Stored Cross-Site Scripting Vulnerability in Bit File Manager for WordPress
CVE-2025-1725
6.4MEDIUM
What is CVE-2025-1725?
The Bit File Manager plugin for WordPress is exposed to a Stored Cross-Site Scripting vulnerability due to inadequate input sanitization and output escaping when handling SVG file uploads. Authenticated users with Subscriber-level access or higher can exploit this flaw to inject arbitrary scripts that execute when others access the compromised SVG files, posing a significant security risk to websites utilizing this plugin.
Affected Version(s)
File Manager 0 <= 6.7