CVE-2025-1725 Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Uploads

The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.7 due to insufficient input sanitization and output escaping. This makes it...

CVE-2025-1725 Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Uploads

The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.7 due to insufficient input sanitization and output escaping. This makes it...

PT-2025-23590 · Unknown · Bit File Manager

Name of the Vulnerable Software and Affected Versions: The Bit File Manager versions up to, and including, 6.7 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated attackers with...

WordPress plugin Bit File Manager 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Bit File Manager plugin, which stems from insufficient input cleanup and escaping during SVG file uploads, and no...

CVE-2025-5420

CVE-2025-5420 affects juzaweb CMS up to version 3.4.2. The vulnerability is an XSS in the Upload parameter of /admin-cp/file-manager/upload on the Profile Page due to improper input handling. It can be exploited remotely and the exploit has been disclosed publicly. Multiple sources confirm the is...

Juzaweb CMS 代码注入漏洞

Juzaweb CMS is a content management system based on Laravel framework and Web platform developed by Juzaweb individual developers. A code injection vulnerability exists in Juzaweb CMS 3.4.2 and earlier versions, which originates from a cross-site scripting attack on the parameter Upload in the fi...

Exploit for CVE-2025-24203

iDevice? A major vulnerability discovered by Ian Beer based o...

CVE-2024-42630

FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/?/plugin/filemanager/createfile...

CVE-2024-7660

A vulnerability has been found in SourceCodester File Manager App 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Add File Handler. The manipulation of the argument File Title/Uploaded By leads to cross site scripting. The attack can ...

CVE-2024-2849

A vulnerability classified as critical was found in SourceCodester Simple File Manager 1.0. This vulnerability affects unknown code. The manipulation of the argument photo leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be...

CVE-2024-25903

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in N-Media Frontend File Manager.This issue affects Frontend File Manager: from n/a through 22.7...

CVE-2024-29024

JumpServer is an open source bastion host and an operation and maintenance security audit system. An authenticated user can exploit the Insecure Direct Object Reference IDOR vulnerability in the file manager's bulk transfer by manipulating job IDs to upload malicious files, potentially compromisi...

CVE-2024-46085

FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/?/plugin/filemanager/rename...

CVE-2024-46362

FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/?/plugin/filemanager/createdirectory...

CVE-2024-27625

CMS Made Simple Version 2.2.19 is vulnerable to Cross Site Scripting XSS. This vulnerability resides in the File Manager module of the admin panel. Specifically, the issue arises due to inadequate sanitization of user input in the "New directory" field...

CVE-2024-46086

FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/?/plugin/filemanager/delete/123...

CVE-2024-8743

The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 6.5.7. This is due to a lack of proper checks on allowed file types. This makes it possible for...

CVE-2024-53582

An issue found in the Copy and View functions in the File Manager component of OpenPanel v0.3.4 allows attackers to execute a directory traversal via a crafted HTTP request...

CVE-2024-53537

An issue in OpenPanel v0.3.4 to v0.2.1 allows attackers to execute a directory traversal in File Actions of File Manager...

CVE-2024-12331

The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxinstallplugin' function in all versions up to, and including, 1.8.6. This makes it possible for authenticated attackers, with Subscriber-level acce...