VYPR
Vendor

Filemanagerpro

Products
7
CVEs
36
Across products
36
Status
Private

Products

7

Recent CVEs

36
View all 36 CVEs →
  • CVE-2023-6825CriMar 13, 2024
    risk 0.70cvss 9.9epss 0.06

    The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 (free version) and 8.3.4 (Pro version) via the target parameter in the mk_file_folder_manager_action_callback_shortcode function.…

  • CVE-2026-39640CriApr 8, 2026
    risk 0.62cvss 9.6epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in mndpsingh287 Theme Editor theme-editor allows Code Injection.This issue affects Theme Editor: from n/a through <= 3.2.

  • CVE-2023-6846HigFeb 5, 2024
    risk 0.58cvss 8.8epss 0.16

    The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mk_check_filemanager_php_syntax AJAX function. This makes it possible for authenticated attackers, with subscriber access and above, to execute…

  • CVE-2023-50700HigJul 26, 2024
    risk 0.51cvss 7.8epss 0.00

    Insecure Permissions vulnerability in Deepin dde-file-manager 6.0.54 and earlier allows privileged operations to be called by unprivileged users via the D-Bus method.

  • CVE-2024-1538HigMar 21, 2024
    risk 0.51cvss 8.8epss 0.11

    The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.4. This is due to missing or incorrect nonce validation on the wp_file_manager page that includes files through the 'lang' parameter. This makes it…

  • CVE-2025-30834HigApr 1, 2025
    risk 0.49cvss 7.5epss 0.00

    Path Traversal: '.../...//' vulnerability in Bit Apps Bit Assist bit-assist allows Path Traversal.This issue affects Bit Assist: from n/a through <= 1.5.4.

  • CVE-2025-68008HigJan 22, 2026
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mndpsingh287 WP Mail wp-mail allows Reflected XSS.This issue affects WP Mail: from n/a through <= 1.3.

  • CVE-2025-23536HigMar 3, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mndpsingh287 Track Page Scroll track-page-scroll allows Reflected XSS.This issue affects Track Page Scroll: from n/a through <= 1.0.2.

  • CVE-2024-0761HigFeb 5, 2024
    risk 0.46cvss 8.1epss 0.01

    The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated…

  • CVE-2025-58822MedSep 5, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mndpsingh287 WP Mail wp-mail allows DOM-Based XSS.This issue affects WP Mail: from n/a through <= 1.3.

  • CVE-2023-7015MedMar 13, 2024
    risk 0.40cvss 6.1epss 0.00

    The File Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tb' parameter in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject…

  • CVE-2025-52710MedJun 20, 2025
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ninja Team File Manager Pro filester allows Stored XSS.This issue affects File Manager Pro: from n/a through <= 1.8.8.

  • CVE-2023-51371MedDec 29, 2023
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support…

  • CVE-2024-2654MedApr 9, 2024
    risk 0.37cvss 6.8epss 0.01

    The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fm_download_backup function. This makes it possible for authenticated attackers, with administrator access and above, to read the contents of arbitrary…

  • CVE-2022-47599MedDec 20, 2023
    risk 0.36cvss 5.5epss 0.01

    Deserialization of Untrusted Data vulnerability in File Manager by Bit Form Team File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager.This issue affects File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File…

  • CVE-2025-68596MedDec 24, 2025
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in Bit Apps Bit Assist bit-assist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bit Assist: from n/a through <= 1.5.11.

  • CVE-2024-37254MedNov 1, 2024
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in mndpsingh287 File Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects File Manager: from n/a through 7.2.7.

  • CVE-2024-1640MedMar 13, 2024
    risk 0.27cvss 5.3epss 0.00

    The Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient user validation on the bitforms_update_form_entry AJAX action in all…

  • CVE-2022-50891Jan 13, 2026
    risk 0.00cvss epss 0.00

    Owlfiles File Manager 12.0.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the path parameter in HTTP server endpoints. Attackers can craft URLs targeting the download and list endpoints with embedded script tags to…

  • CVE-2022-50890Jan 13, 2026
    risk 0.00cvss epss 0.01

    Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its built-in HTTP server that allows attackers to access system directories. Attackers can exploit the vulnerability by crafting GET requests with directory traversal sequences to access restricted system…