Скачать или смотреть Popular WordPress File Manager Plugins Contain Vulnerable jQuery UI Library

The WP Security Minute for March 5, 2025.

Are you using a WordPress file manager plugin on a website? If so, there is a good chance you are using a plugin that is known to be insecure.

Last week WordPress security provider Plugin Vulnerabilities warned that three of the most popular file manager plugins contained a known vulnerable version of the jQuery UI library. There inclusion of that library was in part caused by the developers of the plugins failing to update the file manager library that is at the heart of their plugins for over a year.

The versions of jQuery UI being used in those plugins had been disclosed to be vulnerable by the developer of jQuery UI in October 2021.

The developer of the most popular of the plugins, File Manager, which has one million installs, was publicly warned about the inclusion of the vulnerable library in April 2023. They responded at the time that they would "release an update within a few days" to address that, but they didn't. They were publicly warned again in June of last year and responded they "will address it as soon as possible."

So far, that plugin, and the other two, Advanced File Manager and Filester, haven't had the library updated despite being warned over a week ago about the problem.

The inclusion of the vulnerable library was originally identified through the Plugin Security Scorecard tool.

More information can be found in a couple of blog posts from Plugin Vulnerabilities https://www.pluginvulnerabilities.com... and https://www.pluginvulnerabilities.com...