File manager

This hub aggregates every CVE we track for File manager, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting File manager.

• CVE-2025-63678An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22 allows attackers with Administrator privileges to execute arbitrary...7.2Nov 10, 2025
• CVE-2025-1725Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Uploads6.4Jun 3, 2025
• CVE-2024-37254WordPress WP File Manager plugin <= 7.2.7 - Broken Access Control vulnerability4.3Nov 1, 2024
• CVE-2024-8507File Manager Pro <= 8.3.9 - Cross-Site Request Forgery to Arbitrary File Upload8.8Oct 16, 2024
• CVE-2018-25105File Manager <= 3.0 - Unauthenticated Arbitrary File Upload/Download9.8Oct 16, 2024
• CVE-2024-8746File Manager Pro <= 8.3.9 - Unauthenticated Backup File Download and Upload7.5Oct 16, 2024
• CVE-2024-8918File Manager Pro <= 8.3.9 - Unauthenticated Limited JavaScript File Upload7.4Oct 16, 2024
• CVE-2024-8743Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.5.7 - Authenticated (Subscriber+) Limited JavaScript File Upload6.8Oct 5, 2024
• CVE-2024-7770Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.5.5 - Authenticated (Subscriber+) Arbitrary File Upload8.8Sep 10, 2024
• CVE-2024-7627Bit File Manager 6.0 - 6.5.5 - Unauthenticated Remote Code Execution via Race Condition8.1Sep 5, 2024
• CVE-2023-26321The international version of Xiaomi File Manager has a path traversal vulnerability6.3Aug 28, 2024
• CVE-2024-2654File Manager <= 7.2.5 - Authenticated (Administrator+) Directory Traversal6.8Apr 9, 2024
• CVE-2024-1538File Manager <= 7.2.4 - Cross-Site Request Forgery to Local JS File Inclusion8.8Mar 21, 2024
• CVE-2023-6825File Manager And File Manager Pro (Multiple Versions) - Directory Traversal9.9Mar 13, 2024
• CVE-2023-6846File Manager Pro <= 8.3.4 - Authenticated (Subscriber+) Arbitrary File Upload8.8Feb 5, 2024