Stored Cross-Site Scripting Vulnerability in Bit File Manager for WordPress
CVE-2025-1725
6.4MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 3 June 2025
What is CVE-2025-1725?
The Bit File Manager plugin for WordPress is exposed to a Stored Cross-Site Scripting vulnerability due to inadequate input sanitization and output escaping when handling SVG file uploads. Authenticated users with Subscriber-level access or higher can exploit this flaw to inject arbitrary scripts that execute when others access the compromised SVG files, posing a significant security risk to websites utilizing this plugin.
Affected Version(s)
Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress * <= 6.7