Vulnerabilities and security researches forbsk-pdf-manager bsk-pdf-manager

Jun 07, 2024

CVE, Research URL: CVE-2021-24860
Home page URL: Security reports for BSK PDF Manager
Application: BSK PDF Manager
Date: Nov 29, 2021
Research Description: The BSK PDF Manager WordPress plugin before 3.1.2 does not validate and escape the orderby and order parameters before using them in a SQL statement, leading to a SQL injection issue
Affected versions: max 3.1.2.
Status: vulnerable

CVE, Research URL: CVE-2014-4944
Home page URL: Security reports for BSK PDF Manager
Application: BSK PDF Manager
Date: Jul 14, 2014
Research Description: Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in the BSK PDF Manager plugin 1.3.2 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) categoryid or (2) pdfid parameter to wp-admin/admin.php.
Affected versions: max 3.1.2.
Status: vulnerable

CVE, Research URL: CVE-2023-5110
Home page URL: Security reports for BSK PDF Manager
Application: BSK PDF Manager
Date: Oct 25, 2023
Research Description: The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'bsk-pdfm-category-dropdown' shortcode in versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 3.4.2.
Status: vulnerable

Jul 19, 2024

CVE, Research URL: CVE-2024-38767
Home page URL: Security reports for BSK PDF Manager
Application: BSK PDF Manager
Date: Jul 20, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BannerSky.Com BSK PDF Manager allows Stored XSS.This issue affects BSK PDF Manager: from n/a through 3.6.
Affected versions: max 3.6.1.
Status: vulnerable

Jul 22, 2024

CVE, Research URL: CVE-2024-4367
Home page URL: Security reports for BSK PDF Manager
Application: BSK PDF Manager
Date: May 14, 2024
Research Description: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
Affected versions: max 3.6.
Status: vulnerable

Apr 13, 2026

CVE, Research URL: CVE-2026-39686
Home page URL: Security reports for BSK PDF Manager
Application: BSK PDF Manager
Date: Apr 08, 2026
Research Description: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in bannersky BSK PDF Manager bsk-pdf-manager allows Retrieve Embedded Sensitive Data.This issue affects BSK PDF Manager: from n/a through <= 3.7.2.
Affected versions: max 3.7.2.
Status: vulnerable

Apr 25, 2026

CVE, Research URL: CVE-2025-4970
Home page URL: Security reports for BSK PDF Manager
Application: BSK PDF Manager
Date: Dec 12, 2025
Research Description: The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions: max 3.7.2.
Status: vulnerable