CVE-2024-8743

EPSS 0.75%
Veröffentlicht 05.10.2024 07:15:12
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.5.7 - Authenticated (Subscriber+) Limited JavaScript File Upload

The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 6.5.7. This is due to a lack of proper checks on allowed file types. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an administrator, to upload .css and .js files, which could lead to Stored Cross-Site Scripting.

Mögliche Gegenmaßnahme

File Manager: Update to version 6.5.8, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

CNA 1 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Herstellerbitapps

≫

Produkt file_manager

Default Statusunaffected

Version 0

Version < 6.5.8

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt File Manager

Version *-6.5.7

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.75%	0.502

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@wordfence.com	6.8	1.6	5.2	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://plugins.trac.wordpress.org/changeset/3161219/

https://www.wordfence.com/threat-intel/vulnerabilities/id/314520d5-bd9d-46c1-b903-5e5cb3bb3417?source=cve

https://www.wordfence.com/threat-intel/vulnerabilities/id/314520d5-bd9d-46c1-b903-5e5cb3bb3417

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-8743

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-8743

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-8743

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-8743