Every programmatical system; no matter what it is; has vulnerabilities. The only solution to keep your apps or websites safe, is to keep them updated and have a security firewall plugin.
Recently, A Persistent Cross-Site Scripting Vulnerability has been discovered in WordPress Plugin WP File Manager v6.8
If you have version 6.8 of this plugin, you have to update it version 6.9 in order to keep your website safe.
Don’t be late, update to keep your website info safe.