Which File Manager CVEs are tracked?

File Manager tracked CVEs include CVE-2024-7770, CVE-2022-0403, CVE-2024-7627, CVE-2018-7204, and CVE-2022-47599.

How many File Manager vulnerabilities have patch guidance?

9 of 9 tracked File Manager records include a published patch path.

Where should operators start on this Plugin hub?

Start with the priority CVE quick links, then open the full report for affected versions, remediation notes, CVSS vectors, and source references.

Plugin Vulnerability Hub

Plugin 9 known issues Latest disclosed Jun 02, 2025

File Manager Vulnerabilities

Review known vulnerability records for the WordPress plugin File Manager (`file-manager`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-1725, CVE-2024-8743 and CVE-2024-7770, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed

Known Records

High or Critical

Patch Coverage

100%

Last Updated

Jun 03, 2025

Priority CVE Quick Links

Fast paths into File Manager CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs

CVE-2024-7770 High 6.5.6

CVE-2024-7770 File Manager Remote Code Execution

Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.5.5 - Authenticated (Subscriber+) Arbitrary File Upload

CVE-2022-0403 High 5.2.3

CVE-2022-0403 File Manager Cross-Site Request Forgery

Bit File Manager – 100% free file manager for WordPress <= 5.2.2 - Subscriber+ Arbitrary File Creation/Upload/Deletion

CVE-2024-7627 High 6.5.6

CVE-2024-7627 File Manager Remote Code Execution

Bit File Manager 6.0 - 6.5.5 - Unauthenticated Remote Code Execution via Race Condition

CVE-2018-7204 High 5.0.2

CVE-2018-7204 File Manager Vulnerability

Bit File Manager <= 5.0.0 - Information Disclosure

CVE-2022-47599 High 6.0

CVE-2022-47599 File Manager Vulnerability

Bit File Manager <= 5.2.7 - Authenticated (Admin+) PHP Object Injection

CVE-2024-8743 Medium 6.5.8

CVE-2024-8743 File Manager File Upload

Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.5.7 - Authenticated (Subscriber+) Limited JavaScript File Upload

CVE-2025-1725 Medium 6.8

CVE-2025-1725 File Manager File Upload

Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Uploads

CVE-2023-5907 Low 6.3

CVE-2023-5907 File Manager Vulnerability

File Manager <= 6.3 - Authenticated (Admin+) Arbitrary OS File Access via Path Traversal

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for File Manager so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility

9 records include a published patch path, leaving 0 with no listed safe release yet.

Severity Mix

0 critical and 6 high severity findings.

Recent CVEs

CVE-2025-1725, CVE-2024-8743 and CVE-2024-7770

Reference Workflow

Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.

Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

CVE-2025-1725 Medium Patch path listed

CVE-2025-1725: Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Uploads

The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versio...

Published

Jun 02, 2025

Patch Status

6.8

Open CVE-2025-1725 Report

CVE-2024-8743 Medium Patch path listed

CVE-2024-8743: Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.5.7 - Authenticated (Subscriber+) Limited JavaScript File Upload

The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and incl...

Published

Oct 04, 2024

Patch Status

6.5.8

Open CVE-2024-8743 Report

CVE-2024-7770 High Patch path listed

CVE-2024-7770: Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.5.5 - Authenticated (Subscriber+) Arbitrary File Upload

The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in...

Published

Sep 09, 2024

Patch Status

6.5.6

Open CVE-2024-7770 Report

Known Vulnerabilities

Reports for File Manager

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2025-1725

CVE-2025-1725: Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Uploads

The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.7 due to insufficient input sanitization and output escaping. T...

Published

Jun 02, 2025

Patched Release

6.8

Affected Versions

Versions up to 6.7

Next Step

Update to 6.8 or newer if supported.

Open CVE-2025-1725 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-8743

CVE-2024-8743: Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.5.7 - Authenticated (Subscriber+) Limited JavaScript File Upload

The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 6.5.7. This is due to a lack of proper checks on allowed file types. This makes it...

