InnoShop 安全漏洞

InnoShop is an open source e-commerce system based on Laravel 11 by InnoShop Open Source. A security vulnerability exists in Innoshop 0.4.1 and earlier versions, which stems from the presence of directory traversal in the FileManager API endpoint, which can lead to file system operations...

PT-2025-26592 · Innoshop · Innoshop

Name of the Vulnerable Software and Affected Versions: Innoshop versions 0.4.1 and earlier Description: The issue allows an authenticated attacker to achieve code execution on the server by exploiting the File Manager functions in the admin panel. This is done by uploading a crafted file and then...

CVE-2025-52921

Innoshop up to version 0.4.1 contains a server-side code execution flaw in the File Manager of the admin panel. An authenticated attacker can upload a crafted file and bypass the image-only check by renaming the file to a .php extension (renaming function), enabling a subsequent GET request to ex...

CVE-2025-52710

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ninja Team File Manager Pro filester allows Stored XSS.This issue affects File Manager Pro: from n/a through = 1.8.8...

CVE-2025-52710 WordPress File Manager Pro plugin <= 1.8.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ninja Team File Manager Pro filester allows Stored XSS.This issue affects File Manager Pro: from n/a through = 1.8.8...

CVE-2025-52710

CVE-2025-52710 affects WordPress plugin “File Manager Pro – Filester” (versions up to and including 1.8.8). The vulnerability is a stored Cross-Site Scripting (XSS) caused by improper neutralization of input during web page generation. Public references in the CVE records indicate a patch has bee...

CVE-2025-52710 WordPress File Manager Pro plugin <= 1.8.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ninja Team File Manager Pro allows Stored XSS. This issue affects File Manager Pro: from n/a through 1.8.8...

WordPress plugin File Manager Pro 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-26405 · Ninja Team · Ninja Team File Manager Pro

Name of the Vulnerable Software and Affected Versions: Ninja Team File Manager Pro versions 1.8.8 and earlier Description: The issue is related to improper neutralization of input during web page generation, which leads to a Cross-site Scripting XSS vulnerability, specifically Stored XSS. This...

CVE-2025-3234

The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.8.8. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on...

CVE-2025-3234

The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.8.8. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on...

CVE-2025-3234

CVE-2025-3234 affects the WordPress plugin File Manager Pro – Filester, vulnerable in all versions up to and including 1.8.8 due to missing file type validation. The issue allows authenticated attackers with Administrator-level access or higher to upload arbitrary files to the server, with the ex...

WordPress File Manager Pro – Filester plugin <= 1.8.8 - Authenticated (Administrator+) Arbitrary File Upload vulnerability

Authenticated Administrator+ Arbitrary File Upload vulnerability discovered by TANG Cheuk Hei siunam in WordPress Plugin File Manager Pro versions = 1.8.8...

PT-2025-25457 · WordPress · File Manager Pro – Filester

Name of the Vulnerable Software and Affected Versions: File Manager Pro – Filester plugin for WordPress versions 1.8.8 and earlier Description: The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation. This makes it possible...

WordPress plugin File Manager Pro – Filester 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin.... A code issue vulnerability exist...

WordPress Bit File Manager plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Bit File Manager plugin, which stems from insufficient input cleanup and escaping during SVG file uploads, and no...

CVE-2025-1725

The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.7 due to insufficient input sanitization and output escaping. This makes it...

Exploit for Unrestricted Upload of File with Dangerous Type in Tecrail Responsive_Filemanager

CVE 2022 46604 – Responsive File Manager ⚠️ Disclaimer...

CVE-2025-1725

The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.7 due to insufficient input sanitization and output escaping. This makes it...

CVE-2025-1725

CVE-2025-1725 concerns the WordPress Bit File Manager plugin, vulnerable to a Stored Cross-Site Scripting (XSS) via SVG uploads in all versions up to and including 6.7. The root cause is insufficient input sanitization and output escaping during SVG file handling. Exploitation requires authentica...