WordPress Bit File Manager 6.5.5 Race Condition / Remote Code Execution

WordPress Bit File Manager plugin versions 6.0 through 6.5.5 suffer from a remote code execution vulnerability via a race condition...

WordPress File Manager Plugin < 7.2.8 Missing Authorization Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:webdesi9:filemanager"; if description...

WordPress File Manager Plugin < 3.0 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:webdesi9:filemanager"; if description...

WordPress File Manager Plugin < 7.1 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:webdesi9:filemanager"; if description...

WordPress File Manager Plugin < 6.5 Information Disclosure Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:webdesi9:filemanager"; if description...

WordPress File Manager Plugin < 5.2 Multiple SQLi Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:webdesi9:filemanager"; if description...

WordPress File Manager Plugin < 7.2.5 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:webdesi9:filemanager"; if description...

CVE-2022-40490

Tiny File Manager v2.4.7 and below was discovered to contain a Cross Site Scripting XSS vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the name of an uploaded or already existing file...

CVE-2022-40916

Tiny File Manager v2.4.7 and below is vulnerable to session fixation...

CVE-2022-40490

Tiny File Manager v2.4.7 and below was discovered to contain a Cross Site Scripting XSS vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the name of an uploaded or already existing file...

CVE-2022-40490

Tiny File Manager v2.4.7 and below was discovered to contain a Cross Site Scripting XSS vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the name of an uploaded or already existing file...

CVE-2022-40916

Tiny File Manager v2.4.7 and below is vulnerable to session fixation...

CVE-2022-40916

Tiny File Manager v2.4.7 and below is vulnerable to session fixation...

CVE-2021-4350

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated HTML Injection in versions up to, and including, 18.2. This is due to lacking authentication protections on the wpfmsendfileinemail AJAX action. This makes it possible for unauthenticated attackers to send emails usin...

CVE-2021-4368

The Frontend File Manager plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 18.2. This is due to lacking capability checks and a security nonce, all on the wpfmsavesettings AJAX action. This makes it possible for subscriber-level attackers to ed...

CVE-2022-40916

Tiny File Manager v2.4.7 and below is vulnerable to session fixation...

CVE-2022-40490

Tiny File Manager v2.4.7 and below was discovered to contain a Cross Site Scripting XSS vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the name of an uploaded or already existing file...

CVE-2022-40916

Tiny File Manager v2.4.7 and below is vulnerable to session fixation...

PT-2025-5834 · Unknown · Tiny File Manager

Name of the Vulnerable Software and Affected Versions: Tiny File Manager versions 2.4.7 and below Description: The issue concerns session fixation. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where thi...

Tiny File Manager 跨站脚本漏洞

Tiny File Manager is a web-based open source file manager from the individual developer Prasath Mani. A security vulnerability exists in Tiny File Manager version v2.4.7 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary code by injecting a specially crafted...