Support » Plugin: File Manager » wordfence security plugin reporting issues with plugin (again)

  • Resolved snioefkhjw

    (@snioefkhjw)



    A client’s site is running WordPress 4.9.6 and WP File Manager 2.6. A recent scan by the Wordfence security plugin warned that the following files within the WP File Manager plugin were modified and different than the files distributed with the plugin through WordPress.org.

    * Modified plugin file: wp-content/plugins/wp-file-manager/lib/js/elfinder.full.js
    * Modified plugin file: wp-content/plugins/wp-file-manager/lib/js/elfinder.min.js
    * Modified plugin file: wp-content/plugins/wp-file-manager/lib/js/i18n/elfinder.bg.js
    * Modified plugin file: wp-content/plugins/wp-file-manager/lib/js/i18n/elfinder.si.js
    * Modified plugin file: wp-content/plugins/wp-file-manager/lib/js/proxy/elFinderSupportVer1.js
    * Modified plugin file: wp-content/plugins/wp-file-manager/lib/php/elFinderPlugin.php
    * Modified plugin file: wp-content/plugins/wp-file-manager/lib/php/elFinderVolumeDriver.class.php
    * Modified plugin file: wp-content/plugins/wp-file-manager/lib/php/elFinderVolumeLocalFileSystem.class.php
    * Modified plugin file: wp-content/plugins/wp-file-manager/lib/php/plugins/AutoResize/plugin.php
    * Modified plugin file: wp-content/plugins/wp-file-manager/lib/php/plugins/AutoRotate/plugin.php
    * Modified plugin file: wp-content/plugins/wp-file-manager/lib/php/plugins/Sanitizer/plugin.php
    * Modified plugin file: wp-content/plugins/wp-file-manager/lib/php/plugins/Watermark/plugin.php

    Why are these files being modified/changed from the files that are distributed through WordPress.org? Have proper release procedures been followed when releasing updates to the plugin?

    This is the 2nd time this sort of thing has occurred in the last few months and I am questioning your commitment to following proper release procedures as well as security practices.

    Please explain.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author mndpsingh287

    (@mndpsingh287)

    Hey @snioefkhjw,

    There are some major bugs which are effecting a lot of users so we have fixed them making changes in above files. We are constantly getting feedback from a lot of users, we are trying to improve the plugin for everybody. We will launch plugin update soon with more stability, security and more features. It doesn’t look good if we trying to raise plugin version every week after fixing some issues. We are taking proper security precautions for all users.

    Thanks,
    Mandeep

    Plugin Author mndpsingh287

    (@mndpsingh287)

    We have raised plugin version so you will not see these issues again on wordfence.

    Thanks,
    Mandeep

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.