended for the pro version `<=8.4.2`. The Threat Intelligence team are currently working on why the free version is showing as vulnerable, because we’re getting the correct result for `8.4.3` being patched on the pro version. Sometimes this can occur because of duplicate plugin slugs, but that doesn’t seem to be the case here. * Thanks for your report, Peter. - This reply was modified 9 months, 1 week ago by [wfpeter](https://wordpress.org/support/users/wfpeter/). Reason: Modified as the team are still looking into some potential issues * Plugin Support [wfpeter](https://wordpress.org/support/users/wfpeter/) * (@wfpeter) * [9 months, 1 week ago](https://wordpress.org/support/topic/elfinder-plugin-vulnerability-version-issue/#post-18597751) * Hi [@dlmsontag](https://wordpress.org/support/users/dlmsontag/), * The team have been working hard and the result should disappear from any sites with this scan result after running a new scan. To run a new scan to confirm, simply visit **Wordfence > Scan** and hit the blue “**START NEW SCAN**” button. * Thanks again, Peter. * Thread Starter [dlmsontag](https://wordpress.org/support/users/dlmsontag/) * (@dlmsontag) * [9 months, 1 week ago](https://wordpress.org/support/topic/elfinder-plugin-vulnerability-version-issue/#post-18597933) * Thanks for getting back to me. I tried a rescan but it still came back as a vulnerability– this time it was ‘critical’. WordFence recommended plugin removal, which I did. I don’t need it at the moment anyway, so I’ll worry about it more when I need files access (or just access direct through server). Maybe it won’t be an issue by then. Have a great day everyone! Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘elFinder Plugin Vulnerability … Version issue?’ is closed to new replies. * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865) * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/) * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq) * [Support Threads](https://wordpress.org/support/plugin/wordfence/) * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/) * 4 replies * 2 participants * Last reply from: [dlmsontag](https://wordpress.org/support/users/dlmsontag/) * Last activity: [9 months, 1 week ago](https://wordpress.org/support/topic/elfinder-plugin-vulnerability-version-issue/#post-18597933) * Status: resolved