CVE-2025-14632

The Filr – Secure document library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via unrestricted file upload in all versions up to, and including, 1.2.11 due to insufficient file type restrictions in the FILRUploader class. This makes it possible for authenticated attackers,...

CVE-2025-14632

CVE-2025-14632 refers to the WordPress plugin Filr – Secure document library (versions up to and including 1.2.11). It is vulnerable to Stored Cross-Site Scripting (Stored XSS) via unload restrictions in the file upload flow, caused by the unrestricted HTML upload path in the FILR_Uploader class....

CVE-2025-14632

The Filr – Secure document library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via unrestricted file upload in all versions up to, and including, 1.2.11 due to insufficient file type restrictions in the FILRUploader class. This makes it possible for authenticated attackers,...

EUVD-2022-25058

Malicious code in bioql PyPI...

CVE-2022-1777

The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow them to upload...

CVE-2023-5762

The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE Remote Code Execution vulnerability, which allows the operating system to execute commands and fully compromise the server on behalf of a user with Author-level privileges...

PT-2023-32310 · WordPress · Filr

Name of the Vulnerable Software and Affected Versions: Filr WordPress plugin version 1.2.3.6 and earlier Description: The issue allows for Remote Code Execution RCE, enabling the operating system to execute commands and fully compromise the server on behalf of a user with Author-level privileges...

CVE-2022-1777

The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow them to upload...

CVE-2022-1777

The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow them to upload...

Code injection

The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow them to upload...

CVE-2022-1777

CVE-2022-1777 affects the WordPress Filr plugin (prior to 1.2.2.1). Two AJAX actions (upload_file, delete_file) lack proper authorization checks; nonce-based protection is exposed via dashboard, enabling any authenticated user (e.g., subscriber) to upload arbitrary HTML files and delete files. Re...