[Plugin: WordPress File Monitor] Creates Potential Security Vulnerability

This plugin creates no links to your theme folder. Sorry, but I believe you might be confusing it with your theme or another plugin.

Also of note, almost every theme is going to create a link into your themes folder, otherwise it can’t serve the stylesheet or images included with the theme. Unless you’re running a black text on white background only website ??

The plugin does add a CSS sheet (which is actually a php file) in its directory but that is necessary to complete the security scan.

Side note: in the future if you believe you have found a security vulnerability for a piece of software you should contact the developer privately and give them adequate time to respond and work on a fix before posting it publicly. The plugin contains links to my website and there is a easily findable link to my contact form. So you should have been able to easily contact me. ??

/wp-content/themes/[theme used]

As Matt mentioned, it looks like it came from your theme. There are lots of themes that may seem legit, but if you scan themes before activating you may find encrypted codes, which may contain malicious codes causing a security concern, or at the very least containing links to bad sites.

As for the plugin – thanks Matt! I know it’s working because it sent an email after I did an upgrade of another plugin. ??

I did find an instance where the plugin was causing a PHP error if you tried to hit its scanning URL without some variables loaded in the URL. This has been fixed in the version that should be available for download any moment now.