cleantalk
Vulnerabilities and Security Researches

File Manager, CVE-2025-27358

CVE, Research URL

CVE-2025-27358

Home page URL

Security reports for File Manager

Application

File Manager

Published on
Jul 04, 2025
Research Description
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in mndpsingh287 Frontend File Manager allows Code Injection. This issue affects Frontend File Manager: from n/a through 23.2.
Affected versions
Min -, max 23.2.
Status
vulnerable
Previous vulnerability researches
WP Simple Booking Calendar (CVE-2025-39541) , Apr 20, 2025
WP Simple Booking Calendar (CVE-2023-51525) , Jun 06, 2024
WP Simple Booking Calendar (CVE-2021-24726) , Jun 06, 2024
WP Simple Booking Calendar (CVE-2024-8663) , Sep 14, 2024
New vulnerability
MyRewards – Loyalty Points and Rewards for WooCommerce – Reward orders, referrals, product reviews and more (CVE-2025-24757) , Jul 06, 2025
File Manager (CVE-2025-27358) , Jul 06, 2025
Booking Calendar Contact Form (CVE-2025-48231) , Jul 06, 2025
NGG Smart Image Search (CVE-2025-52832) , Jul 05, 2025
(Simply) Guest Author Name (CVE-2025-24764) , Jul 05, 2025