CVE-2025-4970

🗓️ 12 Dec 2025 07:20:34Reported by WordfenceType

Stored cross-site scripting via vector graphics upload in BSK PDF Manager WordPress up to version three point seven one; administrator access required.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2025-4970	12 Dec 202508:09	–	circl
CNNVD	WordPress plugin BSK PDF Manager 跨站脚本漏洞	12 Dec 202500:00	–	cnnvd
Cvelist	CVE-2025-4970 BSK PDF Manager <= 3.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload	12 Dec 202507:20	–	cvelist
EUVD	EUVD-2025-203053	12 Dec 202507:20	–	euvd
NVD	CVE-2025-4970	12 Dec 202508:15	–	nvd
Patchstack	WordPress BSK PDF Manager plugin <= 3.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload vulnerability	12 Dec 202500:15	–	patchstack
Positive Technologies	PT-2025-30401	22 Jul 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-4970	13 Dec 202508:07	–	redhatcve
Vulnrichment	CVE-2025-4970 BSK PDF Manager <= 3.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload	12 Dec 202507:20	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (December 8, 2025 to December 14, 2025)	19 Dec 202517:57	–	wordfence

Vulners

Node

bannersky bsk_pdf_managerRange≤3.7.1wordpress

[
  {
    "vendor": "bannersky",
    "product": "BSK PDF Manager",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "3.7.1",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
wordpress	www.wordpress.org/plugins/bsk-pdf-manager/
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/3cf1983b-4cb7-4738-9f19-2c530a9939e0
plugins	www.plugins.trac.wordpress.org/changeset

15 Apr 2026 00:35Current

4.7Medium risk

Vulners AI Score4.7

CVSS 3.15.5

EPSS0.00006

SSVC

CWE-79