WordPress Filebird Plugin <= 5.6.3 is vulnerable to Cross Site Scripting (XSS)

Software Filebird Type Plugin Vulnerable versions = 5.6.3 Fixed in 5.6.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2345 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID de3d3d4867b8 Credits Tim Coen Required privilege...

FileBird < 5.6.4 - Author+ Users Folder Deletion

Description The plugin is vulnerable to Insecure Direct Object Reference via folder deletion due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with author access or higher, to delete folders created by other users and make their file uploads...

WordPress Filebird Plugin <= 5.6.3 is vulnerable to Insecure Direct Object References (IDOR)

Software Filebird Type Plugin Vulnerable versions = 5.6.3 Fixed in 5.6.4 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-2346 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 800a2ac6f56e Credits Tim Coen Required...

CVE-2024-0691

The FileBird plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported folder titles in all versions up to, and including, 5.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator access, to...

CVE-2024-0691

The FileBird plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported folder titles in all versions up to, and including, 5.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator access, to...

Cross site scripting

The FileBird plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported folder titles in all versions up to, and including, 5.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator access, to...

PT-2024-15753 · WordPress · Filebird

Name of the Vulnerable Software and Affected Versions: FileBird plugin for WordPress versions up to, and including, 5.5.8.1 Description: The issue is related to Stored Cross-Site Scripting via imported folder titles due to insufficient input sanitization and output escaping. This allows...

WordPress plugin FileBird security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress Filebird Plugin <= 5.6.0 is vulnerable to Cross Site Scripting (XSS)

Software Filebird Type Plugin Vulnerable versions = 5.6.0 Fixed in 5.6.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0691 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 80c98e521f35 Credits Thomas Sanzey Required privileg...

CVE-2021-24385

The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. This is a major vulnerability as the user input is not escaped and passed directly to the getcol function and it allows SQL injection. The Rest...

CVE-2021-24385

The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. This is a major vulnerability as the user input is not escaped and passed directly to the getcol function and it allows SQL injection. The Rest...

Sql injection

The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. This is a major vulnerability as the user input is not escaped and passed directly to the getcol function and it allows SQL injection. The Rest...

CVE-2021-24385

The CVE-2021-24385 entry concerns the WordPress Filebird Plugin (v4.7.3). The vulnerability is a SQL injection caused by unescaped user input in SQL queries derived from a HTTP POST request, with the vulnerable code path invoked by a REST API endpoint that requires no authentication. This makes t...

CVE-2021-24385 Filebird 4.7.3 - Unauthenticated SQL Injection

The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. This is a major vulnerability as the user input is not escaped and passed directly to the getcol function and it allows SQL injection. The Rest...

WordPress 插件 SQL注入漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blogging sites on PHP and MySQL servers. WordPress Plugin is a WordPress open source application plugin. version 4.7.3 of Filebird Plugin has a security...

Filebird 4.7.3 - Unauthenticated SQL Injection

The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. This is a major vulnerability as the user input is not escaped and passed directly to the getcol function and it allows SQL injection. The Rest...