Description The plugin does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowed to modify the sites files.
1. Go to settings page (/wordpress/wp-admin/admin.php?page=file-manager-settings).
2. In the βRoot Folder Pathβ setting, change directory to /home or you can use Path Traversal /var/www/html/../../../home or /var/www/html/wordpress/../../../../etc.
3. Then navigate to the page of plugin (/wordpress/wp-admin/admin.php?page=file-manager#elf_l1_Lw).
4. You will be able to list the files/folders outside of the WordPress root directory.