CVE-2024-8743

The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 6.5.7. This is due to a lack of proper checks on allowed file types. This makes it possible for...

CVE-2024-8743 Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.5.7 - Authenticated (Subscriber+) Limited JavaScript File Upload

The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 6.5.7. This is due to a lack of proper checks on allowed file types. This makes it possible for...

CVE-2024-8743

The Bit File Manager for WordPress plugin is vulnerable to Limited JavaScript File Upload in all versions up to and including 6.5.7 due to insufficient file-type validation. Authenticated attackers with Subscriber-level access (and above) can upload .css/.js files, enabling Stored Cross-Site Scri...

WordPress plugin Bit File Manager 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

PT-2024-39220 · Unknown · Bit File Manager

Name of the Vulnerable Software and Affected Versions: The Bit File Manager versions up to, and including, 6.5.7 Description: The issue is due to a lack of proper checks on allowed file types, making it possible for authenticated attackers with Subscriber-level access and above, and granted...

CVE-2024-7770

The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in all versions up to, and including, 6.5.5. This makes it possible for authenticated...

CVE-2024-7770

The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in all versions up to, and including, 6.5.5. This makes it possible for authenticated...

CVE-2024-7770 Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.5.5 - Authenticated (Subscriber+) Arbitrary File Upload

The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in all versions up to, and including, 6.5.5. This makes it possible for authenticated...

CVE-2024-7770

CVE-2024-7770 affects Bit File Manager for WordPress (

WordPress Bit File Manager plugin <= 6.5.5 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by TANG Cheuk Hei siunam in WordPress Plugin Bit File Manager versions = 6.5.5...

WordPress Bit File Manager Plugin <= 6.5.5 is vulnerable to Arbitrary File Upload

Software Bit File Manager Type Plugin Vulnerable versions = 6.5.5 Fixed in 6.5.6 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7770 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 4d22ee982f55 Credits TANG Cheuk Hei siunam Required privileg...

WordPress plugin Bit File Manager 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

CVE-2024-7627

The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0 to 6.5.5 via the 'checkSyntax' function. This is due to writing a temporary file to a publicly accessible directory before performing file validation. This makes it possible for unauthenticated...

CVE-2024-7627

The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0 to 6.5.5 via the 'checkSyntax' function. This is due to writing a temporary file to a publicly accessible directory before performing file validation. This makes it possible for unauthenticated...

CVE-2024-7627

CVE-2024-7627 affects the WordPress Bit File Manager plugin (versions 6.0–6.5.5). The vulnerability stems from the checkSyntax function writing a temporary PHP file into a publicly accessible directory before validating input, enabling unauthenticated attackers to execute code on the server when ...

CVE-2024-7627 Bit File Manager 6.0 - 6.5.5 - Unauthenticated Remote Code Execution via Race Condition

The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0 to 6.5.5 via the 'checkSyntax' function. This is due to writing a temporary file to a publicly accessible directory before performing file validation. This makes it possible for unauthenticated...

WordPress plugin Bit File Manager 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

WordPress Bit File Manager plugin 6.0-6.5.5 - Unauthenticated Remote Code Execution via Race Condition vulnerability

Unauthenticated Remote Code Execution via Race Condition vulnerability discovered by TANG Cheuk Hei siunam in WordPress Plugin Bit File Manager versions 6.0-6.5.5...

20,000 WordPress Sites Affected by Remote Code Execution Vulnerability in Bit File Manager WordPress Plugin

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Through October 14th, researchers can earn up to $31,200, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, an...

PT-2024-38462 · WordPress · Bit File Manager

Name of the Vulnerable Software and Affected Versions: Bit File Manager plugin for WordPress versions 6.0 through 6.5.5 Description: The issue is related to Remote Code Execution. This occurs due to the plugin writing a temporary file to a publicly accessible directory before performing file...