CVE-2025-27358

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Code Injection.This issue affects Frontend File Manager: from n/a through = 23.6...

CVE-2025-27358

CVE-2025-27358 is a Content Injection (XSS) vulnerability affecting the WordPress plugin “Frontend File Manager” up to version 23.2. The issue arises from improper neutralization of script-related HTML tags in the web page, enabling code injection. Public details in the initial data indicate affe...

CVE-2025-27358 WordPress Frontend File Manager plugin <= 23.6 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Code Injection.This issue affects Frontend File Manager: from n/a through = 23.6...

CVE-2025-27358 WordPress Frontend File Manager plugin <= 23.6 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Code Injection.This issue affects Frontend File Manager: from n/a through = 23.6...

The vulnerability of the Command Execution function in the file manager for managing files and directories in the File Browser allows a hacker to gain access to read and modify files.

The vulnerability of the Command Execution function in the file manager and File Browser web manager is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read and modify files...

WordPress Frontend File Manager Plugin <= 23.2 is vulnerable to Content Injection

Software Frontend File Manager Type Plugin Vulnerable versions = 23.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Content Injection CVE CVE-2025-27358 Patch priority Low CVSS severity Low 4.6 Developer Claim ownership PSID 0793a304d7eb Credits PARKGyunDeuk Required privileg...

WordPress plugin Frontend File Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2025-27875 · Unknown · Mndpsingh287 Frontend File Manager

Name of the Vulnerable Software and Affected Versions: mndpsingh287 Frontend File Manager versions n/d through 23.2 Description: The issue is related to improper neutralization of script-related HTML tags in a web page, which allows code injection. This is a basic XSS vulnerability...

CVE-2025-53260

Unrestricted Upload of File with Dangerous Type vulnerability in getredhawkstudio File Manager Plugin For Wordpress file-manager-plugin-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects File Manager Plugin For Wordpress: from n/a through = 7.5...

CVE-2025-53260 WordPress File Manager Plugin For Wordpress plugin <= 7.5 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in getredhawkstudio File Manager Plugin For Wordpress file-manager-plugin-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects File Manager Plugin For Wordpress: from n/a through = 7.5...

CVE-2025-53260 WordPress File Manager Plugin For Wordpress plugin <= 7.5 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in getredhawkstudio File Manager Plugin For Wordpress file-manager-plugin-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects File Manager Plugin For Wordpress: from n/a through = 7.5...

CVE-2025-53260

CVE-2025-53260 arises from an Unrestricted Upload of File with Dangerous Type in the getredhawkstudio File Manager Plugin for WordPress. Affected Software: File Manager Plugin for WordPress versions up to and including 7.5. Impact: allows uploading a Web Shell to the web server, enabling potentia...

WordPress plugin File Manager Plugin For Wordpress 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists in...

PT-2025-27167 · WordPress · File Manager Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: File Manager Plugin For Wordpress versions prior to 7.5 Description: The issue allows attackers to upload dangerous files, including web shells, to a web server, compromising its security. This is due to an Unrestricted Upload of File with...

ALSA-2025:9420 Moderate: libarchive security update

The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...

CVE-2025-52921

In Innoshop through 0.4.1, an authenticated attacker could exploit the File Manager functions in the admin panel to achieve code execution on the server, by uploading a crafted file and then renaming it to have a .php extension by using the Rename Function. This bypasses the initial check that...

CVE-2025-52710

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ninja Team File Manager Pro filester allows Stored XSS.This issue affects File Manager Pro: from n/a through = 1.8.8...

CVE-2025-52922

Innoshop through 0.4.1 allows directory traversal via FileManager API endpoints. An authenticated attacker with access to the admin panel could abuse this to: 1 fully map the filesystem structure via the /api/filemanager/files?basefolder= endpoint, 2 create arbitrary directories on the server via...

InnoShop 安全漏洞

InnoShop is an open source e-commerce system based on Laravel 11 by InnoShop Open Source. A security vulnerability exists in InnoShop 0.4.1 and earlier versions, which stems from a flaw in the file manager functionality of the admin panel that could lead to code execution...

CVE-2025-52921

In Innoshop through 0.4.1, an authenticated attacker could exploit the File Manager functions in the admin panel to achieve code execution on the server, by uploading a crafted file and then renaming it to have a .php extension by using the Rename Function. This bypasses the initial check that...