cleantalk
Vulnerabilities and Security Researches

File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager, CVE-2024-7627

CVE, Research URL

CVE-2024-7627

Home page URL

Security reports for File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager

Application

File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager

Published on
Sep 05, 2024
Research Description
The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0 to 6.5.5 via the 'checkSyntax' function. This is due to writing a temporary file to a publicly accessible directory before performing file validation. This makes it possible for unauthenticated attackers to execute code on the server if an administrator has allowed Guest User read permissions.
Affected versions
Min 6.0, max 6.5.5.
Status
vulnerable
Previous vulnerability researches
File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager (CVE-2024-8743) , Oct 06, 2024
File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager (CVE-2024-7770) , Sep 11, 2024
File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager (CVE-2025-1725) , Jun 03, 2025
File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager (CVE-2024-7627) , Sep 05, 2024
File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager (CVE-2023-5907) , Jun 07, 2024
New vulnerability
OOPSpam Anti-Spam (CVE-2026-32544) , Mar 31, 2026
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor (CVE-2026-27042) , Mar 31, 2026
The Conference (CVE-2026-32335) , Mar 31, 2026
WP Booking System – Booking Calendar (CVE-2025-68515) , Mar 31, 2026
UPI QR Code Payment Gateway for WooCommerce (CVE-2025-67969) , Mar 31, 2026