Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Bit File Manager – 100% free file manager for WordPress 4.1.5

  • Severity: high-risk
  • Status: Fixed
  • Publication: March 1, 2017

The Bit File Manager plugin for WordPress, found in versions up to 4.1.4, is vulnerable to Cross-Site Request Forgery. This means that if a malicious user can trick a site administrator into performing an action, such as clicking a link, they can use a forged request to upload any file they choose to the server. This is because the plugin’s upload form doesn’t use the correct security measures to prevent this from happening.

Detected in:

Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress fixed vulnerable versions:
Bit File Manager – 100% free file manager for WordPress fixed vulnerable versions: >= * < 4.1.5
File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.