3 matches found
WordPress Bit File Manager plugin <= 6.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Uploads vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting via SVG File Uploads vulnerability discovered by TANG Cheuk Hei siunam in WordPress Plugin Bit File Manager versions = 6.7...
CVE-2025-1725 Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Uploads
The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.7 due to insufficient input sanitization and output escaping. This makes it...
CVE-2025-1725
CVE-2025-1725 concerns the WordPress Bit File Manager plugin, vulnerable to a Stored Cross-Site Scripting (XSS) via SVG uploads in all versions up to and including 6.7. The root cause is insufficient input sanitization and output escaping during SVG file handling. Exploitation requires authentica...