Update the WordPress Library File Manager plugin to the latest available version (at least 5.2.3).
Luan Pedersni discovered and reported this Broken Access Control vulnerability in WordPress File Manager Plugin. This vulnerability has been fixed in version 5.2.3.
Reflected CrossSite Scripting (XSS) vulnerability
Authenticated CrossSite Scripting (XSS) vulnerability
Information Disclosure vulnerability