Filr

This hub aggregates every CVE we track for Filr, a product in the security products space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Filr.

• CVE-2026-28133WordPress Filr plugin <= 1.2.14 - Arbitrary File Upload vulnerability8.5Mar 5, 2026
• CVE-2026-3266Improper access control vulnerability has been discovered in OpenText™ Filr.9.8Mar 3, 2026
• CVE-2025-64230WordPress Filr plugin <= 1.2.10 - Arbitrary File Deletion vulnerability7.7Dec 18, 2025
• CVE-2024-43216WordPress Filr plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability6.5Aug 12, 2024
• CVE-2024-4187Stored XSS vulnerability has been discovered in OpenText™ Filr. The vulnerability could cause users to not be warned when clicking links to external sites.5.4Jul 31, 2024
• CVE-2023-32268Administrator equivalent Filr user can access proxy administrator credentials7.2Dec 6, 2023
• CVE-2023-5762Filr – Secure document library < 1.2.3.6 - Author+ RCE via file upload with phar ext8.8Dec 4, 2023
• CVE-2022-38755Filr Remote unauthenticated user enumeration for versions prior to 4.3.1.15.3Nov 21, 2022
• CVE-2022-1777Filr - Secure Document Library < 1.2.2.1 - Subscriber+ AJAX Calls8.8Jun 13, 2022
• CVE-2020-25838Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Affecting all 3.x and 4.x versions. The vulnerability could be exploited to disclose unauthorized sensiti...6.5Dec 11, 2020
• CVE-2020-25832Reflected Cross Site scripting vulnerability on Micro Focus Filr product, affecting version 4.2.1. The vulnerability could be exploited to perform Reflected XSS attack.5.4Nov 17, 2020
• CVE-2019-3475Local privilege escalation in Filr famtd7.8Feb 20, 2019
• CVE-2019-3474Path traversal vulnerability in Filr web application6.5Feb 20, 2019
• CVE-2016-1607Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers to hijack the authentication of adminis...7.2Aug 1, 2016
• CVE-2016-1609Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allow remote authenticated users to inject arbitrary web script or H...5.4Aug 1, 2016