Update the WordPress WPIDE – File Manager & Code Editor plugin to the latest available version (at least 3.0).
Brandon Roldan discovered and reported this Directory Traversal vulnerability in WordPress WPIDE – File Manager & Code Editor Plugin. This could allow a malicious actor to see all files in a given directory or determine if certain files/directories exist in given folder. This can be used to exploit other weaknesses in the system This vulnerability has been fixed in version 3.0.
Authenticated Arbitrary File Edit/Upload vulnerability
Authenticated Local File Inclusion (LFI) vulnerability