Published

Oct 04, 2024

Patched Release

6.5.8

Affected Versions

Versions up to 6.5.7

Next Step

Update to 6.5.8 or newer if supported.

Open CVE-2024-8743 Report Open CVE Reference

Plugin High Patched: Yes CVE-2024-7770

CVE-2024-7770: Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.5.5 - Authenticated (Subscriber+) Arbitrary File Upload

The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in all versions up to, and including, 6.5.5. This makes it possible...

Published

Sep 09, 2024

Patched Release

6.5.6

Affected Versions

Versions up to 6.5.5

Next Step

Update to 6.5.6 or newer if supported.

Open CVE-2024-7770 Report Open CVE Reference

Plugin High Patched: Yes CVE-2024-7627

CVE-2024-7627: Bit File Manager 6.0 - 6.5.5 - Unauthenticated Remote Code Execution via Race Condition

The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0 to 6.5.5 via the 'checkSyntax' function. This is due to writing a temporary file to a publicly accessible directory before performing file validation. This makes it possible for unaut...

Published

Sep 04, 2024

Patched Release

6.5.6

Affected Versions

6.0 through 6.5.5

Next Step

Update to 6.5.6 or newer if supported.

Open CVE-2024-7627 Report Open CVE Reference

Plugin Low Patched: Yes CVE-2023-5907

CVE-2023-5907: File Manager <= 6.3 - Authenticated (Admin+) Arbitrary OS File Access via Path Traversal

The File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.2 via the Root Folder Path setting. This makes it possible for authenticated attackers, wit...

Published

Nov 20, 2023

Patched Release

6.3

Affected Versions

Versions up to 6.2

Next Step

Update to 6.3 or newer if supported.

Open CVE-2023-5907 Report Open CVE Reference

Plugin High Patched: Yes CVE-2022-47599

CVE-2022-47599: Bit File Manager <= 5.2.7 - Authenticated (Admin+) PHP Object Injection

The Bit File Manager plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 5.2.7 via deserialization of untrusted input from the 'language' setting parameter. This allows authenticated attackers, with administrative privileges and above, to...

Published

Apr 28, 2023

Patched Release

6.0

Affected Versions

Versions up to 5.2.7

Next Step

Update to 6.0 or newer if supported.

Open CVE-2022-47599 Report Open CVE Reference

Plugin High Patched: Yes CVE-2022-0403

CVE-2022-0403: Bit File Manager – 100% free file manager for WordPress <= 5.2.2 - Subscriber+ Arbitrary File Creation/Upload/Deletion

The Library File Manager WordPress plugin before 5.2.3 is using an outdated version of the elFinder library, which is known to be affected by security issues (CVE-2021-32682), and does not have any authorisation as well as CSRF checks in its connector AJAX action, allowing any au...

Published

Mar 14, 2022

Patched Release

5.2.3

Affected Versions

Versions up to 5.2.2

Next Step

Update to 5.2.3 or newer if supported.

Open CVE-2022-0403 Report Open CVE Reference

Plugin High Patched: Yes CVE-2018-7204

CVE-2018-7204: Bit File Manager <= 5.0.0 - Information Disclosure

inc/logger.php in the Giribaz File Manager plugin before 5.0.2 for WordPress logged activity related to the plugin in /wp-content/uploads/file-manager/log.txt. If a user edits the wp-config.php file using this plugin, the wp-config.php contents get added to log.txt, which is not...

Published

Mar 02, 2018

Patched Release

5.0.2

Affected Versions

Versions up to 5.0.0

Next Step

Update to 5.0.2 or newer if supported.

Open CVE-2018-7204 Report Open CVE Reference

Plugin High Patched: Yes

Bit File Manager <= 4.1.4 - Cross-Site Request Forgery to Arbitrary File Upload

The Bit File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1.4. This is due to missing or incorrect nonce validation on the plugin's upload form. This makes it possible for unauthenticated attackers to upload arbitrar...

Published

Mar 01, 2017

Patched Release

4.1.5

Affected Versions

Versions before 4.1.5

Next Step

Update to 4.1.5 or newer if supported.

Open Full Report