CVE-2021-24385

The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. This is a major vulnerability as the user input is not escaped and passed directly to the getcol function and it allows SQL injection. The Rest...

CVE-2025-26977 WordPress FileBird plugin <= 6.4.2.1 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Ninja Team Filebird filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through = 6.4.2.1...

WordPress FileBird plugin <= 6.4.2.1 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Revan Arifio Patchstack Alliance in WordPress Plugin Filebird versions = 6.4.2.1...

WordPress Filebird plugin < 5.6.1 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ninjateam:filebird"; ifdescription...

WordPress File Manager Pro – Filester plugin <= 1.8.6 - Missing Authorization to Authenticated (Subscriber+) Filebird Plugin Installation vulnerability

Missing Authorization to Authenticated Subscriber+ Filebird Plugin Installation vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin File Manager Pro versions = 1.8.6...

CVE-2024-12331

The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxinstallplugin' function in all versions up to, and including, 1.8.6. This makes it possible for authenticated attackers, with Subscriber-level acce...

CVE-2024-12331 File Manager Pro – Filester <= 1.8.6 - Missing Authorization to Authenticated (Subscriber+) Filebird Plugin Installation

The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxinstallplugin' function in all versions up to, and including, 1.8.6. This makes it possible for authenticated attackers, with Subscriber-level acce...

CVE-2024-12331 File Manager Pro – Filester <= 1.8.6 - Missing Authorization to Authenticated (Subscriber+) Filebird Plugin Installation

The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxinstallplugin' function in all versions up to, and including, 1.8.6. This makes it possible for authenticated attackers, with Subscriber-level acce...

CVE-2024-12331

Vulnerability in File Manager Pro – Filester for WordPress (CVE-2024-12331): a missing capability check in ajax_install_plugin allows authenticated users with Subscriber+ access to install the Filebird plugin, enabling unauthorized data modification. Affected versions: all up to and including 1.8...

PT-2024-17547 · WordPress · File Manager Pro – Filester +1

Name of the Vulnerable Software and Affected Versions: File Manager Pro – Filester plugin for WordPress versions up to, and including, 1.8.6 Description: The issue allows authenticated attackers with Subscriber-level access and above to install the Filebird plugin due to a missing capability chec...

WordPress plugin Filebird 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-10533

The WP Chat App plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the ajaxinstallplugin function in all versions up to, and including, 3.6.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

CVE-2024-10533 WP Chat App <= 3.6.8 - Missing Authorization to Authenticated (Subscriber+) Filebird Plugin Installation

The WP Chat App plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the ajaxinstallplugin function in all versions up to, and including, 3.6.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

CVE-2024-10533

CVE-2024-10533 (WP Chat App, WordPress) : A missing authorization check in ajax_install_plugin() across versions up to and including 3.6.8 allows authenticated users with Subscriber+ privileges to install the filebird plugin. Public CVE reports confirm exploitation risks are tied to Broken Access...

WordPress FileBird Document Library Plugin <= 2.0.6 is vulnerable to Sensitive Data Exposure

Software FileBird Document Library Type Plugin Vulnerable versions = 2.0.6 Fixed in 2.0.8.1 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-37504 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 7621ab22a70e Credits Peng Zhou...

WordPress FileBird – WordPress Media Library Folders & File Manager plugin <= 5.6.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin Filebird versions = 5.6.3...

CVE-2024-2345

The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the folder name parameter in all versions up to, and including, 5.6.3 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-2346 FileBird – WordPress Media Library Folders & File Manager <= 5.6.3 - Authenticated (Author+) Insecure Direct Object Reference

The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.6.3 via folder deletion due to missing validation on a user controlled key. This makes it possible for authenticated...

CVE-2024-2346 FileBird – WordPress Media Library Folders & File Manager <= 5.6.3 - Authenticated (Author+) Insecure Direct Object Reference

The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.6.3 via folder deletion due to missing validation on a user controlled key. This makes it possible for authenticated...

WordPress FileBird plugin <= 5.6.3 - Authenticated (Author+) Insecure Direct Object Reference vulnerability

Authenticated Author+ Insecure Direct Object Reference vulnerability discovered by Tim Coen in WordPress Plugin Filebird versions = 5.6.3...